summary refs log tree commit diff
path: root/nis
diff options
context:
space:
mode:
Diffstat (limited to 'nis')
-rw-r--r--nis/Banner1
-rw-r--r--nis/nis_call.c400
-rw-r--r--nis/nis_domain_of.c16
-rw-r--r--nis/nis_lookup.c21
-rw-r--r--nis/nis_print_group_entry.c2
-rw-r--r--nis/nis_table.c15
-rw-r--r--nis/nss-default.c5
-rw-r--r--nis/nss_nis/nis-hosts.c20
-rw-r--r--nis/nss_nis/nis-service.c2
-rw-r--r--nis/nss_nisplus/nisplus-ethers.c9
-rw-r--r--nis/nss_nisplus/nisplus-network.c11
-rw-r--r--nis/nss_nisplus/nisplus-publickey.c2
-rw-r--r--nis/nss_nisplus/nisplus-pwd.c6
-rw-r--r--nis/nss_nisplus/nisplus-rpc.c11
-rw-r--r--nis/nss_nisplus/nisplus-service.c11
-rw-r--r--nis/nss_nisplus/nisplus-spwd.c5
-rw-r--r--nis/rpcsvc/nislib.h9
17 files changed, 403 insertions, 143 deletions
diff --git a/nis/Banner b/nis/Banner
new file mode 100644
index 0000000000..cf7987171c
--- /dev/null
+++ b/nis/Banner
@@ -0,0 +1 @@
+NIS(YP)/NIS+ NSS modules 0.19 by Thorsten Kukuk
diff --git a/nis/nis_call.c b/nis/nis_call.c
index 928053daf5..c571e8f367 100644
--- a/nis/nis_call.c
+++ b/nis/nis_call.c
@@ -1,4 +1,5 @@
-/* Copyright (C) 1997,1998,2001,2004,2005,2006 Free Software Foundation, Inc.
+/* Copyright (C) 1997, 1998, 2001, 2004, 2005, 2006, 2007
+   Free Software Foundation, Inc.
    This file is part of the GNU C Library.
    Contributed by Thorsten Kukuk <kukuk@vt.uni-paderborn.de>, 1997.
 
@@ -25,8 +26,11 @@
 #include <rpc/auth.h>
 #include <rpcsvc/nis.h>
 #include <sys/socket.h>
+#include <sys/stat.h>
+#include <unistd.h>
 #include <netinet/in.h>
 #include <arpa/inet.h>
+#include <bits/libc-lock.h>
 
 #include "nis_xdr.h"
 #include "nis_intern.h"
@@ -107,10 +111,79 @@ __nisbind_next (dir_binding *bind)
 }
 libnsl_hidden_def (__nisbind_next)
 
+static struct ckey_cache_entry
+{
+  struct in_addr inaddr;
+  in_port_t port;
+  unsigned int protocol;
+  des_block ckey;
+} *ckey_cache;
+static size_t ckey_cache_size;
+static size_t ckey_cache_allocated;
+static pid_t ckey_cache_pid;
+static uid_t ckey_cache_euid;
+__libc_lock_define_initialized (static, ckey_cache_lock)
+
+static bool_t
+get_ckey (des_block *ckey, struct sockaddr_in *addr, unsigned int protocol)
+{
+  size_t i;
+  pid_t pid = getpid ();
+  uid_t euid = geteuid ();
+  bool_t ret = FALSE;
+
+  __libc_lock_lock (ckey_cache_lock);
+
+  if (ckey_cache_pid != pid || ckey_cache_euid != euid)
+    {
+      ckey_cache_size = 0;
+      ckey_cache_pid = pid;
+      ckey_cache_euid = euid;
+    }
+
+  for (i = 0; i < ckey_cache_size; ++i)
+    if (ckey_cache[i].port == addr->sin_port
+	&& ckey_cache[i].protocol == protocol
+	&& memcmp (&ckey_cache[i].inaddr, &addr->sin_addr,
+		   sizeof (addr->sin_addr)) == 0)
+      {
+	*ckey = ckey_cache[i].ckey;
+	ret = TRUE;
+	break;
+      }
+
+  if (!ret && key_gendes (ckey) >= 0)
+    {
+      ret = TRUE;
+      /* Don't grow the cache indefinitely.  */
+      if (ckey_cache_size == 256)
+	ckey_cache_size = 0;
+      if (ckey_cache_size == ckey_cache_allocated)
+	{
+	  size_t size = ckey_cache_allocated ? ckey_cache_allocated * 2 : 16;
+	  struct ckey_cache_entry *new_cache
+	    = realloc (ckey_cache, size * sizeof (*ckey_cache));
+	  if (new_cache != NULL)
+	    {
+	      ckey_cache = new_cache;
+	      ckey_cache_allocated = size;
+	    }
+	}
+      ckey_cache[ckey_cache_size].inaddr = addr->sin_addr;
+      ckey_cache[ckey_cache_size].port = addr->sin_port;
+      ckey_cache[ckey_cache_size].protocol = protocol;
+      ckey_cache[ckey_cache_size++].ckey = *ckey;
+    }
+
+  __libc_lock_unlock (ckey_cache_lock);
+  return ret;
+}
+
 nis_error
 __nisbind_connect (dir_binding *dbp)
 {
   nis_server *serv;
+  u_short port;
 
   if (dbp == NULL)
     return NIS_FAIL;
@@ -128,9 +201,12 @@ __nisbind_connect (dir_binding *dbp)
 
   /* Check, if the host is online and rpc.nisd is running. Much faster
      then the clnt*_create functions: */
-  if (__pmap_getnisport (&dbp->addr, NIS_PROG, NIS_VERSION, IPPROTO_UDP) == 0)
+  port = __pmap_getnisport (&dbp->addr, NIS_PROG, NIS_VERSION,
+			    dbp->use_udp ? IPPROTO_UDP : IPPROTO_TCP);
+  if (port == 0)
     return NIS_RPCERROR;
 
