NetBSD Problem Report #43900
From Wolfgang.Stukenbrock@nagler-company.com Thu Sep 23 13:40:59 2010
Return-Path: <Wolfgang.Stukenbrock@nagler-company.com>
Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11])
by www.NetBSD.org (Postfix) with ESMTP id C001463B97A
for <gnats-bugs@gnats.NetBSD.org>; Thu, 23 Sep 2010 13:40:59 +0000 (UTC)
Message-Id: <20100923134050.40B8C1E80CE@test-s0.nagler-company.com>
Date: Thu, 23 Sep 2010 15:40:50 +0200 (CEST)
From: Wolfgang.Stukenbrock@nagler-company.com
Reply-To: Wolfgang.Stukenbrock@nagler-company.com
To: gnats-bugs@gnats.NetBSD.org
Subject: ypbind(8) fails to handle multiple domains correcly
X-Send-Pr-Version: 3.95
>Number: 43900
>Category: bin
>Synopsis: ypbind(8) fails to handle multiple domains correcly
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: dholland
>State: closed
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Thu Sep 23 13:45:00 +0000 2010
>Closed-Date: Sat Jul 09 08:10:09 +0000 2011
>Last-Modified: Wed Nov 05 09:50:00 +0000 2014
>Originator: Wolfgang Stukenbrock
>Release: NetBSD 5.0.2
>Organization:
Dr. Nagler & Company GmbH
>Environment:
System: NetBSD s051 5.0.2 NetBSD 5.0.2 (NSW-S051) #2: Thu Aug 12 18:30:48 CEST 2010 wgstuken@s051:/usr/src/sys/arch/amd64/compile/NSW-S051 amd64
Architecture: x86_64
Machine: amd64
>Description:
The current implementation of ypbind will only handle multiple domains correctly
if it runs in broadcast mode. Direct binding and ypset-mode may not handle
different sets of ypservers for different domains correcly.
The cause for the problem is that in ypbind.c some state information is stored
from global variables and not in domain specific data.
These global variables are correct for the default domain, but not for any
additional domain.
The current implementation will use the /var/yp/bind/<defaultdomain>.ypservers for
any domain ypbind is ask for.
And in the current implementation ypset will set the server for the specified domain
but switches to "ypset-mode" for all domains. So all other domains not explitly bound by
a separate ypset call will fail.
>How-To-Repeat:
Setup multiple ypserver for different domains on different hosts.
Setup a client /var/yp/binding/... for the domains to the correct hosts.
The client will fail to contact the domain, that is not the default domain.
Try to use "ypbind -ypset" and "ypset -d <domain> <host>". It will set the domain
to that host, but all other domains may not be resolved anymore.
>Fix:
As a workaround ypbind(8) can be forced to broadcast mode (for all domains) so the
additionals domains can be used. But useing broadcast can be a security problem.
The following patch eliminates the problem.
It will move some previously global varaibles into the per domain structure.
It will correct a minor bug in yp_log() by adding the missing '\n' if debug != 0.
This patch will not search for any existing /var/yp/binding/xxxxx.ypservers file and
prepare an internal structure with this information. This additional change may be usefull
to avoid the (rare) situation, that a DOS attack is run against the system and all (100)
allowed domain-names are setup before a configured one is loaded by a request from a valid
client.
--- ypbind.c 2010/09/23 12:21:31 1.1
+++ ypbind.c 2010/09/23 13:19:03
@@ -76,6 +76,10 @@
#define YPSERVERSSUFF ".ypservers"
#define BINDINGDIR (_PATH_VAR_YP "binding")
+typedef enum {
+ YPBIND_DIRECT, YPBIND_BROADCAST, YPBIND_SETLOCAL, YPBIND_SETALL
+} ypbind_mode_t;
+
struct _dom_binding {
struct _dom_binding *dom_pnext;
char dom_domain[YPMAXDOMAIN + 1];
@@ -88,6 +92,14 @@
int dom_lockfd;
int dom_alive;
u_int32_t dom_xid;
+ FILE *direct_fp;
+ ypbind_mode_t bind_mode;
+/*
+ * If ypbindmode is YPBIND_SETLOCAL or YPBIND_SETALL, this indicates
+ * whether or not we've been "ypset". If we haven't, we behave like
+ * YPBIND_BROADCAST. If we have, we behave like YPBIND_DIRECT.
