--- nis-3.15.orig/ypserv-2.18/etc/ypserv.conf.5 +++ nis-3.15/ypserv-2.18/etc/ypserv.conf.5 @@ -1,7 +1,7 @@ .\" -*- nroff -*- .\" Copyright (c) 1996, 1997, 1998, 1999, 2000, 2002, 2003, 2004 Thorsten Kukuk kukuk@suse.de .\" -.TH YPSERV.CONF 5 "October 2002" "YP Server" "Reference Manual" +.TH YPSERV.CONF 5 "December 2003" "YP Server" "Reference Manual" .SH NAME ypserv.conf - configuration file for ypserv and rpc.ypxfrd .SH DESCRIPTION @@ -38,9 +38,12 @@ is restarted. .TP .BR "trusted_master: " server -If this option is set on a slave server, new maps from the host +When a map is pushed to a slave, the slave normally only accepts +updates to existing maps, and then only from the real master. +If this option is set on a slave server, new (not yet existing) +maps from the host .I server -will be accepted as master. The default is, that +will be accepted. The default is that no trusted master is set and new maps will not be accepted. .br Example: @@ -57,8 +60,8 @@ this attribute will not be set. .TP .BR "xfr_check_port: " [|no] -With this option enabled, the NIS master server have to run on a -port < 1024. The default is "yes" (enabled). +With this option enabled, the NIS master server has to run on a +priviliged port (< 1024). The default is "yes" (enabled). .LP The field descriptions for the access rule lines are: .TP @@ -85,11 +88,29 @@ always allow access. .TP .I port -allow access if from port < 1024. Otherwise do not allow access. +allow access if the client request originates from a priviliged +port (< 1024). Otherwise do not allow access. .TP .I deny deny access to this map. .LP +You can add +.B /mangle:field +to the +.I none +or +.I port +security keywords. The :field part is optional. It will replace field number +.I field +(the default is 2, the password field of the passwd and shadow maps) +with the value +.I x +for client requests from non-priviliged ports (>= 1024) for the +.I port +security keyword and in all cases for the +.I none +security keyword. +.LP .SH FILES /etc/ypserv.conf .SH "SEE ALSO" @@ -100,6 +121,6 @@ but they make the life a little bit harder for a potential hacker. .SH BUGS Solaris clients don't use privileged ports. All security options -which depend on privileged ports cause big problems on Solaris clients. +that depend on privileged ports cause big problems on Solaris clients. .SH AUTHOR Thorsten Kukuk --- nis-3.15.orig/ypserv-2.18/etc/ypserv.conf +++ nis-3.15/ypserv-2.18/etc/ypserv.conf @@ -30,8 +30,8 @@ # Host : Domain : Map : Security # -# * : * : passwd.byname : port -# * : * : passwd.byuid : port +# * : * : passwd.byname : port/mangle +# * : * : passwd.byuid : port/mangle # Not everybody should see the shadow passwords, not secure, since # under MSDOG everbody is root and can access ports < 1024 !!! --- nis-3.15.orig/ypserv-2.18/lib/access.c +++ nis-3.15/ypserv-2.18/lib/access.c @@ -164,13 +164,14 @@ switch (work->security) { case SEC_NONE: + if (work->mangle) status = 200 + work->mangle; break; case SEC_DENY: status = -1; break; case SEC_PORT: if (ntohs (sin->sin_port) >= IPPORT_RESERVED) - status = -1; + status = (work->mangle) ? 200 + work->mangle : -1; break; } else if (domain != NULL) --- nis-3.15.orig/ypserv-2.18/lib/ypserv_conf.c +++ nis-3.15/ypserv-2.18/lib/ypserv_conf.c @@ -514,7 +514,7 @@ log_msg ("ERROR: could not allocate enough memory! [%s|%d]", __FILE__, __LINE__); exit (1); } - tmp->next = NULL; + memset(tmp, 0, sizeof(conffile_t)); if (c == '*') { @@ -556,6 +556,16 @@ tmp->security = SEC_DENY; else if (strcasecmp (buf2, "port") == 0) tmp->security = SEC_PORT; + else if (strncmp (buf2, "none/mangle", 11) == 0 && + (buf2[11] == 0 || buf2[11] == ':')) { + tmp->security = SEC_NONE; + tmp->mangle = buf2[11] ? atoi(buf2 + 12) : 2; + } + else if (strncmp (buf2, "port/mangle", 11) == 0 && + (buf2[11] == 0 || buf2[11] == ':')) { + tmp->security = SEC_PORT; + tmp->mangle = buf2[11] ? atoi(buf2 + 12) : 2; + } else { log_msg ("Unknown security option \"%s\" in line %d => Ignore line", --- nis-3.15.orig/ypserv-2.18/lib/ypserv_conf.h +++ nis-3.15/ypserv-2.18/lib/ypserv_conf.h @@ -29,6 +29,7 @@ char *domain; char *map; int security; + int mangle; struct conffile *next; } conffile_t; --- nis-3.15.orig/ypserv-2.18/ypxfr/ypxfr.c +++ nis-3.15/ypserv-2.18/ypxfr/ypxfr.c @@ -492,6 +492,25 @@ xdr_free ((xdrproc_t) xdr_ypresp_order, (caddr_t) &resp_order); } + /* + * In ypserv up to 1.3.12, sometimes resp_order->ordernum gets + * set to INT_MAX for no clear reason ? I don't know if this + * happens in glibc or that the remote server returns this, but + * it seems safest to bail out in this case .... + * + * Note that this might have been fixed in the 2.x series + * but we'll see. Keep an eye on your logfiles .. + */ +#ifndef INT_MAX +# define INT_MAX 2147483647 +#endif + if (masterOrderNum == INT_MAX) + { + log_msg("ERROR: order number of map %s == INT_MAX (%d), impossible", + map, masterOrderNum); + return YPXFR_YPERR; + } + /* If we doesn't force the map, look, if the new map is really newer */ if (!force) { @@ -747,8 +766,6 @@ if (!isatty (fileno (stderr))) openlog ("ypxfr", LOG_PID, LOG_DAEMON); - else - debug_flag = 1; memset (&remote_addr, 0, sizeof (remote_addr)); @@ -890,6 +907,15 @@ clnt_destroy (clnt); } + else + { + /* If we have no transfer ID then we can't notify via callback + * so log to stderr. + */ + if (res != YPXFR_SUCC && res != YPXFR_AGE) { + fprintf (stderr, "ypxfr: %s\n", ypxfr_err_string (res)); + } + } } return 0; --- nis-3.15.orig/ypserv-2.18/scripts/ypMakefile.in +++ nis-3.15/ypserv-2.18/scripts/ypMakefile.in @@ -22,6 +22,11 @@ # /var/yp/ypservers. NOPUSH=true +# Specify any additional arguments to be supplied when invoking yppush. +# For example, the -port option may be used to allow operation with port +# based firewalls. +YPPUSHARGS= + # We do not put password entries with lower UIDs (the root and system # entries) in the NIS password database, for security. MINUID is the # lowest uid that will be included in the password maps. If you @@ -29,16 +34,21 @@ # the passwd file. If no entry is found, this shadow entry is # ignored. # MINGID is the lowest gid that will be included in the group maps. -MINUID=500 -MINGID=500 +MINUID=1000 +MINGID=1000 + +# Don't export this uid/guid (nfsnobody). +# Set to 0 if you want to +NFSNOBODYUID=65534 +NFSNOBODYGID=65534 # Should we merge the passwd file with the shadow file ? # MERGE_PASSWD=true|false -MERGE_PASSWD=true +MERGE_PASSWD=false # Should we merge the group file with the gshadow file ? # MERGE_GROUP=true|false -MERGE_GROUP=true +MERGE_GROUP=false # These are commands which this Makefile needs to properly rebuild the # NIS databases. Don't change these unless you have a good reason. @@ -101,10 +111,23 @@ # If you don't want some of these maps built, feel free to comment # them out from this list. -all: passwd group hosts rpc services netid protocols netgrp mail \ - shadow publickey # networks ethers bootparams printcap \ - # amd.home auto.master auto.home auto.local passwd.adjunct \ - # timezone locale netmasks +ALL = passwd group hosts rpc services netid protocols netgrp +#ALL += publickey mail ethers bootparams printcap +#ALL += amd.home auto.master auto.home auto.local +#ALL += timezone locale networks netmasks + +# Autodetect /etc/shadow if it's there +ifneq ($(wildcard $(SHADOW)),) +ALL += shadow +endif + +# Autodetect /etc/passwd.adjunct if it's there +ifneq ($(wildcard $(ADJUNCT)),) +ALL += passwd.adjunct +endif + +all: $(ALL) + ######################################################################## @@ -115,7 +138,7 @@ DBLOAD = $(YPBINDIR)/makedbm -c -m `$(YPBINDIR)/yphelper --hostname` MKNETID = $(YPBINDIR)/mknetid -YPPUSH = $(YPSBINDIR)/yppush +YPPUSH = $(YPSBINDIR)/yppush $(YPPUSHARGS) MERGER = $(YPBINDIR)/yphelper DOMAIN = `basename \`pwd\`` LOCALDOMAIN = `/bin/domainname` @@ -286,7 +309,7 @@ @echo "Updating $@..." @$(UMASK); \ $(MERGER) -p $(PASSWD) $(SHADOW) | \ - $(AWK) -F: '!/^[-+#]/ { if ($$1 != "" && $$3 >= $(MINUID) ) \ + $(AWK) -F: '!/^[-+#]/ { if ($$1 != "" && $$3 >= $(MINUID) && $$3 != $(NFSNOBODYUID) ) \ print $$1"\t"$$0 }' | $(DBLOAD) -i $(PASSWD) \ -o $(YPMAPDIR)/$@ - $@ -@$(NOPUSH) || $(YPPUSH) -d $(DOMAIN) $@ @@ -295,7 +318,7 @@ @echo "Updating $@..." @$(UMASK); \ $(MERGER) -p $(PASSWD) $(SHADOW) | \ - $(AWK) -F: '!/^[-+#]/ { if ($$1 != "" && $$3 >= $(MINUID) ) \ + $(AWK) -F: '!/^[-+#]/ { if ($$1 != "" && $$3 >= $(MINUID) && $$3 != $(NFSNOBODYUID) ) \ print $$3"\t"$$0 }' | $(DBLOAD) -i $(PASSWD) \ -o $(YPMAPDIR)/$@ - $@ -@$(NOPUSH) || $(YPPUSH) -d $(DOMAIN) $@ @@ -309,7 +332,7 @@ passwd.byname: $(PASSWD) $(YPDIR)/Makefile @echo "Updating $@..." @$(UMASK); \ - $(AWK) -F: '!/^[-+#]/ { if ($$1 != "" && $$3 >= $(MINUID) ) \ + $(AWK) -F: '!/^[-+#]/ { if ($$1 != "" && $$3 >= $(MINUID) && $$3 != $(NFSNOBODYUID) ) \ print $$1"\t"$$0 }' $(PASSWD) | $(DBLOAD) -i $(PASSWD) \ -o $(YPMAPDIR)/$@ - $@ -@$(NOPUSH) || $(YPPUSH) -d $(DOMAIN) $@ @@ -317,7 +340,7 @@ passwd.byuid: $(PASSWD) $(YPDIR)/Makefile @echo "Updating $@..." @$(UMASK); \ - $(AWK) -F: '!/^[-+#]/ { if ($$1 != "" && $$3 >= $(MINUID) ) \ + $(AWK) -F: '!/^[-+#]/ { if ($$1 != "" && $$3 >= $(MINUID) && $$3 != $(NFSNOBODYUID) ) \ print $$3"\t"$$0 }' $(PASSWD) | $(DBLOAD) -i $(PASSWD) \ -o $(YPMAPDIR)/$@ - $@ -@$(NOPUSH) || $(YPPUSH) -d $(DOMAIN) $@ @@ -326,7 +349,7 @@ @echo "Updating $@..." @$(UMASK); \ $(AWK) -F: '{ if (FILENAME ~ /shadow$$/) { \ - if (UID[$$1] >= $(MINUID) ) print $$1"\t"$$0; \ + if (UID[$$1] >= $(MINUID) && UID[$$1] != $(NFSNOBODYUID)) print $$1"\t"$$0; \ } else UID[$$1] = $$3; }' $(PASSWD) $(SHADOW) \ | $(DBLOAD) -s -i $(SHADOW) -o $(YPMAPDIR)/$@ - $@ -@$(NOPUSH) || $(YPPUSH) -d $(DOMAIN) $@ @@ -345,7 +368,7 @@ @echo "Updating $@..." @$(UMASK); \ $(MERGER) -g $(GROUP) $(GSHADOW) | \ - $(AWK) -F: '!/^[-+#]/ { if ($$1 != "" && $$3 >= $(MINGID) ) \ + $(AWK) -F: '!/^[-+#]/ { if ($$1 != "" && $$3 >= $(MINGID) && $$3 != $(NFSNOBODYGID) ) \ print $$1"\t"$$0 }' | $(DBLOAD) -i $(GROUP) -o $(YPMAPDIR)/$@ - $@ -@$(NOPUSH) || $(YPPUSH) -d $(DOMAIN) $@ @@ -353,7 +376,7 @@ @echo "Updating $@..." @$(UMASK); \ $(MERGER) -g $(GROUP) $(GSHADOW) | \ - $(AWK) -F: '!/^[-+#]/ { if ($$1 != "" && $$3 >= $(MINGID) ) \ + $(AWK) -F: '!/^[-+#]/ { if ($$1 != "" && $$3 >= $(MINGID) && $$3 != $(NFSNOBODYGID) ) \ print $$3"\t"$$0 }' | $(DBLOAD) -i $(GROUP) -o $(YPMAPDIR)/$@ - $@ -@$(NOPUSH) || $(YPPUSH) -d $(DOMAIN) $@ @@ -362,7 +385,7 @@ group.byname: $(GROUP) $(YPDIR)/Makefile @echo "Updating $@..." @$(UMASK); \ - $(AWK) -F: '!/^[-+#]/ { if ($$1 != "" && $$3 >= $(MINGID) ) \ + $(AWK) -F: '!/^[-+#]/ { if ($$1 != "" && $$3 >= $(MINGID) && $$3 != $(NFSNOBODYGID) ) \ print $$1"\t"$$0 }' $(GROUP) \ | $(DBLOAD) -i $(GROUP) -o $(YPMAPDIR)/$@ - $@ -@$(NOPUSH) || $(YPPUSH) -d $(DOMAIN) $@ @@ -370,7 +393,7 @@ group.bygid: $(GROUP) $(YPDIR)/Makefile @echo "Updating $@..." @$(UMASK); \ - $(AWK) -F: '!/^[-+#]/ { if ($$1 != "" && $$3 >= $(MINGID) ) \ + $(AWK) -F: '!/^[-+#]/ { if ($$1 != "" && $$3 >= $(MINGID) && $$3 != $(NFSNOBODYGID) ) \ print $$3"\t"$$0 }' $(GROUP) \ | $(DBLOAD) -i $(GROUP) -o $(YPMAPDIR)/$@ - $@ -@$(NOPUSH) || $(YPPUSH) -d $(DOMAIN) $@ --- nis-3.15.orig/ypserv-2.18/rpc.ypxfrd/rpc.ypxfrd.8.in +++ nis-3.15/ypserv-2.18/rpc.ypxfrd/rpc.ypxfrd.8.in @@ -71,8 +71,7 @@ At first, .B rpc.ypxfrd will check a request from an address with -.B @YPMAPDIR@/securenets -or the tcp wrapper. +.B @sysconfdir@/ypserv.securenets. If the host is allowed to connect to the server, .B rpc.ypxfrd will uses the rules from --- nis-3.15.orig/ypserv-2.18/ypserv/server.c +++ nis-3.15/ypserv-2.18/ypserv/server.c @@ -43,6 +43,40 @@ #include "log_msg.h" #include "compat.h" + +static void +mangle(datum *val, int vcode) +{ + char *s, *p, *q; + int field; + int newsize; + int i, n = 1; + + if (vcode < 201) return; + field = vcode - 200; + + for (i = 0, s = val->dptr; i < val->dsize && *s; i++, s++) { + if (n == field) break; + if (*s == ':') n++; + } + if (n != field) return; + + if ((p = malloc(val->dsize + 1)) == NULL) return; + memcpy(p, val->dptr, i); + memcpy(p + i, "x", 1); + newsize = i + 1; + q = p + newsize; + + for (; i < val->dsize; i++, s++) + if (*s == ':') break; + memcpy(q, s, val->dsize - i); + newsize += val->dsize - i; + + free(val->dptr); + val->dptr = p; + val->dsize = newsize; +} + bool_t ypproc_null_2_svc (void *argp UNUSED, void *result UNUSED, struct svc_req *rqstp) @@ -209,6 +243,7 @@ qdat.dptr = argp->key.keydat_val; rdat = ypdb_fetch (dbp, qdat); + mangle(&rdat, valid); if (rdat.dptr != NULL) { @@ -309,6 +344,7 @@ if (dkey.dptr != NULL) { datum dval = ypdb_fetch (dbp, dkey); + mangle(&dval, valid); result->stat = YP_TRUE; result->key.keydat_len = dkey.dsize; @@ -417,6 +453,7 @@ else { datum dval = ypdb_fetch (dbp, dkey); + mangle(&dval, valid); result->stat = YP_TRUE; result->key.keydat_len = dkey.dsize; @@ -537,6 +574,7 @@ if(ypdb_exists (dbp, key)) { datum val = ypdb_fetch (dbp, key); + mangle(&val, valid); if ((size_t)val.dsize != strlen (argp->map_parms.peer) || strncmp (val.dptr, argp->map_parms.peer, val.dsize) != 0) @@ -675,6 +713,7 @@ DB_FILE dbm; datum dkey; datum dval; + int vcode; } *ypall_data_t; static int @@ -734,6 +773,7 @@ { ((ypall_data_t) data)->dval = ypdb_fetch (((ypall_data_t) data)->dbm, ((ypall_data_t) data)->dkey); + mangle(&(((ypall_data_t) data)->dval), ((ypall_data_t) data)->vcode); val->stat = YP_TRUE; @@ -851,6 +891,7 @@ if (data->dkey.dptr != NULL) { data->dval = ypdb_fetch (data->dbm, data->dkey); + mangle(&(data->dval), valid); result->ypresp_all_u.val.stat = YP_TRUE; @@ -860,6 +901,8 @@ result->ypresp_all_u.val.val.valdat_len = data->dval.dsize; result->ypresp_all_u.val.val.valdat_val = data->dval.dptr; + data->vcode = valid; + xdr_ypall_cb.u.encode = ypall_encode; xdr_ypall_cb.u.close = ypall_close; xdr_ypall_cb.data = (void *) data; @@ -951,6 +994,8 @@ key.dptr = "YP_MASTER_NAME"; val = ypdb_fetch (dbp, key); + mangle(&val, valid); + if (val.dptr == NULL) { /* No YP_MASTER_NAME record in map? There is someting wrong */ @@ -1067,6 +1112,8 @@ key.dptr = "YP_LAST_MODIFIED"; val = ypdb_fetch (dbp, key); + mangle(&val, valid); + if (val.dptr == NULL) { /* No YP_LAST_MODIFIED record in map? Use DTM timestamp.. */ --- nis-3.15.orig/ypserv-2.18/ypserv/ypserv.8.in +++ nis-3.15/ypserv-2.18/ypserv/ypserv.8.in @@ -87,7 +87,7 @@ .B ypserv will attempt to load the securenets information from a file called -.B @YPMAPDIR@/securenets . +.B @sysconfdir@/ypserv.securenets . This file contains entries that consist of a netmask and a network pair separated by white spaces. Lines starting with ``#'' are considered to be comments. @@ -119,7 +119,7 @@ receives a request from an address that fails to match a rule, the request will be ignored and a warning message will be logged. If the -.B @YPMAPDIR@/securenets +.B @sysconfdir@/ypserv.securenets file does not exist, .B ypserv will allow connections from any host. @@ -138,7 +138,7 @@ for a map. .SH FILES @sysconfdir@/ypserv.conf -@YPMAPDIR@/securenets +@sysconfdir@/ypserv.securenets .SH "SEE ALSO" .BR domainname (1), .BR ypcat (1), --- nis-3.15.orig/yp-tools-2.9/src/yppasswd.c +++ nis-3.15/yp-tools-2.9/src/yppasswd.c @@ -43,12 +43,17 @@ #include #include #include +#ifndef PATH_MAX +#define PATH_MAX 4096 +#endif #include #include #include #include #include #include +#include +#include #include #include #include @@ -436,11 +441,44 @@ #endif +#define bin_to_ascii(c) ((c)>=38?