- ensure hostname from gethostname() is nul-terminated in all cases
- minor KNF
- use MAXHOSTNAMELEN over various other values/defines
- be safe will buffers that hold hostnames
i've fixed a lot of bugs in it):
* implement yp_close_map(struct opt_map *), to close a specific map,
using the guts of yp_close_last()
* simplify yp_close_last() to use yp_close_map()
* ypdb_open_db(): add the st_dev, st_ino, and st_mtime of each map to
the cached info, and check if changes if the db is cached; if so, close
the map and reopen it fresh. also uncache entries if the domain or
file disappear
if (test1)
if (test2)
error()
else {
...
}
this happened when i changed test2 from a void statement to actually
checking its return value.
the effect of this? a YP_MASTER_KEY value wasn't being added to the
generated databases, which was Not Good.
- use fgetln() instead of fgets()
- store info in internal buffer
- fix \\ support
- count line numbers internally, so \\ lines don't mess up count
* ypdb_store():
- ensure that the length of key or val doesn't exceed YPMAXRECORD
* makedbm, mknetid, revnetgroup, stdethers, stdhosts:
- improve error handling
- take advantage of rewritten read_line(), and cleanup line parsing
- don't print trailing ` ' for key/val pairs with an empty val
* Makefile.yp:
- fix up building of ypservers (from Chuck Cranor)
* ypinit.sh:
- remove leading spaces in variable assignment (from Chuck Cranor)
- rename OPTDB to OPTIMIZE_DB
- if OPTIMIZE_DB, in ypdb_open(), close a database if the open failed
with ENFILE or EMFILE [from openbsd].
- because of the above, don't bother checking first if any FDs are
available (with open("/", RDONLY) - it's a superfluous check.
- ensure that *map_info is set if a database was a cached open -
without this fix OPTIMIZE_DB didn't work too well...
- enable OPTIMIZE_DB by default - should speed up lookups
secure map support:
- add ypdb_secure(), which returns non-zero if the map has the YP_SECURE
private key set (which makedbm(8) -s adds) [from openbsd]
- modify various functions to check if a map is secure, and if so,
refuse to serve information to clients not requesting from an
IPPORT_RESERVED port [from openbsd]
- ensure that domainnames and map names are valid (don't contain
"/"'s, aren't too long, etc) [idea from openbsd, but using our
_yp_invalid_domain() et al, which does more checking.]
misc:
- add rcsid's
- implement _yp_invalid_map() (complements _yp_invalid_domain() in
libc - eventually _yp_invalid_map() may move to libc...)
- use %#x instead of 0x%x in debug log messages
follow our formatting convetions.
- add support for aliases, amd.home, master.passwd and netgroup maps
[initially from openbsd, reworked as above]
- if INSECURE != "yes" then the passwd.by* maps will not contain the
encrypted version of the passwd - privileged clients will request
info from the master.passwd.by* maps.
FreeBSD originally implemented this, and & OpenBSD supports it too.
[from openbsd].
By default, passwd maps are INSECURE, but in a *BSD-only environment,
this could be disabled to allow for a [slightly] higher degree of
security from non-root users...