YP/NIS support in /etc/ethers, libc ether_ntohost/ether_hostton

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

YP/NIS support in /etc/ethers, libc ether_ntohost/ether_hostton

Bryan Steele
These libc functions are used to map hardware MAC addresses to hostnames
and vice versa. If it exists, /etc/ethers will typically contain a
number of lines like so:

34:00:8a:56:10:20 superman

In addition to that, there is support for using a YP (nee Yellow Pee)
lookup service:

"If a '+' appears alone on a line in the file, then ether_hostton() will
 consult the x ethers.byname YP map, and ether_ntohost() will consult the
 ethers.byaddr YP map."

This support currently interferes with my work to reduce the pledge(2)
in tcpdump(8), as the "inet" promise is required to perform these
lookups..

I've come up with small a diff to remove it, but it was suggested there
may be some interactions with ldap, and I'm not sure how important this
functionality may be to existing YP users (I am not one).

Any objections to this approach? (Missing man page removal bits)

-Bryan.

Index: ethers.c
===================================================================
RCS file: /cvs/src/lib/libc/net/ethers.c,v
retrieving revision 1.25
diff -u -p -u -r1.25 ethers.c
--- lib/libc/net/ethers.c 21 Sep 2016 04:38:56 -0000 1.25
+++ lib/libc/net/ethers.c 8 Nov 2018 23:54:19 -0000
@@ -34,9 +34,6 @@
 #include <string.h>
 #include <ctype.h>
 #include <limits.h>
-#ifdef YP
-#include <rpcsvc/ypclnt.h>
-#endif
 
 #ifndef _PATH_ETHERS
 #define _PATH_ETHERS "/etc/ethers"
@@ -99,18 +96,6 @@ ether_ntohost(char *hostname, struct eth
  char buf[BUFSIZ+1], *p;
  size_t len;
  struct ether_addr try;
-#ifdef YP
- char trybuf[sizeof("xx:xx:xx:xx:xx:xx")];
- int trylen;
-#endif
-
-#ifdef YP
- snprintf(trybuf, sizeof trybuf, "%x:%x:%x:%x:%x:%x",
-    e->ether_addr_octet[0], e->ether_addr_octet[1],
-    e->ether_addr_octet[2], e->ether_addr_octet[3],
-    e->ether_addr_octet[4], e->ether_addr_octet[5]);
- trylen = strlen(trybuf);
-#endif
 
  f = fopen(_PATH_ETHERS, "re");
  if (f == NULL)
@@ -123,26 +108,9 @@ ether_ntohost(char *hostname, struct eth
  (void)memcpy(buf, p, len);
  buf[len] = '\n'; /* code assumes newlines later on */
  buf[len+1] = '\0';
-#ifdef YP
- /* A + in the file means try YP now.  */
- if (!strncmp(buf, "+\n", sizeof(buf))) {
- char *ypbuf, *ypdom;
- int ypbuflen;
-
- if (yp_get_default_domain(&ypdom))
- continue;
- if (yp_match(ypdom, "ethers.byaddr", trybuf,
-    trylen, &ypbuf, &ypbuflen))
- continue;
- if (ether_line(ypbuf, &try, hostname) == 0) {
- free(ypbuf);
- (void)fclose(f);
- return (0);
- }
- free(ypbuf);
+ /* A + in the file meant try YP, ignore it. */
+ if (!strncmp(buf, "+\n", sizeof(buf)))
  continue;
- }
-#endif
  if (ether_line(buf, &try, hostname) == 0 &&
     memcmp(&try, e, sizeof(try)) == 0) {
  (void)fclose(f);
@@ -161,9 +129,6 @@ ether_hostton(const char *hostname, stru
  char buf[BUFSIZ+1], *p;
  char try[HOST_NAME_MAX+1];
  size_t len;
-#ifdef YP
- int hostlen = strlen(hostname);
-#endif
 
  f = fopen(_PATH_ETHERS, "re");
  if (f==NULL)
@@ -177,26 +142,9 @@ ether_hostton(const char *hostname, stru
  memcpy(buf, p, len);
  buf[len] = '\n'; /* code assumes newlines later on */
  buf[len+1] = '\0';
-#ifdef YP
- /* A + in the file means try YP now.  */
- if (!strncmp(buf, "+\n", sizeof(buf))) {
- char *ypbuf, *ypdom;
- int ypbuflen;
-
- if (yp_get_default_domain(&ypdom))
- continue;
- if (yp_match(ypdom, "ethers.byname", hostname, hostlen,
-    &ypbuf, &ypbuflen))
- continue;
- if (ether_line(ypbuf, e, try) == 0) {
- free(ypbuf);
- (void)fclose(f);
- return (0);
- }
- free(ypbuf);
+ /* A + in the file meant try YP, ignore it. */
+ if (!strncmp(buf, "+\n", sizeof(buf)))
  continue;
- }
-#endif
  if (ether_line(buf, e, try) == 0 && strcmp(hostname, try) == 0) {
  (void)fclose(f);
  return (0);

Reply | Threaded
Open this post in threaded view
|

Re: YP/NIS support in /etc/ethers, libc ether_ntohost/ether_hostton

Bryan Steele
This was suggested by deraadt@, sorry.