((c)-38+'a'):(c)>=12?((c)-12+'A'):(c)+'.') + +static void +create_random_salt (char *salt, int num_chars) +{ + int fd; + unsigned char c; + int i; + int res; + + fd = open("/dev/urandom", O_RDONLY); + + for (i = 0; i < num_chars; i++) + { + res = 0; + + if (fd != 0) + res = read (fd, &c, 1); + + if (res != 1) + c = random(); + + salt[i] = bin_to_ascii(c & 0x3f); + } + + salt[num_chars] = 0; + + if (fd != 0) + close (fd); +} + + int main (int argc, char **argv) { char *s, *progname, *domainname = NULL, *user = NULL, *master = NULL; int f_flag = 0, l_flag = 0, p_flag = 0, error, status; + int has_md5_passwd = 0; struct yppasswd yppwd; struct passwd *pwd; CLIENT *clnt; @@ -451,6 +489,8 @@ bindtextdomain (PACKAGE, LOCALEDIR); textdomain (PACKAGE); + srandom (time (NULL)); + if ((s = strrchr (argv[0], '/')) != NULL) progname = s + 1; else @@ -642,6 +682,9 @@ cp = stpcpy (hashpass, "##"); strcpy (cp, pwd->pw_name); + if (strncmp(pwd->pw_passwd, "$1$", 3) == 0) + has_md5_passwd = 1; + /* We can't check the password with shadow passwords enabled. We * leave the checking to yppasswdd */ if (uid != 0 && strcmp (pwd->pw_passwd, "x") != 0 && @@ -676,13 +719,11 @@ if (p_flag) { -#define bin_to_ascii(c) ((c)>=38?((c)-38+'a'):(c)>=12?((c)-12+'A'):(c)+'.') #ifdef USE_CRACKLIB char *error_msg; #endif /* USE_CRACKLIB */ - char *buf, salt[2], *p = NULL; + char *buf, salt[12], *p = NULL; int tries = 0; - time_t tm; buf = (char *) malloc (129); @@ -733,9 +774,15 @@ } } - time (&tm); - salt[0] = bin_to_ascii (tm & 0x3f); - salt[1] = bin_to_ascii ((tm >> 6) & 0x3f); + if (!has_md5_passwd) + create_random_salt (salt, 2); + else + { + /* The user already had a MD5 password, so it's safe to + * use a MD5 password again */ + strcpy (salt, "$1$"); + create_random_salt (salt+3, 8); + } yppwd.newpw.pw_passwd = strdup (crypt (buf, salt)); } @@ -768,7 +815,9 @@ sp = getfield (sp, ophone, sizeof (ophone)); if (newfield (progname, _("Home Phone"), ophone, phone, sizeof (phone))) return 1; - sprintf (new_gecos, "%s,%s,%s,%s", name, location, office, phone); + snprintf (new_gecos, sizeof(new_gecos), "%s,%s,%s,%s,%s", + name, location, office, phone, sp); + new_gecos[sizeof(new_gecos) - 1] = '\0'; sp = new_gecos + strlen (new_gecos); while (*--sp == ',') *sp = '\0'; --- nis-3.15.orig/yp-tools-2.9/src/Makefile.am +++ nis-3.15/yp-tools-2.9/src/Makefile.am @@ -33,7 +33,7 @@ -DCHFN_PROG=\"${CHFN_PROG}\" -DCHSH_PROG=\"${CHSH_PROG}\" install-exec-hook: - ln -f ${DESTDIR}${bindir}/yppasswd ${DESTDIR}${bindir}/ypchsh - ln -f ${DESTDIR}${bindir}/yppasswd ${DESTDIR}${bindir}/ypchfn - -test "x$(DOMAINNAME)" = "xdomainname" && ln -f ${DESTDIR}${rootbindir}/domainname ${DESTDIR}${rootbindir}/ypdomainname - -test "x$(DOMAINNAME)" = "xdomainname" && ln -f ${DESTDIR}${rootbindir}/domainname ${DESTDIR}${rootbindir}/nisdomainname + ln -sf ${bindir}/yppasswd ${DESTDIR}${bindir}/ypchsh + ln -sf ${bindir}/yppasswd ${DESTDIR}${bindir}/ypchfn + -test "x$(DOMAINNAME)" = "xdomainname" && ln -sf ${rootbindir}/domainname ${DESTDIR}${rootbindir}/ypdomainname + -test "x$(DOMAINNAME)" = "xdomainname" && ln -sf ${rootbindir}/domainname ${DESTDIR}${rootbindir}/nisdomainname --- nis-3.15.orig/yp-tools-2.9/src/Makefile.in +++ nis-3.15/yp-tools-2.9/src/Makefile.in @@ -660,10 +660,10 @@ install-exec-hook: - ln -f ${DESTDIR}${bindir}/yppasswd ${DESTDIR}${bindir}/ypchsh - ln -f ${DESTDIR}${bindir}/yppasswd ${DESTDIR}${bindir}/ypchfn - -test "x$(DOMAINNAME)" = "xdomainname" && ln -f ${DESTDIR}${rootbindir}/domainname ${DESTDIR}${rootbindir}/ypdomainname - -test "x$(DOMAINNAME)" = "xdomainname" && ln -f ${DESTDIR}${rootbindir}/domainname ${DESTDIR}${rootbindir}/nisdomainname + ln -sf ${bindir}/yppasswd ${DESTDIR}${bindir}/ypchsh + ln -sf ${bindir}/yppasswd ${DESTDIR}${bindir}/ypchfn + -test "x$(DOMAINNAME)" = "xdomainname" && ln -sf ${rootbindir}/domainname ${DESTDIR}${rootbindir}/ypdomainname + -test "x$(DOMAINNAME)" = "xdomainname" && ln -sf ${rootbindir}/domainname ${DESTDIR}${rootbindir}/nisdomainname # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: --- nis-3.15.orig/debian/ypserv.securenets +++ nis-3.15/debian/ypserv.securenets @@ -0,0 +1,16 @@ +# +# securenets This file defines the access rights to your NIS server +# for NIS clients (and slave servers - ypxfrd uses this +# file too). This file contains netmask/network pairs. +# A clients IP address needs to match with at least one +# of those. +# +# One can use the word "host" instead of a netmask of +# 255.255.255.255. Only IP addresses are allowed in this +# file, not hostnames. +# +# Always allow access for localhost +255.0.0.0 127.0.0.0 + +# This line gives access to everybody. PLEASE ADJUST! +0.0.0.0 0.0.0.0 --- nis-3.15.orig/debian/ypxfr_1perday +++ nis-3.15/debian/ypxfr_1perday @@ -0,0 +1,19 @@ +#! /bin/sh +# +# ypxfr_1perday Transfer all NIS maps from the master +# in case we missed an update. +# (Or if we don't get automatic updates). +# +# Version: @(#)ypxfr_1perday.sh 1.00 MvS +# + +YPBINDIR=/usr/lib/yp + +MAPS=$(${YPBINDIR}/yphelper --maps $(/usr/bin/ypwhich)) + +for map in $MAPS +do + [ -t 1 ] && echo "$YPBINDIR/ypxfr $map" + $YPBINDIR/ypxfr $map +done + --- nis-3.15.orig/debian/postinst +++ nis-3.15/debian/postinst @@ -0,0 +1,92 @@ +#! /bin/sh +# +# postinst NIS suite postinst script. +# configures the nis stuff. +# +# Version: nis.postinst 3.9 28-Jun-2001 miquels +# + +# Install the defaults file if needed, and update the NISSERVER +# setting if the preinst left a settings file behind. +install_defaults () { + [ ! -s /etc/default/nis ] || return 0 + NISSERVER=false + if [ -f /etc/default/nis.settings ] + then + . /etc/default/nis.settings + fi + sed -e 's/^\(NISSERVER\)=.*$/\1='"$NISSERVER/" \ + < /usr/share/nis/nis.default > /etc/default/nis + rm -f /etc/default/nis.settings +} + +set -e +umask 022 + +case "$1" in + configure) + ;; + abort-upgrade|abort-remove|abort-deconfigure) + # + # Oops - restart NIS anyway. + # + invoke-rc.d nis start + exit 0 + ;; + *) + exit 0 + ;; +esac + +# Source debconf library. +. /usr/share/debconf/confmodule +db_version 2.0 || { echo "nis.config: need DebConf 2.0 or later"; exit 1; } + +cd /etc/init.d +chmod 755 nis +install_defaults + +. /etc/default/nis + +# Retrieve the domain from Debconf and set it. +db_get nis/domain || true +if [ "$RET" != "" ] +then + echo $RET > /etc/defaultdomain +fi + +# Update the links for nis. +if [ -L /etc/rc2.d/S30nis ] +then + rm -f /etc/rc?.d/[SK]30nis +fi +if [ -L /etc/rc2.d/S19nis ] +then + rm -f /etc/rc?.d/[SK]19nis +fi +update-rc.d nis defaults 18 >/dev/null 2>&1 + +# Convert the old ypserv.conf to the new format. +if [ -f /etc/ypserv.conf ] +then + /usr/lib/yp/convert-ypserv-conf /etc/ypserv.conf +fi + +# And start the service. +if [ "$2" != "" -a "$2" != "<>" ] && dpkg --compare-versions "$2" le 3.9-1 +then + killall ypbind >/dev/null 2>&1 || true +fi + +# Halt debconf so we don't leave the control fd open to the daemon +db_stop + +invoke-rc.d nis restart + +# /sbin/unix_chkpwd is installed setgid shadow by default; for NIS we need +# setuid root. (See #155583) +if ! dpkg-statoverride --list /sbin/unix_chkpwd >/dev/null; then + dpkg-statoverride --update --add root root 4755 /sbin/unix_chkpwd +fi + +exit 0 --- nis-3.15.orig/debian/control +++ nis-3.15/debian/control @@ -0,0 +1,18 @@ +Source: nis +Section: net +Priority: extra +Maintainer: Mark Brown +Uploaders: Miquel van Smoorenburg , Mark Brown +Standards-Version: 3.6.2 +Build-Depends: libgdbm-dev, gcc (>= 2.95), gettext, po-debconf, libslp-dev + +Package: nis +Architecture: any +Pre-Depends: debconf (>= 0.5.00) | debconf-2.0 +Depends: ${shlibs:Depends}, netbase, make, portmap, sysvinit (>= 2.85-1) +Conflicts: netstd (<=1.26) +Description: Clients and daemons for the Network Information Services (NIS) + The nis package allows you to use the NIS services from a NIS server or + to set up your own NIS server. NIS is mostly used to let several machines + in a network share the same account information (eg the password file). + NIS was formerly called Yellow Pages (YP). --- nis-3.15.orig/debian/prerm +++ nis-3.15/debian/prerm @@ -0,0 +1,28 @@ +#! /bin/sh + +set -e + +case "$1" in + remove|upgrade|remove-in-favour|deconfigure-in-favour) + # + # Stop the daemons. + # + /etc/init.d/nis stop + + # /sbin/unix_chkpwd is installed setgid shadow by default; for NIS we need + # setuid root, so the postinst installed a statoverride. (See + # #155583) Remove that override again here. + if OVR=$(dpkg-statoverride --list /sbin/unix_chkpwd) && \ + [ "$OVR" == "root root 4755 /sbin/unix_chkpwd" ]; then + dpkg-statoverride --remove /sbin/unix_chkpwd + chown root:shadow /sbin/unix_chkpwd + chmod 2755 /sbin/unix_chkpwd + fi + ;; + failed-upgrade) + ;; + *) + ;; +esac + +exit 0 --- nis-3.15.orig/debian/rules +++ nis-3.15/debian/rules @@ -0,0 +1,169 @@ +#! /usr/bin/make -f +# +# debian/rules file for nis +# + +# Package name. +p = nis + +DEBDIR=$(shell pwd)/debian/tmp + +YPSERV=ypserv-2.18 +YPTOOLS=yp-tools-2.9 +YPBIND=ypbind-mt-1.19.1 + +SHELL=/bin/bash +DEB_BUILD_GNU_TYPE := $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE) +DEB_HOST_GNU_TYPE := $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE) + +ifeq (,$(findstring noopt,$(DEB_BUILD_OPTIONS))) + CFLAGS = "-O2 -Wall -g" +else + CFLAGS = "-O0 -Wall -g" +endif +#ifeq (,$(findstring nostrip,$(DEB_BUILD_OPTIONS))) +# INSTALL_PROGRAM += -s +#endif + + +define checkdir + test -f $(YPBIND)/README +endef + +all: build + +build: +# Builds the binary package. + # + # Kludge to prevent configure from being rebuilt + # + sh debian/fix-up-autoconf + # + -(cd $(YPTOOLS) && [ ! -f config.status ] && \ + CFLAGS=$(CFLAGS) ./configure \ + --prefix=/usr --mandir=/usr/share/man \ + --build=$(DEB_BUILD_GNU_TYPE) \ + --host=$(DEB_HOST_GNU_TYPE) ) + (cd $(YPTOOLS) && make) + -(cd $(YPBIND) && [ ! -f config.status ] && \ + CFLAGS=$(CFLAGS) ./configure \ + --prefix=/usr --mandir=/usr/share/man \ + --sysconfdir=/etc --libexecdir=/usr/lib/yp \ + --enable-slp \ + --build=$(DEB_BUILD_GNU_TYPE) \ + --host=$(DEB_HOST_GNU_TYPE) ) + (cd $(YPBIND) && make ) + rm -f $(YPSERV)/sedscript + -(cd $(YPSERV) && [ ! -f config.status ] && \ + AWK=/usr/bin/awk CFLAGS=$(CFLAGS) ./configure \ + --prefix=/usr --mandir=/usr/share/man \ + --sysconfdir=/etc \ + --libexecdir=/usr/lib/yp --enable-checkroot \ + --build=$(DEB_BUILD_GNU_TYPE) \ + --host=$(DEB_HOST_GNU_TYPE) ) + (cd $(YPSERV) && \ + make CPPFLAGS='-DSECURENETS=\"/etc/ypserv.securenets\"' ) + ## ( cd debian; cc -Wall -s -o domainname domainname.c ) + po2debconf -o debian/templates.gen debian/templates + touch build + +# Undoes the effect of `make -f debian/rules build'. +clean: + -(cd $(YPTOOLS) && [ -f Makefile ] && make distclean) + -(cd $(YPBIND) && [ -f Makefile ] && make distclean) + -(cd $(YPSERV) && [ -f Makefile ] && make distclean) + rm -rf $(YPBIND)/rpcsvc + -rm -rf $(DEBDIR) + rm -f build debian/{files,substvars,templates.gen} + find . -name '*.bak' -o -name '*~' | xargs -r rm -- + rm -f */config.cache + +# Architecture independant files. +binary-indep: build + $(checkdir) + +# Make a binary package. +binary-arch: build checkroot + -rm -rf $(DEBDIR) + install -d -g root -m 755 $(DEBDIR) + install -d -g root -m 755 $(DEBDIR)/DEBIAN + install -d -g root -m 755 $(DEBDIR)/bin + install -d -g root -m 755 $(DEBDIR)/etc/init.d + install -d -g root -m 755 $(DEBDIR)/usr/{bin,sbin} + install -d -g root -m 755 $(DEBDIR)/usr/lib/yp + install -d -g root -m 755 $(DEBDIR)/usr/share/bug/nis + install -d -g root -m 755 $(DEBDIR)/var/yp + install -d -g root -m 755 -o root $(DEBDIR)/usr/share/doc/nis + install -d -g root -m 755 -o root $(DEBDIR)/usr/share/doc/nis/examples + install -d -g root -m 755 -o root $(DEBDIR)/usr/share/nis + install -d -g root -m 755 -o root $(DEBDIR)/usr/share/man/man{1,5,8} + # + (cd $(YPSERV) && make install DESTDIR=$(DEBDIR)) + rm -rf $(DEBDIR)/usr/include + rm -f $(DEBDIR)/var/yp/securenets + rm -f $(DEBDIR)/etc/{locale,netmasks,timezone} + chown -R root:root $(DEBDIR) + # + (umask 022; cd $(YPTOOLS) && make install DESTDIR=$(DEBDIR)) + (umask 022; cd $(YPBIND) && make install DESTDIR=$(DEBDIR)) + # + #install -g root -m 755 $(YPBIND)/ypbind $(DEBDIR)/usr/sbin + #install -g root -m 644 $(YPBIND)/ypbind.8 $(DEBDIR)/usr/share/man/man8 + install -g root -m 644 debian/yp.conf $(DEBDIR)/etc/yp.conf + # + chown -R root:root $(DEBDIR) + chmod -R u+rw,o=u-w $(DEBDIR) + # + ##install -g root -m 755 debian/domainname $(DEBDIR)/bin/domainname + ##ln -s domainname $(DEBDIR)/bin/nisdomainname + ##install -g root -m 644 debian/*domainname.8 $(DEBDIR)/usr/share/man/man8 + # + install -g root -m 755 debian/ypxfr_1perhour $(DEBDIR)/usr/lib/yp + install -g root -m 755 debian/ypxfr_1perday $(DEBDIR)/usr/lib/yp + install -g root -m 755 debian/ypxfr_2perday $(DEBDIR)/usr/lib/yp + install -g root -m 755 debian/convert-ypserv-conf $(DEBDIR)/usr/lib/yp + install -g root -m 755 debian/rc.nis $(DEBDIR)/etc/init.d/nis + install -g root -m 644 debian/netgroup.sample $(DEBDIR)/etc/netgroup + install -g root -m 644 debian/ypserv.securenets $(DEBDIR)/etc + install -g root -m 644 debian/ypserv.conf.debian $(DEBDIR)/etc/ypserv.conf + + + install -g root -m 755 debian/reportbug-script $(DEBDIR)/usr/share/bug/nis/script + + # Documentation. + gzip -9f $(DEBDIR)/usr/share/man/man*/* + install -g root -m 644 debian/nis.debian.howto $(DEBDIR)/usr/share/doc/nis + install -g root -m 644 debian/changelog \ + $(DEBDIR)/usr/share/doc/nis/changelog.Debian + install -g root -m 644 $(YPSERV)/ChangeLog \ + $(DEBDIR)/usr/share/doc/nis/changelog + gzip -9f $(DEBDIR)/usr/share/doc/nis/* || true + install -g root -m 644 debian/COPYRIGHT \ + $(DEBDIR)/usr/share/doc/$(p)/copyright + install -g root -m 644 debian/nis.default \ + $(DEBDIR)/usr/share/$(p) + (cd $(DEBDIR)/usr/share/doc/$(p)/examples && ln -s ../../../$(p)/nis.default ) + install -g root -m 644 $(YPSERV)/etc/ypserv.conf \ + $(DEBDIR)/usr/share/doc/$(p)/examples + # + install -g root -m 644 debian/conffiles $(DEBDIR)/DEBIAN/conffiles + install -g root -m 755 debian/preinst $(DEBDIR)/DEBIAN/preinst + install -g root -m 755 debian/prerm $(DEBDIR)/DEBIAN/prerm + install -g root -m 755 debian/postinst $(DEBDIR)/DEBIAN/postinst + install -g root -m 755 debian/postrm $(DEBDIR)/DEBIAN/postrm + install -g root -m 755 debian/config $(DEBDIR)/DEBIAN/config + install -g root -m 644 debian/templates.gen $(DEBDIR)/DEBIAN/templates + # Use some binaries to generate the dependencies. + dpkg-shlibdeps $(YPSERV)/ypserv/ypserv + dpkg-gencontrol -isp + dpkg --build $(DEBDIR) .. + rm -rf $(DEBDIR) + +binary: binary-indep binary-arch + +checkroot: + $(checkdir) + test root = "`whoami`" + +dist: + dpkg-source -b --- nis-3.15.orig/debian/ypserv.conf.debian +++ nis-3.15/debian/ypserv.conf.debian @@ -0,0 +1,23 @@ +# +# ypserv.conf In this file you can set certain options for the NIS server, +# and you can deny or restrict access to certain maps based +# on the originating host. +# +# See ypserv.conf(5) for a description of the syntax. +# + +# The following, when uncommented, will give you shadow like passwords. +# Note that it will not work if you have slave NIS servers in your +# network that do not run the same server as you. + +# Host : Domain : Map : Security +# +# * : * : passwd.byname : port/mangle +# * : * : passwd.byuid : port/mangle + +# This is the default - restrict access to the shadow password file, +# allow access to all others. +* : * : shadow.byname : port +* : * : passwd.adjunct.byname : port +* : * : * : none + --- nis-3.15.orig/debian/ypxfr_2perday +++ nis-3.15/debian/ypxfr_2perday @@ -0,0 +1,24 @@ +#! /bin/sh +# +# ypxfr_2perday Transfer all NIS maps from the master +# in case we missed an update. +# (Or if we don't get automatic updates). +# +# Version: @(#)ypxfr_2perday.sh 1.10 miquels@cistron.nl +# + + +YPBINDIR=/usr/lib/yp + +ALL_MAPS=$(${YPBINDIR}/yphelper --maps $(/usr/bin/ypwhich)) +MAPS="hosts.byaddr hosts.byname netgroup netgroup.byhost netgroup.byuser \ + networks.byname networks.byaddr" + +for map in $MAPS +do + if echo $ALL_MAPS | grep $map > /dev/null ; then + [ -t 1 ] && echo "$YPBINDIR/ypxfr $map" + $YPBINDIR/ypxfr $map + fi +done + --- nis-3.15.orig/debian/yp.conf +++ nis-3.15/debian/yp.conf @@ -0,0 +1,13 @@ +# +# yp.conf Configuration file for the ypbind process. You can define +# NIS servers manually here if they can't be found by +# broadcasting on the local net (which is the default). +# +# See the manual page of ypbind for the syntax of this file. +# +# IMPORTANT: For the "ypserver", use IP addresses, or make sure that +# the host is in /etc/hosts. This file is only interpreted +# once, and if DNS isn't reachable yet the ypserver cannot +# be resolved and ypbind won't ever bind to the server. + +# ypserver ypserver.network.com --- nis-3.15.orig/debian/ypserv.conf.5.patch +++ nis-3.15/debian/ypserv.conf.5.patch @@ -0,0 +1,17 @@ +--- ypserv-2.18/etc/ypserv.conf.5.orig 2003-12-13 20:27:44.000000000 +0100 ++++ ypserv-2.18/etc/ypserv.conf.5 2003-12-13 20:41:53.000000000 +0100 +@@ -38,9 +38,12 @@ + is restarted. + .TP + .BR "trusted_master: " server +-If this option is set on a slave server, new maps from the host ++When a map is pushed to a slave, the slave normally only accepts ++updates to existing maps, and then only from the real master. ++If this option is set on a slave server, new (not yet existing) ++maps from the host + .I server +-will be accepted as master. The default is, that ++will be accepted. The default is that + no trusted master is set and new maps will not be accepted. + .br + Example: --- nis-3.15.orig/debian/conffiles +++ nis-3.15/debian/conffiles @@ -0,0 +1,7 @@ +/etc/netgroup +/etc/init.d/nis +/etc/ypserv.conf +/etc/ypserv.securenets +/etc/yp.conf +/var/yp/Makefile +/var/yp/nicknames --- nis-3.15.orig/debian/shlibs.local +++ nis-3.15/debian/shlibs.local @@ -0,0 +1 @@ +libc 5 libc5 (>= 5.4.23-6) --- nis-3.15.orig/debian/changelog +++ nis-3.15/debian/changelog @@ -0,0 +1,667 @@ +nis (3.15-3ubuntu2) dapper; urgency=low + + * Move to S18 so it starts before S19autofs. Ubuntu: #31071 + + -- Scott James Remnant Tue, 9 May 2006 20:21:27 +0100 + +nis (3.15-3ubuntu1) dapper; urgency=low + + * Resynchronise with Debian. (me) + + -- Scott James Remnant Wed, 16 Nov 2005 23:42:06 +0000 + +nis (3.15-3) unstable; urgency=low + + * Turn off debug_flag by default in ypxfr, silencing warnings about + endianess problems causing a fallback to enumeration. To make sure + diagnostics don't get lost when not invoked from yppushd output any + output to stderr if there is an error. The -debug command line option + can still be used (closes: #247956). + * Run ypbind on NIS servers too since yppush wants to use it to + enumerate maps (closes: #228903). + + -- Mark Brown Sun, 13 Nov 2005 20:07:34 +0000 + +nis (3.15-2ubuntu1) dapper; urgency=low + + * Resynchronise with Debian. + + -- Tollef Fog Heen Thu, 10 Nov 2005 14:18:00 +0100 + +nis (3.15-2) unstable; urgency=low + + * Add Swedish translation of the Debconf templates provided by Daniel + Nylander (closes: #332355). + + -- Mark Brown Sun, 16 Oct 2005 11:49:25 +0100 + +nis (3.15-1) unstable; urgency=low + + * New upstream releases. + - Update ypbind-mt to 2.19.1. + - Update ypserv to 2.18. + * Correct name of debconf variable used to read existing configuration + during config (closes: #330399). + * Don't bomb out if we are unable to obtain the hostname while trying to + make up a default name for the domain (closes: #327224). + + -- Mark Brown Fri, 30 Sep 2005 17:27:44 +0100 + +nis (3.14-2) unstable; urgency=low + + * Add alternative for debconf-2.0. + * Update debconf version requirement to 0.5. + * Policy 3.6.2 (no changes). + + -- Mark Brown Wed, 3 Aug 2005 23:27:38 +0100 + +nis (3.14-1ubuntu1) breezy; urgency=low + + * Resynchronise with Debian. + + -- Martin Pitt Thu, 21 Jul 2005 18:10:06 +0200 + +nis (3.14-1) unstable; urgency=low + + * New maintainer. + * Update ypbind-mt to 2.19. + * Update ypserv to 2.17. + + -- Mark Brown Mon, 11 Jul 2005 16:27:51 +0300 + +nis (3.13-5) unstable; urgency=low + + * Add Vietnamese translation of the Debconf templates, kindly provided by + Clytie Siddall (closes: #316057). + + -- Mark Brown Tue, 28 Jun 2005 22:26:52 +0100 + +nis (3.13-4) unstable; urgency=low + + * Include updated translation of German Debconf templates provided by Jens + Seidel (closes: #313962). + * Move sourcing of debconf after emergency restart in order to avoid hanging + onto the debconf file descriptor when we don't want to. + * Move domain name prompt into a newly crated config script. Manual changes + to /etc/defaultdomain will override any configuration in Debconf and + /etc/defaultdomain will be regenerated each install (closes: #311416). + * Only prompt for client configuration on first configuration rather than + every time postinst runs. + + -- Mark Brown Tue, 21 Jun 2005 22:44:13 +0100 + +nis (3.13-3ubuntu1) breezy; urgency=low + + * /sbin/unix_chkpwd is not installed setuid root by default any more; + however this is required for nis. (See Debian #155583). + * debian/postinst: If unix_chkpwd does not yet already have an override, + dpkg-statoverride it to set the permissions to root:root 4755. + * debian/prerm: If the current permissions of unix_chkpwd is root:root 4755 + and there is a stat override for it, remove the override and restore + permissions. + + -- Martin Pitt Fri, 17 Jun 2005 12:57:42 +0200 + +nis (3.13-3) unstable; urgency=low + + * Add patch from Alexander Achenbach preserving errno over + SIGCHLD hanlders in ypserv programs other than ypserv since that already + does so (closes: #306925). + + -- Mark Brown Sun, 1 May 2005 13:58:08 +0100 + +nis (3.13-2) unstable; urgency=low + + * Rename start and stop functions in init script for compatiblilty with + ksh (closes: #302821). + * Add YPPUSHARGS above the "don't modify" warnings in the Makefile since + users might reasonably want to specify some additional flags but be put off + by the warnings (closes: #250923). + * We don't build depend on autoconf. + + -- Mark Brown Sun, 3 Apr 2005 12:29:38 +0100 + +nis (3.13-1) unstable; urgency=low + + * Update ypbind-mt to version 1.18. + * Don't mention touching /etc/networks in the HOWTO since this is no longer + required (closes: #290307). + * Ask users to remove the system hostname from the localhost entry in + /etc/hosts so that localhost doesn't get reported as the master server. + Debian Installer sets things up this way (closes: #275885). + + -- Mark Brown Sat, 15 Jan 2005 14:24:11 +0000 + +nis (3.12-3) unstable; urgency=low + + * Fix tyop in init script (closes: #285799). + + -- Mark Brown Thu, 16 Dec 2004 12:28:30 +0000 + +nis (3.12-2) unstable; urgency=low + + * Add Czech translation of the Debconf templates, kindly provided by Jan + Outrata (closes: #276666). + + -- Mark Brown Sat, 16 Oct 2004 13:53:32 +0100 + +nis (3.12-1) unstable; urgency=medium + + * Upgrade ypserv to 2.14 (fixing some resource leaks). + * Upgrade yp-tools to 2.9. + * Fix number of :s for shadow in the HOWTO (closes: #270454). + * Retitle section 2 of the HOWTO and reference it at the end of section 1, + hopefully making it easier for users to find (closes: #265153). + + -- Mark Brown Sat, 18 Sep 2004 13:26:36 +0100 + +nis (3.11-4) unstable; urgency=high + + * memset() result structures to zero before calling clnt_call in ypxfr + (closes: #264587). + * Allow null YPPWDDIR (closes: #262001). + + -- Mark Brown Tue, 10 Aug 2004 01:41:45 +0100 + +nis (3.11-3) unstable; urgency=low + + * Add Catalan translation of Debconf templates provided by Aleix Badia i + Bosch (closes: #248736). + + -- Mark Brown Sat, 22 May 2004 13:05:01 +0100 + +nis (3.11-2) unstable; urgency=low + + * Apply patch by Alex Larsson adding support for MD5 + passwords to yppasswd. This is not the ultimate fix since it doesn't + integrate at all with PAM or cope with shadow passwords but it does go + some way towards addressing the problems (closes: #137452, #171756). + * Add NISMASTER option to to defaults which causes the init script to run + ypinit before starting a slave server (closes: #87593). + * By default exclude the nobody user and group when building maps in + /var/yp/Makefile using a patch by Alex Larsson from the + RedHat/Fedora package. Don't do it by defining maximum IDs since they can + be 32 bit in this day and age (closes: #133832). + * Pass non-standard GECOS fields through ypchfn unmodified rather than + deleting them (closes: #146065). + * Rather than hard coding the list of maps to transfer in ypxfr_1perday + enumerate the maps on the server at run time. In the other ypxfr scripts + only transfer maps that are present (closes: #155797, #233092). + * Add bug script to optionally include the domain name in bug reports. + * Support noopt in DEB_BUILD_OPTIONS. + * Updated to policy 3.6.1. + + -- Mark Brown Sun, 25 Apr 2004 19:00:45 +0100 + +nis (3.11-1) unstable; urgency=low + + * Upgrade ypbind to version 1.17.2. + * Upgrade ypserv to version 2.13. + * Add libslp-dev to build deps and enable SLP support in configure. + * Fix parsing of server names returned from SLP in ypbind. + + -- Mark Brown Sat, 17 Apr 2004 14:13:19 +0100 + +nis (3.10-6) unstable; urgency=low + + * Include Danish translation of the Debconf templates provided by Claus + Hindsgaul (closes: #233576). + + -- Mark Brown Thu, 26 Feb 2004 23:57:47 +0000 + +nis (3.10-5) unstable; urgency=low + + * Only display the note about requiring client configuration if we're + configured as a client in /etc/default/nis (closes: #106963). + * Remove /var/yp on purge (closes: #76423). + * Include French Debconf template translation provided by Michel + Grentzinger (closes: #227140). + * Include Japanese Debconf template translation provided by Hideki Yamane + (closes: #229296). + + -- Mark Brown Sat, 24 Jan 2004 10:41:06 +0000 + +nis (3.10-4) unstable; urgency=low + + * Depend on sysvinit rather than sysv-rc - that will pull in an appropriate + startup script mechanism for us (closes: #224464). + * Allow the user to specify additional arguments for the daemons in + /etc/nis/default (closes: #143886). Users can configure the default + port