+  dbp->addr.sin_port = htons (port);
   dbp->socket = RPC_ANYSOCK;
   if (dbp->use_udp)
     dbp->clnt = clntudp_create (&dbp->addr, NIS_PROG, NIS_VERSION,
@@ -153,17 +229,16 @@ __nisbind_connect (dir_binding *dbp)
 	{
 	  char netname[MAXNETNAMELEN + 1];
 	  char *p;
+	  des_block ckey;
 
-	  p = stpcpy (netname, "unix.");
+	  p = stpcpy (netname, "unix@");
 	  strncpy (p, serv->name, MAXNETNAMELEN - 5);
 	  netname[MAXNETNAMELEN] = '\0';
-	  // XXX What is this supposed to do?  If we really want to replace
-	  // XXX the first dot, then we might as well use unix@ as the
-	  // XXX prefix string.  --drepper
-	  p = strchr (netname, '.');
-	  *p = '@';
-	  dbp->clnt->cl_auth =
-	    authdes_pk_create (netname, &serv->pkey, 300, NULL, NULL);
+	  dbp->clnt->cl_auth = NULL;
+	  if (get_ckey (&ckey, &dbp->addr,
+			dbp->use_udp ? IPPROTO_UDP : IPPROTO_TCP))
+	    dbp->clnt->cl_auth =
+	      authdes_pk_create (netname, &serv->pkey, 300, NULL, &ckey);
 	  if (!dbp->clnt->cl_auth)
 	    dbp->clnt->cl_auth = authunix_create_default ();
 	}
@@ -177,7 +252,8 @@ libnsl_hidden_def (__nisbind_connect)
 
 nis_error
 __nisbind_create (dir_binding *dbp, const nis_server *serv_val,
-		  unsigned int serv_len, unsigned int flags)
+		  unsigned int serv_len, unsigned int server_used,
+		  unsigned int current_ep, unsigned int flags)
 {
   dbp->clnt = NULL;
 
@@ -203,8 +279,16 @@ __nisbind_create (dir_binding *dbp, const nis_server *serv_val,
   dbp->trys = 1;
 
   dbp->class = -1;
-  if (__nis_findfastest (dbp) < 1)
-    return NIS_NAMEUNREACHABLE;
+  if (server_used == ~0)
+    {
+      if (__nis_findfastest (dbp) < 1)
+	return NIS_NAMEUNREACHABLE;
+    }
+  else
+    {
+      dbp->server_used = server_used;
+      dbp->current_ep = current_ep;
+    }
 
   return NIS_SUCCESS;
 }
@@ -306,7 +390,7 @@ __do_niscall2 (const nis_server *server, u_int server_len, u_long prog,
   if (flags & MASTER_ONLY)
     server_len = 1;
 
-  status = __nisbind_create (&dbp, server, server_len, flags);
+  status = __nisbind_create (&dbp, server, server_len, ~0, ~0, flags);
   if (status != NIS_SUCCESS)
     return status;
 
@@ -338,9 +422,7 @@ rec_dirsearch (const_nis_name name, directory_obj *dir, nis_error *status)
     case HIGHER_NAME:
       { /* We need data from a parent domain */
 	directory_obj *obj;
-	char ndomain[strlen (dir->do_name) + 3];
-
-	nis_domain_of_r (dir->do_name, ndomain, sizeof (ndomain));
+	const char *ndomain = __nis_domain_of (dir->do_name);
 
 	/* The root server of our domain is a replica of the parent
 	   domain ! (Now I understand why a root server must be a
@@ -384,7 +466,7 @@ rec_dirsearch (const_nis_name name, directory_obj *dir, nis_error *status)
 	size_t namelen = strlen (name);
 	char leaf[namelen + 3];
 	char domain[namelen + 3];
-	char ndomain[namelen + 3];
+	const char *ndomain;
 	char *cp;
 
 	strcpy (domain, name);
@@ -397,8 +479,8 @@ rec_dirsearch (const_nis_name name, directory_obj *dir, nis_error *status)
 		return NULL;
 	      }
 	    nis_leaf_of_r (domain, leaf, sizeof (leaf));
-	    nis_domain_of_r (domain, ndomain, sizeof (ndomain));
-	    strcpy (domain, ndomain);
+	    ndomain = __nis_domain_of (domain);
+	    memmove (domain, ndomain, strlen (ndomain) + 1);
 	  }
 	while (nis_dir_cmp (domain, dir->do_name) != SAME_NAME);
 
@@ -451,29 +533,16 @@ rec_dirsearch (const_nis_name name, directory_obj *dir, nis_error *status)
 /* We try to query the current server for the searched object,
    maybe he know about it ? */
 static directory_obj *
-first_shoot (const_nis_name name, int search_parent_first, directory_obj *dir)
+first_shoot (const_nis_name name, directory_obj *dir)
 {
   directory_obj *obj = NULL;
   fd_result *fd_res;
   XDR xdrs;
-  char domain[strlen (name) + 3];
 
-#if 0
   if (nis_dir_cmp (name, dir->do_name) == SAME_NAME)
     return dir;
-#endif
 
-  const char *search_name = name;
-  if (search_parent_first)
-    {
-      nis_domain_of_r (name, domain, sizeof (domain));
-      search_name = domain;
-    }
-
-  if (nis_dir_cmp (search_name, dir->do_name) == SAME_NAME)
-    return dir;
-
-  fd_res = __nis_finddirectory (dir, search_name);
+  fd_res = __nis_finddirectory (dir, name);
   if (fd_res == NULL)
     return NULL;
   if (fd_res->status == NIS_SUCCESS
@@ -499,42 +568,224 @@ first_shoot (const_nis_name name, int search_parent_first, directory_obj *dir)
   return obj;
 }
 