+ */
+ int been_ypset;
};
static char *domainname;
@@ -95,18 +107,7 @@
static struct _dom_binding *ypbindlist;
static int check;
-typedef enum {
- YPBIND_DIRECT, YPBIND_BROADCAST, YPBIND_SETLOCAL, YPBIND_SETALL
-} ypbind_mode_t;
-
-ypbind_mode_t ypbindmode;
-
-/*
- * If ypbindmode is YPBIND_SETLOCAL or YPBIND_SETALL, this indicates
- * whether or not we've been "ypset". If we haven't, we behave like
- * YPBIND_BROADCAST. If we have, we behave like YPBIND_DIRECT.
- */
-int been_ypset;
+ypbind_mode_t default_ypbindmode;
#ifdef DEBUG
static int debug;
@@ -142,7 +143,7 @@
static struct _dom_binding *xid2ypdb(u_int32_t);
static u_int32_t unique_xid(struct _dom_binding *);
static int broadcast(char *, int);
-static int direct(char *, int);
+static int direct(struct _dom_binding *, char *, int);
static int direct_set(char *, int, struct _dom_binding *);
static void
@@ -168,7 +169,7 @@
#if defined(DEBUG)
if (debug)
- (void)vprintf(fmt, ap);
+ { (void)vprintf(fmt, ap); (void)printf("\n"); }
else
#endif
vsyslog(pri, fmt, ap);
@@ -179,14 +180,43 @@
makebinding(const char *dm)
{
struct _dom_binding *ypdb;
+ struct stat st;
+ char pathname[MAXPATHLEN];
if ((ypdb = (struct _dom_binding *)malloc(sizeof *ypdb)) == NULL) {
- yp_log(LOG_ERR, "makebinding");
+ yp_log(LOG_ERR, "makebinding out of memory");
exit(1);
}
(void)memset(ypdb, 0, sizeof *ypdb);
(void)strlcpy(ypdb->dom_domain, dm, sizeof ypdb->dom_domain);
+
+/*
+ * do some common initialisation for a new domain entry ...
+ */
+
+ if ((ypdb->bind_mode = default_ypbindmode) == YPBIND_DIRECT) {
+ (void)snprintf(pathname, sizeof(pathname), "%s/%s%s", BINDINGDIR,
+ dm, YPSERVERSSUFF);
+
+ if (stat(pathname, &st) < 0) {
+#ifdef DEBUG
+ if (debug)
+ (void)printf("%s does not exist, defaulting to "
+ "broadcast\n", pathname);
+#endif
+ ypdb->bind_mode = YPBIND_BROADCAST;
+ } else if ((ypdb->direct_fp = fopen(pathname, "r")) == NULL) {
+ yp_log(LOG_WARNING, "%s exists, but is not readable - failing to serve domain %s",
+ pathname, dm);
+ }
+ }
+ ypdb->dom_xid = unique_xid(ypdb);
+ ypdb->dom_vers = YPVERS;
+ ypdb->dom_alive = 0;
+ ypdb->dom_lockfd = -1;
+ removelock(ypdb);
+
return ypdb;
}
@@ -266,11 +296,6 @@
if (ypdb == NULL) {
ypdb = makebinding(arg);
- ypdb->dom_vers = YPVERS;
- ypdb->dom_alive = 0;
- ypdb->dom_lockfd = -1;
- removelock(ypdb);
- ypdb->dom_xid = unique_xid(ypdb);
ypdb->dom_pnext = ypbindlist;
ypbindlist = ypdb;
check++;
@@ -334,7 +359,8 @@
(void)memset(&res, 0, sizeof(res));
fromsin = svc_getcaller(transp);
- switch (ypbindmode) {
+/* only need to check default bindmode here ... */
+ switch (default_ypbindmode) {
case YPBIND_SETLOCAL:
if (fromsin->sin_addr.s_addr != htonl(INADDR_LOOPBACK)) {
#ifdef DEBUG
@@ -347,7 +373,6 @@
/* FALLTHROUGH */
case YPBIND_SETALL:
- been_ypset = 1;
break;
case YPBIND_DIRECT:
@@ -385,7 +410,8 @@
#ifdef DEBUG
if (debug)
- (void)printf("ypset to %s succeeded\n", inet_ntoa(bindsin.sin_addr));
+ (void)printf("ypset for %s to %s succeeded\n", sd->ypsetdom_domain,
+ inet_ntoa(bindsin.sin_addr));
#endif
res = 1;
return &res;
@@ -459,8 +485,6 @@
fd_set fdsr;
int width, lockfd;
int evil = 0, one;
- char pathname[MAXPATHLEN];
- struct stat st;
setprogname(argv[0]);
(void)yp_get_default_domain(&domainname);
@@ -474,28 +498,18 @@
* Note that we can still override direct mode by passing
* the -broadcast flag.