On Thu, Nov 08, 2018 at 08:05:13PM -0500, Bryan Steele wrote:

> These libc functions are used to map hardware MAC addresses to hostnames
> and vice versa. If it exists, /etc/ethers will typically contain a
> number of lines like so:
>
> 34:00:8a:56:10:20 superman
>
> In addition to that, there is support for using a YP (nee Yellow Pee)
> lookup service:
>
> "If a '+' appears alone on a line in the file, then ether_hostton() will
>  consult the x ethers.byname YP map, and ether_ntohost() will consult the
>  ethers.byaddr YP map."
>
> This support currently interferes with my work to reduce the pledge(2)
> in tcpdump(8), as the "inet" promise is required to perform these
> lookups..
>
> I've come up with small a diff to remove it, but it was suggested there
> may be some interactions with ldap, and I'm not sure how important this
> functionality may be to existing YP users (I am not one).
>
> Any objections to this approach? (Missing man page removal bits)
>
> -Bryan.
>
> Index: ethers.c
> ===================================================================
> RCS file: /cvs/src/lib/libc/net/ethers.c,v
> retrieving revision 1.25
> diff -u -p -u -r1.25 ethers.c
> --- lib/libc/net/ethers.c 21 Sep 2016 04:38:56 -0000 1.25
> +++ lib/libc/net/ethers.c 8 Nov 2018 23:54:19 -0000
> @@ -34,9 +34,6 @@
>  #include <string.h>
>  #include <ctype.h>
>  #include <limits.h>
> -#ifdef YP
> -#include <rpcsvc/ypclnt.h>
> -#endif
>  
>  #ifndef _PATH_ETHERS
>  #define _PATH_ETHERS "/etc/ethers"
> @@ -99,18 +96,6 @@ ether_ntohost(char *hostname, struct eth
>   char buf[BUFSIZ+1], *p;
>   size_t len;
>   struct ether_addr try;
> -#ifdef YP
> - char trybuf[sizeof("xx:xx:xx:xx:xx:xx")];
> - int trylen;
> -#endif
> -
> -#ifdef YP
> - snprintf(trybuf, sizeof trybuf, "%x:%x:%x:%x:%x:%x",
> -    e->ether_addr_octet[0], e->ether_addr_octet[1],
> -    e->ether_addr_octet[2], e->ether_addr_octet[3],
> -    e->ether_addr_octet[4], e->ether_addr_octet[5]);
> - trylen = strlen(trybuf);
> -#endif
>  
>   f = fopen(_PATH_ETHERS, "re");
>   if (f == NULL)
> @@ -123,26 +108,9 @@ ether_ntohost(char *hostname, struct eth
>   (void)memcpy(buf, p, len);
>   buf[len] = '\n'; /* code assumes newlines later on */
>   buf[len+1] = '\0';
> -#ifdef YP
> - /* A + in the file means try YP now.  */
> - if (!strncmp(buf, "+\n", sizeof(buf))) {
> - char *ypbuf, *ypdom;
> - int ypbuflen;
> -
> - if (yp_get_default_domain(&ypdom))
> - continue;
> - if (yp_match(ypdom, "ethers.byaddr", trybuf,
> -    trylen, &ypbuf, &ypbuflen))
> - continue;
> - if (ether_line(ypbuf, &try, hostname) == 0) {
> - free(ypbuf);
> - (void)fclose(f);
> - return (0);
> - }
> - free(ypbuf);
> + /* A + in the file meant try YP, ignore it. */
> + if (!strncmp(buf, "+\n", sizeof(buf)))
>   continue;
> - }
> -#endif
>   if (ether_line(buf, &try, hostname) == 0 &&
>      memcmp(&try, e, sizeof(try)) == 0) {
>   (void)fclose(f);
> @@ -161,9 +129,6 @@ ether_hostton(const char *hostname, stru
>   char buf[BUFSIZ+1], *p;
>   char try[HOST_NAME_MAX+1];
>   size_t len;
> -#ifdef YP
> - int hostlen = strlen(hostname);
> -#endif
>  
>   f = fopen(_PATH_ETHERS, "re");
>   if (f==NULL)
> @@ -177,26 +142,9 @@ ether_hostton(const char *hostname, stru
>   memcpy(buf, p, len);
>   buf[len] = '\n'; /* code assumes newlines later on */
>   buf[len+1] = '\0';
> -#ifdef YP
> - /* A + in the file means try YP now.  */
> - if (!strncmp(buf, "+\n", sizeof(buf))) {
> - char *ypbuf, *ypdom;
> - int ypbuflen;
> -
> - if (yp_get_default_domain(&ypdom))
> - continue;
> - if (yp_match(ypdom, "ethers.byname", hostname, hostlen,
> -    &ypbuf, &ypbuflen))
> - continue;
> - if (ether_line(ypbuf, e, try) == 0) {
> - free(ypbuf);
> - (void)fclose(f);
> - return (0);
> - }
> - free(ypbuf);
> + /* A + in the file meant try YP, ignore it. */
> + if (!strncmp(buf, "+\n", sizeof(buf)))
>   continue;
> - }
> -#endif
>   if (ether_line(buf, e, try) == 0 && strcmp(hostname, try) == 0) {
>   (void)fclose(f);
>   return (0);

