Commit Graph

30 Commits

Author SHA1 Message Date
Bill Paul
da7408fc6d Add support for publickey.byname map (turned off by default since
we haven't imported the Secure RPC stuff yet).
1995-10-23 16:13:53 +00:00
Bill Paul
336844dba4 phkmalloc strikes!
#ifdef out a number of calls to free() left over from the original
GNU ypserv implementation. As near as I can tell, the Berkeley DB
package does its own garbage collection, hence the caller doesn't
have to worry about free()ing the memory returned in the DBT
structures during lookups (I'm still not 1005 sure about this:
the DB code is very hard to follow. I must use dynamically
allocated memory since you can retreive arbitrarily large records
from a database, but I'm not sure where it ends up letting go
of it). This was not true with GDBM; you had
to do your own garbage collection.

The general rule is that if you allocate memory inside an RPC
service routine, you have to free() it the next time the routine is
called since the underlying XDR routines won't do it for you.
But if the DB package does this itself, then we don't need to do
it in the main program.

Note that with the original malloc(), there were never any errors
flagged. phkmalloc complained quite loudly.
1995-09-24 17:21:52 +00:00
Bill Paul
82b7305d30 Fix bug pointed out by user on c.u.b.f.m: commenting out NOPUSH=true
for master/slave configuration doesn't work because DOMAIN isn't
correctly defined.
1995-08-11 13:55:42 +00:00
Bruce Evans
9c0dc173cc Change install' to ${INSTALL}' so that default install flags can be
specified in the top level Makefiles.
1995-07-25 00:37:58 +00:00
Bill Paul
76064c01e5 Updates, fixes and cleanups -- oh my.
In ypserv:

yp_svc.c:
- small signal handler tweak (hopefully the last): just use sigemptyset()
to clear sa_mask.

Makefile.yp:
- Let the user specify the location of master.passwd when updating
maps (e.g. make MASTER_PASSWD=/some/path/to/master.passwd). Editing
the file to change the location of master.passwd still works. This
is mostly to let yppassswdd specify the name of the master.passwd
file itself.

In yppasswdd:

yppasswdd.c:
- Roll in some minor changes (mostly casts) from Olaf Kirch's latest
yppasswd package release (version 0.7).
- Use daemon() instead of doing all the deamonizing gruntwork ourselves.
- Call pw_init() after daemonizing ourselves. pw_init() sets up some
resource limits and blocks some signals for us. We used to do this before
every password change, but there's really no point in calling it more
than once during the life of the program.
- Change install_reaper() so that we can use it to de-install the SIGCHLD
handler if we need to (and we do in pw_mkdb() -- this is what I get for
splicing code from two different programs together).
- Use sigemptyset(&act.sa_mask) rather than act.sa_mask = 0: the latter is
decidedly non-portable. (In IRIX, HP-UX and Solaris, sigset_t is an
array of longs, not an int.)

update.c:
- Roll in change from new version (check that we're not modifying an NIS
entry in validate_args()).
- Get rid of call to pw_init() (moved to yppasswdd.c).
- Check return values from pw_util routines and return error status to
yppasswd clients if there's a problem.
- Straighten out password file copying mechanism a little. Keep a grip
on the original password file rather than summarily overwriting it so
that we can restore everything if we fail to fork() a process to update
the NIS maps.
- Pass the name of the password template file (specified with -m or
/etc/master.passwd by default) to the yppwupdate script, which in
turn should now pass it to /var/yp/Makefile.

pw_util.c:
- Nuke the pw_edit() and pw_prompt() functions -- we don't need them.
- Change all warn()s, warnx()s and err()s to syslog()s.
- Make sure we return error status to caller rather than bailing out
in pw_lock() and pw_tmp().
- Don't block SIGTERM in pw_init() (by ignoring SIGTERM, we prevent
yppasswdd from being shut down cleanly).
- Don't let pw_error() exit. (This stuff was stolen from chpass and vipw
which are interactive programs; it's okay to let pw_error() bail out
for these programs, but not in a daemon like yppasswdd).
- Fix signal handling in pw_mkdb (we need to temporarily de-install the
SIGCHLD handler so that we can wait on the pwd_mkdb child ourselves).

pw_copy.c:
- Change all warn()s, warnx()s and err()s to syslog()s.
- Add a bunch of returns() and make pw_copy() return and int ( 0 on success,
-1 on failure) so that update.c can flag errors properly.
- Return -1 after calling pw_error() to signal failures rather than
relying on pw_error() to bail out.
- Abort copying if we discover that we've been asked to change an entry
for a user that exists in the NIS passwd maps but not in the master.passwd
template file. This can happen if the passwd maps and the template file
fall out of sync with each other (or if somebody tries to spoof
us). The old behavior was to create add the entry to the password file,
which yppasswdd should not do under any circumstances.