*/
- (void)snprintf(pathname, sizeof(pathname), "%s/%s%s", BINDINGDIR,
- domainname, YPSERVERSSUFF);
- if (stat(pathname, &st) < 0) {
-#ifdef DEBUG
- if (debug)
- (void)printf("%s does not exist, defaulting to "
- "broadcast\n", pathname);
-#endif
- ypbindmode = YPBIND_BROADCAST;
- } else
- ypbindmode = YPBIND_DIRECT;
+ default_ypbindmode = YPBIND_DIRECT;
while (--argc) {
++argv;
if (!strcmp("-insecure", *argv))
insecure = 1;
else if (!strcmp("-ypset", *argv))
- ypbindmode = YPBIND_SETALL;
+ default_ypbindmode = YPBIND_SETALL;
else if (!strcmp("-ypsetme", *argv))
- ypbindmode = YPBIND_SETLOCAL;
+ default_ypbindmode = YPBIND_SETLOCAL;
else if (!strcmp("-broadcast", *argv))
- ypbindmode = YPBIND_BROADCAST;
+ default_ypbindmode = YPBIND_BROADCAST;
#ifdef DEBUG
else if (!strcmp("-d", *argv))
debug++;
@@ -561,10 +575,6 @@
/* build initial domain binding, make it "unsuccessful" */
ypbindlist = makebinding(domainname);
- ypbindlist->dom_vers = YPVERS;
- ypbindlist->dom_alive = 0;
- ypbindlist->dom_lockfd = -1;
- removelock(ypbindlist);
checkwork();
@@ -791,10 +801,10 @@
yp_log(LOG_WARNING, "nag_servers: sendto: %m");
}
- switch (ypbindmode) {
+ switch (ypdb->bind_mode) {
case YPBIND_SETALL:
case YPBIND_SETLOCAL:
- if (been_ypset)
+ if (ypdb->been_ypset)
return direct_set(buf, outlen, ypdb);
/* FALLTHROUGH */
@@ -802,7 +812,7 @@
return broadcast(buf, outlen);
case YPBIND_DIRECT:
- return direct(buf, outlen);
+ return direct(ypdb, buf, outlen);
}
/*NOTREACHED*/
return -1;
@@ -861,70 +871,60 @@
}
static int
-direct(char *buf, int outlen)
+direct(struct _dom_binding *ypdb, char *buf, int outlen)
{
- static FILE *df;
- static char ypservers_path[MAXPATHLEN];
char line[_POSIX2_LINE_MAX];
char *p;
struct hostent *hp;
struct sockaddr_in bindsin;
int i, count = 0;
- if (df)
- rewind(df);
- else {
- (void)snprintf(ypservers_path, sizeof(ypservers_path),
- "%s/%s%s", BINDINGDIR, domainname, YPSERVERSSUFF);
- df = fopen(ypservers_path, "r");
- if (df == NULL) {
- yp_log(LOG_ERR, "%s: ", ypservers_path);
- exit(1);
- }
- }
+ if (ypdb->direct_fp) {
+ rewind(ypdb->direct_fp);
- (void)memset(&bindsin, 0, sizeof bindsin);
- bindsin.sin_family = AF_INET;
- bindsin.sin_len = sizeof(bindsin);
- bindsin.sin_port = htons(PMAPPORT);
+ (void)memset(&bindsin, 0, sizeof bindsin);
+ bindsin.sin_family = AF_INET;
+ bindsin.sin_len = sizeof(bindsin);
+ bindsin.sin_port = htons(PMAPPORT);
- while(fgets(line, (int)sizeof(line), df) != NULL) {
- /* skip lines that are too big */
- p = strchr(line, '\n');
- if (p == NULL) {
- int c;
+ while(fgets(line, (int)sizeof(line), ypdb->direct_fp) != NULL) {
+ /* skip lines that are too big */
+ p = strchr(line, '\n');
+ if (p == NULL) {
+ int c;
