- rename OPTDB to OPTIMIZE_DB
- if OPTIMIZE_DB, in ypdb_open(), close a database if the open failed
with ENFILE or EMFILE [from openbsd].
- because of the above, don't bother checking first if any FDs are
available (with open("/", RDONLY) - it's a superfluous check.
- ensure that *map_info is set if a database was a cached open -
without this fix OPTIMIZE_DB didn't work too well...
- enable OPTIMIZE_DB by default - should speed up lookups
secure map support:
- add ypdb_secure(), which returns non-zero if the map has the YP_SECURE
private key set (which makedbm(8) -s adds) [from openbsd]
- modify various functions to check if a map is secure, and if so,
refuse to serve information to clients not requesting from an
IPPORT_RESERVED port [from openbsd]
- ensure that domainnames and map names are valid (don't contain
"/"'s, aren't too long, etc) [idea from openbsd, but using our
_yp_invalid_domain() et al, which does more checking.]
misc:
- add rcsid's
- implement _yp_invalid_map() (complements _yp_invalid_domain() in
libc - eventually _yp_invalid_map() may move to libc...)
- use %#x instead of 0x%x in debug log messages
follow our formatting convetions.
- add support for aliases, amd.home, master.passwd and netgroup maps
[initially from openbsd, reworked as above]
- if INSECURE != "yes" then the passwd.by* maps will not contain the
encrypted version of the passwd - privileged clients will request
info from the master.passwd.by* maps.
FreeBSD originally implemented this, and & OpenBSD supports it too.
[from openbsd].
By default, passwd maps are INSECURE, but in a *BSD-only environment,
this could be disabled to allow for a [slightly] higher degree of
security from non-root users...
if the initial open fails with EFTYPE. if a different database
format is found to be more efficient, just add the code to open it
prior to that of the other formats; this maintains backward
compatibility with older databases whilst providing new functionality...
- add rcsid's
- Do what the manual page says; don't create the log file if it does not exist.
- Limited support for ypserv v1; apparently sunos4 clients use it and sunos5
server provides the same.
Some of the stuff (e.g., rarpd, bootpd, dhcpd etc., libsa) still will
only support Ethernet. Tcpdump itself should be ok, but libpcap needs
lot of work.
For the detailed change history, look at the commit log entries for
the is-newarp branch.
lukem