Makefile:
- update VERSION to 0.7

yppasswdd.8:
- fix typo (forgot a carriage return somewhere)
- remove bogus reference to pwunconv(8) which FreeBSD doesn't have.
- bump version from 0.5 to 0.7
- Reflect changes in password file handling.

yppwupdate:
- Log map rebuilds to /var/yp/ypupdate.log.
- Pass the name of the template password file to /var/yp/Makefile as
$MASTER_PASSWD.
1995-07-19 17:44:41 +00:00
Bill Paul
1ede0846a7 Some small signal handling tweaks: be sure to keep wait3()ing until all
children are reaped and make sure to block SIGCHLD delivery during handler
execution when installing SIGCHLD handler with sigaction().
1995-07-15 23:27:49 +00:00
Bill Paul
c0837c7e13 Add missing 'break' statement in failure case of ypxfr switch clause. 1995-07-15 17:51:11 +00:00
Bill Paul
2c9d7bb779 server.c: When 'securenets' (actually TCP_WRAPPERS) is enabled, don't
syslog connections unless they were rejected. This helps save wear and
tear on the syslog facility in large networks with many clienst systems.

yp_svc.c: Be a little smarter about using sigaction() -- set the SA_RESTART
flag.

svc_run: Be doubly paranoid about killing off child processes. Do a flag
chack and a pid check before letting child 'threads' self-destruct.
1995-07-14 01:56:51 +00:00
Bill Paul
e1086b16a9 ypserv performance improvements:
- There are two cases where the server can potentially block for a long
  time while servicing a request: when handling a yp_all() request, which
  could take a while to complete if the map being transfered is large
  (e.g. 'ypcat passwd' where passwd.byname has 10,000 entries in it),
  and while doing DNS lookups when in SunOS compat mode (with the -dns
  flag), since some DNS lookups can take a long time to complete. While
  ypserv is blocked, other clients making requests to the server will
  also block. To fix this, we fork() ypall and DNS lookups into subprocesses
  and let the parent ypserv process go on servicing other incoming
  requests.

  We place a cap on the number of simultaneous processes that ypserv can
  fork (set at 20 for now) and go back to 'linear mode' if it hits the
  limit (which just means it won't fork() anymore until the number of
  simultaneous processes drops under 20 again). The cap does not apply
  to fork()s done as a result of ypxfr calls, since we want to do our
  best to insure that map transfers from master servers succeed.

  To make this work, we need our own special copy of svc_run() so that
  we can properly terminate child processes once the RPC dispatch
  functions have run.

  (I have no idea what SunOS does in this situation. The only other
  possibility I can think of is async socket I/O, but that seems
  like a headache and a half to implement.)

- Do the politically correct thing and use sigaction() instead of
  signal() to install the SIGCHLD handler and to ignore SIGPIPEs.

- Doing a yp_all() is sometimes slow due to the way read_database() is
  implemented. This is turn is due to a certain deficiency in the DB
  hash method: the R_CURSOR flag doesn't work, which means that when
  handed a key and asked to return the key/data pair for the _next_
  key in the map, we have to reset the DB pointer to the start of the
  database, step through until we find the requested key, step one
  space ahead to the _next_ key, and then use that. (The original ypserv
  code used GDBM has a function called gdbm_nextkey() that does
  this for you.) This can get really slow for large maps. However,
  when doing a ypall, it seems that all database access are sequential,
  so we can forgo the first step (the 'search the database until we find
  the key') since the database should remain open and the cursor
  should be positioned at the right place until the yp_all() call
  finishes. We can't make this assumption for arbitrary yp_first()s
  and yp_next()s however (since we may have requests from several clients
  for different maps all arriving at different times) so those we have
  to handle the old way.

  (This would be much easier if R_CURSOR really worked. Maybe I should
   be using something other than the hash method.)
1995-07-12 16:28:13 +00:00
Andreas Schulz
4942064e51 Fix two typos in a comment. 1995-07-08 21:42:59 +00:00
Bill Paul
3f95a88ec7 Oh fer cryin' out loud... While playing with the ypserv code on a different
platform, I discovered the following: if you use ypcat (or anything that
does a yp_all() for that matter) to dump out a map and then hit ^C before
it finishes, ypserv gets hit with a SIGPIPE and dies. (The ypall() service
is implemented using TCP.)

Fix: ignore SIGPIPEs.
1995-07-04 21:58:38 +00:00
Bill Paul
d32dc73f83 Small touchups in open_database():
- Use one sprintf() to put together the path to the map database instead
  of strcat()s and strcpy()s.

- Make the 'error opening database' Perror()  statement sane.
1995-07-02 18:48:21 +00:00
Bill Paul
0a6205d8d0 Fixed awk scripts for 'netgroup,' 'ethers.*' and 'bootparams' targets so that
corresponding map databases are created correctly.