- while ((c = getc(df)) != '\n' && c != EOF)
- ;
- continue;
- }
- *p = '\0';
- p = line;
- while (isspace((unsigned char)*p))
- p++;
- if (*p == '#')
- continue;
- hp = gethostbyname(p);
- if (!hp) {
- yp_log(LOG_WARNING, "%s: %s", p, hstrerror(h_errno));
- continue;
- }
- /* step through all addresses in case first is unavailable */
- for (i = 0; hp->h_addr_list[i]; i++) {
- (void)memcpy(&bindsin.sin_addr, hp->h_addr_list[0],
- hp->h_length);
- if (sendto(rpcsock, buf, outlen, 0,
- (struct sockaddr *)(void *)&bindsin,
- (socklen_t)sizeof(bindsin)) < 0) {
- yp_log(LOG_WARNING, "direct: sendto: %m");
+ while ((c = getc(ypdb->direct_fp)) != '\n' && c != EOF)
+ ;
continue;
- } else
- count++;
+ }
+ *p = '\0';
+ p = line;
+ while (isspace((unsigned char)*p))
+ p++;
+ if (*p == '#')
+ continue;
+ hp = gethostbyname(p);
+ if (!hp) {
+ yp_log(LOG_WARNING, "%s: %s", p, hstrerror(h_errno));
+ continue;
+ }
+ /* step through all addresses in case first is unavailable */
+ for (i = 0; hp->h_addr_list[i]; i++) {
+ (void)memcpy(&bindsin.sin_addr, hp->h_addr_list[0],
+ hp->h_length);
+ if (sendto(rpcsock, buf, outlen, 0,
+ (struct sockaddr *)(void *)&bindsin,
+ (socklen_t)sizeof(bindsin)) < 0) {
+ yp_log(LOG_WARNING, "direct: sendto: %m");
+ continue;
+ } else
+ count++;
+ }
}
}
if (!count) {
- yp_log(LOG_WARNING, "no contactable servers found in %s",
- ypservers_path);
+ yp_log(LOG_WARNING, "no contactable servers found for domain %s",
+ ypdb->dom_domain);
return -1;
}
return 0;
@@ -951,7 +951,7 @@
if ((fd = open(path, O_SHLOCK|O_RDONLY, 0644)) == -1) {
yp_log(LOG_WARNING, "%s: %m", path);
- been_ypset = 0;
+ ypdb->been_ypset = 0;
return -1;
}
@@ -969,7 +969,7 @@
if (bytes != (iov[0].iov_len + iov[1].iov_len)) {
/* Binding file corrupt? */
yp_log(LOG_WARNING, "%s: %m", path);
- been_ypset = 0;
+ ypdb->been_ypset = 0;
return -1;
}
@@ -1141,7 +1141,6 @@
if (force == 0)
return;
ypdb = makebinding(dom);
- ypdb->dom_lockfd = -1;
ypdb->dom_pnext = ypbindlist;
ypbindlist = ypdb;
}
@@ -1161,7 +1160,6 @@
sizeof ypdb->dom_server_addr);
/* recheck binding in 60 seconds */
ypdb->dom_check_t = time(NULL) + 60;
- ypdb->dom_vers = YPVERS;
ypdb->dom_alive = 1;
if (ypdb->dom_lockfd != -1)
@@ -1195,6 +1193,11 @@
removelock(ypdb);
ypdb->dom_lockfd = -1;
}
+/* we know that force != 0 only for the ypset-call - avoid search for the pointer
+ * again by the caller - set been_ypset here
+ */
+ if (force != 0)
+ ypdb->been_ypset = 1;
}
static struct _dom_binding *
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: bin-bug-people->dholland
Responsible-Changed-By: dholland@NetBSD.org
Responsible-Changed-When: Mon, 27 Sep 2010 02:08:10 +0000
Responsible-Changed-Why:
I want gnats to remind me to look at this.