+static struct nis_server_cache
+{
+  int search_parent;
+  int uses;
+  unsigned int size;
+  unsigned int server_used;
+  unsigned int current_ep;
+  time_t expires;
+  char name[];
+} *nis_server_cache[16];
+static time_t nis_cold_start_mtime;
+__libc_lock_define_initialized (static, nis_server_cache_lock)
+
+static directory_obj *
+nis_server_cache_search (const_nis_name name, int search_parent,
+			 unsigned int *server_used, unsigned int *current_ep,
+			 struct timeval *now)
+{
+  directory_obj *ret = NULL;
+  int i;
+  char *addr;
+  XDR xdrs;
+  struct stat64 st;
+
+  if (stat64 ("/var/nis/NIS_COLD_START", &st) < 0)
+    st.st_mtime = nis_cold_start_mtime + 1;
+
+  __libc_lock_lock (nis_server_cache_lock);
+
+  for (i = 0; i < 16; ++i)
+    if (nis_server_cache[i] == NULL)
+      continue;
+    else if (st.st_mtime != nis_cold_start_mtime
+	     || now->tv_sec > nis_server_cache[i]->expires)
+      {
+	free (nis_server_cache[i]);
+	nis_server_cache[i] = NULL;
+      }
+    else if (nis_server_cache[i]->search_parent == search_parent
+	     && strcmp (nis_server_cache[i]->name, name) == 0)
+      {
+	ret = calloc (1, sizeof (directory_obj));
+	if (ret == NULL)
+	  break;
+
+	addr = rawmemchr (nis_server_cache[i]->name, '\0') + 8;
+	addr = (char *) ((uintptr_t) addr & ~(uintptr_t) 7);
+	xdrmem_create (&xdrs, addr, nis_server_cache[i]->size, XDR_DECODE);
+	if (!_xdr_directory_obj (&xdrs, ret))
+	  {
+	    xdr_destroy (&xdrs);
+	    free (ret);
+	    ret = NULL;
+	    free (nis_server_cache[i]);
+	    nis_server_cache[i] = NULL;
+	    break;
+	  }
+	xdr_destroy (&xdrs);
+	*server_used = nis_server_cache[i]->server_used;
+	*current_ep = nis_server_cache[i]->current_ep;
+	break;
+      }
+
+  nis_cold_start_mtime = st.st_mtime;
+
+  __libc_lock_unlock (nis_server_cache_lock);
+  return ret;
+}
+
+static void
+nis_server_cache_add (const_nis_name name, int search_parent,
+		      directory_obj *dir, unsigned int server_used,
+		      unsigned int current_ep, struct timeval *now)
+{
+  struct nis_server_cache **loc;
+  struct nis_server_cache *new;
+  struct nis_server_cache *old;
+  int i;
+  char *addr;
+  unsigned int size;
+  XDR xdrs;
+
+  if (dir == NULL)
+    return;
+
+  size = xdr_sizeof ((xdrproc_t) _xdr_directory_obj, (char *) dir);
+  new = calloc (1, sizeof (*new) + strlen (name) + 8 + size);
+  if (new == NULL)
+    return;
+  new->search_parent = search_parent;
+  new->uses = 1;
+  new->expires = now->tv_sec + dir->do_ttl;
+  new->size = size;
+  new->server_used = server_used;
+  new->current_ep = current_ep;
+  addr = stpcpy (new->name, name) + 8;
+  addr = (char *) ((uintptr_t) addr & ~(uintptr_t) 7);
+
+  xdrmem_create(&xdrs, addr, size, XDR_ENCODE);
+  if (!_xdr_directory_obj (&xdrs, dir))
+    {
+      xdr_destroy (&xdrs);
+      free (new);
+      return;
+    }
+  xdr_destroy (&xdrs);
+
+  __libc_lock_lock (nis_server_cache_lock);
+
+  /* Choose which entry should be evicted from the cache.  */
+  loc = &nis_server_cache[0];
+  if (*loc != NULL)
+    for (i = 1; i < 16; ++i)
+      if (nis_server_cache[i] == NULL)
+	{
+	  loc = &nis_server_cache[i];
+	  break;
+	}
+      else if ((*loc)->uses > nis_server_cache[i]->uses
+	       || ((*loc)->uses == nis_server_cache[i]->uses
+		   && (*loc)->expires > nis_server_cache[i]->expires))
+	loc = &nis_server_cache[i];
+  old = *loc;
+  *loc = new;
+
+  __libc_lock_unlock (nis_server_cache_lock);
+  free (old);
+}
+
 nis_error
-__nisfind_server (const_nis_name name, int search_parent_first,
-		  directory_obj **dir)
+__nisfind_server (const_nis_name name, int search_parent,
+		  directory_obj **dir, dir_binding *dbp, unsigned int flags)
 {
+  nis_error result = NIS_SUCCESS;
+  nis_error status;
+  directory_obj *obj;
+  struct timeval now;
+  unsigned int server_used = ~0;
+  unsigned int current_ep = ~0;
+
   if (name == NULL)
     return NIS_BADNAME;
 
-#if 0
-  /* Search in local cache. In the moment, we ignore the fastest server */
-  if (!(flags & NO_CACHE))
-    dir = __nis_cache_search (name, flags, &cinfo);
-#endif
+  if (*dir != NULL)
+    return NIS_SUCCESS;
 
-  nis_error result = NIS_SUCCESS;
-  if (*dir == NULL)
+  (void) gettimeofday (&now, NULL);
+
+  if ((flags & NO_CACHE) == 0)
+    *dir = nis_server_cache_search (name, search_parent, &server_used,
+				    &current_ep, &now);
+  if (*dir != NULL)
     {
-      nis_error status;
-      directory_obj *obj;
+      unsigned int server_len = (*dir)->do_servers.do_servers_len;
+      if (flags & MASTER_ONLY)
+	{
+	  server_len = 1;
+	  if (server_used != 0)
+	    {
+	      server_used = ~0;
+	      current_ep = ~0;
+	    }
+	}
+      result = __nisbind_create (dbp, (*dir)->do_servers.do_servers_val,
+				 server_len, server_used, current_ep, flags);
+      if (result != NIS_SUCCESS)
+	{
+	  nis_free_directory (*dir);
+	  *dir = NULL;
+	}
+      return result;
+    }
 
