Commit Graph

189 Commits

Author SHA1 Message Date
Garrett Wollman
3688be0eeb Add err_set_file() and err_set_exit() functions to make it possible for
programs which use err(3) to work nicely in a wider range of environments
(e.g., dialog).
1995-04-13 18:04:11 +00:00
Bill Paul
8b4709fa93 Add an ethers(3) man page. 1995-04-12 22:28:49 +00:00
Bill Paul
b9729ac259 More of the same: we also need to handle multiple domains properly
even if /var/yp/binding/DOMAIN.VERS doesn't exist yet.
1995-04-09 21:52:31 +00:00
Bill Paul
f067dfeabc Fix behavior of YP library routines in environments with multiple domains,
where one or more of the non-default domains are not yet bound.

If we make a YP request for a domain other than the default domain,
and there is no binding for the new domain yet, _yp_dobind() sees
that the /var/yp/binding/DOMAIN.VERS file for the unbound domain is
not locked (by ypbind) and from this it concludes that the NIS system
is dead, so it gives up.

This behavior has been changed: before giving up in this case, we now
make a second check to see if the binding file for the *default* domain
is also not locked. Only if the default domain binding file is also
unlocked to we now assume that ypbind has bought the farm and bail out.
(Note: this assumes that the user hasn't changed the default domain
while ypbind is running.)

With this change, _do_ypbind() is allowed to proceed into the next
section of code wherein it prods ypbind into establishing a binding
for the new domain. This first call times out after ten seconds,
after which it should retry and succeed. From then on, the binding
for the second domain should be handled normally.
1995-04-09 19:26:23 +00:00
Andrey A. Chernov
929fb7fedd Add missing header reference 1995-04-09 04:59:40 +00:00
Bruce Evans
980f2abdb8 Reviewed by: ache and wollman (long ago)
isctype.c:
o The tolower() and toupper() functions duplicated too much code
  and were out of date (surprise).  This didn't matter because
  it was difficult to call them.
o Change formatting to be more like that in <ctype.h> (with
  extra parentheses as in the macros).  Perhaps this file should
  be machine generated or everything should be handled like
  __tolower() so that no code is repeated.

nomacros.c:
o Instead of looking at _USE_CTYPE_INLINE_ to see what <ctype.h>
  has done, set _EXTERNALIZE_CTYPE_INLINES_ to tell <ctype.h>
  what to do, so that we don't have anything left to do.  Note
  that code is now generated even if inlines are used by default.
  This allows users to switch to non-inline versions.
1995-04-07 11:52:17 +00:00
Bruce Evans
ffe57f1a20 Obtained from: 1.1.5 (originally by jtc)
Fix printf("%g", 0.0) - print "0", not "0.".  The previous fixes in this
area had one non-cosmetic (non-)change that caused this bug.

Bruce
1995-04-06 16:28:15 +00:00
Joerg Wunsch
d108492508 The man page setmode(3) declares `void setmode' when it should be
declared `void *setmode'.

Submitted by:	kargl@troutmask.apl.washington.edu
1995-04-05 22:56:45 +00:00
Andrey A. Chernov
ffe8306afd Add "before inclusion of any header which ... "
Suggested by: bde
1995-04-04 11:29:51 +00:00
Bill Paul
ef8f52ad53 'Fix' for esoteric misfeature discovered while searching for another bug:
select() returns EINVAL if you try to feed it a value of FD_SETSIZE greater
that 256. You can apparently adjust this by specifying a larger value of
FD_SETSIZE when configuring your kernel. However, if you set the maximum
number of open file descriptors per process to some value greater than
the FD_SETSIZE value that select() expects, many selects() within the RPC
library code will be botched because _rpc_dtablesize() will return
invalid numbers. This is to say that it will return the upper descriptor
table size limit which can be much higher than 256. Unless select() is
prepared to expect this 'unusually' high value, it will fail. (A good
example of this can be seen with NIS enabled: if you type 'unlimit' at
the shell prompt and then run any command that does NIS calls, you'll
be bombarded with errors from clnttcp_create().)