From: David Holland <dholland-bugs@netbsd.org>
To: gnats-bugs@NetBSD.org
Cc:
Subject: Re: bin/43900: ypbind(8) fails to handle multiple domains correcly
Date: Mon, 23 May 2011 05:24:46 +0000
On Thu, Sep 23, 2010 at 01:45:00PM +0000, Wolfgang.Stukenbrock@nagler-company.com wrote:
> The current implementation of ypbind will only handle multiple
> domains correctly if it runs in broadcast mode. Direct binding and
> ypset-mode may not handle different sets of ypservers for different
> domains correcly. The cause for the problem is that in ypbind.c
> some state information is stored from global variables and not in
> domain specific data. These global variables are correct for the
> default domain, but not for any additional domain.
>
> The current implementation will use the
> /var/yp/bind/<defaultdomain>.ypservers for any domain ypbind is ask
> for. And in the current implementation ypset will set the server
> for the specified domain but switches to "ypset-mode" for all
> domains. So all other domains not explitly bound by a separate
> ypset call will fail.
Right, so this is definitely quite broken.
However, I'm concerned about the semantics for ypbindmode. It seems to
me (particularly from the man page, but also from going over the code)
that the intent of the -ypset and -ypsetme options is to allow ypset
to be used for domains that we broadcast for. This is basically a
global permission setting and I don't think it makes sense to try to
track or configure it on a per-domain basis.
Thus I think YPBIND_SETALL and YPBIND_SETLOCAL should be removed from
the modes enumeration and replaced with a pair of global flags. Then I
think the broadcast vs. direct mode can be handled separately for each
domain without getting into trouble.
(I'm also wondering whether it makes sense, for domains in direct
mode, and if ypset is enabled, to allow ypset to pick one of the
servers that's in the configured servers list for that domain. I
suppose since it's not 1990 that it's a fairly pointless idea.)
--
David A. Holland
dholland@netbsd.org
From: Wolfgang Stukenbrock <Wolfgang.Stukenbrock@nagler-company.com>
To: gnats-bugs@NetBSD.org
Cc: dholland@NetBSD.org, gnats-admin@NetBSD.org, netbsd-bugs@NetBSD.org,
Wolfgang.Stukenbrock@nagler-company.com
Subject: Re: bin/43900: ypbind(8) fails to handle multiple domains correcly
Date: Mon, 23 May 2011 08:44:54 +0200
Hi,
if it is nessesary to use ypset in a particular setup for any reasons, I
think it would make sence to have the ability to restrict this to a
subset of the domains that are bound.
I do not use ypset for security reasons, but if anyone else does, I
think that a setup where the "main"-Domain of the system (e.g. used for
logins) cannot be modified by ypset, but for some or all other
"additional" domains it may make sence.
Neverless this will be a very rare case at all.
And it would not be easy to specify this on the command line. You can
only allow ypset for "known" domains at the time of start of ypbind or
for all.
The important point is to support different sets of servers for
different Domains via binding-files.
My remarks to ypset in the PR should only show the effects of ypset and
that it is not a workaround for the problem because I need to set all
domains via ypset in that case ...
best regards
W. Stukenbrock
David Holland wrote:
> The following reply was made to PR bin/43900; it has been noted by GNATS.
>
> From: David Holland <dholland-bugs@netbsd.org>
> To: gnats-bugs@NetBSD.org
> Cc:
> Subject: Re: bin/43900: ypbind(8) fails to handle multiple domains correcly
> Date: Mon, 23 May 2011 05:24:46 +0000
>
> On Thu, Sep 23, 2010 at 01:45:00PM +0000, Wolfgang.Stukenbrock@nagler-company.com wrote:
> > The current implementation of ypbind will only handle multiple
> > domains correctly if it runs in broadcast mode. Direct binding and
> > ypset-mode may not handle different sets of ypservers for different
> > domains correcly. The cause for the problem is that in ypbind.c
> > some state information is stored from global variables and not in
> > domain specific data. These global variables are correct for the
> > default domain, but not for any additional domain.
> >
> > The current implementation will use the
> > /var/yp/bind/<defaultdomain>.ypservers for any domain ypbind is ask
> > for. And in the current implementation ypset will set the server
> > for the specified domain but switches to "ypset-mode" for all
> > domains. So all other domains not explitly bound by a separate
> > ypset call will fail.
>
> Right, so this is definitely quite broken.
>
> However, I'm concerned about the semantics for ypbindmode. It seems to
> me (particularly from the man page, but also from going over the code)
> that the intent of the -ypset and -ypsetme options is to allow ypset
> to be used for domains that we broadcast for. This is basically a
> global permission setting and I don't think it makes sense to try to
> track or configure it on a per-domain basis.