-      *dir = readColdStartFile ();
-      if (*dir == NULL)
-	/* No /var/nis/NIS_COLD_START->no NIS+ installed.  */
-	return NIS_UNAVAIL;
+  *dir = readColdStartFile ();
+  if (*dir == NULL)
+    /* No /var/nis/NIS_COLD_START->no NIS+ installed.  */
+    return NIS_UNAVAIL;
 
-      /* Try at first, if servers in "dir" know our object */
-      obj = first_shoot (name, search_parent_first, *dir);
+  /* Try at first, if servers in "dir" know our object */
+  const char *search_name = name;
+  if (search_parent)
+    search_name = __nis_domain_of (name);
+  obj = first_shoot (search_name, *dir);
+  if (obj == NULL)
+    {
+      obj = rec_dirsearch (search_name, *dir, &status);
       if (obj == NULL)
+	result = status;
+    }
+
+  if (result == NIS_SUCCESS)
+    {
+      unsigned int server_len = obj->do_servers.do_servers_len;
+      if (flags & MASTER_ONLY)
+	server_len = 1;
+      result = __nisbind_create (dbp, obj->do_servers.do_servers_val,
+				 server_len, ~0, ~0, flags);
+      if (result == NIS_SUCCESS)
 	{
-	  obj = rec_dirsearch (name, *dir, &status);
-	  if (obj == NULL)
-	    result = status;
+	  if ((flags & MASTER_ONLY) == 0
+	      || obj->do_servers.do_servers_len == 1)
+	    {
+	      server_used = dbp->server_used;
+	      current_ep = dbp->current_ep;
+	    }
+	  if ((flags & NO_CACHE) == 0)
+	    nis_server_cache_add (name, search_parent, obj,
+				  server_used, current_ep, &now);
+	}
+      else
+	{
+	  nis_free_directory (obj);
+	  obj = NULL;
 	}
-
-      *dir = obj;
     }
 
+  *dir = obj;
+
   return result;
 }
 
@@ -543,38 +794,19 @@ nis_error
 __prepare_niscall (const_nis_name name, directory_obj **dirp,
 		   dir_binding *bptrp, unsigned int flags)
 {
-  nis_error retcode = __nisfind_server (name, 1, dirp);
+  nis_error retcode = __nisfind_server (name, 1, dirp, bptrp, flags);
   if (__builtin_expect (retcode != NIS_SUCCESS, 0))
     return retcode;
 
-  nis_server *server;
-  u_int server_len;
-
-  if (flags & MASTER_ONLY)
-    {
-      server = (*dirp)->do_servers.do_servers_val;
-      server_len = 1;
-    }
-  else
-    {
-      server = (*dirp)->do_servers.do_servers_val;
-      server_len = (*dirp)->do_servers.do_servers_len;
-    }
-
-  retcode = __nisbind_create (bptrp, server, server_len, flags);
-  if (retcode == NIS_SUCCESS)
-    {
-      do
-	if (__nisbind_connect (bptrp) == NIS_SUCCESS)
-	  return NIS_SUCCESS;
-      while (__nisbind_next (bptrp) == NIS_SUCCESS);
-
-      __nisbind_destroy (bptrp);
-      memset (bptrp, '\0', sizeof (*bptrp));
+  do
+    if (__nisbind_connect (bptrp) == NIS_SUCCESS)
+      return NIS_SUCCESS;
+  while (__nisbind_next (bptrp) == NIS_SUCCESS);
 
-      retcode = NIS_NAMEUNREACHABLE;
-    }
+  __nisbind_destroy (bptrp);
+  memset (bptrp, '\0', sizeof (*bptrp));
 
+  retcode = NIS_NAMEUNREACHABLE;
   nis_free_directory (*dirp);
   *dirp = NULL;
 
diff --git a/nis/nis_domain_of.c b/nis/nis_domain_of.c
index eca2066aa3..4d6b48640e 100644
--- a/nis/nis_domain_of.c
+++ b/nis/nis_domain_of.c
@@ -1,4 +1,4 @@
-/* Copyright (c) 1997 Free Software Foundation, Inc.
+/* Copyright (c) 1997, 2007 Free Software Foundation, Inc.
    This file is part of the GNU C Library.
    Contributed by Thorsten Kukuk <kukuk@vt.uni-paderborn.de>, 1997.
 
@@ -26,3 +26,17 @@ nis_domain_of (const_nis_name name)
 
   return nis_domain_of_r (name, result, NIS_MAXNAMELEN);
 }
+
+const_nis_name
+__nis_domain_of (const_nis_name name)
+{
+  const_nis_name cptr = strchr (name, '.');
+
+  if (cptr++ == NULL)
+    return "";
+
+  if (*cptr == '\0')
+    return ".";
+
+  return cptr;
+}
diff --git a/nis/nis_lookup.c b/nis/nis_lookup.c
index 839ee4ee42..9677b4d3d1 100644
--- a/nis/nis_lookup.c
+++ b/nis/nis_lookup.c
@@ -1,4 +1,5 @@
-/* Copyright (C) 1997-1999, 2004, 2005, 2006 Free Software Foundation, Inc.
+/* Copyright (C) 1997-1999, 2004, 2005, 2006, 2007
+   Free Software Foundation, Inc.
    This file is part of the GNU C Library.
    Contributed by Thorsten Kukuk <kukuk@uni-paderborn.de>, 1997.
 
