Just when you thought it was safe...

- getnetgrent.c: address some NIS compatibility problems. We really need
to use the netgroup.byuser and netgroup.byhost maps to speed up innetgr()
when using NIS. Also, change the NIS interaction in the following way:

If /etc/netgroup does not exist or is empty (or contains only the
NIS '+' token), we now use NIS exclusively. This lets us use the
'reverse netgroup' maps and is more or less the behavior of other
platforms.

If /etc/netgroup exists and contains local netgroup data (but no '+').
we use only lthe local stuff and ignore NIS.

If /etc/netgroup exists and contains both local data and the '+',
we use the local data nd the netgroup map as a single combined
database (which, unfortunately, can be slow when the netgroup
database is large). This is what we have been doing up until now.

Head off a potential NULL pointer dereference in the old innetgr()
matching code.

Also fix the way the NIS netgroup map is incorporated into things:
adding the '+' is supposed to make it seem as though the netgroup
database is 'inserted' wherever the '+' is placed. We didn't quite
do it that way before.

(The NetBSD people apparently use a real, honest-to-gosh, netgroup.db
database that works just like the password database. This is
actually a neat idea since netgroups is the sort of thing that
can really benefit from having multi-key search capability,
particularly since reverse lookups require more than a trivial
amount of processing. Should we do something like this too?)

- netgroup.5: document all this stuff.

- rcmd.c: some sleuthing with some test programs linked with my own
version of innetgr() has revealed that SunOS always passes the NIS
domain name to innetgr() in the 'domain' argument. We might as well
do the same (if YP is defined).

- ether_addr.c: also fix the NIS interaction so that placing the
'+' token in the /etc/ethers file makes it seem like the NIS
ethers data is 'inserted' at that point. (Chances are nobody will
notice the effect of this change, which is just te way I like it. :)

1 files changed, 16 insertions, 4 deletions

diff --git a/lib/libc/net/rcmd.c b/lib/libc/net/rcmd.c
index 34ac18b..f0d756c 100644
--- a/lib/libc/net/rcmd.c
+++ b/lib/libc/net/rcmd.c
@@ -51,6 +51,11 @@ static char sccsid[] = "@(#)rcmd.c	8.3 (Berkeley) 3/26/94";
 #include <stdio.h>
 #include <ctype.h>
 #include <string.h>
+#ifdef YP
+#include <rpc/rpc.h>
+#include <rpcsvc/yp_prot.h>
+#include <rpcsvc/ypclnt.h>
+#endif
 
 #define max(a, b)	((a > b) ? a : b)
 
@@ -359,7 +364,14 @@ __ivaliduser(hostf, raddr, luser, ruser)
 	struct hostent *hp;
 	/* Presumed guilty until proven innocent. */
 	int userok = 0, hostok = 0;
+#ifdef YP
+	char *ypdomain;
 
+	if (yp_get_default_domain(&ypdomain))
+		ypdomain = NULL;
+#else
+#define	ypdomain NULL
+#endif
 	/* We need to get the damn hostname back for netgroup matching. */
 	if ((hp = gethostbyaddr((char *)&raddr, sizeof(u_long),
 							AF_INET)) == NULL)
@@ -403,14 +415,14 @@ __ivaliduser(hostf, raddr, luser, ruser)
 			}
 			if (buf[1] == '@')  /* match a host by netgroup */
 				hostok = innetgr((char *)&buf[2], hp->h_name,
-						NULL, NULL);
+						NULL, ypdomain);
 			else		/* match a host by addr */
 				hostok = __icheckhost(raddr,(char *)&buf[1]);
 			break;
 		case '-':     /* reject '-' hosts and all their users */
 			if (buf[1] == '@') {
 				if (innetgr((char *)&buf[2],
-					      hp->h_name, NULL, NULL))
+					      hp->h_name, NULL, ypdomain))
 					return(-1);
 			} else {
 				if (__icheckhost(raddr,(char *)&buf[1]))
@@ -428,7 +440,7 @@ __ivaliduser(hostf, raddr, luser, ruser)
 				break;
 			}
 			if (*(user+1) == '@')  /* match a user by netgroup */
-				userok = innetgr(user+2, NULL, ruser, NULL);
+				userok = innetgr(user+2, NULL, ruser, ypdomain);
 			else	   /* match a user by direct specification */
 				userok = !(strcmp(ruser, user+1));
 			break;
@@ -438,7 +450,7 @@ __ivaliduser(hostf, raddr, luser, ruser)
 					return(-1);
 				if (*(user+1) == '@') {
 					if (innetgr(user+2, NULL,
-							ruser, NULL))
+							ruser, ypdomain))
 						return(-1);
 				} else {
 					if (!strcmp(ruser, user+1))