>
> Thus I think YPBIND_SETALL and YPBIND_SETLOCAL should be removed from
> the modes enumeration and replaced with a pair of global flags. Then I
> think the broadcast vs. direct mode can be handled separately for each
> domain without getting into trouble.
>
> (I'm also wondering whether it makes sense, for domains in direct
> mode, and if ypset is enabled, to allow ypset to pick one of the
> servers that's in the configured servers list for that domain. I
> suppose since it's not 1990 that it's a fairly pointless idea.)
>
> --
> David A. Holland
> dholland@netbsd.org
>
>
>
>
--
Dr. Nagler & Company GmbH
Hauptstraße 9
92253 Schnaittenbach
Tel. +49 9622/71 97-42
Fax +49 9622/71 97-50
Wolfgang.Stukenbrock@nagler-company.com
http://www.nagler-company.com
Hauptsitz: Schnaittenbach
Handelregister: Amberg HRB
Gerichtsstand: Amberg
Steuernummer: 201/118/51825
USt.-ID-Nummer: DE 273143997
Geschäftsführer: Dr. Martin Nagler, Dr. Dr. Karl-Kuno Kunze
From: David Holland <dholland-bugs@netbsd.org>
To: gnats-bugs@NetBSD.org
Cc:
Subject: Re: bin/43900: ypbind(8) fails to handle multiple domains correcly
Date: Mon, 23 May 2011 06:54:25 +0000
On Mon, May 23, 2011 at 08:44:54AM +0200, Wolfgang Stukenbrock wrote:
> if it is nessesary to use ypset in a particular setup for any
> reasons, I think it would make sence to have the ability to
> restrict this to a subset of the domains that are bound.
> I do not use ypset for security reasons, but if anyone else does, I
> think that a setup where the "main"-Domain of the system (e.g. used
> for logins) cannot be modified by ypset, but for some or all other
> "additional" domains it may make sence.
>
> Neverless this will be a very rare case at all.
> And it would not be easy to specify this on the command line. You
> can only allow ypset for "known" domains at the time of start of
> ypbind or for all.
Yeah. It's probably not worth worrying about, I think.
> The important point is to support different sets of servers for
> different Domains via binding-files.
> My remarks to ypset in the PR should only show the effects of ypset
> and that it is not a workaround for the problem because I need to
> set all domains via ypset in that case ...
I have a candidate set of patches (a 19-part patchbomb, in fact) that
does a whole bunch of rototill and merges most of your patch, although
not all of it's quite the same.
I was thinking about sending this to you but there's probably no point
until I've tested it all in my own (single-domain) environment. I'm
currently planning to get that done tomorrow.
Thanks...
--
David A. Holland
dholland@netbsd.org
From: "David A. Holland" <dholland@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/43900 CVS commit: src/usr.sbin/ypbind
Date: Tue, 24 May 2011 06:57:55 +0000
Module Name: src
Committed By: dholland
Date: Tue May 24 06:57:55 UTC 2011
Modified Files:
src/usr.sbin/ypbind: ypbind.c
Log Message:
Fix up calls to yp_log. They cannot use %m, because if the -d option
is used the messages are sent via printf instead of syslog(3).
Also, make sure that none of the calls include a trailing newline and
issue a trailing newline in the -d case so they actually print properly.
(This was noted by Wolfgang Stukenbrock in PR 43900.)
And finally, fix some cases that could in some circumstances print
uninitialized errnos.
To generate a diff of this commit:
cvs rdiff -u -r1.71 -r1.72 src/usr.sbin/ypbind/ypbind.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
From: "David A. Holland" <dholland@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/43900 CVS commit: src/usr.sbin/ypbind
Date: Tue, 24 May 2011 07:00:07 +0000
Module Name: src
Committed By: dholland
Date: Tue May 24 07:00:07 UTC 2011
Modified Files:
src/usr.sbin/ypbind: ypbind.c
Log Message:
Fix initialization of struct domain; initialize all fields in all
cases, merge duplicate code, make sure every domain gets an xid
assigned.
Partly from Wolfgang Stukenbrock's patch in PR 43900.