This fixes the problem Ken Wilcox noted on the freebsd-bugs list.
1995-06-18 16:08:15 +00:00
Rodney W. Grimes
4399be3cbd Remove trailing whitespace. 1995-05-30 05:05:38 +00:00
Bill Paul
8a17ad7e57 Small fix for yp_match implementation:
In the case where ypserv is started with the -dns flag, fall through to
the DNS lookup code only if asked to match a map with the word 'host'
in its name. This prevents failed matches on non-host maps from being
incorrectly handed off to DNS.
1995-05-03 14:36:12 +00:00
Bill Paul
3670011ae8 Added a new feature from Peter Eriksson's latest release of ypserv (0.13):
register ourselves as an NIS version 1 UDP server to pacify older SunOS 4
ypbinds that seem to insist on having one around. All this does is allow
ypserv to respond to DOMAIN_NONACK requests that are periodically
transmitted by ypbind: the server will not actually work as an NIS v1
server in any other way.

Unlike the mainline code, which implements this as a compile-time
option, this feature can be turned on with the newly-added -k flag
at runtime.

Bunped version number to 0.13. (What the hell.)

Updated the man page to reflect this change, also made a couple of small
edits to reflect the recent changes in the /etc/rc* setup.
1995-04-05 03:23:40 +00:00
Bill Paul
df561fc414 Spruce up Makefile.yp: add support for netgroups and bootparams maps,
make use of yp_mkdb's -i, -o and -m flags.
1995-04-02 01:53:47 +00:00
Bill Paul
ef230bdf24 Log syslog messages at LOG_NOTICE priority. 1995-04-01 19:31:12 +00:00
Bill Paul
e7969ab094 Added support for bootparams map. 1995-03-05 22:48:50 +00:00
Bill Paul
f464a3788e Fix losing Makefile so that it properly honors DESTDIR when installing
/var/yp/Makefile and /usr/libexec/mknetid. *grumble* *mutter* *mutter*
1995-02-15 04:33:52 +00:00
Bill Paul
df76d2a332 Do proper job of reaping child 'ypxfr' processes (we could sometimes
leave a zombie lying around until the next map transfer came alone).

Also fixed some minor typos on the man page.
1995-02-07 05:04:53 +00:00
Bill Paul
c807d0240e Created manual page for ypserv and changed Makefile to install it.
Also tweaked server.c to support newer versions of tcpwrapper (log_tcp.h
is now tcpd.h and FROM_UNKNOWN changed to STRING_UNKNOWN).
1995-02-04 21:32:04 +00:00
Bill Paul
a613523aa3 Changed some comments. 1995-02-04 00:13:21 +00:00
Bill Paul
a50aabb5d6 Fixed potential Makefile glitch that could arise if /var/yp doesn't exist yet. 1995-02-03 22:01:17 +00:00
Bruce Evans
9504046bea Include <sys/types.h> explicitly to get declaration of u_long for
<netinet/in.h> - don't depend on namespace pollution in <stdio.h>.
1995-02-03 20:25:59 +00:00
Bill Paul
4efbdedee3 Put ${.CURDIR}s in front of Makefile.yp and mknetid in the required places.
Also took out uneeded BINDIR & BINMODE stuff.
1995-02-03 03:41:38 +00:00
Bill Paul
3e03108763 Removed reference in comments to -o option of yppasswdd: -o option
no longer exists.
1995-02-03 01:11:57 +00:00
Bill Paul
7870fc7fdb /var/yp/Makefile doesn't create passwd file from master.passwd file
correctly (specified wrong fields to awk). Note that the files in question
are noe the local /etc/master.passwd and /etc/passwd files: this Makefile
expects there to be a seperate master.passwd file under /var/yp for NIS
database creation.
1995-02-01 23:05:36 +00:00
Bill Paul
85e33f94dc Added Makefile.yp and mknetid, which are needed to rebuild NIS maps.
mknetid is a script. Both are installed by an afterinstall which as
been added to the main Makefile.
1995-02-01 02:00:03 +00:00
Bill Paul
b4a640674a Obtained from: The NYS project
This is a hacked-up port of the ypserv-0.11 server from the NYS project
written by Peter Eriksson.

The original package included some map creating and dumping tools and
was based on GDBM. This version has been modified in the following
ways:

- GDBM replaced with DB and many weird hacks made to the read_database()
  function because of this.

- implimented the ypxfr service (using ypxfr from the yps-0.21 package,
  aso from the NYS project)

- added code to check the TCP port from which NIS requests originate:
  the server will refuse to serve the master.passwd.{byname|byuid} maps
  if the request doesn't come from a privileged port. Normally, only the
  superuser can issue such a request. Requests for the passwd.{bynam|byuid}
  maps aren't affected. There will be a small change made to getpwent.c
  in libc to complement this.

- added code to do DNS lookups via actual resolver queries instead of
  relying on gethostbyname() and friends. The author noted in the original
  documentation that a loop condition could arise where the server would
  query itself for hostsname lookups. Using direct DNS lookups prevents
  this from happening.

- added code to properly fork() the server into the background unless
  invoked with the -debug flag.

- Added combined syslog/perror function.

- fixed a few bugs (which were probably introduced by all the other
  changes)

- Created a bmake Makefile.

Note that this package can be linked against the tcp_wrapper package
to provide address-based authentication, but this isn't done by default
since the tcp_wrapper package isn't part of FreeBSD.
1995-01-31 08:58:57 +00:00