A temporary fix for this is to clamp the value returned by _rpc_dtablesize()
at FD_SETSIZE (as defined in <sys/types.h> (256)). I suppose the Right
Thing would be to provide some mechanism for select() to dynamically
adjust itself to handle FD_SETSIZE values larger than 256, but it's a
bit late in the game for that. Hopefully 256 file descriptors will be enough
to keep RPC happy for now.
1995-04-04 05:53:22 +00:00
Bill Paul
958f4e365d getpwent.c: fix problem with emacs dumping core when NIS is enabled. Also
add #includes for YP headers when compiling with -DYP to avoid some implicit
declarations.

getgrent.c & getnetgrent.c: add some #includes to avoid implicit declarations
of YP functions.
1995-04-04 05:36:16 +00:00
Andrey A. Chernov
05e2ed0de3 Properly describe how to expand default limit of handled descriptors 1995-04-04 01:27:54 +00:00
Bill Paul
f9dde4e78c Submitted by: Sebastian Strollow
Obtained from: Casper H. Dik (by vay of Usenet)

Small patch to help improve NIS rebinding times (among other things):


>From: casper@fwi.uva.nl (Casper H.S. Dik)
>Newsgroups: comp.sys.sun.misc,comp.sys.sun.admin
>Subject: FIX for slow rebinding of NIS.
>Summary: a small change in libc makes life with NIS a lot easier.
>Message-ID: <1992Jan17.173905.11727@fwi.uva.nl>
>Date: 17 Jan 92 17:39:05 GMT
>Sender: news@fwi.uva.nl
>Organization: FWI, University of Amsterdam
>Lines: 138
>Nntp-Posting-Host: halo.fwi.uva.nl

Have you been plagued by long waits when your NIS server is rebooted?
READ ON!

Sun has a patch, but the README says:

********************* WARNING ******************************

  This is a new version of ypbind that never uses the NIS
  binding file to cache the servers binding. This will have
  the effect of fixing the current symptom. However, it might
  degrade the overall performance of the system when the
  server is available. This is most likely to happen on an
  overloaded server, which will cause the network to produce
  a broadcast storm.

*************************************************************

Therefor, I have produced another fix.

o What goes wrong.

When the NIS server is rebooted, ypserv will obtain different ports
to listen for RPC requests. All clients will continue to use the old
binding they obtained earlier. The NIS server will send ICMP dst unreachable
messages for the RPC requests that arrive at the old port. These ICMPs
are dropped on the floor and the client code will continue sending the
requests until the timer has expired. The small fix at the end of this
message will pick up these ICMP messages and deliver them to the RPC layer.

o Before and after.

I've tested this on some machines and this is the result:

	(kill and restart ypserv on the server)

original% time ypmatch user passwd
user:....
0.040u 0.090s 2:35.64 0.0% 0+126k 0+0io 0pf+0w (155 seconds elapsed time)

fixedhost% time ypmatch user passwd
user:....
0.050u 0.050s 0:10.20 0.9% 0+136k 0+0io 0pf+0w (10 seconds elapsed time)

Rebinding is almost instantaneous.

o Other benefits.
	RPC calls that use UDP as transport will no longer time out but
	will abort much sooner. (E.g., the remote host is unreachable or
	111/udp is filtered by an intermediate router)
1995-04-02 20:05:20 +00:00
Bill Paul
6cc65caedb Fix xdr_ypmap_parms() so that it agrees with xdr_domainname(), xdr_peername()
and friends.
1995-04-02 19:58:29 +00:00
Andrey A. Chernov
b97843726d Fix manpage rule 1995-04-02 19:35:40 +00:00
Bill Paul
7680d1b004 Add ether_addr functions to libc. This seems to be the logical place
to put them. A man page is in the works.
1995-04-02 01:31:17 +00:00
Bill Paul
97fd4ecfb6 Add some missing xdr functions needed for server-side implementations.
(This is to help me reduce yppush a bit: it has its own copy of yp_xdr.c
right now, but I can get rid of it now that this stuff is here.)
1995-04-02 01:02:17 +00:00
Jordan K. Hubbard
6eaef61813 Add the nls code for XPG3-style message catalogs to libc.
Obtained from: NetBSD
1995-03-30 12:47:27 +00:00
Jordan K. Hubbard
c7e6130943 Add nls include to Makefile. 1995-03-30 12:46:36 +00:00
Andrey A. Chernov
3437da9391 Clear IGNPAR in cfmakeraw() instead of set it. 1995-03-29 19:28:35 +00:00
Jordan K. Hubbard
71e60921ff Fix a missing _hash() to prevent namespace pollution with the db/hash routines.
Grrr.  If the dbhash routines weren't grossly overengineered I wouldn't
even need to do this! :-(