for the services by specifying appropriate command line options + to the daemons (closes: #147809). + * Delete /etc/defaultdomain on purge (closes: #155122). + * Update to policy 3.5.6. + * Don't create the /usr/doc symlink any more. + * Update copyright to refer to GPLv2 in /usr/share/common-licences. + * Fix permissions on templates control file. + * Delete /etc/default/nis on purge. + * Purge debconf database when package is purged. + * Include Section: and Priority: in the binary package. + * Ship sample /etc/default/nis in /usr/share/nis rather than as an example + as per policy. + + -- Mark Brown Fri, 2 Jan 2004 08:29:34 +0000 + +nis (3.10-3) unstable; urgency=high + + * Fix initscript again. It had some /etc/network/if-{up,down}.d + stuff in it that shouldn't be used yet. In earlier versions it + wasn't used due to another bug that got fixed, and that + triggered this bug (closes: #221569, #222074, #221569) + * Convert to po-debconf (Mark Brown) (closes: #106150, #200126) + * debian/rules fixes for non-linux (hurd, bsd) (closes: #223622) + * Change /var/yp/securenets back to /etc/ypserv.securenets + * Restore "mangle" functionality in ypserv (different syntax though) + (closes: #212930) + * Automatically convert old ypserv.conf file to new format (closes: #221497) + * ypMakefile: set MERGE_GROUPS to false, don't build networks map. + * Add Uploaders: field to the control file. + + -- Miquel van Smoorenburg Tue, 16 Dec 2003 00:20:05 +0100 + +nis (3.10-2) unstable; urgency=low + + * Fix init.d script - it has the NISCLIENT logic wrong (closes: #221427) + + -- Miquel van Smoorenburg Tue, 18 Nov 2003 15:05:52 +0100 + +nis (3.10-1) unstable; urgency=low + + * New upstream releases of ypserv, yp-tools, ypbind-mt (closes: #145546) + * PATHMAX isn't defined on HURD, fix (closes: #218332) + * Change tail +2 -> tail -n +2 (closes: #208375) + * Maintainer upload, close bugs fixed by NMU (closes: #165748, #199594) + * Change typo in rc.nis script (closes: #145715, #143873) + * Add a NISCLIENT setting to /etc/default/nis, which defaults to true + (closes: #138723, #160930) + * Fix typos in nis.debian.howto (closes: #130380, #139821, #143658) + + -- Miquel van Smoorenburg Sat, 15 Nov 2003 13:45:03 +0100 + +nis (3.9-6.2) unstable; urgency=high + + * Rebuilt for unstable + + -- Martin Schulze Mon, 21 Oct 2002 16:31:14 +0200 + +nis (3.9-6.1) stable-security; urgency=high + + * Non-maintainer upload by security team + * Applied fix by Thorsten Kukuk to fix an information leak + + -- Martin Schulze Thu, 10 Oct 2002 09:17:47 +0200 + +nis (3.9-6) unstable; urgency=high + + * Official fix from upstream maintainer for "YPBIND_PROC: domain not bound" + ypbind problem that includes a potential fix for bug #109935. + + -- Miquel van Smoorenburg Wed, 17 Oct 2001 17:06:06 +0200 + +nis (3.9-5) unstable; urgency=high + + * Maintainer upload (closes: #103588) + * Fix typo in ypMakefile (closes: #106483,#107824,#105727) + * Fix "YPBIND_PROC: domain not bound" recurring (15 mins.) problem. + Courtesy of Neil Brown . Hopefully + this also fixes bug #109935. + + -- Miquel van Smoorenburg Tue, 9 Oct 2001 12:47:49 +0200 + +nis (3.9-4.1) unstable; urgency=low + + * Non-maintainer upload. + * copy in new config.{guess,sub} to get support for new architectures. + Closes: #104601 + + -- LaMont Jones Fri, 13 Jul 2001 16:43:48 -0600 + +nis (3.9-4) unstable; urgency=high + + * Fix preinst not to depend on /usr/share/doc/examples/nis.default + which ofcourse isn't there on a fresh installation. + + -- Miquel van Smoorenburg Thu, 28 Jun 2001 14:02:52 +0200 + +nis (3.9-3) unstable; urgency=high + + * Update docs about /etc/init.d/nis and /etc/default/nis (closes: #98886) + * Updated nis.debian.howto + * Fix the debconf stuff (closes: #99966, #97693) + * Added german tranlations (closes: #100138) + * Also include the preinst file in the package .. now /etc/default/nis + actually works (closes: #63171, #77090) + * Don't stop running NIS processes during upgrade, they tend to be + essential for functioning of the system. Just restart NIS in the postinst. + * Fix symbolic links (closes: #99411, #97846) + * kill running ypbinds manually if upgrading from an older + version of the NIS package (closes: #97599) + * Put a comment about DNS in /etc/yp.conf (closes: #96066) + * Don't export shadow entries < MINUID (closes: #69214, #90470, #28030) + * Set MINUID to 1000 to comply with policy (closes: #38591, #58881) + * Up timeout on connecting to ypxfrd from 25 microsecs to 2 secs. + 25 us is really way to short - ypxfr almost always failed connecting + to ypxfrd. + + -- Miquel van Smoorenburg Tue, 26 Jun 2001 15:32:30 +0200 + +nis (3.9-2) unstable; urgency=high + + * Recompile _again_ for latest libc6 (backwards compatibility doesn't + seem to exist anymore?) (closes: #97195) + + -- Miquel van Smoorenburg Mon, 14 May 2001 13:06:31 +0200 + +nis (3.9-1) unstable; urgency=high + + * Upgrade to yp-tools-2.5, ypbind-mt-1.8, ypserv-1.3.12 + * Some people need NIS built against the latest libc (closes: #96158, #96931) + * Typo in postinst message (closes: #78185) + * Make maintainer scripts failsafe (closes: #77347) + * Apply threads/signals patch so that ypbind exits on SIGTERM (closes: #83106) + * Now uses debconf + * fixed ypserv_conf.c - IP numbers can start with [1-9] not [0-3] + * Fix ypserv(8) manpage (securenets file location) (closes: #94136) + * Update ypserv.securenets example file (closes: #86762) + + -- Miquel van Smoorenburg Wed, 9 May 2001 23:57:03 +0200 + +nis (3.8-3) unstable; urgency=low + + * Upload to unstable, compiled with current woody libs + * Fixes the Alpha problems (as 3.8-2 does for stable) + * Depends on portmap again (closes: #75267,#75511,#76942,#72132,#75124) + + -- Miquel van Smoorenburg Tue, 14 Nov 2000 23:53:51 +0100 + +nis (3.8-2) stable; urgency=high + + * Upload to stable + * This fixes the Alpha problems. This is of high urgency, + because the old 3.7 packages still contain the security hole. + * The Alpha problems were due to configure not reckognizing the + system type on (certain!) Alpha's, so that the USE_BROADCAST=0 + code got compiled in which was broken. I debugged and fixed both + problems. This might also fix brokenness on other non-i386 + platforms. + * Updated HOWTO (closes: #76043) + + -- Miquel van Smoorenburg Mon, 13 Nov 2000 22:38:11 +0100 + +nis (3.8-0.1) stable unstable; urgency=high + + * Non-maintainer upload by security team + * Up the versionnumber since we upgrade one of our tarballs + * Upgrade ypbindt-mt to 1.7, which is a security-fix for 1.6. This + really fixes the printf formating security problem. + * Upload to both stable and unstable so potato doesn't have a newer + version anymore and woody gets the fix as well. + + -- Wichert Akkerman Fri, 13 Oct 2000 20:08:23 +0200 + +nis (3.7-2potato1) stable; urgency=high + + * Upload for potato to fix security hole in ypbind + + -- Miquel van Smoorenburg Mon, 9 Oct 2000 13:59:08 +0200 + +nis (3.7-2) unstable; urgency=high + + * Update to latest ypbind-mt-1.7 because of security hole + (syslog format string attack) + * Apply ypserv-1.3.11a.diff because upstream maintainer says + it's important. + + -- Miquel van Smoorenburg Mon, 9 Oct 2000 13:45:10 +0200 + +nis (3.7-1) unstable; urgency=high + + * Update to latest ypserv (1.3.11) + * Depend on portmap (closes: #72083,#72107,#72121) + * Update yppasswd manpage (closes: #67208) + * Well, ypbind most definitely works ;) (closes: #42903) + * New ypMakefile since 3.6 (closes: #48465) + * Wait for domain to get bound up to 10 secs (closes: #59799,#59892,#66574) + * Update nis.debian.howto (closes: #60300,#60380) + * Update netgroups manpage (closes: #62492) + + -- Miquel van Smoorenburg Thu, 21 Sep 2000 16:23:30 +0200 + +nis (3.6-2) unstable; urgency=high + + * Touch yp-tools-2.4/configure (closes: #48442) + * Fix /var/yp/Makefile (closes: #48447) + + -- Miquel van Smoorenburg Wed, 27 Oct 1999 11:09:42 +0200 + +nis (3.6-1) unstable; urgency=high + + * Same as 3.5, but compiled with glibc 2.1 for potato. + + -- Miquel van Smoorenburg Tue, 26 Oct 1999 22:10:35 +0200 + +nis (3.5-1) stable; urgency=high + + * New upstream releases of ypserv (1.3.9), ypbind-mt (1.6) and yp-tools (2.4). + These fix the security bugs present in earlier versions. + + -- Miquel van Smoorenburg Mon, 25 Oct 1999 17:34:09 +0200 + +nis (3.4-2) unstable; urgency=high + + * Compiled against glibc 2.1.x, this should fix these bugs: + #42038: nis: ypserv crashes/exits + #42097: libc6: "clnt_call: RPC: Timed out" in nis + #42138: nis: NIS failing - seems to have started with latest glibc + #42531: nis problems + * Added a patch for glibc 2.1.2preX and ypbind-mt-1.6 from Thorsten + + -- Miquel van Smoorenburg Fri, 6 Aug 1999 11:46:38 +0200 + +nis (3.4-1) unstable; urgency=high + + * New upstream version of ypserv. Hopefully this fixes the + yp_all() bugs glibc 2.1 users have been seeing (#42138, #42097) + + -- Miquel van Smoorenburg Sat, 31 Jul 1999 10:07:53 +0200 + +nis (3.3.3-1) unstable; urgency=low + + * New upstream version of yp-tools and ypbind-mt + * Fixes bugs: + #42028: nis: NIS-Server doesn't use /etc/shadow - feature or bug? + #41781: direction reversed in howto + #41778: nis.debian.howto.gz suggests editing crontab + #40462: ypinit failed on setting up a slave server + #40462: ypinit failed on setting up a slave server + #29692: nis: rpc.yppasswd doesn't admit latin characters in gecos field + #34144: NIS master doesn't update slaves + #38010: ypbind won't bind to specified server + #38018: -no_ping flag doesn't work for ypbind + #42028: nis: NIS-Server doesn't use /etc/shadow - feature or bug? + #21278: ypxfr should keep maps that it cannot get temporarily + + -- Miquel van Smoorenburg Wed, 28 Jul 1999 15:40:13 +0200 + +nis (3.3.2-1) unstable; urgency=low + + * New upstream version of yp-tools and ypbind-mt + * Fixes bugs: + #34618: nis: Documentation glitch + #30580: nis should depend on make + #28876: -O6 default optimization in nis + #29268: 64bit fix + #32882: nis: please do mention where you got the software + #28183: nis with shadow passwords + + -- Miquel van Smoorenburg Mon, 3 May 1999 16:28:23 +0200 + +nis (3.3.1-1) unstable; urgency=low + + * New upstream version of ypserv + * Fixes bugs: + #26294: package is out of date; makedbm does not handle "\" extended lines + #27674: nis: tab is no longer accepted as whitespace in yp.conf + #27589: NIS servers should not need to be same architecture + + -- Miquel van Smoorenburg Wed, 14 Oct 1998 15:20:31 +0200 + +nis (3.3-1) unstable; urgency=low + + * New upstream versions of ypserv, ypbind, yp-tools. + * Use ypbind-mt instead of ypbind-3.3. This one uses threads; do + not be confused if you see 4 copies of ypbind running, it's only + one process with multiple kernel-threads. + * Fixes bugs: + #18938: nis: package description + #25703: nis: ypbind: detects that a copy is running (ie itself) and exits + #25753: nis: ypbind: detects that a copy is running (ie itself) and exits + #25754: nis: Minor mistake in /usr/lib/yp/ypinit + #22587: Capitalization issues + #22285: nisdomainname.8.gz should refer to domainname.8 not .1 + + -- Miquel van Smoorenburg Mon, 5 Oct 1998 12:46:35 +0200 + +nis (3.2.1-3) unstable; urgency=low + + * Now really fixes Alpha problems I hope + * Update nis.debian.howto + * Fixes bugs: + #18183: nis: not updating slave server + #18410: nis: New Alpha problem + #18522: nis: nis fails on alpha with RPC errors + #18638: nis: nis source includes wrong snprintf prototype + #18689: /usr/lib/yp/ypxfr_2perday typo + + -- Miquel van Smoorenburg Mon, 2 Mar 1998 17:11:49 +0100 + +nis (3.2.1-2) unstable; urgency=low + + * Remove ypbind-3.3/rpcsvc in debian/rules, the dpkg-source + gegerated patch file does not support removed files. + + -- Miquel van Smoorenburg Fri, 20 Feb 1998 21:43:27 +0100 + +nis (3.2.1-1) unstable; urgency=low + + * Applied fix from Thorsten Kukuk for ypbind: + - increase ping timeout to 5 seconds + - remove binding file on shutdown + - Fix Alpha problems + - Fix gcc2.8 and egcs compilation problems + * New yptools (1.4.1) + * Fix lintian warnings/errors + * Fixes bugs: + #18301: on alpha nis breaks with libc6.1_2.0.7pre1 + #18183: nis: not updating slave servers + #18266: nis source includes wrong snprintf prototype + + -- Miquel van Smoorenburg Fri, 20 Feb 1998 00:10:16 +0100 + +nis (3.2-2) unstable; urgency=low + + * Fixes: + #17806: nis: asks for insertion of plus entries + + -- Miquel van Smoorenburg Wed, 4 Feb 1998 14:10:02 +0100 + +nis (3.2-1) unstable; urgency=medium + + * Added debian revision number + * Upgrade to ypserv-1.2.8, which fixes a severe bug in makedbm + * Fixes bugs: + #17212: @/usr/bin/awk not found in /var/yp/Makefile, 'amd.home' target + #15210: NIS implementation too wordy + + -- Miquel van Smoorenburg Thu, 29 Jan 1998 17:57:46 +0100 + +nis (3.1) unstable; urgency=low + + * Fix totally bogus diff file + * Upgraded yp-tools to 1.4, ypserv to 1.2.7 + * Fixes bugs: + #13333: nis: No manual for /usr/lib/yp/{makedbm,pwupdate} + #15225: ypmatch doesn't set error code + #15969: nis: ypchfn does not work + #15225: ypmatch doesn't set error code + + -- Miquel van Smoorenburg Tue, 13 Jan 1998 15:05:02 +0100 + +nis (3.0-2) unstable; urgency=low + + * Fix copyright information + * Fix comments in /etc/yp.conf + + -- Miquel van Smoorenburg Thu, 6 Nov 1997 14:49:17 +0100 + +nis (3.0-1) unstable; urgency=low + + * Update nis.debian.howto help document + * Use new ypserv-1.2.5 + * Use yp-tools-1.2 instead of ypclients-2.2 + * Work around in ypwhich for buggy yp_maplist() in libc-5.4.33 + * User ypbind-3.3 instead of ypbind-bsd-1.15 + * Add rpc.ypxfrd to startup file + * Fixes bugs: + #9920: nis.debian.howto.gz has wrong details. + #10142: Cannot set up NIS as a slave server. + #10186: Running "make" fails under