@@ -74,7 +75,6 @@ nis_lookup (const_nis_name name, const unsigned int flags)
 	{
 	  static const struct timeval RPCTIMEOUT = {10, 0};
 	  enum clnt_stat result;
-	  char ndomain[strlen (req.ns_name) + 1];
 
 	again:
 	  result = clnt_call (bptr.clnt, NIS_LOOKUP,
@@ -127,27 +127,18 @@ nis_lookup (const_nis_name name, const unsigned int flags)
 			/* Otherwise __nisfind_server will not do anything.  */
 			dir = NULL;
 
-			if (__nisfind_server (req.ns_name, 1, &dir)
+			if (__nisfind_server (req.ns_name, 1, &dir, &bptr,
+					      flags & ~MASTER_ONLY)
 			    != NIS_SUCCESS)
 			  goto out;
-
-			if (__nisbind_create (&bptr,
-					      dir->do_servers.do_servers_val,
-					      dir->do_servers.do_servers_len,
-					      flags) != NIS_SUCCESS)
-			  {
-			    nis_free_directory (dir);
-			    goto out;
-			  }
 		      }
 		    else
 		      if (__nisbind_next (&bptr) != NIS_SUCCESS)
 			{
 			  /* No more servers to search.  Try parent.  */
-			  nis_domain_of_r (req.ns_name, ndomain,
-					   sizeof (ndomain));
+			  const char *ndomain = __nis_domain_of (req.ns_name);
 			  req.ns_name = strdupa (ndomain);
-			  if (strcmp (ndomain, ".") == 0)
+			  if (strcmp (req.ns_name, ".") == 0)
 			    {
 			      NIS_RES_STATUS (res) = NIS_NAMEUNREACHABLE;
 			      goto out;
diff --git a/nis/nis_print_group_entry.c b/nis/nis_print_group_entry.c
index 11680ae7dc..91e6399b90 100644
--- a/nis/nis_print_group_entry.c
+++ b/nis/nis_print_group_entry.c
@@ -162,7 +162,7 @@ nis_print_group_entry (const_nis_name group)
 	fputs (_("    No implicit nonmembers\n"), stdout);
       if (nomem_rec_cnt)
 	{
-	  fputs (_("    Recursive nonmembers:\n"), stdout);
+	  fputs (_("    Explicit nonmembers:\n"), stdout);
 	  for (i = 0; i < nomem_rec_cnt; ++i)
 	    printf ("\t%s=n", &nomem_rec[i][2]);
 	}
diff --git a/nis/nis_table.c b/nis/nis_table.c
index cb25be61e2..70b4701419 100644
--- a/nis/nis_table.c
+++ b/nis/nis_table.c
@@ -1,4 +1,5 @@
-/* Copyright (c) 1997-1999,2003,2004,2005,2006 Free Software Foundation, Inc.
+/* Copyright (c) 1997-1999, 2003, 2004, 2005, 2006, 2007
+   Free Software Foundation, Inc.
    This file is part of the GNU C Library.
    Contributed by Thorsten Kukuk <kukuk@suse.de>, 1997.
 
@@ -274,21 +275,14 @@ nis_list (const_nis_name name, unsigned int flags,
       memset (res, '\0', sizeof (nis_result));
 
       status = __nisfind_server (ibreq->ibr_name,
-				 ibreq->ibr_srch.ibr_srch_val != NULL, &dir);
+				 ibreq->ibr_srch.ibr_srch_val != NULL,
+				 &dir, &bptr, flags & ~MASTER_ONLY);
       if (status != NIS_SUCCESS)
 	{
           NIS_RES_STATUS (res) = status;
           goto fail3;
 	}
 
-      status = __nisbind_create (&bptr, dir->do_servers.do_servers_val,
-				 dir->do_servers.do_servers_len, flags);
-      if (__builtin_expect (status != NIS_SUCCESS, 0))
-        {
-          NIS_RES_STATUS (res) = status;
-	  goto fail2;
-        }
-
       while (__nisbind_connect (&bptr) != NIS_SUCCESS)
 	if (__builtin_expect (__nisbind_next (&bptr) != NIS_SUCCESS, 0))
 	  {
@@ -338,7 +332,6 @@ nis_list (const_nis_name name, unsigned int flags,
 		    NIS_RES_STATUS (res) = NIS_NOMEMORY;
 		  fail:
 		    __nisbind_destroy (&bptr);
-		  fail2:
 		    nis_free_directory (dir);
 		  fail3:
 		    free (tablepath);
diff --git a/nis/nss-default.c b/nis/nss-default.c
index 577f7c2d47..046ddfee8d 100644
--- a/nis/nss-default.c
+++ b/nis/nss-default.c
@@ -1,4 +1,4 @@
-/* Copyright (C) 1996, 2001, 2004, 2006 Free Software Foundation, Inc.
+/* Copyright (C) 1996, 2001, 2004, 2006, 2007 Free Software Foundation, Inc.
    This file is part of the GNU C Library.
 
    The GNU C Library is free software; you can redistribute it and/or
@@ -17,6 +17,7 @@
    02111-1307 USA.  */
 
 #include <ctype.h>
+#include <errno.h>
 #include <stdio.h>
 #include <stdio_ext.h>
 #include <stdlib.h>
@@ -54,6 +55,7 @@ static const struct
 static void
 init (void)
 {
+  int saved_errno = errno;
   FILE *fp = fopen (default_nss, "rc");
   if (fp != NULL)
     {
@@ -111,6 +113,7 @@ init (void)
 
       fclose (fp);
     }
+  __set_errno (saved_errno);
 }
 
 
diff --git a/nis/nss_nis/nis-hosts.c b/nis/nss_nis/nis-hosts.c
index 4fa0361681..bde0a3291f 100644
--- a/nis/nss_nis/nis-hosts.c
+++ b/nis/nss_nis/nis-hosts.c
@@ -1,4 +1,4 @@
-/* Copyright (C) 1996-2000, 2002, 2003, 2006 Free Software Foundation, Inc.
+/* Copyright (C) 1996-2000, 2002, 2003, 2006, 2007 Free Software Foundation, Inc.
    This file is part of the GNU C Library.
    Contributed by Thorsten Kukuk <kukuk@suse.de>, 1996.
 
