about summary refs log tree commit diff
path: root/hesiod
diff options
context:
space:
mode:
authorUlrich Drepper <drepper@redhat.com>1997-09-21 01:47:02 +0000
committerUlrich Drepper <drepper@redhat.com>1997-09-21 01:47:02 +0000
commit2604afb1b2d9acc3c70b1214285f996200bf0358 (patch)
treeba59d75147565b8ab19686d98cee368d8ec697fc /hesiod
parent4547c1a410fbc3ab5592a68bac1661135d91983f (diff)
downloadglibc-2604afb1b2d9acc3c70b1214285f996200bf0358.tar.gz
glibc-2604afb1b2d9acc3c70b1214285f996200bf0358.tar.xz
glibc-2604afb1b2d9acc3c70b1214285f996200bf0358.zip
1997-09-21 03:19  Ulrich Drepper  <drepper@cygnus.com>

	* libio/libio.h: More libstdc++ cleanups.  Define _IO_USE_DTOA if
	_G_HAVE_PRINTF_FP is not defined.
	* libio/strops.c: Undo patch of 1997-07-08 02:18.  Must find a
	different solution for the problem.

	* misc/search.h [__USE_GNU]: Define comparison_fn_t.
	* stdlib/stdlib.h: Define comparison_fn_t only if __COMPAR_FN_T is
	not defined.
	Fix typo.  Pretty print inline functions.

	* sysdeps/i386/i486/string.h (__stpcpy_small): Increment __cp not cp.
	Patch by HJ Lu <hjl@gnu.ai.mit.edu>.

1997-09-20 16:45  Ulrich Drepper  <drepper@cygnus.com>

	* hesiod/hesiod.c (hesiod_init): Use __secure_getenv to get
	HES_DOMAIN environment variable.
	Suggested by Mark Kettenis <kettenis@phys.uva.nl>.

	* hesiod/README.hesiod: A bit of information about Hesiod and how
	to use it.  Written by Mark Kettenis <kettenis@phys.uva.nl>.

1997-09-20 05:15  Ulrich Drepper  <drepper@cygnus.com>

	* manual/maint.texi: Update requirement list.

	* io/ftw.h: Don't use parameter names from global namespace in
	prototypes.

	* stdlib/strtol.c: If used outside glibc handle broken systems
	which have character classification functions which are not 8-bit
	clean gracefully.  Patch by Bruno Haible <haible@ilog.fr>.

1997-09-19 21:42  David S. Miller  <davem@tanya.rutgers.edu>

	* sysdeps/unix/sysv/linux/sparc/sparc64/bits/types.h: ssize_t is
	a long long int.

1997-09-19 15:12  H.J. Lu  <hjl@gnu.ai.mit.edu>

	* posix/Makefile (test-srcs): New, set to globtest.

1997-09-20 00:24  Ulrich Drepper  <drepper@cygnus.com>

	* manual/filesys.texi: Document ftw, nftw and needed data types.

1997-09-19 12:53  H.J. Lu  <hjl@gnu.ai.mit.edu>

	* sysdeps/i386/i486/bits/string.h: Fix typo.

1997-09-19 14:11  Ulrich Drepper  <drepper@cygnus.com>

	* io/ftwtest.c (cb): Print level.
	* io/ftwtest-sh: Updated for ftwtest.c change.

	* string/argz.h (__argz_next): Cast NULL to char * to satisfy C++
	compilers.
	Reported by Mirko Streckenbach <mirko@ramz.ing.tu-bs.de>.

	* catgets/catgets.c (catopen): Correctly allocate string of nlspath.
	Reported by Charles C. Fu <ccwf@klab.caltech.edu>.

1997-09-18 13:30  Klaus Espenlaub  <kespenla@student.informatik.uni-ulm.de>

	* sysdeps/i386/init-first.c: Call __getopt_clean_environment with
	additional argument.
	* sysdeps/mach/hurd/i386/init-first.c: Likewise.
	* sysdeps/mach/hurd/mips/init-first.c: Likewise.
	* sysdeps/stub/init-first.c: Likewise.

1997-09-18 03:16  Ulrich Drepper  <drepper@cygnus.com>

	* manual/search.texi: Document lsearch, lfind, the hsearch and
	tsearch functions.

1997-09-18 00:04  Ulrich Drepper  <drepper@cygnus.com>

	* misc/hsearch_r.c (hsearch_r): Only return error for ENTER action
	if the table is full and we *really* have to enter a new entry.