To generate a diff of this commit:
cvs rdiff -u -r1.79 -r1.80 src/usr.sbin/ypbind/ypbind.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
From: "David A. Holland" <dholland@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/43900 CVS commit: src/usr.sbin/ypbind
Date: Tue, 24 May 2011 07:00:34 +0000
Module Name: src
Committed By: dholland
Date: Tue May 24 07:00:34 UTC 2011
Modified Files:
src/usr.sbin/ypbind: ypbind.c
Log Message:
Allowing ypset is a global permission flag, not an operating mode like
broadcast vs. configured/direct. Don't conflate the logic. As I proposed
in PR 43900.
To generate a diff of this commit:
cvs rdiff -u -r1.80 -r1.81 src/usr.sbin/ypbind/ypbind.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
From: "David A. Holland" <dholland@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/43900 CVS commit: src/usr.sbin/ypbind
Date: Tue, 24 May 2011 07:01:15 +0000
Module Name: src
Committed By: dholland
Date: Tue May 24 07:01:15 UTC 2011
Modified Files:
src/usr.sbin/ypbind: ypbind.c
Log Message:
The ypbindmode really needs to be per-domain, so adjust accordingly.
Partly from Wolfgang Stukenbrock's patch in PR 43900.
To generate a diff of this commit:
cvs rdiff -u -r1.81 -r1.82 src/usr.sbin/ypbind/ypbind.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
From: "David A. Holland" <dholland@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/43900 CVS commit: src/usr.sbin/ypbind
Date: Tue, 24 May 2011 07:01:24 +0000
Module Name: src
Committed By: dholland
Date: Tue May 24 07:01:24 UTC 2011
Modified Files:
src/usr.sbin/ypbind: ypbind.c
Log Message:
The been_ypset flag really needs to be per-domain also. Do that.
Partly from Wolfgang Stukenbrock's patch in PR 43900.
To generate a diff of this commit:
cvs rdiff -u -r1.82 -r1.83 src/usr.sbin/ypbind/ypbind.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
From: "David A. Holland" <dholland@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/43900 CVS commit: src/usr.sbin/ypbind
Date: Tue, 24 May 2011 07:01:41 +0000
Module Name: src
Committed By: dholland
Date: Tue May 24 07:01:40 UTC 2011
Modified Files:
src/usr.sbin/ypbind: ypbind.c
Log Message:
The FILE* kept open for /var/yp/binding/foo.ypservers needs to be
per-domain. Also, use the file for the domain we're servicing instead
of always the file for the default domain.
Partly from Wolfgang Stukenbrock's patch in PR 43900.
To generate a diff of this commit:
cvs rdiff -u -r1.83 -r1.84 src/usr.sbin/ypbind/ypbind.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
From: "David A. Holland" <dholland@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/43900 CVS commit: src/usr.sbin/ypbind
Date: Tue, 24 May 2011 07:01:54 +0000
Module Name: src
Committed By: dholland
Date: Tue May 24 07:01:53 UTC 2011
Modified Files:
src/usr.sbin/ypbind: ypbind.c
Log Message:
Merge a couple more minor improvements from Wolfgang Stukenbrock's
patch in PR 43900.
To generate a diff of this commit:
cvs rdiff -u -r1.84 -r1.85 src/usr.sbin/ypbind/ypbind.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
State-Changed-From-To: open->feedback
State-Changed-By: dholland@NetBSD.org
State-Changed-When: Tue, 24 May 2011 07:09:23 +0000
State-Changed-Why:
This should be fixed now in HEAD. Please give it a try in your environment;
I'm not set up to be able to test multiple domains.
On the minus side, releng is not going to want to pull all this rototill up
to netbsd-5. Do you need it fixed in netbsd-5, or are you ok with using
ypbind from -current until netbsd-6 comes out?
From: "David A. Holland" <dholland@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/43900 CVS commit: src/usr.sbin/ypbind
Date: Wed, 25 May 2011 04:33:52 +0000
Module Name: src
Committed By: dholland
Date: Wed May 25 04:33:52 UTC 2011
Modified Files:
src/usr.sbin/ypbind: ypbind.c
Log Message:
When checking if /var/yp/binding/foo.ypservers exists, use the domain
name of the domain being checked instead of the default domain name. Duh.
Necessary for PR 43900.