@@ -134,13 +134,17 @@ internal_nis_gethostent_r (struct hostent *host, char *buffer,
   if (__builtin_expect (yp_get_default_domain (&domain), 0))
     return NSS_STATUS_UNAVAIL;
 
+  uintptr_t pad = -(uintptr_t) buffer % __alignof__ (struct parser_data);
+  buffer += pad;
+
   struct parser_data *data = (void *) buffer;
-  if (__builtin_expect (buflen < sizeof *data + 1, 0))
+  if (__builtin_expect (buflen < sizeof *data + 1 + pad, 0))
     {
       *errnop = ERANGE;
       *h_errnop = NETDB_INTERNAL;
       return NSS_STATUS_TRYAGAIN;
     }
+  buflen -= pad;
 
   /* Get the next entry until we found a correct one. */
   const size_t linebuflen = buffer + buflen - data->linebuffer;
@@ -234,6 +238,9 @@ internal_gethostbyname2_r (const char *name, int af, struct hostent *host,
 			   char *buffer, size_t buflen, int *errnop,
 			   int *h_errnop, int flags)
 {
+  uintptr_t pad = -(uintptr_t) buffer % __alignof__ (struct parser_data);
+  buffer += pad;
+
   struct parser_data *data = (void *) buffer;
 
   if (name == NULL)
@@ -246,12 +253,13 @@ internal_gethostbyname2_r (const char *name, int af, struct hostent *host,
   if (yp_get_default_domain (&domain))
     return NSS_STATUS_UNAVAIL;
 
-  if (buflen < sizeof *data + 1)
+  if (buflen < sizeof *data + 1 + pad)
     {
       *h_errnop = NETDB_INTERNAL;
       *errnop = ERANGE;
       return NSS_STATUS_TRYAGAIN;
     }
+  buflen -= pad;
 
   /* Convert name to lowercase.  */
   size_t namlen = strlen (name);
@@ -352,13 +360,17 @@ _nss_nis_gethostbyaddr_r (const void *addr, socklen_t addrlen, int af,
   if (__builtin_expect (yp_get_default_domain (&domain), 0))
     return NSS_STATUS_UNAVAIL;
 
+  uintptr_t pad = -(uintptr_t) buffer % __alignof__ (struct parser_data);
+  buffer += pad;
+
   struct parser_data *data = (void *) buffer;
-  if (__builtin_expect (buflen < sizeof *data + 1, 0))
+  if (__builtin_expect (buflen < sizeof *data + 1 + pad, 0))
     {
       *errnop = ERANGE;
       *h_errnop = NETDB_INTERNAL;
       return NSS_STATUS_TRYAGAIN;
     }
+  buflen -= pad;
 
   char *buf = inet_ntoa (*(const struct in_addr *) addr);
 
diff --git a/nis/nss_nis/nis-service.c b/nis/nss_nis/nis-service.c
index 0c176095c8..59a598f296 100644
--- a/nis/nss_nis/nis-service.c
+++ b/nis/nss_nis/nis-service.c
@@ -271,7 +271,7 @@ _nss_nis_getservbyname_r (const char *name, const char *protocol,
 
   /* If the protocol is given, we could try if our NIS server knows
      about services.byservicename map. If yes, we only need one query.  */
-  size_t keylen = strlen (name) + 1 + (protocol ? strlen (protocol) : 0);
+  size_t keylen = strlen (name) + (protocol ? 1 + strlen (protocol) : 0);
   char key[keylen + 1];
 
   /* key is: "name/proto" */
diff --git a/nis/nss_nisplus/nisplus-ethers.c b/nis/nss_nisplus/nisplus-ethers.c
index 8d69ad9373..298869f931 100644
--- a/nis/nss_nisplus/nisplus-ethers.c
+++ b/nis/nss_nisplus/nisplus-ethers.c
@@ -1,4 +1,5 @@
-/* Copyright (C) 1997,1998,2000-2003,2005,2006 Free Software Foundation, Inc.
+/* Copyright (C) 1997,1998,2000-2003,2005,2006,2007
+   Free Software Foundation, Inc.
    This file is part of the GNU C Library.
    Contributed by Thorsten Kukuk <kukuk@suse.de>, 1997.
 
@@ -256,7 +257,8 @@ _nss_nisplus_gethostton_r (const char *name, struct etherent *eth,
 
   snprintf (buf, sizeof (buf), "[name=%s],%s", name, tablename_val);
 
-  nis_result *result = nis_list (buf, FOLLOW_PATH | FOLLOW_LINKS, NULL, NULL);
+  nis_result *result = nis_list (buf, FOLLOW_PATH | FOLLOW_LINKS | USE_DGRAM,
+				 NULL, NULL);
 
   if (result == NULL)
     {
@@ -322,7 +324,8 @@ _nss_nisplus_getntohost_r (const struct ether_addr *addr, struct etherent *eth,
 	    addr->ether_addr_octet[4], addr->ether_addr_octet[5],
 	    tablename_val);
 
-  nis_result *result = nis_list (buf, FOLLOW_PATH | FOLLOW_LINKS, NULL, NULL);
+  nis_result *result = nis_list (buf, FOLLOW_PATH | FOLLOW_LINKS | USE_DGRAM,
+				 NULL, NULL);
 
   if (result == NULL)
     {
diff --git a/nis/nss_nisplus/nisplus-network.c b/nis/nss_nisplus/nisplus-network.c
index 286a4ccbdc..1cf652f071 100644
--- a/nis/nss_nisplus/nisplus-network.c
+++ b/nis/nss_nisplus/nisplus-network.c
@@ -1,4 +1,5 @@
-/* Copyright (C) 1997,1998,2000-2003,2005,2006 Free Software Foundation, Inc.
+/* Copyright (C) 1997,1998,2000-2003,2005,2006,2007
+   Free Software Foundation, Inc.
    This file is part of the GNU C Library.
    Contributed by Thorsten Kukuk <kukuk@vt.uni-paderborn.de>, 1997.
 