NIS. + #10244: ypserv hangs occasionally + #10525: nis: mknetid segfaults + #10872: NIS and libc6 + #11007: ypbind problems with nis_2.20 + #11472: nis: NIS does not work when no server is on subnet + #12575: nis: unchecked prompting in postinst + + -- Miquel van Smoorenburg Tue, 4 Nov 1997 16:40:57 +0100 + +nis (2.20-1) frozen unstable; urgency=high + + * Upgrade ypserv to 1.1.7 (security fix) + * Use awk instead of mawk (Bug#8705, #7855) + * Depend on libc5 (>= 5.4.23) + + -- Miquel van Smoorenburg Mon, 28 Apr 1997 17:09:19 +0200 + +nis (2.10-1.2) unstable; urgency=high + + * Applied another patch from H.J. Lu to fix ypset. + + -- David Engel Tue, 18 Mar 1997 13:29:01 -0600 + +nis (2.10-1.1) unstable; urgency=high + + * Applied H.J. Lu's patches to make ypclients and ypbind work + with libc 5.4.23. + * Changed yppasswd to work with libc 5.4.23. + + -- David Engel Mon, 17 Mar 1997 09:03:30 -0600 + +nis (2.10-1) unstable; urgency=medium + + * Upgraded to ypserv-1.1.5 + * Made sure all executables are stripped + * Fix bug in services database (wrong key) + + -- Miquel van Smoorenburg Tue, 4 Feb 1997 17:38:43 +0100 + +nis (2.00-1) unstable; urgency=low + + * Upgraded to latest versions of all software + * New source packaging + * Added missing manpages (stubs) + * Fixed yppasswd &c to work with shadow-like NIS server setup. + + -- Miquel van Smoorenburg Wed, 02 Oct 1996 17:51:54 +0200 + +* nis-1.20-2 Tue Jul 2 11:28:30 MET DST 1996 + o Fixed domainname option processing. + +* nis-1.20-1 Sat Jun 8 14:18:02 MET DST 1996 + + o Installs ypserv_1perhour and associated scripts. + o Updated nis.debian.howto + o Updated rules and control files for latest "dchanges". + o yppasswd Can now change empty password + o yppasswdd now accepts root password as old passwd + so root can change all passwords --- nis-3.15.orig/debian/ypxfr_1perhour +++ nis-3.15/debian/ypxfr_1perhour @@ -0,0 +1,22 @@ +#! /bin/sh +# +# ypxfr_1perhour Transfer the group and password files +# every hour in case we missed an update. +# (Or if we don't get automatic updates). +# +# Version: @(#)ypxfr_1perhour.sh 1.01 MvS +# + +YPBINDIR=/usr/lib/yp + +ALL_MAPS=$(${YPBINDIR}/yphelper --maps $(/usr/bin/ypwhich)) +MAPS="passwd.byname passwd.byuid shadow.byname group.byname group.bygid" + +for map in $MAPS +do + if echo $ALL_MAPS | grep $map > /dev/null ; then + [ -t 1 ] && echo "$YPBINDIR/ypxfr $map" + $YPBINDIR/ypxfr $map + fi +done + --- nis-3.15.orig/debian/fix-up-autoconf +++ nis-3.15/debian/fix-up-autoconf @@ -0,0 +1,27 @@ +#! /bin/sh +# +# Prevent autoconf and automake if they're installed from +# generating new Makefiles and configure scripts by lowering +# the timestamps on the master files if they're newer than +# the generated files. +# + +find . -name \*.am | while read master +do + generated=${master%.am}.in + if [ -f $generated -a $master -nt $generated ] + then + echo touch -r $generated $master + touch -r $generated $master + fi +done + +find . -name configure.in | while read master +do + generated=${master%.in} + if [ -f $generated -a $master -nt $generated ] + then + echo touch -r $generated $master + touch -r $generated $master + fi +done --- nis-3.15.orig/debian/convert-ypserv-conf +++ nis-3.15/debian/convert-ypserv-conf @@ -0,0 +1,61 @@ +#! /usr/bin/perl +# +# Convert the ypserv.conf file from the 1.3 format +# to the new 2.0 format. +# +# Version: @(#)convert-ypserv-conf 1.0 miquels@cistron.nl +# + +$| = 1; + +unless (open(FD, "<$ARGV[0]")) { + print STDERR "convert-ypserv-conf: $ARGV[0]: $!\n"; + exit 1; +} +my @stat = stat FD; + +my $old; +my $new; + +while () { + $old .= $_; + chomp; + s/^(#\s*Host\s*:)\s*Map\s*:\s*Security\s*:\s*Passwd_mangle\s*/$1 Domain : Map : Security/; + + unless (/^(#?\s*\S+\s*):(\s*\S+\s*):(\s*(?:port|none|deny)\s*)(?::(\s*\S+\s*))?$/) { + $new .= "$_\n"; + next; + } + my ($host, $map, $sec, $mangle) = ($1, $2, $3, $4); + if ($mangle =~ m/^\s*yes(:\d+)?/) { + my $port = $1; + $sec =~ s#(port|none)#$1/mangle$port#; + } + $new .= "$host: * :$map:$sec\n"; +} +close FD; + +exit 0 if ($old eq $new); + +print "Converting version 1.3 ypserv.conf to 2.0..."; + +unless (open(FD, ">$ARGV[0].$$")) { + print STDERR "convert-ypserv-conf: $ARGV[0].$$: $!\n"; + exit 1; +} + +chown $stat[4], $stat[5], "$ARGV[0].$$"; +chmod $stat[2], "$ARGV[0].$$"; + +print FD $new; +close FD; +unless (rename("$ARGV[0].$$", $ARGV[0])) { + print STDERR "convert-ypserv-conf: $ARGV[0].$$: $!\n"; + unlink "$ARGV[0].$$"; + exit 1; +} + +print "done.\n"; + +exit 0; + --- nis-3.15.orig/debian/config +++ nis-3.15/debian/config @@ -0,0 +1,59 @@ +#! /bin/sh +# +# config NIS suite Debconf configuration. +# UI part of configureing the nis stuff. +# + +# Source debconf library. +. /usr/share/debconf/confmodule +db_version 2.0 || { echo "nis.config: need DebConf 2.0 or later"; exit 1; } + +set -e +umask 022 + +# Has the user seen the doman qestion before? +db_fget nis/domain seen || true +if [ "$RET" = "false" ]; then + domain_is_default="true" +fi + +# We're going to try to fill this in... +nisdomain="" + +# ...from the existing configuration +if [ -r /etc/defaultdomain ]; then + nisdomain=$(cat /etc/defaultdomain) +elif db_get nis/domain ; then + nisdomain=$RET +fi + +# If we haven't found anything then generate a default +if [ "$nisdomain" = "" ] +then + fqdn=$(hostname --fqdn) || true + nisdomain=${fqdn#*.} +fi + +# If we have generated something then put it back into debconf... +if [ "$nisdomain" != "" ]; then + db_set nis/domain "$nisdomain" + + # ...preserving the seen flag + if [ "${domain_is_default}" = "true" ]; then + db_fset nis/domain seen false + fi +fi + +# Now, interaction. Batch it in case any front ends can use this. +db_beginblock +db_input high nis/domain || true + +# If this is a first time install then prompt +if [ "$1" = "configure" -a "$2" != "" ]; then + db_text medium nis/not-yet-configured || true +fi + +db_endblock +db_go || true + +exit 0 --- nis-3.15.orig/debian/netgroup.sample +++ nis-3.15/debian/netgroup.sample @@ -0,0 +1,22 @@ +# +# netgroup The netgroup file. Entries look like this: +# +# netgroup (host,user,domain) (host,user,domain) .. +# +# So for example a netgroup for powerusers could be: +# +# powerusers (,miquels,) (,torvalds,) (,fubar,) +# +# And an entry in the password file like +# +# +@powerusers:::::: +# +:*:::::/etc/NoShell +# +# would give access only to the users in "powerusers", while the +# other users would be known to the system but have an invalid +# shell AND an invalid password (with Linux, you can also +# override the password field). +# + +# powerusers (,miquels,) (,torvalds,) (,fubar,) +# ourhosts (picard,,) (enterprise,,) (laforge,,) (Q,,) --- nis-3.15.orig/debian/nis.default +++ nis-3.15/debian/nis.default @@ -0,0 +1,35 @@ +# +# /etc/defaults/nis Configuration settings for the NIS daemons. +# + +# Are we a NIS server and if so what kind (values: false, slave, master)? +NISSERVER=false + +# Are we a NIS client? +NISCLIENT=true + +# Location of the master NIS password file (for yppasswdd). +# If you change this make sure it matches with /var/yp/Makefile. +YPPWDDIR=/etc + +# Do we allow the user to use ypchsh and/or ypchfn ? The YPCHANGEOK +# fields are passed with -e to yppasswdd, see it's manpage. +# Possible values: "chsh", "chfn", "chsh,chfn" +YPCHANGEOK=chsh + +# NIS master server. If this is configured on a slave server then ypinit +# will be run each time NIS is started. +NISMASTER= + +# Additional options to be given to ypserv when it is started. +YPSERVARGS= + +# Additional options to be given to ypbind when it is started. +YPBINDARGS= + +# Additional options to be given to yppasswdd when it is started. Note +# that if -p is set then the YPPWDDIR above should be empty. +YPPASSWDDARGS= + +# Additional options to be given to ypxfrd when it is started. +YPXFRDARGS= --- nis-3.15.orig/debian/postrm +++ nis-3.15/debian/postrm @@ -0,0 +1,26 @@ +#! /bin/sh +# +# Post removal script for the Debian GNU/Linux nis package +# + +set -e + +# Source debconf library. +. /usr/share/debconf/confmodule + +case "$1" in + purge) + update-rc.d nis remove >/dev/null + rm -f /etc/default/nis + rm -f /etc/defaultdomain + rm -r /var/yp + db_purge + exit 0 + ;; + remove) + ;; + upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) + ;; +esac + +exit 0 --- nis-3.15.orig/debian/rc.nis +++ nis-3.15/debian/rc.nis @@ -0,0 +1,210 @@ +#!/bin/sh +# +# /etc/init.d/nis Start NIS (formerly YP) daemons. +# +# + +# Customize the variables in /etc/default/nis rather than here +NISSERVER=false +NISMASTER= +YPPWDDIR=/etc +YPCHANGEOK=chsh +YPSERVARGS="" +YPBINDARGS="" +YPPASSWDDARGS="" +YPXFRDARGS="" +YPPWDDIRARGS="" + +[ -f /etc/default/nis ] && . /etc/default/nis + +NET="/usr/sbin" +test -f ${NET}/ypbind -a -f /etc/defaultdomain || exit 0 + +# +# If ypbind broadcasts for the default domain, we may not be bound to +# any server yet (note that you can set broadcast in yp.conf for the +# default domain without ypbind being run with -broadcast) +# +bind_wait() +{ + [ "`ypwhich 2>/dev/null`" = "" ] && sleep 1 + + if [ "`ypwhich 2>/dev/null`" = "" ] + then + bound="" + echo -n "[binding to YP server " + for i in 1 2 3 4 5 6 7 8 9 10 + do + sleep 1 + echo -n "." + if [ "`ypwhich 2>/dev/null`" != "" ] + then + echo -n " done] " + bound="yes" + break + fi + done + [ "$bound" ] || echo -n " backgrounded] " + fi +} + +# +# Do we want ypbind to be started? On a laptop without ethernet +# maybe not just yet - /etc/network/if-up.d will take care of it. +# +want_ypbind() +{ + # NIS servers always get ypbind since yppush wants it. + case "$NISSERVER" in + master|slave|[Yy]*) + return 0 + ;; + esac + + # Do we want to run as a NIS client anyway? + case "$NISCLIENT" in + false|[nN]*) + return 1 + ;; + esac + + # Executable present ? + if ! [ -x ${NET}/ypbind ] + then + return 1 + fi + + # Started manually? + if [ "$manual" != "" ] + then + return 0 + fi + + # + # For now, we do not use the /etc/network/if-{up,down}.d + # stuff yet. Not sure if it is useful for NIS or how + # it should work, exactly. + # + return 0 + + # + # If the network is not up yet, do not start ypbind. + # We assume that /etc/network/ifup.d will start ypbind. + # It doesn't matter if it already did. + # + network=`route -n | sed -ne '/^224/d' -e '/^127/d' -e '/^[0-9]/p'` + if [ "$network" = "" ] + then + return 1 + fi + + return 0 +} + +do_start () +{ + oname=`domainname` + nname=`cat /etc/defaultdomain` + if [ "$oname" != "$nname" ]; then + echo "Setting NIS domainname to: $nname" + domainname "$nname" + fi + echo -n "Starting NIS services: " + if [ "$NISSERVER" != "false" ] + then + echo -n "ypserv " + start-stop-daemon --start --quiet \ + --pidfile /var/run/ypserv.pid --exec ${NET}/ypserv \ + -- ${YPSERVARGS} + fi + if [ "$NISSERVER" = master ] + then + E="" + if [ "$YPCHANGEOK" != "" ] + then + OIFS="$IFS"; IFS="$IFS," + for i in $YPCHANGEOK + do + case "$i" in + chsh|chfn) + E="$E -e $i" + ;; + esac + done + IFS="$OIFS" + fi + echo -n "yppasswdd " + if [ "$YPPWDDIR" != "" ]; then + YPPWDDIRARGS="-D ${YPPWDDIR}" + fi + start-stop-daemon --start --quiet \ + --exec ${NET}/rpc.yppasswdd -- $YPPWDDIRARGS $E $YPPASSWDDARGS + echo -n "ypxfrd " + start-stop-daemon --start --quiet \ + --exec ${NET}/rpc.ypxfrd -- $YPXFRDARGS + fi + if egrep -q '^(ypserver|domain)' /etc/yp.conf + then + broadcast="" + else + broadcast="-broadcast" + fi + if want_ypbind + then + echo -n "ypbind " + start-stop-daemon -b --start --quiet \ + --exec ${NET}/ypbind -- $broadcast ${YPBINDARGS} + bind_wait + fi + if [ "$NISSERVER" = "slave" -a "$NISMASTER" != "" ] + then + echo -n "ypinit " + /usr/lib/yp/ypinit -s $NISMASTER + fi + echo +} + +do_stop () { + start-stop-daemon --stop --quiet --oknodo \ + --pidfile /var/run/ypbind.pid + start-stop-daemon --stop --quiet --oknodo \ + --pidfile /var/run/ypserv.pid + start-stop-daemon --stop --quiet --oknodo \ + --pidfile /var/run/yppasswdd.pid + start-stop-daemon --stop --quiet --oknodo \ + --name rpc.ypxfrd +} + +# Set 'manual' to indicate if we were started by hand. +case "$0" in + */S[0-9][0-9]*|*/K[0-9][0-9]*) + manual= + ;; + *) + manual=1 + ;; +esac + +case "$1" in + start) + do_start + ;; + stop) + do_stop + ;; + reload|force-reload) + start-stop-daemon --stop --quiet --oknodo --signal 1 \ + --pidfile /var/run/ypserv.pid --exec ${NET}/ypserv + ;; + restart) + do_stop + sleep 2 + do_start + ;; + *) + echo "Usage: /etc/init.d/nis {start|stop|reload|force-reload|restart}" + exit 1 +esac + +exit 0 + --- nis-3.15.orig/debian/ypserv-mapno.patch +++ nis-3.15/debian/ypserv-mapno.patch @@ -0,0 +1,29 @@ +diff -ruN --exclude debian nis-3.10.orig/ypserv-2.18/ypxfr/ypxfr.c nis-3.10/ypserv-2.14/ypxfr/ypxfr.c +--- nis-3.10.orig/ypserv-2.18/ypxfr/ypxfr.c 2003-06-13 14:46:34.000000000 +0200 ++++ nis-3.10/ypserv-2.18/ypxfr/ypxfr.c 2003-11-15 12:23:10.000000000 +0100 +@@ -486,6 +486,25 @@ + xdr_free ((xdrproc_t) xdr_ypresp_order, (caddr_t) &resp_order); + } + ++ /* ++ * In ypserv up to 1.3.12, sometimes resp_order->ordernum gets ++ * set to INT_MAX for no clear reason ? I don't know if this ++ * happens in glibc or that the remote server returns this, but ++ * it seems safest to bail out in this case .... ++ * ++ * Note that this might have been fixed in the 2.x series ++ * but we'll see. Keep an eye on your logfiles .. ++ */ ++#ifndef INT_MAX ++# define INT_MAX 2147483647 ++#endif ++ if (masterOrderNum == INT_MAX) ++ { ++ log_msg("ERROR: order number of map %s == INT_MAX (%d), impossible", ++ map, masterOrderNum); ++ return YPXFR_YPERR; ++ } ++ + /* If we doesn't force the map, look, if the new map is really newer */ + if (!force) + { --- nis-3.15.orig/debian/ypserv-mangle.patch +++ nis-3.15/debian/ypserv-mangle.patch @@ -0,0 +1,262 @@ +diff -ruN ypserv-2.18.orig/etc/ypserv.conf ypserv-2.14/etc/ypserv.conf +--- ypserv-2.18.orig/etc/ypserv.conf 2001-02-18 10:19:09.000000000 +0100 ++++ ypserv-2.18/etc/ypserv.conf 2003-12-13 20:22:54.000000000 +0100 +@@ -25,8 +25,8 @@ + + # Host : Domain : Map : Security + # +-# * : * : passwd.byname : port +-# * : * : passwd.byuid : port ++# * : * : passwd.byname : port/mangle ++# * : * : passwd.byuid : port/mangle + + # Not everybody should see the shadow passwords, not secure, since + # under MSDOG everbody is root and can access ports < 1024 !!! +diff -ruN ypserv-2.18.orig/etc/ypserv.conf.5 ypserv-2.14/etc/ypserv.conf.5 +--- ypserv-2.18.orig/etc/ypserv.conf.5 2002-12-21 14:53:26.000000000 +0100 ++++ ypserv-2.18/etc/ypserv.conf.5 2003-12-14 13:08:02.000000000 +0100 +@@ -1,7 +1,7 @@ + .