Add -b and -s flags for adding YP_INTERDOMAIN and YP_SECURE entries to

map databases. Also document said flags in the man page. Adding YP_INTERDOMAIN to a map causes ypserv(8) to do a DNS lookup when a yp_match() on the map fails. (This affects only the hosts.by* maps; for all other maps it's ignored.) The YP_SECURE entry causes ypserv(8) to restrict access to the map so that only clients making requests from reserved ports can get at it. Our ypserv doesn't currently support these features so they're silently ignored for the moment, but this will change. :)
svn path=/head/; revision=19155
2024-11-05 18:22:52 +00:00 · 1996-10-24 14:52:50 +00:00 · 1996-10-24 14:52:50 +00:00 · 21c2d66cd6 · 2020-12-20 02:59:44 +00:00
commit 21c2d66cd6
parent 0ee48eaae9
2 changed files with 67 additions and 11 deletions
--- a/usr.sbin/yp_mkdb/yp_mkdb.8
+++ b/usr.sbin/yp_mkdb/yp_mkdb.8
@ -43,6 +43,8 @@
 .Fl u Ar dbname
 .Nm yp_mkdb
 .Op Fl c
+.Op Fl b
+.Op Fl s
 .Op Fl i Ar inputfile
 .Op Fl o Ar outputfile
 .Op Fl m Ar mastername
@ -96,6 +98,36 @@ of a database creation command,
 .Nm yp_mkdb
 will send the signal only after the new database has been successfully
 created.
+.It Fl b
+This flag causes
+.Nm yp_mkdb
+to add a special entry to the database with a key of
+.Em YP_INTERDOMAIN
+and an empty data field. If this key is present in a map, it alters the
+behavior of the 'match' procedure in
+.Xr ypserv 8
+slightly. If a match query fails (because the server couldn't find
+a record that matched the supplied key), and the
+.Em YP_INTERDOMAIN
+key exists within the queried may,
+.Xr ypserv 8
+will try to match the entry again using a DNS lookup. Note that this
+special behavior only applies to the
+.Em hosts
+maps. Using the
+.Fl b
+flag for other maps has no effect.
+.Pp
+.It Fl s
+This flag is used to add a special entry to the database with a key of
+.Em YP_SECURE
+and an empty data field. If this key is present in a map,
+.Xr ypserv 8
+will deny access to the map to any client that is not using a
+reserved port for its query. This is used mainly for the
+.Em master.passwd
+maps, which should be restricted to privileged access only.
+.Pp
 .It Fl u Ar dbname
 .Pp
 Dump (or 'unwind') an NIS database. This option can be used to
@ -104,22 +136,22 @@ inspect the contents of an existing NIS database.
 .Pp
 When generating an NIS map, encode
 .Nm inputfile
-as a special entry in the database with called
-.Nm YP_INPUT_FILE.
+as a special entry in the database with a key of
+.Em YP_INPUT_FILE.
 .Pp
 .It Op Fl o Ar outputfile
 .Pp
 When generating an NIS map, encode
 .Nm outputfile
-as a special entry in the database with called
-.Nm YP_OUTPUT_FILE .
+as a special entry in the database with a key of
+.Em YP_OUTPUT_FILE .
 .Pp
 .It Op Fl m Ar mastername
 .Pp
 When generating an NIS map encode
 .Nm mastername
-as a special entry in the database with called
-.Nm YP_MASTER_NAME .
+as a special entry in the database with a key of
+.Em YP_MASTER_NAME .
 This entry in the database is frequently used by various NIS utilities
 to determine the name of an NIS master server for a domain. By default,
 .Nm yp_mkdb
--- a/usr.sbin/yp_mkdb/yp_mkdb.c
+++ b/usr.sbin/yp_mkdb/yp_mkdb.c
@ -29,7 +29,7 @@
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 *
- *	$Id: yp_mkdb.c,v 1.5 1996/06/03 03:12:32 wpaul Exp $
+ *	$Id: yp_mkdb.c,v 1.5 1996/06/03 03:12:32 wpaul Exp wpaul $
 */

 #include <stdio.h>
@ -50,7 +50,7 @@
 #include "ypxfr_extern.h"

 #ifndef lint
-static const char rcsid[] = "$Id: yp_mkdb.c,v 1.5 1996/06/03 03:12:32 wpaul Exp $";
+static const char rcsid[] = "$Id: yp_mkdb.c,v 1.5 1996/06/03 03:12:32 wpaul Exp wpaul $";
 #endif

 char *yp_dir = "";	/* No particular default needed. */
@ -62,8 +62,8 @@ static void usage()
 {
 	fprintf(stderr, "usage: %s -c\n", progname);
 	fprintf(stderr, "usage: %s -u dbname\n", progname);
-	fprintf(stderr, "usage: %s [-c] [-i inputfile] [-o outputfile]\n",
-								progname);
+	fprintf(stderr, "usage: %s [-c] [-b] [-s] [-i inputfile] \
+[-o outputfile]\n", progname);
 	fprintf(stderr, "               [-d domainname ] [-m mastername] \
 inputfile dbname\n");
 	exit(1);
@ -112,6 +112,8 @@ main (argc, argv)
 	char *infilename = NULL;
 	char *outfilename = NULL;
 	char *mastername = NULL;
+	int interdom = 0;
+	int secure = 0;
 	DB *dbp;
 	DBT key, data;
 	char buf[10240];
@ -119,7 +121,7 @@ main (argc, argv)
 	FILE *ifp;
 	char hname[MAXHOSTNAMELEN + 2];

-	while ((ch = getopt(argc, argv, "uhcd:i:o:m:")) != EOF) {
+	while ((ch = getopt(argc, argv, "uhcbsd:i:o:m:")) != EOF) {
 		switch(ch) {
 		case 'u':
 			un++;
@ -127,6 +129,12 @@ main (argc, argv)
 		case 'c':
 			clear++;
 			break;
+		case 'b':
+			interdom++;
+			break;
+		case 's':
+			secure++;
+			break;
 		case 'd':
 			domain = optarg;
 			break;
@ -189,6 +197,22 @@ main (argc, argv)
 	if ((dbp = open_db(map, O_RDWR|O_EXLOCK|O_EXCL|O_CREAT)) == NULL)
 		err(1, "open_db(%s) failed", map);

+	if (interdom) {
+		key.data = "YP_INTERDOMAIN";
+		key.size = sizeof("YP_INTERDOMAIN") - 1;
+		data.data = "";
+		data.size = 0;
+		yp_put_record(dbp, &key, &data, 0);
+	}
+
+	if (secure) {
+		key.data = "YP_SECURE";
+		key.size = sizeof("YP_SECURE") - 1;
+		data.data = "";
+		data.size = 0;
+		yp_put_record(dbp, &key, &data, 0);
+	}
+
 	key.data = "YP_MASTER_NAME";
 	key.size = sizeof("YP_MASTER_NAME") - 1;
 	data.data = mastername;