@@ -338,7 +339,7 @@ _nss_nisplus_getnetbyname_r (const char *name, struct netent *network,
   /* Search at first in the alias list, and use the correct name
      for the next search */
   snprintf (buf, sizeof (buf), "[name=%s],%s", name, tablename_val);
-  result = nis_list (buf, FOLLOW_LINKS | FOLLOW_PATH, NULL, NULL);
+  result = nis_list (buf, FOLLOW_LINKS | FOLLOW_PATH | USE_DGRAM, NULL, NULL);
 
   if (result != NULL)
     {
@@ -366,7 +367,8 @@ _nss_nisplus_getnetbyname_r (const char *name, struct netent *network,
 	}
 
       nis_freeresult (result);
-      result = nis_list (bufptr, FOLLOW_LINKS | FOLLOW_PATH, NULL, NULL);
+      result = nis_list (bufptr, FOLLOW_LINKS | FOLLOW_PATH | USE_DGRAM,
+			 NULL, NULL);
     }
 
   if (result == NULL)
@@ -438,7 +440,8 @@ _nss_nisplus_getnetbyaddr_r (uint32_t addr, const int type,
     while (1)
       {
 	snprintf (buf, sizeof (buf), "[addr=%s],%s", buf2, tablename_val);
-	nis_result *result = nis_list (buf, EXPAND_NAME, NULL, NULL);
+	nis_result *result = nis_list (buf, EXPAND_NAME | USE_DGRAM,
+				       NULL, NULL);
 
 	if (result == NULL)
 	  {
diff --git a/nis/nss_nisplus/nisplus-publickey.c b/nis/nss_nisplus/nisplus-publickey.c
index 14e7d41dbe..f6b32f8827 100644
--- a/nis/nss_nisplus/nisplus-publickey.c
+++ b/nis/nss_nisplus/nisplus-publickey.c
@@ -217,7 +217,7 @@ parse_grp_str (const char *s, gid_t *gidp, int *gidlenp, gid_t *gidlist,
 
   if (!s || (!isdigit (*s)))
     {
-      syslog (LOG_ERR, _("netname2user: missing group id list in `%s'"), s);
+      syslog (LOG_ERR, _("netname2user: missing group id list in `%s'."), s);
       return NSS_STATUS_NOTFOUND;
     }
 
diff --git a/nis/nss_nisplus/nisplus-pwd.c b/nis/nss_nisplus/nisplus-pwd.c
index 93e37dddab..cd33aebbcc 100644
--- a/nis/nss_nisplus/nisplus-pwd.c
+++ b/nis/nss_nisplus/nisplus-pwd.c
@@ -1,4 +1,4 @@
-/* Copyright (C) 1997, 1999, 2001, 2002, 2003, 2005, 2006
+/* Copyright (C) 1997, 1999, 2001, 2002, 2003, 2005, 2006, 2007
    Free Software Foundation, Inc.
    This file is part of the GNU C Library.
    Contributed by Thorsten Kukuk <kukuk@vt.uni-paderborn.de>, 1997.
@@ -311,7 +311,7 @@ _nss_nisplus_getpwnam_r (const char *name, struct passwd *pw,
 
   snprintf (buf, sizeof (buf), "[name=%s],%s", name, pwd_tablename_val);
 
-  result = nis_list (buf, FOLLOW_PATH | FOLLOW_LINKS, NULL, NULL);
+  result = nis_list (buf, FOLLOW_PATH | FOLLOW_LINKS | USE_DGRAM, NULL, NULL);
 
   if (result == NULL)
     {
@@ -370,7 +370,7 @@ _nss_nisplus_getpwuid_r (const uid_t uid, struct passwd *pw,
   snprintf (buf, sizeof (buf), "[uid=%lu],%s",
 	    (unsigned long int) uid, pwd_tablename_val);
 
-  result = nis_list (buf, FOLLOW_PATH | FOLLOW_LINKS, NULL, NULL);
+  result = nis_list (buf, FOLLOW_PATH | FOLLOW_LINKS | USE_DGRAM, NULL, NULL);
 
   if (result == NULL)
     {
diff --git a/nis/nss_nisplus/nisplus-rpc.c b/nis/nss_nisplus/nisplus-rpc.c
index 5875bbe98d..711c6bc273 100644
--- a/nis/nss_nisplus/nisplus-rpc.c
+++ b/nis/nss_nisplus/nisplus-rpc.c
@@ -1,4 +1,4 @@
-/* Copyright (C) 1997, 1998, 2001, 2002, 2003, 2005, 2006
+/* Copyright (C) 1997, 1998, 2001, 2002, 2003, 2005, 2006, 2007
    Free Software Foundation, Inc.
    This file is part of the GNU C Library.
    Contributed by Thorsten Kukuk <kukuk@vt.uni-paderborn.de>, 1997.
@@ -315,7 +315,8 @@ _nss_nisplus_getrpcbyname_r (const char *name, struct rpcent *rpc,
   /* Search at first in the alias list, and use the correct name
      for the next search */
   snprintf (buf, sizeof (buf), "[name=%s],%s", name, tablename_val);
-  nis_result *result = nis_list (buf, FOLLOW_PATH | FOLLOW_LINKS, NULL, NULL);
+  nis_result *result = nis_list (buf, FOLLOW_PATH | FOLLOW_LINKS | USE_DGRAM,
+				 NULL, NULL);
 
   if (result != NULL)
     {
@@ -342,7 +343,8 @@ _nss_nisplus_getrpcbyname_r (const char *name, struct rpcent *rpc,
 	}
 
       nis_freeresult (result);
-      result = nis_list (bufptr, FOLLOW_PATH | FOLLOW_LINKS , NULL, NULL);
+      result = nis_list (bufptr, FOLLOW_PATH | FOLLOW_LINKS | USE_DGRAM,
+			 NULL, NULL);
     }
 
   if (result == NULL)
@@ -402,7 +404,8 @@ _nss_nisplus_getrpcbynumber_r (const int number, struct rpcent *rpc,
 
   snprintf (buf, sizeof (buf), "[number=%d],%s", number, tablename_val);
 