To generate a diff of this commit:
cvs rdiff -u -r1.86 -r1.87 src/usr.sbin/ypbind/ypbind.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
From: Wolfgang Stukenbrock <Wolfgang.Stukenbrock@nagler-company.com>
To: gnats-bugs@NetBSD.org
Cc: dholland@NetBSD.org, netbsd-bugs@NetBSD.org, gnats-admin@NetBSD.org,
Wolfgang.Stukenbrock@nagler-company.com
Subject: Re: bin/43900 (ypbind(8) fails to handle multiple domains correcly)
Date: Thu, 07 Jul 2011 11:25:36 +0200
Hi,
now I've found the time to test it ...
I've took the "latest" version from MAIN (1.88).
It is working with two domains as it should do - at least if there are
"ypservers" files present.
In my current setup I cannot check if fixing one domain by a
servers-file and useing broadcast with another one is working correctly
- sorry.
"ypwhich -d dom2" runs in a timeout and I see some broadcast requests to
rpcbind on the wire if I try to ask for a domain (dom2) without a
servers-file in /var/yp/binding. But there is no answer, as it is, if I
start ypbind with -broadcast for the default-domain.
I assume that it would work, if there someone will send an answer ....
I think you can close the report. Thanks.
PS: I do not need it in 5.x, because I have "my own" patch for it that
makes it working for me.
Best reguards
W. Stukenbrock
dholland@NetBSD.org wrote:
> Synopsis: ypbind(8) fails to handle multiple domains correcly
>
> State-Changed-From-To: open->feedback
> State-Changed-By: dholland@NetBSD.org
> State-Changed-When: Tue, 24 May 2011 07:09:23 +0000
> State-Changed-Why:
> This should be fixed now in HEAD. Please give it a try in your environment;
> I'm not set up to be able to test multiple domains.
>
> On the minus side, releng is not going to want to pull all this rototill up
> to netbsd-5. Do you need it fixed in netbsd-5, or are you ok with using
> ypbind from -current until netbsd-6 comes out?
>
State-Changed-From-To: feedback->closed
State-Changed-By: wiz@NetBSD.org
State-Changed-When: Sat, 09 Jul 2011 08:10:09 +0000
State-Changed-Why:
Submitter reports problem can be closed. Thanks for the feedback!
From: "SAITOH Masanobu" <msaitoh@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/43900 CVS commit: [netbsd-5] src/usr.sbin/ypbind
Date: Mon, 3 Nov 2014 18:48:42 +0000
Module Name: src
Committed By: msaitoh
Date: Mon Nov 3 18:48:42 UTC 2014
Modified Files:
src/usr.sbin/ypbind [netbsd-5]: ypbind.8 ypbind.c
Log Message:
Pull up following revision(s) (requested by jmcneill in dholland ticket #1925):
usr.sbin/ypbind/ypbind.8 1.19-1.20
usr.sbin/ypbind/ypbind.c 1.63-1.98
State handling fixes and cleanups in ypbind; it no longer churns the
disk, spams syslogd when the server goes down, or gets confused about
its binding state. Fixes PR#15355, PR#32519 and also PR#43900.
To generate a diff of this commit:
cvs rdiff -u -r1.18 -r1.18.6.1 src/usr.sbin/ypbind/ypbind.8
cvs rdiff -u -r1.57.18.1 -r1.57.18.2 src/usr.sbin/ypbind/ypbind.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
From: David Holland <dholland-bugs@netbsd.org>
To: gnats-bugs@NetBSD.org
Cc:
Subject: Re: PR/43900 CVS commit: [netbsd-5] src/usr.sbin/ypbind
Date: Wed, 5 Nov 2014 09:45:47 +0000
On Mon, Nov 03, 2014 at 06:50:02PM +0000, SAITOH Masanobu wrote:
> usr.sbin/ypbind/ypbind.8 1.19-1.20
> usr.sbin/ypbind/ypbind.c 1.63-1.98
>
> State handling fixes and cleanups in ypbind; it no longer churns the
> disk, spams syslogd when the server goes down, or gets confused about
> its binding state. Fixes PR#15355, PR#32519 and also PR#43900.
So, for the record, the PR 43900 rototill got pulled up because the PR
32519 rototill sat on top of it, so the best way to deal with ypbind
on -5 was to sync it up with HEAD.
I've been running it on -5 for some months with no ill effects.
--
David A. Holland
dholland@netbsd.org
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.
Home