\" -*- nroff -*- + .\" Copyright (c) 1996, 1997, 1998, 1999, 2000, 2002 Thorsten Kukuk kukuk@suse.de + .\" +-.TH YPSERV.CONF 5 "October 2002" "YP Server" "Reference Manual" ++.TH YPSERV.CONF 5 "December 2003" "YP Server" "Reference Manual" + .SH NAME + ypserv.conf - configuration file for ypserv and rpc.ypxfrd + .SH DESCRIPTION +@@ -48,8 +48,8 @@ + trusted_master: ypmaster.example.org + .TP + .BR "xfr_check_port: " [|no] +-With this option enabled, the NIS master server have to run on a +-port < 1024. The default is "yes" (enabled). ++With this option enabled, the NIS master server has to run on a ++priviliged port (< 1024). The default is "yes" (enabled). + .LP + The field descriptions for the access rule lines are: + .TP +@@ -76,11 +76,29 @@ + always allow access. + .TP + .I port +-allow access if from port < 1024. Otherwise do not allow access. ++allow access if the client request originates from a priviliged ++port (< 1024). Otherwise do not allow access. + .TP + .I deny + deny access to this map. + .LP ++You can add ++.B /mangle:field ++to the ++.I none ++or ++.I port ++security keywords. The :field part is optional. It will replace field number ++.I field ++(the default is 2, the password field of the passwd and shadow maps) ++with the value ++.I x ++for client requests from non-priviliged ports (>= 1024) for the ++.I port ++security keyword and in all cases for the ++.I none ++security keyword. ++.LP + .SH FILES + /etc/ypserv.conf + .SH "SEE ALSO" +@@ -91,6 +109,6 @@ + but they make the life a little bit harder for a potential hacker. + .SH BUGS + Solaris clients don't use privileged ports. All security options +-which depend on privileged ports cause big problems on Solaris clients. ++that depend on privileged ports cause big problems on Solaris clients. + .SH AUTHOR + Thorsten Kukuk +diff -ruN ypserv-2.18.orig/lib/access.c ypserv-2.14/lib/access.c +--- ypserv-2.18.orig/lib/access.c 2003-06-13 14:09:14.000000000 +0200 ++++ ypserv-2.18/lib/access.c 2003-12-14 13:05:58.000000000 +0100 +@@ -165,13 +165,14 @@ + switch (work->security) + { + case SEC_NONE: ++ if (work->mangle) status = 200 + work->mangle; + break; + case SEC_DENY: + status = -1; + break; + case SEC_PORT: + if (ntohs (sin->sin_port) >= IPPORT_RESERVED) +- status = -1; ++ status = status = (work->mangle) ? 200 + work->mangle : -1; + break; + } + else if (domain != NULL) +diff -ruN ypserv-2.18.orig/lib/ypserv_conf.c ypserv-2.14/lib/ypserv_conf.c +--- ypserv-2.18.orig/lib/ypserv_conf.c 2003-06-13 14:09:19.000000000 +0200 ++++ ypserv-2.18/lib/ypserv_conf.c 2003-12-13 20:22:55.000000000 +0100 +@@ -447,7 +447,7 @@ + log_msg ("ERROR: could not allocate enough memory! [%s|%d]", __FILE__, __LINE__); + exit (1); + } +- tmp->next = NULL; ++ memset(tmp, 0, sizeof(conffile_t)); + + if (c == '*') + { +@@ -489,6 +489,16 @@ + tmp->security = SEC_DENY; + else if (strcmp (buf2, "port") == 0) + tmp->security = SEC_PORT; ++ else if (strncmp (buf2, "none/mangle", 11) == 0 && ++ (buf2[11] == 0 || buf2[11] == ':')) { ++ tmp->security = SEC_NONE; ++ tmp->mangle = buf2[11] ? atoi(buf2 + 12) : 2; ++ } ++ else if (strncmp (buf2, "port/mangle", 11) == 0 && ++ (buf2[11] == 0 || buf2[11] == ':')) { ++ tmp->security = SEC_PORT; ++ tmp->mangle = buf2[11] ? atoi(buf2 + 12) : 2; ++ } + else + { + log_msg ("Unknown security option \"%s\" in line %d => Ignore line", +diff -ruN ypserv-2.18.orig/lib/ypserv_conf.h ypserv-2.14/lib/ypserv_conf.h +--- ypserv-2.18.orig/lib/ypserv_conf.h 2001-02-18 10:19:09.000000000 +0100 ++++ ypserv-2.18/lib/ypserv_conf.h 2003-12-13 20:22:55.000000000 +0100 +@@ -29,6 +29,7 @@ + char *domain; + char *map; + int security; ++ int mangle; + struct conffile *next; + } conffile_t; + +diff -ruN ypserv-2.18.orig/ypserv/server.c ypserv-2.14/ypserv/server.c +--- ypserv-2.18.orig/ypserv/server.c 2003-08-15 10:55:05.000000000 +0200 ++++ ypserv-2.18/ypserv/server.c 2003-12-13 20:22:55.000000000 +0100 +@@ -44,6 +44,40 @@ + #include "log_msg.h" + #include "compat.h" + ++ ++static void ++mangle(datum *val, int vcode) ++{ ++ char *s, *p, *q; ++ int field; ++ int newsize; ++ int i, n = 1; ++ ++ if (vcode < 201) return; ++ field = vcode - 200; ++ ++ for (i = 0, s = val->dptr; i < val->dsize && *s; i++, s++) { ++ if (n == field) break; ++ if (*s == ':') n++; ++ } ++ if (n != field) return; ++ ++ if ((p = malloc(val->dsize + 1)) == NULL) return; ++ memcpy(p, val->dptr, i); ++ memcpy(p + i, "x", 1); ++ newsize = i + 1; ++ q = p + newsize; ++ ++ for (; i < val->dsize; i++, s++) ++ if (*s == ':') break; ++ memcpy(q, s, val->dsize - i); ++ newsize += val->dsize - i; ++ ++ free(val->dptr); ++ val->dptr = p; ++ val->dsize = newsize; ++} ++ + bool_t + ypproc_null_2_svc (void *argp UNUSED, void *result UNUSED, + struct svc_req *rqstp) +@@ -196,6 +230,7 @@ + qdat.dptr = argp->key.keydat_val; + + rdat = ypdb_fetch (dbp, qdat); ++ mangle(&rdat, valid); + + if (rdat.dptr != NULL) + { +@@ -290,6 +325,7 @@ + if (dkey.dptr != NULL) + { + datum dval = ypdb_fetch (dbp, dkey); ++ mangle(&dval, valid); + result->stat = YP_TRUE; + + result->key.keydat_len = dkey.dsize; +@@ -393,6 +429,7 @@ + else + { + datum dval = ypdb_fetch (dbp, dkey); ++ mangle(&dval, valid); + + result->stat = YP_TRUE; + result->key.keydat_len = dkey.dsize; +@@ -505,6 +542,7 @@ + if(ypdb_exists (dbp, key)) + { + datum val = ypdb_fetch (dbp, key); ++ mangle(&val, valid); + + if ((size_t)val.dsize != strlen (argp->map_parms.peer) || + strncmp (val.dptr, argp->map_parms.peer, val.dsize) != 0) +@@ -643,6 +681,7 @@ + DB_FILE dbm; + datum dkey; + datum dval; ++ int vcode; + } *ypall_data_t; + + static int +@@ -702,6 +741,7 @@ + { + ((ypall_data_t) data)->dval = + ypdb_fetch (((ypall_data_t) data)->dbm, ((ypall_data_t) data)->dkey); ++ mangle(&(((ypall_data_t) data)->dval), ((ypall_data_t) data)->vcode); + + val->stat = YP_TRUE; + +@@ -814,6 +854,7 @@ + if (data->dkey.dptr != NULL) + { + data->dval = ypdb_fetch (data->dbm, data->dkey); ++ mangle(&(data->dval), valid); + + result->ypresp_all_u.val.stat = YP_TRUE; + +@@ -823,6 +864,8 @@ + result->ypresp_all_u.val.val.valdat_len = data->dval.dsize; + result->ypresp_all_u.val.val.valdat_val = data->dval.dptr; + ++ data->vcode = valid; ++ + xdr_ypall_cb.u.encode = ypall_encode; + xdr_ypall_cb.u.close = ypall_close; + xdr_ypall_cb.data = (void *) data; +@@ -908,6 +951,8 @@ + key.dptr = "YP_MASTER_NAME"; + + val = ypdb_fetch (dbp, key); ++ mangle(&val, valid); ++ + if (val.dptr == NULL) + { + /* No YP_MASTER_NAME record in map? There is someting wrong */ +@@ -1019,6 +1064,8 @@ + key.dptr = "YP_LAST_MODIFIED"; + + val = ypdb_fetch (dbp, key); ++ mangle(&val, valid); ++ + if (val.dptr == NULL) + { + /* No YP_LAST_MODIFIED record in map? Use DTM timestamp.. */ --- nis-3.15.orig/debian/nis.debian.howto +++ nis-3.15/debian/nis.debian.howto @@ -0,0 +1,298 @@ + +0. INTRODUCTION. + + This HOWTO describes: + + 1. How to setup a NIS client-only system + 2. How to configure your system to use NIS for users, groups and hosts + 3. How to setup a NIS master server + 4. Shadow passwords + 5. How to setup a NIS slave server + + +1. HOW TO SETUP A LOCAL NIS CLIENT + + 1.1 Install the netbase, portmap and nis packages + + 1.2 The installation procedure will ask for your NIS domainname. This + is just a name which describes the group of systems that use NIS, it + is not a hostname. It is stored in the config file /etc/defaultdomain, + in case you ever want to change it. Unlike DNS hostnames and + domainnames, the NIS domainname is case-sensitive! + + 1.3 If your NIS server is not "local" to your network, you will have to do + some finetuning. The ypbind process has a configuration file called + /etc/yp.conf. You can hardcode a NIS server there - for more info + see the manual page for ypbind(8). + + *NOTE NOTE NOTE* - if you put a servername in /etc/yp.conf, make + sure the server is also in /etc/hosts, or put it in in dotted-quad + notation (12.34.56.78). Otherwise if your system boots and the + network is not yet up or DNS isn't reachable, ypserv cannot resolve + the servers in /etc/yp.conf and will hang! + + 1.4 Start NIS by typing: + + /etc/init.d/nis stop + /etc/init.d/nis start + + 1.5 Follow the instructions in section 2 in order to configure your + system to use NIS for account information. + +2. HOW TO CONFIGURE YOUR SYSTEM TO USE NIS FOR USERS, GROUPS AND HOSTS: + + 2.1 FOR LIBC6: + + Check your /etc/nsswitch.conf file and make sure that the entries for + passwd, group, shadow and netgroup look like this: + + passwd: compat + group: compat + shadow: compat + netgroup: nis + + At this moment, libc6 has some troubles with reading netgroup data + from files. So do not use "db" or "files" in the entry for netgroup, + all netgroup lookups have to go through the NIS server. + + 2.2 USERS: Add the following line to /etc/passwd on your NIS + clients (at the end of the file): + + +:::::: + + You can also use the + and - characters to include/exclude or change + users. If you want to exclude the user guest just add -guest to your + /etc/passwd file. You want to use a different shell (e.g. ksh) for + the user "linux"? No problem, just add "+linux::::::/bin/ksh" + (without the quotes) to your /etc/passwd. Fields that you don't want + to change have to be left empty. + + For example, to only allow login-access to miquels,dth and ed, but to + have the account data of all other users available: + + +miquels:::::: + +ed:::::: + +dth:::::: + +:*:::::/etc/NoShell + + Note that in Linux you can also override the password field, as we did + in this example. + + If you are using shadow passwords and export a "shadow" map from + your NIS server, you also want to put the following in /etc/shadow + (again at the end of the file): + + +:::::::: + + If you want to override the password field and you're using shadow + passwords do it in /etc/shadow, not in /etc/passwd ofcourse. + + 2.3 GROUPS: Add the following line to /etc/group (at the end): + + +::: + + 2.4 HOSTS: + + Normally you should not do host lookups through NIS, use DNS for that. + If you really must use NIS for it, here's how to do it. + + 2.4.1 For libc5 applications: + + If you want to use the NIS host maps of your NIS server you + have to change your /etc/host.conf file. You just have to add the + word "nis" to the "order" line. A sample host.conf file could look + like this: + + order hosts,nis + multi on + + 2.4.2 For libc6 applications: + + Edit /etc/nsswitch.conf and change the hosts entry: + + hosts: files nis + +3. HOW TO SETUP A MASTER NIS SERVER: + + 3.1 Install the nis package. You'll also need other packages such + as portmapper, but the debian dependancy system will take care + of that automatically. + + 3.2 Make sure that _all_ systems you are going to use as a NIS server, + master or slave, have all other systems in the /etc/hosts file. + This is because NIS does not use DNS. The FQDN (Fully Qualified + Domain Name) should be the first hostname after every IP address, + followed by just the hostname (without the domainname). For + example: + + 192.168.88.10 troi.cistron.nl troi + + On the NIS server the NIS hosts file (which is usually just /etc/hosts) + should also have this setup. You should also ensure that the + entry for 127.0.0.1 in /etc/hosts does not include the hostname of + the system. Not doing so can cause the NIS server to report + localhost as the master server, making some operations fail. For + example: + + 127.0.0.1 localhost.localdomain localhost + + 3.3 set your NIS domain in the /etc/defaultdomain file. The NIS domain + is just a name which describes the group of systems that use NIS, it + is not a hostname. It is common practice to use your DNS domainname + for this. + + Many people say this is a security risk, as by knowing your + domainname it is possible to query your NIS server remotely and + download all your NIS maps. Do not try to prevent this by choosing + an obscure domainname. Just setup your /etc/ypserv.securenets and/ + or your /etc/ypserv.conf properly so that your NIS server cannot + be accessed outside of your local network at all. + + 3.4 set ypserv to master (NISSERVER=master) in /etc/default/nis + + Note that earlier versions of the Debian NIS package kept this + setting in the /etc/init.d/nis script - if you upgraded from a + version before 3.9 you might still have the old script and you + need to edit that script instead. Alternatively copy the + new /etc/init.d/nis.dpkg-new script to /etc/init.d/nis. + + 3.5 As mentioned above, add your local network number to the file + /etc/ypserv.securenets. You don't _have_ to do this: the default + is to allow everybody to access your NIS server. It is however + *strongly* recommended. + + For added security you might also want to edit the /etc/ypserv.conf + file to mangle the password file for some clients (do not do this + if you have non-debian slave servers in your network!) + + 3.6 Start the server by typing: + + /etc/init.d/nis stop + /etc/init.d/nis start + + This will start the server (ypserv) and the password daemon (yppasswdd). + + 3.7 Setup the server. + + You do this by typing "/usr/lib/yp/ypinit -m". + + If you want to restrict access to your NIS