Also now export the hash_stats routine.  Manpage coming RSN - I promise.
1995-03-28 08:41:02 +00:00
Bill Paul
b38bb6d374 Use yp_order() instead of yp_first() in _havemaster() to check for the
presence of the master.passwd.byname map, and remember to free the
returned order value before exiting.
1995-03-27 20:46:40 +00:00
Nate Williams
6fc818e63f Bump the shared library minor # because of the additions of the
strhash() functions.
1995-03-27 20:23:11 +00:00
Andrey A. Chernov
d030a0729f Hash 8bit chars without sign extension 1995-03-26 19:32:24 +00:00
Andrey A. Chernov
626da9c8ba Update info about LC_COLLATE implementation 1995-03-26 18:57:19 +00:00
Jordan K. Hubbard
4796867161 Add the strhash family of routines. They provide a number of features
that the db/hash functions don't, and they're much simpler to use for
low-overhead string hashing.
1995-03-26 10:21:55 +00:00
David Greenman
eb0bc8709b Updated manual page to indicate flags argument; added return value and
errors section.
1995-03-25 17:24:47 +00:00
Poul-Henning Kamp
e169c6670b scandir(3) didn't transfer d_type, and d_ino is called d_fileno now. 1995-03-25 07:39:02 +00:00
Bill Paul
f05daed916 Add calls to endgrent() and endnetgrent() to the end of _createcaches(). 1995-03-25 00:30:35 +00:00
Bill Paul
06643071e5 Add more sanity checks. *Lots* of sanity checks. Huge tracts of sanity checks.
Make sure all arguments to the yp_*() functions are valid before sending
them off to the server. This is somewhat distressing: once again my
FreeBSD box brought down my entire network because of NIS bogosities.
I *think* the poor argument checking in this module is the cause, but
I still haven't been able to reproduce the exact series of events that
lead to the ypserv crashes. For now I've resorted to sticking my FreeBSD
box in a seprate domain. Hopefully a weekend of heavy testing will
uncover the problem.
1995-03-24 21:21:37 +00:00
Bill Paul
0ffe27f544 Make sanity checks saner: don't let setnetgrent() or innetgr() swallow
any bogus arguments.
1995-03-24 20:42:28 +00:00
Andrey A. Chernov
bee5b8efe8 Change strtok() to strsep(), using strtok() can cause memory corruption
if user program use it too in the same time.
1995-03-24 16:33:44 +00:00
Andrey A. Chernov
3330823cc3 Sicnce this code shares the same fragment as gethostnamaddr:
Change strtok() to strsep(), cause memory corruption for all
programs which use strtok() too in the same time.
Fix potential NULL reference, depends of /etc/hosts.conf format
Fix the bug when service name fetched always from beginning of the line,
not from parsed token.
1995-03-24 15:51:30 +00:00
Andrey A. Chernov
3d1513bdeb Change strtok() to strsep(), cause memory corruption for all
programs which use strtok() too in the same time.
Fix potential NULL reference, depends of /etc/hosts.conf format
Fix the bug when service name fetched always from beginning of the line,
not from parsed token.
1995-03-24 15:38:54 +00:00
Bill Paul
828447008a Yikes! Fix stupid mistake I made in last commit that made getpwent() ignore
local password entries when YP was enabled. (How the heck did that
get by me!?)
1995-03-24 08:01:01 +00:00
Bill Paul
d34ef3d62b As per Justin T. Gibbs's request, agument the +@netgroup/-@netgroup
remapping mechanism in the following manner: if given an entry +@foo
and there is no netgroup named 'foo,' try searching for a regular
user group called 'foo' and build the cache using the members of
group 'foo' instead. If both a netgroup 'foo' and a user group 'foo'
exist, the 'foo' netgroup takes precedence, since we're primarily
interested in netgroup matching anyway.

This allows access control schemes based on ordinary user groups
(which are also available via NIS) rather than netgroups, since
netgroups on some systems are limited in really brain-damaged ways.
1995-03-24 05:46:47 +00:00
Bill Paul
e17334c329 Don't let yp_match() or yp_next() operate on null or empty keys: asking
ypserv to do a yp_match() with an a null or empty key causes much havok.
(Note that this could be construed as a denial of service attack if used
maliciously.)
1995-03-23 22:23:15 +00:00
Bill Paul
62a771700f Don't let setnetgrent() operate on a null or empty group name: it can
tickle a bug in ypserv and make a serious mess of things.
1995-03-23 22:21:16 +00:00
Bill Paul
353fefe325 Very important sanity checks: today I clobbered all four NIS servers on
my network because setnetgrent() was trying to do a lookup on group "".
It seems that an attempt to do a yp_match() (and possible yp_next())
on a null or empty key causes Sun's ypserv in SunOS 4.1.3 to exit
suddenly (and without warning). Our ypserv behaves badly in this
situation too, thoush it doesn't appear to crash. In any event, getpwent,
getnetgrent and yp_match() and yp_next() are now extra careful not to
accidentally pass on null or empty arguments.

