Add -b and -s flags for adding YP_INTERDOMAIN and YP_SECURE entries to

map databases. Also document said flags in the man page.

Adding YP_INTERDOMAIN to a map causes ypserv(8) to do a DNS lookup
when a yp_match() on the map fails. (This affects only the hosts.by*
maps; for all other maps it's ignored.) The YP_SECURE entry causes
ypserv(8) to restrict access to the map so that only clients making
requests from reserved ports can get at it.

Our ypserv doesn't currently support these features so they're silently
ignored for the moment, but this will change. :)

2 files changed, 67 insertions, 11 deletions

diff --git a/usr.sbin/yp_mkdb/yp_mkdb.8 b/usr.sbin/yp_mkdb/yp_mkdb.8
index 45648de..07645f0 100644
--- a/usr.sbin/yp_mkdb/yp_mkdb.8
+++ b/usr.sbin/yp_mkdb/yp_mkdb.8
@@ -43,6 +43,8 @@
 .Fl u Ar dbname
 .Nm yp_mkdb
 .Op Fl c
+.Op Fl b
+.Op Fl s
 .Op Fl i Ar inputfile
 .Op Fl o Ar outputfile
 .Op Fl m Ar mastername
@@ -96,6 +98,36 @@ of a database creation command,
 .Nm yp_mkdb
 will send the signal only after the new database has been successfully
 created.
+.It Fl b
+This flag causes
+.Nm yp_mkdb
+to add a special entry to the database with a key of
+.Em YP_INTERDOMAIN
+and an empty data field. If this key is present in a map, it alters the
+behavior of the 'match' procedure in
+.Xr ypserv 8
+slightly. If a match query fails (because the server couldn't find
+a record that matched the supplied key), and the
+.Em YP_INTERDOMAIN
+key exists within the queried may,
+.Xr ypserv 8
+will try to match the entry again using a DNS lookup. Note that this
+special behavior only applies to the
+.Em hosts
+maps. Using the
+.Fl b
+flag for other maps has no effect.
+.Pp
+.It Fl s
+This flag is used to add a special entry to the database with a key of
+.Em YP_SECURE
+and an empty data field. If this key is present in a map,
+.Xr ypserv 8
+will deny access to the map to any client that is not using a
+reserved port for its query. This is used mainly for the
+.Em master.passwd
+maps, which should be restricted to privileged access only.
+.Pp
 .It Fl u Ar dbname
 .Pp
 Dump (or 'unwind') an NIS database. This option can be used to
@@ -104,22 +136,22 @@ inspect the contents of an existing NIS database.
 .Pp
 When generating an NIS map, encode
 .Nm inputfile
-as a special entry in the database with called
-.Nm YP_INPUT_FILE.
+as a special entry in the database with a key of
+.Em YP_INPUT_FILE.
 .Pp
 .It Op Fl o Ar outputfile
 .Pp
 When generating an NIS map, encode
 .Nm outputfile
-as a special entry in the database with called
-.Nm YP_OUTPUT_FILE .
+as a special entry in the database with a key of
+.Em YP_OUTPUT_FILE .
 .Pp
 .It Op Fl m Ar mastername
 .Pp
 When generating an NIS map encode
 .Nm mastername
-as a special entry in the database with called
-.Nm YP_MASTER_NAME .
+as a special entry in the database with a key of
+.Em YP_MASTER_NAME .
 This entry in the database is frequently used by various NIS utilities
 to determine the name of an NIS master server for a domain. By default,
 .Nm yp_mkdb
diff --git a/usr.sbin/yp_mkdb/yp_mkdb.c b/usr.sbin/yp_mkdb/yp_mkdb.c
index 39f2630..37c6fb3 100644
--- a/usr.sbin/yp_mkdb/yp_mkdb.c
+++ b/usr.sbin/yp_mkdb/yp_mkdb.c
@@ -29,7 +29,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- *	$Id: yp_mkdb.c,v 1.5 1996/06/03 03:12:32 wpaul Exp $
+ *	$Id: yp_mkdb.c,v 1.5 1996/06/03 03:12:32 wpaul Exp wpaul $
  */
 
 #include <stdio.h>
@@ -50,7 +50,7 @@
 #include "ypxfr_extern.h"
 
 #ifndef lint
-static const char rcsid[] = "$Id: yp_mkdb.c,v 1.5 1996/06/03 03:12:32 wpaul Exp $";
+static const char rcsid[] = "$Id: yp_mkdb.c,v 1.5 1996/06/03 03:12:32 wpaul Exp wpaul $";
 #endif
 
 char *yp_dir = "";	/* No particular default needed. */
@@ -62,8 +62,8 @@ static void usage()
 {
 	fprintf(stderr, "usage: %s -c\n", progname);
 	fprintf(stderr, "usage: %s -u dbname\n", progname);
-	fprintf(stderr, "usage: %s [-c] [-i inputfile] [-o outputfile]\n",
-								progname);
+	fprintf(stderr, "usage: %s [-c] [-b] [-s] [-i inputfile] \
+[-o outputfile]\n", progname);
 	fprintf(stderr, "               [-d domainname ] [-m mastername] \
 inputfile dbname\n");
 	exit(1);
@@ -112,6 +112,8 @@ main (argc, argv)
 	char *infilename = NULL;
 	char *outfilename = NULL;
 	char *mastername = NULL;
+	int interdom = 0;
+	int secure = 0;
 	DB *dbp;
 	DBT key, data;
 	char buf[10240];
@@ -119,7 +121,7 @@ main (argc, argv)
 	FILE *ifp;
 	char hname[MAXHOSTNAMELEN + 2];
 
-	while ((ch = getopt(argc, argv, "uhcd:i:o:m:")) != EOF) {
+	while ((ch = getopt(argc, argv, "uhcbsd:i:o:m:")) != EOF) {
 		switch(ch) {
 		case 'u':
 			un++;
@@ -127,6 +129,12 @@ main (argc, argv)
 		case 'c':
 			clear++;
 			break;
+		case 'b':
+			interdom++;
+			break;
+		case 's':
+			secure++;
+			break;
 		case 'd':
 			domain = optarg;
 			break;
@@ -189,6 +197,22 @@ main (argc, argv)
 	if ((dbp = open_db(map, O_RDWR|O_EXLOCK|O_EXCL|O_CREAT)) == NULL)
 		err(1, "open_db(%s) failed", map);
 
+	if (interdom) {
+		key.data = "YP_INTERDOMAIN";
+		key.size = sizeof("YP_INTERDOMAIN") - 1;
+		data.data = "";
+		data.size = 0;
+		yp_put_record(dbp, &key, &data, 0);
+	}
+
+	if (secure) {
+		key.data = "YP_SECURE";
+		key.size = sizeof("YP_SECURE") - 1;
+		data.data = "";
+		data.size = 0;
+		yp_put_record(dbp, &key, &data, 0);
+	}
+
 	key.data = "YP_MASTER_NAME";
 	key.size = sizeof("YP_MASTER_NAME") - 1;
 	data.data = mastername;