server, you'll have to setup + the NIS server as a client as well by running ypbind and adding the + plus-entries to /etc/passwd _halfway_ the password file. The library + functions will ignore all normal entries after the first NIS entry, and + will get the rest of the info through NIS. This way the NIS access rules + are maintained. example: + + root:x:0:0:root:/root:/bin/bash + daemon:*:1:1:daemon:/usr/sbin: + bin:*:2:2:bin:/bin: + sys:*:3:3:sys:/dev: + sync:*:4:100:sync:/bin:/bin/sync + games:*:5:100:games:/usr/games: + man:*:6:100:man:/var/catman: + lp:*:7:7:lp:/var/spool/lpd: + mail:*:8:8:mail:/var/spool/mail: + news:*:9:9:news:/var/spool/news: + uucp:*:10:50:uucp:/var/spool/uucp: + nobody:*:65534:65534:noone at all,,,,:/dev/null: + +miquels:::::: + +:*:::::/etc/NoShell + [ All normal users AFTER this line! ] + tester:*:299:10:Just a test account:/tmp: + miquels:1234567890123:101:10:Miquel van Smoorenburg:/home/miquels:/bin/zsh + + The user tester will exist, but have a shell of /etc/NoShell. miquels + will have normal access. + + Alternatively, you could edit the /var/yp/Makefile file and set NIS to + use another source password file by pointing the YPPWDDIR variable at the + top of the Makefile to another directory than /etc. On big systems, the + NIS password and group files are often stored in /var/yp/ypfiles/. If + you do this the normal tools to administrate the password file such as + "passwd", "chfn", "adduser" will not work anymore and you will need + special homemade tools for this. + + However yppasswd, ypchsh and ypchfn will work ofcourse, provided you + run the yppasswdd with the -D option to point it to the location of the + NIS password and shadow file. In version 3.9 and up of the Debian package, + you can set this in the /etc/default/nis configuration file - the name + of the variable is YPPWDDIR, just like in /var/yp/Makefile. + + The Debian version of these utilities - and the yppasswdd daemon - + have a non-standard extension. "Root" can - using the root password - + change other people's passwords, finger info and shell. If you edit + the NIS password file manually or you use the standard /etc/passwd + file, remember that after every change in one of the NIS source files + you'll have to run "make" in the /var/yp directory to update the + NIS maps. It would be reasonable to do this nightly from cron to be + sure the NIS maps are kept up-to-date. + +4. SHADOW PASSWORDS + + The Linux libc5 does not support shadow NIS maps. If you are dependant + on libc5 applications, do not use shadow NIS maps. Instead you can use + the method below: + + 4.1 SHADOW-LIKE SECURITY + + You can provide shadow-like security by "mangling" + the password for NIS lookups of password-file entries. Read the manpage + for "ypserv.conf" and read the comments in the sample /etc/ypserv.conf. + + 4.2 REAL SHADOW SUPPORT + + Libc6 has real shadow support for NIS builtin. It works like you would + expect; export the shadow map from the NIS server and just use it. + The shadow map should be built with the "-s" (secure) option to + makedbm. This is automatic in all modern /var/yp/Makefile files. + + Note that if you use the shadow password file you need to add + "plus" entries (as in 2.2) to both /etc/passwd and /etc/shadow. + Make sure you use the correct format; the passwd and shadow files + have different fields. + + On the master server the /var/yp/Makefile file needs to include + the shadow file in the "all:" target. If you're using the sample + /var/yp/Makefile this is done automatically - it autodetects + /etc/shadow and builds/exports it if it exists. + +5. HOW TO SETUP A NIS SLAVE SERVER + + 5.1 First setup your system as a working NIS client (see 1.) + + 5.2 Follow the steps 3.1 .. 3.5 as described in above, but at step 3.4 + set ypserv to slave (NISSERVER=slave) in the /etc/default/nis file. + + 5.3 Tell your master NIS server it has a slave. First you have to adjust + the NIS Makefile *on the master* so that all future updates get + distributed to the slave(s) automatically. Set the NOPUSH variable + in /var/yp/Makefile to "false" like this: + + NOPUSH="false" + + (Don't you just hate double negatives ..) Now tell the master about + its slaves by running "/usr/lib/yp/ypinit -m". Enter the names of the + slave servers. The maps will get rebuilt, but not pushed to the slaves + just yet. + + 5.4 Start the slave and initialize it by entering: + + /etc/init.d/nis stop + /etc/init.d/nis start + /usr/lib/yp/ypinit -s + + The slave server will transfer the maps from the master. + + 5.5 You might want to put the following script fragment into + /etc/cron.d/nis *on the slave* : + + 20 * * * * root /usr/lib/yp/ypxfr_1perhour >/dev/null 2>&1 + 40 6 * * * root /usr/lib/yp/ypxfr_1perday >/dev/null 2>&1 + 55 6,18 * * * root /usr/lib/yp/ypxfr_2perday >/dev/null 2>&1 + + This will ensure that most NIS maps are kept up-to-date, even if an + update is missed because the slave was down at the time the update was + done on the master. + + nis.debian.howto 3.10-1 15-Nov-2003 miquels@cistron.nl + --- nis-3.15.orig/debian/yppasswd-man.patch +++ nis-3.15/debian/yppasswd-man.patch @@ -0,0 +1,12 @@ +diff -ruN --exclude debian nis-3.10.orig/yp-tools-2.9/man/yppasswd.1.in nis-3.10/yp-tools-2.9/man/yppasswd.1.in +--- nis-3.10.orig/yp-tools-2.9/man/yppasswd.1.in 2001-12-08 22:34:43.000000000 +0100 ++++ nis-3.10/yp-tools-2.9/man/yppasswd.1.in 2003-11-15 11:56:03.000000000 +0100 +@@ -82,7 +82,7 @@ + program prompts for the updated information: + .\" + .\" +-.IP "\fByppasswd\fP or \fB-l\fP" ++.IP "\fByppasswd\fP or \fB-p\fP" + Change the user's NIS password. The user is prompted for the new password. + While typing the password, echoing is turned off, so the password does not + appear on the screen. An empty password is rejected, as are passwords shorter --- nis-3.15.orig/debian/yppasswd-pathmax.patch +++ nis-3.15/debian/yppasswd-pathmax.patch @@ -0,0 +1,12 @@ +--- ../nis-3.10.orig/yp-tools-2.9/src/yppasswd.c 2002-12-05 14:49:20.000000000 +0100 ++++ yp-tools-2.9/src/yppasswd.c 2003-11-15 13:04:10.000000000 +0100 +@@ -43,6 +43,9 @@ + #include + #include + #include ++#ifndef PATH_MAX ++#define PATH_MAX 4096 ++#endif + #include + #include + #include --- nis-3.15.orig/debian/reportbug-script +++ nis-3.15/debian/reportbug-script @@ -0,0 +1,11 @@ +#!/bin/sh -e + +if [ -z "$YESNO" ]; then + YESNO=$"yYnN" +fi + +yesno "May I include your NIS domain name in the bug report? [Y/n] " yep + +if [ "$REPLY" = "yep" ]; then + echo -e "\nNIS domain: $(/bin/domainname) \n" >&3 +fi --- nis-3.15.orig/debian/preinst +++ nis-3.15/debian/preinst @@ -0,0 +1,24 @@ +#! /bin/sh + +set -e +umask 022 + +# See how we were called in detail +case "$1" in + upgrade|install) + # If we're upgrading, save the old settings from + # /etc/init.d/nis so the postinst can substitute + # them into the new /etc/default/nis config file. + if [ ! -f /etc/default/nis ] && [ -f /etc/init.d/nis ] + then + grep "^NISSERVER=" /etc/init.d/nis \ + > /etc/default/nis.settings || true + fi + ;; + abort-upgrade) + ;; + *) + ;; +esac + +exit 0 --- nis-3.15.orig/debian/COPYRIGHT +++ nis-3.15/debian/COPYRIGHT @@ -0,0 +1,21 @@ +Copyright Information for the Debian GNU/Linux NIS package +================================================================== + +The following packages are covered by GPL version 2 copyrights. On +Debian systems a copy of version 2 of the GPL can be found in +/usr/share/common-licenses/GPL-2. + +package copyright +--------------------------------- +yp-tools-2.9 Thorsten Kukuk, GPLv2 +ypserv-2.18 Thorsten Kukuk, GPLv2 +ypbind-mt-1.17.2 Thorsten Kukuk, GPLv2 + +The software was downloaded from a mirror of + + ftp://ftp.kernel.org/pub/linux/utils/net/NIS/ + +The author's homepage about NIS is at: + + http://www.linux-nis.org/ + --- nis-3.15.orig/debian/templates +++ nis-3.15/debian/templates @@ -0,0 +1,14 @@ +Template: nis/domain +Type: string +_Default: +_Description: Enter your NIS domain + You now need to choose a NIS domainname for your system. If you want this + machine to just be a client, enter the NIS domainname of your network. + Otherwise choose an appropriate NIS domainname. + +Template: nis/not-yet-configured +Type: note +_Description: Your system needs more configuration. + Your system has not yet been completely configured as a NIS client - you + need to setup /etc/nsswitch.conf and/or /etc/passwd and /etc/group. Please + read /usr/share/doc/nis/nis.debian.howto.gz to find out how. --- nis-3.15.orig/debian/po/templates.pot +++ nis-3.15/debian/po/templates.pot @@ -0,0 +1,55 @@ +# +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans +# +# Developers do not need to manually edit POT or PO files. +# +#, fuzzy +msgid "" +msgstr "" +"Project-Id-Version: PACKAGE VERSION\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2003-11-15 13:44+0000\n" +"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" +"Last-Translator: FULL NAME \n" +"Language-Team: LANGUAGE \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=CHARSET\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: string +#. Description +#: ../templates:4 +msgid "Enter your NIS domain" +msgstr "" + +#. Type: string +#. Description +#: ../templates:4 +msgid "" +"You now need to choose a NIS domainname for your system. If you want this " +"machine to just be a client, enter the NIS domainname of your network. " +"Otherwise choose an appropriate NIS domainname." +msgstr "" + +#. Type: note +#. Description +#: ../templates:11 +msgid "Your system needs more configuration." +msgstr "" + +#. Type: note +#. Description +#: ../templates:11 +msgid "" +"Your system has not yet been completely configured as a NIS client - you " +"need to setup /etc/nsswitch.conf and/or /etc/passwd and /etc/group. Please " +"read /usr/share/doc/nis/nis.debian.howto.gz to find out how." +msgstr "" --- nis-3.15.orig/debian/po/ca.po +++ nis-3.15/debian/po/ca.po @@ -0,0 +1,53 @@ +# nis (debconf) translation to Catalan. +# Copyright (C) 2004 Free Software Foundation, Inc. +# Aleix Badia i Bosch , 2004 +# +# +msgid "" +msgstr "" +"Project-Id-Version: nis_3.10-6_templates\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2003-07-20 11:44+0200\n" +"PO-Revision-Date: 2004-03-12 19:46GMT\n" +"Last-Translator: Aleix Badia i Bosch \n" +"Language-Team: Catalan \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit" + +#. Type: string +#. Description +#: ../templates:4 +msgid "Enter your NIS domain" +msgstr "Introduïu el domini de NIS" + +#. Type: string +#. Description +#: ../templates:4 +msgid "" +"You now need to choose a NIS domainname for your system. If you want this " +"machine to just be a client, enter the NIS domainname of your network. " +"Otherwise choose an appropriate NIS domainname." +msgstr "" +"Heu d'escollir el nom del domini de NIS del sistema. Si voleu que " +"l'ordinador només sigui un client introduïu el nom del domini de NIS de la " +"xarxa, en cas contrari escolliu un nom del domini apropiat." + +#. Type: note +#. Description +#: ../templates:11 +msgid "Your system needs more configuration." +msgstr "El sistema necessita més configuració." + +#. Type: note +#. Description +#: ../templates:11 +msgid "" +"Your system has not yet been completely configured as a NIS client - you " +"need to setup /etc/nsswitch.conf and/or /etc/passwd and /etc/group. Please " +"read /usr/share/doc/nis/nis.debian.howto.gz to find out how." +msgstr "" +"El sistema no s'ha acabat de configurar com a client de NIS - heu de " +"configurar el fitxer /etc/nsswitch.conf i/o el /etc/passwd i el /etc/group. " +"Per conèixer el procediment llegiu el fitxer /usr/share/doc/nis/nis.debian." +"howto.gz." --- nis-3.15.orig/debian/po/da.po +++ nis-3.15/debian/po/da.po @@ -0,0 +1,53 @@ +# translation of nis_3.10-5_templates.po to Danish +# Claus Hindsgaul , 2004. +# +# +msgid "" +msgstr "" +"Project-Id-Version: nis_3.10-5_templates\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2003-11-15 13:44+0000\n" +"PO-Revision-Date: 2004-02-18 21:03+0100\n" +"Last-Translator: Claus Hindsgaul \n" +"Language-Team: Danish \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: KBabel 1.0.2\n" + +#. Type: string +#. Description +#: ../templates:4 +msgid "Enter your NIS domain" +msgstr "Angiv dit NIS-domæne" + +#. Type: string +#. Description +#: ../templates:4 +msgid "" +"You now need to choose a NIS domainname for your system. If you want this " +"machine to just be a client, enter the NIS domainname of your network. " +"Otherwise choose an appropriate NIS domainname." +msgstr "" +"Du skal nu vælge et NIS-domænenavn til dit system. Hvis du vil have at " +"denne maskine blot skal være en klient, skal du angive NIS-domænenavnet " +"for dit netværk. Ellers kan du blot vælge et passende NIS-domænenavn." + +#. Type: note +#. Description +#: ../templates:11 +msgid "Your system needs more configuration." +msgstr "Dit system har brug for mere opsætning." + +#. Type: note +#. Description +#: ../templates:11 +msgid "" +"Your system has not yet been completely configured as a NIS client - you " +"need to setup /etc/nsswitch.conf and/or /etc/passwd and /etc/group. Please " +"read /usr/share/doc/nis/nis.debian.howto.gz to find out how." +msgstr "" +"Dit system er endnu ikke blevet sat helt op som NIS-klient; Du skal sætte " +"filerne /etc/nsswitch.conf og/eller /etc/passwd og /etc/group op. Se hvordan " +"i /usr/share/doc/nis/nis.debian.howto.gz ." + --- nis-3.15.orig/debian/po/de.po +++ nis-3.15/debian/po/de.po @@ -0,0 +1,61 @@ +# +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans +# +# Developers do not need to manually edit POT or PO files. +# +msgid "" +msgstr "" +"Project-Id-Version: nis 3.13\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2003-11-15 13:44+0000\n" +"PO-Revision-Date: 2005-06-14 15:00+0200\n" +"Last-Translator: Jens