Also made a small change to getpwent.c to allow +::::::::: wildcarding,
which I had disabled previously.
1995-03-23 22:18:00 +00:00
Bill Paul
5f115c9d15 Lots of fixes/improvements in the +user substitution handling:
- Have the +@netgroup/-@netgroup caches handle the +user/-user cases too.
- Clean up getpwent() to take advantage of the improved +user/-user handling.
1995-03-23 17:33:19 +00:00
Bill Paul
89395683ea Small cleanups:
- Prepend a '_' to a couple of things
- Make sure YP is enabled in _createcaches()
- Remove a couple of unused/uneeded variables from _createcaches()
1995-03-23 04:04:01 +00:00
Bill Paul
9531ca9353 Phew! Done at last: getpwent now understands +@netgroup/-@netgroup directives
in addition to the existing NIS substitutions. I may tweak this a bit in
the future, but the important stuff is all here.
1995-03-23 00:59:15 +00:00
Bill Paul
8516cd0fa5 Use better/stronger/faster NIS lookup code: by using yp_match() instead of
the yp_first()/yp_next() combo, we let the database code in ypserv do some
of the work for us.
1995-03-21 19:47:12 +00:00
Bill Paul
2943bd1c53 Reviewed by: Bill Paul <wpaul@freebsd.org>
Submitted by:	Sebastian Strollo <seb@erix.ericsson.se>

- In /usr/src/lib/libc/yp/yplib.c, function yp_first when clnt_call
fails with (r != RPC_SUCCESS) ysd->dom_vers should be set to 0! This
ensures that /var/yp/bindings/dom.vers will be read again on retry.
What happens now is that when our server is down and someone tries to
use yp they will continue to try until kingdom come. So:
        if(r != RPC_SUCCESS) {
                clnt_perror(ysd->dom_client, "yp_first: clnt_call");
                ysd->dom_vers = -1;
                               ^^^^ change to 0
                goto again;
        }
1995-03-21 00:48:55 +00:00
Bill Paul
8538335f21 At last! Modified __ivaliduser() to do the same kind of user/host validation
that everyone else does: you can now use +host/-host, +user,-user and
+@netgroup/-@netgroup in /etc/hosts.equiv, /.rhosts, /etc/hosts.lpd and
~/.rhosts. Previously, __ivaliduser would only do host/user matches,
which was lame. This affects all the r-commands, lpd, and any other
program/service that uses ruserok().

An example of the usefullness of this feature would be a hosts.equiv
file that looks like this:

+@equiv-hosts

Since the netgroup database can now be accessed via NIS, this lets you
set up client machines once and then never have to worry about them
again: all hosts.equiv changes can now be done through NIS. Once I
finish with getpwent.c, we'll be able to do similar wacky things
with login authentication too. (Our password field substitution
will finally be on par with everyone else's, and I'll finally be
able to fully integrate my FreeBSD machine into my network without
having to worry about the grad students sneaking into it when I'm
not looking. :)

Danger Will Robinson! I tested this thing every which way I could, but
Murphy's Law applies! If anybody spots a potential security problem with
the way my matching algorithm works, tell me immediately! I don't want
crackers snickering and calling me names behind my back. :)
1995-03-20 07:29:55 +00:00
Bill Paul
e80307946b Whoops: expanding netgroups that reference multiple netgroups doesn't
work because parse_netgrp() doesn't recurse properly. Fixed by
changing

if (parse_netgrp(spos))
	return(1);
to

if (parse_netgrp(spos))
	continue;

inside parse_netgrp(). (Lucky for me I happen to have a fairly complex
'live' netgroup database to test this stuff with.)
1995-03-19 22:19:52 +00:00
Bill Paul
409495f6c7 Two major changes:
- Added support for reading netgroups from NIS/YP in addition to the
local /etc/netgroups file. (Note that SunOS and many other systems only
support reading netgroups via NIS, which is a bit odd.)

- Fix Evil Null Pointer Dereferences From Hell (tm) that caused
parse_netgrp() to SEGV when expanding netgroups that include
references to other netgroups. Funny how nobody else noticed this.

This is the first step in implimenting +@netgroup substitution in
getpwent.c and any other places that could use it and don't already
support it (which is probably everywhere).
1995-03-19 06:16:03 +00:00
Andrey A. Chernov
798563cdfb Fix authunix_maxgrouplist test
Submitted by: Scott Hazen Mueller <scott@zorch.sf-bay.org>
1995-03-18 17:55:03 +00:00
Bill Paul
89047c9c7c Fix 'putting +: in /etc/group causes many programs to dump core' bug
by heading off possible null pointer dereferences in grscan(). Also
change getgrnam() slightly to properly handle the change: if grscan()
returns an rval of 1 and leaves a '+' in the gr_name field and YP is
enabled, poll the YP group.byname map before giving up. This should
insure that we make every effort to find a match in the local and
YP group databases before bailing out.
1995-03-18 05:03:10 +00:00
Bruce Evans
918bed7582 Remove `|| flags & ALT == 0' which was an obscure no-op, not a
parenthesization/precedence bug.
1995-03-12 13:53:51 +00:00