1997-09-17 19:44  Ulrich Drepper  <drepper@cygnus.com>

	* sysdeps/sparc/sparc32/dl-machine.h (elf_machine_rela): Get rid
	of hack for handling flush opcode.
	Patch by Richard Henderson <rth@cygnus.com>.
Diffstat (limited to 'hesiod')
-rw-r--r--hesiod/README.hesiod150
-rw-r--r--hesiod/hesiod.c2
2 files changed, 151 insertions, 1 deletions
diff --git a/hesiod/README.hesiod b/hesiod/README.hesiod
new file mode 100644
index 0000000000..914e0d1bd9
--- /dev/null
+++ b/hesiod/README.hesiod
@@ -0,0 +1,150 @@
+The GNU C library contains an NSS module for the Hesiod name service.
+Hesiod is a general name service for a variety of applications and is
+based on the Berkeley Internet Name Daemon (BIND).
+
+Introduction
+============
+
+The Hesiod NSS module implements access to all relevant standard
+Hesiod types, which means that Hesiod can be used for the `group',
+`passwd' and `services' databases.  There is however a restriction.
+In the same way that it is impossible to use `gethostent()' to iterate
+over all the data provided by DNS, it is not possible to scan the
+entire Hesiod database by means of `getgrent()', `getpwent()' and
+`getservent()'.  Besides, Hesiod only provides support for looking up
+services by name and not for looking them up by port.  In essence this
+means that the Hesiod name service is only consulted as a result of
+one of the following function calls:
+
+  * getgrname(), getgrgid()
+  * getpwname(), getpwuid()
+  * getservbyname()
+
+and their reentrant counterparts.
+
+
+Configuring your systems
+========================
+
+Configuring your systems to make use use the Hesiod name service
+requires one or more of the following steps, depending on whether you
+are already running Hesiod in your network.
+
+Configuring NSS
+---------------
+
+First you should modify the file `/etc/nsswitch.conf' to tell
+NSS for which database you want to use the Hesiod name service.  If
+you want to use Hesiod for all databases it can handle your
+configuration file could look like this:
+
+  # /etc/nsswitch.conf
+  #
+  # Example configuration of GNU Name Service Switch functionality.
+  #
+
+  passwd:	  db files hesiod
+  group:	  db files hesiod
+  shadow:	  db files
+
+  hosts:	  files dns
+  networks:	  files dns
+
+  protocols:	  db files
+  services:	  db files hesiod
+  ethers:	  db files
+  rpc:		  db files
+
+For more information on NSS, please refer to the `The GNU C Library
+Reference Manual'.
+
+
+Configuring Hesiod
+------------------
+
+Next, you will have to configure Hesiod.  If you are already running
+Hesiod in your network, you probably already have a file named
+`hesiod.conf' on your machines (probably as `/etc/hesiod.conf' or
+`/usr/local/etc/hesiod.conf').  The Hesiod NSS module expects this
+file to be found in the sysconfdir (`/usr/local/etc/hesiod.conf' by
+default, see the installation notes on how to change this) or in the
+location specified by the environment variable `HESIOD_CONFIG'.  If
+there is no configuration file you will want to create your own.  It
+should look something like:
+
+  rhs=.your.domain
+  lhs=.ns
+
+The value of rhs can be overridden by the environment variable
+HES_DOMAIN.
+
+Configuring your name servers
+-----------------------------
+
+In addition, if you are not already running Hesiod in your network,
+you need to create Hesiod information on your central name servers.
+You need to run `named' from BIND 4.9 or higher on these servers, and
+make them authoritative for the domain `ns.your.domain' with a line in
+`/etc/named.boot' reading something like:
+
+  primary         ns.your.domain          named.hesiod
+
+or if you are using the new BIND 8.1 or higher add something to
+`/etc/named.conf' like:
+
+  zone "ns.your.domain" {
+          type master;
+          file "named.hesiod";
+  };
+
+Then in the BIND working directory (usually `/var/named') create the
+file `named.hesiod' containing data that looks something like:
+
+  ; SOA and NS records.
+  @       IN      SOA     server1.your.domain admin-address.your.domain (
+                  40000           ; serial - database version number
+                  1800            ; refresh - sec servers
+                  300             ; retry - for refresh
+                  3600000         ; expire - unrefreshed data
+                  7200 )          ; min
+                  NS      server1.your.domain
+                  NS      server2.your.domain
+
+  ; Actual Hesiod data.
+  libc.group      TXT     "libc:*:123:gnu,gnat"
+  123.gid         CNAME   libc.group
+  gnu.passwd      TXT     "gnu:*:4567:123:GNU:/home/gnu:/bin/bash"
+  456.uid         CNAME   mark.passwd
+  nss.service     TXT     "nss;tcp;789;switch sw "
+  nss.service     TXT     "nss;udp;789;switch sw"
+
+where `libc' is an example of a group, `gnu' an example of an user,
+and `nss' an example of a service.  Note that the format used to
+describe services differs from the format used in `/etc/services'.
+For more information on `named' refer to the `Name Server Operations
+Guide for BIND' that is included in the BIND distribution.
+
+
+Security
+========
+
+Note that the information stored in the Hesiod database in principle
+is publicly available.  Care should be taken with including vulnerable
+information like encrypted passwords in the Hesiod database.  There
+are some ways to improve security by using features provided by
+`named' (see the discussion about `secure zones' in the BIND
+documentation), but one should keep in mind that Hesiod was never
+intended to distribute passwords.  In the origional design
+authenticating users was the job of the Kerberos service.
+
+
+More information
+================
+
+For more information on the Hesiod name service take a look at some of
+the papers in ftp://athena-dist.mit.edu:/pub/ATHENA/usenix and the
+documentation that accompanies the source code for the Hesiod name
+service library in ftp://athena-dist.mit.edu:/pub/ATHENA/hesiod.
+
+There is a mailing list at MIT for Hesiod users, hesiod@mit.edu.  To
+get yourself on or off the list, send mail to hesiod-request@mit.edu.
diff --git a/hesiod/hesiod.c b/hesiod/hesiod.c
index 076b6e7dbc..46ae9a988c 100644
--- a/hesiod/hesiod.c
+++ b/hesiod/hesiod.c
@@ -89,7 +89,7 @@ int hesiod_init(void **context)
       if (read_config_file(ctx, configname) >= 0)
 	{
 	  /* The default rhs can be overridden by an environment variable. */
-	  p = getenv("HES_DOMAIN");
+	  p = __secure_getenv("HES_DOMAIN");
 	  if (p)
 	    {
 	      if (ctx->rhs)