Seidel \n" +"Language-Team: German \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: string +#. Description +#: ../templates:4 +msgid "Enter your NIS domain" +msgstr "Bitte geben Sie den NIS-Domainnamen ein." + +#. Type: string +#. Description +#: ../templates:4 +msgid "" +"You now need to choose a NIS domainname for your system. If you want this " +"machine to just be a client, enter the NIS domainname of your network. " +"Otherwise choose an appropriate NIS domainname." +msgstr "" +"Sie müssen nun einen NIS-Domainnamen für Ihr System auswählen. Wenn dieser " +"Rechner nur ein NIS-Client ist, dann geben Sie hier den bereits für Ihr " +"Netzwerk festgelegten NIS-Domainnamen an, andernfalls geben Sie einen Namen " +"Ihrer Wahl ein." + +#. Type: note +#. Description +#: ../templates:11 +msgid "Your system needs more configuration." +msgstr "Das System muss noch konfiguriert werden." + +#. Type: note +#. Description +#: ../templates:11 +msgid "" +"Your system has not yet been completely configured as a NIS client - you " +"need to setup /etc/nsswitch.conf and/or /etc/passwd and /etc/group. Please " +"read /usr/share/doc/nis/nis.debian.howto.gz to find out how." +msgstr "" +"Ihr Rechner wurde noch nicht als NIS-Client eingerichtet. Sie müssen noch " +"die Dateien /etc/nsswitch.conf und/oder /etc/passwd und /etc/group anpassen. " +"Weitere Informationen finden Sie in /usr/share/doc/nis/nis.debian.howto.gz." --- nis-3.15.orig/debian/po/cs.po +++ nis-3.15/debian/po/cs.po @@ -0,0 +1,61 @@ +# +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans +# +# Developers do not need to manually edit POT or PO files. +# +msgid "" +msgstr "" +"Project-Id-Version: nis\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2003-11-15 13:44+0000\n" +"PO-Revision-Date: 2004-10-15 14:54+0200\n" +"Last-Translator: Jan Outrata \n" +"Language-Team: Czech \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=ISO-8859-2\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: string +#. Description +#: ../templates:4 +msgid "Enter your NIS domain" +msgstr "Zadejte NIS domnu" + +#. Type: string +#. Description +#: ../templates:4 +msgid "" +"You now need to choose a NIS domainname for your system. If you want this " +"machine to just be a client, enter the NIS domainname of your network. " +"Otherwise choose an appropriate NIS domainname." +msgstr "" +"Nyn si muste zvolit domnov jmno sluby NIS (Network Information " +"Service). Pokud chcete mt tento stroj jen jako klienta, zadejte " +"domnov jmno va st. Jinak zvolte vhodn domnov jmno sluby " +"NIS." + +#. Type: note +#. Description +#: ../templates:11 +msgid "Your system needs more configuration." +msgstr "V systm potebuje vce nastavit." + +#. Type: note +#. Description +#: ../templates:11 +msgid "" +"Your system has not yet been completely configured as a NIS client - you " +"need to setup /etc/nsswitch.conf and/or /etc/passwd and /etc/group. Please " +"read /usr/share/doc/nis/nis.debian.howto.gz to find out how." +msgstr "" +"V systm jet nebyl pln nastaven jako NIS klient - muste " +"nastavit /etc/nsswitch.conf a/nebo /etc/passwd a /etc/group. Pette " +"si /usr/share/doc/nis/nis.debian.howto.gz jak na to." --- nis-3.15.orig/debian/po/fr.po +++ nis-3.15/debian/po/fr.po @@ -0,0 +1,61 @@ +# +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans +# +# Developers do not need to manually edit POT or PO files. +# +msgid "" +msgstr "" +"Project-Id-Version: nis_3.10-2\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2003-11-15 13:44+0000\n" +"PO-Revision-Date: 2004-01-04 18:14+0100\n" +"Last-Translator: Michel Grentzinger \n" +"Language-Team: French \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=ISO-8859-15\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: string +#. Description +#: ../templates:4 +msgid "Enter your NIS domain" +msgstr "Domaine NIS:" + +#. Type: string +#. Description +#: ../templates:4 +msgid "" +"You now need to choose a NIS domainname for your system. If you want this " +"machine to just be a client, enter the NIS domainname of your network. " +"Otherwise choose an appropriate NIS domainname." +msgstr "" +"Vous devez choisir un domaine NIS pour votre systme. Si vous souhaitez que " +"cette machine soit un simple client, veuillez indiquer le nom de domaine NIS " +"de votre rseau. Sinon, choisissez un nom de domaine NIS appropri." + +#. Type: note +#. Description +#: ../templates:11 +msgid "Your system needs more configuration." +msgstr "Votre systme a besoin d'autres paramtres" + +#. Type: note +#. Description +#: ../templates:11 +msgid "" +"Your system has not yet been completely configured as a NIS client - you " +"need to setup /etc/nsswitch.conf and/or /etc/passwd and /etc/group. Please " +"read /usr/share/doc/nis/nis.debian.howto.gz to find out how." +msgstr "" +"Votre systme n'a pas t correctement configur comme client NIS; vous " +"devez adapter /etc/nsswitch.conf ou les deux fichiers /etc/passwd et /etc/" +"group. Veuillez consulter /usr/share/doc/nis/nis.debian.howto.gz pour savoir " +"comment faire." --- nis-3.15.orig/debian/po/ja.po +++ nis-3.15/debian/po/ja.po @@ -0,0 +1,59 @@ +# +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans +# +# Developers do not need to manually edit POT or PO files. +# +#, fuzzy +msgid "" +msgstr "" +"Project-Id-Version: PACKAGE VERSION\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2003-11-15 13:44+0000\n" +"PO-Revision-Date: 2004-01-14 00:02+0900\n" +"Last-Translator: Hideki Yamane \n" +"Language-Team: Japanese \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=EUC-JP\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: string +#. Description +#: ../templates:4 +msgid "Enter your NIS domain" +msgstr "NIS ɥᥤ̾ϤƤ" + +#. Type: string +#. Description +#: ../templates:4 +msgid "" +"You now need to choose a NIS domainname for your system. If you want this " +"machine to just be a client, enter the NIS domainname of your network. " +"Otherwise choose an appropriate NIS domainname." +msgstr "ǡƥबѤ NIS ɥᥤ̾ɬפޤ" +"Υޥñ˥饤ȤȤѤ硢ʤѤƤͥåȥǤ " +"NIS ɥᥤ̾ϤƤʳξŬڤ NIS ɥᥤ̾ɬפޤ" + +#. Type: note +#. Description +#: ../templates:11 +msgid "Your system needs more configuration." +msgstr "ƥˤϡ꤬ɬפǤ" + +#. Type: note +#. Description +#: ../templates:11 +msgid "" +"Your system has not yet been completely configured as a NIS client - you " +"need to setup /etc/nsswitch.conf and/or /etc/passwd and /etc/group. Please " +"read /usr/share/doc/nis/nis.debian.howto.gz to find out how." +msgstr "ƥϤޤ NIS 饤ȤȤƴˤꤵƤޤ" +"Ĥޤꡢ/etc/nsswitch.conf 뤤 /etc/passwd /etc/group ꤹɬפޤ" +"ɤ뤫ˤĤƤ /usr/share/doc/nis/nis.debian.howto.gz 򻲾ȤƤ" --- nis-3.15.orig/debian/po/vi.po +++ nis-3.15/debian/po/vi.po @@ -0,0 +1,47 @@ +# Vietnamese translation for nis. +# Copyright © 2005 Free Software Foundation, Inc. +# Clytie Siddall , 2005. +# +msgid "" +msgstr "" +"Project-Id-Version: nis 3.13-3\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2003-11-15 13:44+0000\n" +"PO-Revision-Date: 2005-06-28 17:43+0930\n" +"Last-Translator: Clytie Siddall \n" +"Language-Team: Vietnamese \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=utf-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=1; plural=0\n" +"X-Generator: LocFactoryEditor 1.2.2\n" + +#.Type: string +#.Description +#:../templates:4 +msgid "Enter your NIS domain" +msgstr "Hãy nhập miền NIS của bạn" + +#.Type: string +#.Description +#:../templates:4 +msgid "" +"You now need to choose a NIS domainname for your system. If you want this " +"machine to just be a client, enter the NIS domainname of your network. " +"Otherwise choose an appropriate NIS domainname." +msgstr "Lúc này bạn cần chọn một tên miền NIS cho hệ thống bạn. Nếu bạn muốn lập máy này là chỉ một máy khách thì hãy nhập tên miền NIS của mạng bạn. Nếu không thì bạn hãy chọn một tên miền NIS thích hợp." + +#.Type: note +#.Description +#:../templates:11 +msgid "Your system needs more configuration." +msgstr "Hệ thống bạn cần cấu hình thêm." + +#.Type: note +#.Description +#:../templates:11 +msgid "" +"Your system has not yet been completely configured as a NIS client - you " +"need to setup /etc/nsswitch.conf and/or /etc/passwd and /etc/group. Please " +"read /usr/share/doc/nis/nis.debian.howto.gz to find out how." +msgstr "Chưa cấu hình hoàn thành hệ thống bạn là một trình khách NIS. Lúc này bạn cần phải thiết lập «/etc/nsswitch.conf» và/hay «/etc/passwd» và «/etc/group». Hãy đọc tài liệu «/usr/share/doc/nis/nis.debian.howto.gz» để tìm biết cách làm." --- nis-3.15.orig/debian/po/POTFILES.in +++ nis-3.15/debian/po/POTFILES.in @@ -0,0 +1 @@ +[type: gettext/rfc822deb] templates --- nis-3.15.orig/debian/po/pt_BR.po +++ nis-3.15/debian/po/pt_BR.po @@ -0,0 +1,61 @@ +# +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans +# +# Developers do not need to manually edit POT or PO files. +# +#, fuzzy +msgid "" +msgstr "" +"Project-Id-Version: PACKAGE VERSION\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2003-11-15 13:44+0000\n" +"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" +"Last-Translator: FULL NAME \n" +"Language-Team: LANGUAGE \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=ISO-8859-1\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: string +#. Description +#: ../templates:4 +msgid "Enter your NIS domain" +msgstr "Informe seu domínio NIS" + +#. Type: string +#. Description +#: ../templates:4 +msgid "" +"You now need to choose a NIS domainname for your system. If you want this " +"machine to just be a client, enter the NIS domainname of your network. " +"Otherwise choose an appropriate NIS domainname." +msgstr "" +"Você precisa agora escolher o nome de domínio NIS para seu sistema. Se " +"você quer que esta máquina seja apenas um cliente, informe o nome de domí" +"nio NIS de sua rede." + +#. Type: note +#. Description +#: ../templates:11 +msgid "Your system needs more configuration." +msgstr "Seu sistema precisa de mais configuração." + +#. Type: note +#. Description +#: ../templates:11 +msgid "" +"Your system has not yet been completely configured as a NIS client - you " +"need to setup /etc/nsswitch.conf and/or /etc/passwd and /etc/group. Please " +"read /usr/share/doc/nis/nis.debian.howto.gz to find out how." +msgstr "" +"Seu sistema não foi ainda completamente configurado como um cliente NIS - " +"você precisa configurar /etc/nsswitch.conf e/ou /etc/passwd e /etc/group. " +"Por favor leia /usr/share/doc/nis/nis.debian.howto.gz to descobrir como." --- nis-3.15.orig/debian/po/sv.po +++ nis-3.15/debian/po/sv.po @@ -0,0 +1,60 @@ +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans +# Developers do not need to manually edit POT or PO files. +# , fuzzy +# +# +msgid "" +msgstr "" +"Project-Id-Version: nis 3.15-1\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2003-11-15 13:44+0000\n" +"PO-Revision-Date: 2005-10-07 01:33+0200\n" +"Last-Translator: Daniel Nylander \n" +"Language-Team: Swedish \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=iso-8859-1\n" +"Content-Transfer-Encoding: 8bit" + +#. Type: string +#. Description +#: ../templates:4 +msgid "Enter your NIS domain" +msgstr "Ange din NIS-domn" + +#. Type: string +#. Description +#: ../templates:4 +msgid "" +"You now need to choose a NIS domainname for your system. If you want this " +"machine to just be a client, enter the NIS domainname of your network. " +"Otherwise choose an appropriate NIS domainname." +msgstr "" +"Du behver nu vlja en NIS-domn fr ditt system. Om du vill att denna maskin " +"ska bara vara en klient, ange NIS-domnnamnet av ditt ntverk. " +"Annars vlj namnet p den lmpliga NIS-domnen." + +#. Type: note +#. Description +#: ../templates:11 +msgid "Your system needs more configuration." +msgstr "Ditt system behver mer konfiguration." + +#. Type: note +#. Description +#: ../templates:11 +msgid "" +"Your system has not yet been completely configured as a NIS client - you " +"need to setup /etc/nsswitch.conf and/or /etc/passwd and /etc/group. Please " +"read /usr/share/doc/nis/nis.debian.howto.gz to find out how." +msgstr "" +"Ditt system har nnu inte blivit konfigurerad som en NIS-klient - du behver " +"stlla in /etc/nsswitch.conf och/eller /etc/passwd och /etc/group. Vnligen ls " +"/usr/share/doc/nis/nis.debian.howto.gz fr mer information." + --- nis-3.15.orig/debian/Old/domainname.8 +++ nis-3.15/debian/Old/domainname.8 @@ -0,0 +1,20 @@ +.TH DOMAINNAME 1 "Jul 19, 1997" "" "Linux User's Manual" +.SH NAME +domainname \- set the NIS domainname of the system +.SH SYNOPSIS +.B domainname +.RB [ domain ] +.SH DESCRIPTION +.B Domainname +sets or displays the current NIS domainname of the system. +.SH ARGUMENTS +.IP \fBdomain\fP +New NIS domain for the system +.PP +If no argument is given, \fBdomainname\fP prints out the current +NIS domain. +.SH AUTHOR +Miquel van Smoorenburg (miquels@cistron.nl) +.SH "SEE ALSO" +.BR ypbind (1), +.BR ypwhich (1) --- nis-3.15.orig/debian/Old/domainname.c +++ nis-3.15/debian/Old/domainname.c @@ -0,0 +1,43 @@ +/* + * domainname Well it wasn't included in any nis or yp package anymore + * so I wrote a replacement.. + * + * Version: @(#)domainname.c 1.00 05-Nov-1997 miquels@cistron.nl + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; version 2 dated June, 1991. + */ + +#include +#include +#include +#include + +int main(int argc, char **argv) +{ + char buf[256]; + char *p; + + if (argc <= 1) { + if (getdomainname(buf, 256) < 0) { + perror("getdomainname"); + return 1; + } + printf("%s\n", buf); + return 0; + } + if (argc != 2) { + fprintf(stderr, "Usage: domainname [domain]\n"); + return 1; + } + strcpy(buf, argv[1]); + if ((p = strchr(buf, '\n')) != NULL) + *p = 0; + if (setdomainname(buf, strlen(buf)) < 0) { + perror("setdomainname"); + return 1; + } + + return 0; +} --- nis-3.15.orig/debian/Old/nisdomainname.8 +++ nis-3.15/debian/Old/nisdomainname.8 @@ -0,0 +1 @@ +.so man1/domainname.1