-  nis_result *result = nis_list (buf, FOLLOW_LINKS | FOLLOW_PATH, NULL, NULL);
+  nis_result *result = nis_list (buf, FOLLOW_LINKS | FOLLOW_PATH | USE_DGRAM,
+				 NULL, NULL);
 
   if (result == NULL)
     {
diff --git a/nis/nss_nisplus/nisplus-service.c b/nis/nss_nisplus/nisplus-service.c
index 51c1956e2f..607ce80b01 100644
--- a/nis/nss_nisplus/nisplus-service.c
+++ b/nis/nss_nisplus/nisplus-service.c
@@ -1,4 +1,4 @@
-/* Copyright (C) 1997, 1998, 1999, 2001, 2002, 2003, 2005, 2006
+/* Copyright (C) 1997, 1998, 1999, 2001, 2002, 2003, 2005, 2006, 2007
    Free Software Foundation, Inc.
    This file is part of the GNU C Library.
    Contributed by Thorsten Kukuk <kukuk@suse.de>, 1997.
@@ -322,7 +322,8 @@ _nss_nisplus_getservbyname_r (const char *name, const char *protocol,
      for the next search */
   snprintf (buf, sizeof (buf), "[name=%s,proto=%s],%s", name, protocol,
 	    tablename_val);
-  nis_result *result = nis_list (buf, FOLLOW_PATH | FOLLOW_LINKS, NULL, NULL);
+  nis_result *result = nis_list (buf, FOLLOW_PATH | FOLLOW_LINKS | USE_DGRAM,
+				 NULL, NULL);
 
   if (result != NULL)
     {
@@ -351,7 +352,8 @@ _nss_nisplus_getservbyname_r (const char *name, const char *protocol,
 	}
 
       nis_freeresult (result);
-      result = nis_list (bufptr, FOLLOW_PATH | FOLLOW_LINKS, NULL, NULL);
+      result = nis_list (bufptr, FOLLOW_PATH | FOLLOW_LINKS | USE_DGRAM,
+			 NULL, NULL);
     }
 
   if (result == NULL)
@@ -420,7 +422,8 @@ _nss_nisplus_getservbyport_r (const int number, const char *protocol,
   snprintf (buf, sizeof (buf), "[port=%d,proto=%s],%s",
 	    number, protocol, tablename_val);
 
-  nis_result *result = nis_list (buf, FOLLOW_PATH | FOLLOW_LINKS, NULL, NULL);
+  nis_result *result = nis_list (buf, FOLLOW_PATH | FOLLOW_LINKS | USE_DGRAM,
+				 NULL, NULL);
 
   if (result == NULL)
     {
diff --git a/nis/nss_nisplus/nisplus-spwd.c b/nis/nss_nisplus/nisplus-spwd.c
index e63e1eeaec..f256f3eb90 100644
--- a/nis/nss_nisplus/nisplus-spwd.c
+++ b/nis/nss_nisplus/nisplus-spwd.c
@@ -1,4 +1,5 @@
-/* Copyright (C) 1997, 2001, 2002, 2003, 2005 Free Software Foundation, Inc.
+/* Copyright (C) 1997, 2001, 2002, 2003, 2005, 2007
+   Free Software Foundation, Inc.
    This file is part of the GNU C Library.
    Contributed by Thorsten Kukuk <kukuk@vt.uni-paderborn.de>, 1997.
 
@@ -182,7 +183,7 @@ _nss_nisplus_getspnam_r (const char *name, struct spwd *sp,
 
   snprintf (buf, sizeof (buf), "[name=%s],%s", name, pwd_tablename_val);
 
-  result = nis_list (buf, FOLLOW_PATH | FOLLOW_LINKS, NULL, NULL);
+  result = nis_list (buf, FOLLOW_PATH | FOLLOW_LINKS | USE_DGRAM, NULL, NULL);
 
   if (result == NULL)
     {
diff --git a/nis/rpcsvc/nislib.h b/nis/rpcsvc/nislib.h
index c993bac5e8..c8927ece17 100644
--- a/nis/rpcsvc/nislib.h
+++ b/nis/rpcsvc/nislib.h
@@ -1,4 +1,4 @@
-/* Copyright (C) 1997, 1998, 1999, 2006 Free Software Foundation, Inc.
+/* Copyright (C) 1997, 1998, 1999, 2006, 2007 Free Software Foundation, Inc.
    This file is part of the GNU C Library.
    Contributed by Thorsten Kukuk <kukuk@suse.de>, 1997.
 
@@ -272,12 +272,13 @@ struct dir_binding
 typedef struct dir_binding dir_binding;
 
 extern nis_error __nisbind_create (dir_binding *, const nis_server *,
-				   unsigned int, unsigned int) __THROW;
+				   unsigned int, unsigned int, unsigned int,
+				   unsigned int) __THROW;
 extern nis_error __nisbind_connect (dir_binding *) __THROW;
 extern nis_error __nisbind_next (dir_binding *) __THROW;
 extern void __nisbind_destroy (dir_binding *) __THROW;
-extern nis_error __nisfind_server (const_nis_name, int, directory_obj **)
-     __THROW;
+extern nis_error __nisfind_server (const_nis_name, int, directory_obj **,
+				   dir_binding *, unsigned int) __THROW;
 
 #endif