Reply | Threaded
Open this post in threaded view
|

Re: YP/NIS support in /etc/ethers, libc ether_ntohost/ether_hostton

Jonathan Matthew-4
In reply to this post by Bryan Steele
On Thu, Nov 08, 2018 at 08:05:13PM -0500, Bryan Steele wrote:

> These libc functions are used to map hardware MAC addresses to hostnames
> and vice versa. If it exists, /etc/ethers will typically contain a
> number of lines like so:
>
> 34:00:8a:56:10:20 superman
>
> In addition to that, there is support for using a YP (nee Yellow Pee)
> lookup service:
>
> "If a '+' appears alone on a line in the file, then ether_hostton() will
>  consult the x ethers.byname YP map, and ether_ntohost() will consult the
>  ethers.byaddr YP map."
>
> This support currently interferes with my work to reduce the pledge(2)
> in tcpdump(8), as the "inet" promise is required to perform these
> lookups..
>
> I've come up with small a diff to remove it, but it was suggested there
> may be some interactions with ldap, and I'm not sure how important this
> functionality may be to existing YP users (I am not one).

ypldap does not provide ethers.byname or ethers.byaddr maps, if that's the
ldap interaction in question here.

Reply | Threaded
Open this post in threaded view
|

Re: YP/NIS support in /etc/ethers, libc ether_ntohost/ether_hostton

Ricardo Mestre-2
Paraphrasing an excerpt of my commit on getent(1) to add unveil(2):

"After a discussion with millert@ regarding YP then deraadt@ chimed in referring
that when he wrote this code even though we can have YP mappings with several
of these dbs "it doesn't mean that things use it, or should, or will" so adding
unveil(2) here should not impact any YP environments."

I think we can let it go.

On 22:01 Fri 09 Nov     , Jonathan Matthew wrote:

> On Thu, Nov 08, 2018 at 08:05:13PM -0500, Bryan Steele wrote:
> > These libc functions are used to map hardware MAC addresses to hostnames
> > and vice versa. If it exists, /etc/ethers will typically contain a
> > number of lines like so:
> >
> > 34:00:8a:56:10:20 superman
> >
> > In addition to that, there is support for using a YP (nee Yellow Pee)
> > lookup service:
> >
> > "If a '+' appears alone on a line in the file, then ether_hostton() will
> >  consult the x ethers.byname YP map, and ether_ntohost() will consult the
> >  ethers.byaddr YP map."
> >
> > This support currently interferes with my work to reduce the pledge(2)
> > in tcpdump(8), as the "inet" promise is required to perform these
> > lookups..
> >
> > I've come up with small a diff to remove it, but it was suggested there
> > may be some interactions with ldap, and I'm not sure how important this
> > functionality may be to existing YP users (I am not one).
>
> ypldap does not provide ethers.byname or ethers.byaddr maps, if that's the
> ldap interaction in question here.
>

Reply | Threaded
Open this post in threaded view
|

Re: YP/NIS support in /etc/ethers, libc ether_ntohost/ether_hostton

Theo de Raadt-2
In reply to this post by Jonathan Matthew-4
Sure but the issue is that binaries over-reach beyond in a way that
"getpw" supports for name lookups cannot help here.  So the ether
library routines need another non-obvious pledge.  I refer to remove
such YP support since use of it would be completely fringe.

> On Thu, Nov 08, 2018 at 08:05:13PM -0500, Bryan Steele wrote:
> > These libc functions are used to map hardware MAC addresses to hostnames
> > and vice versa. If it exists, /etc/ethers will typically contain a
> > number of lines like so:
> >
> > 34:00:8a:56:10:20 superman
> >
> > In addition to that, there is support for using a YP (nee Yellow Pee)
> > lookup service:
> >
> > "If a '+' appears alone on a line in the file, then ether_hostton() will
> >  consult the x ethers.byname YP map, and ether_ntohost() will consult the
> >  ethers.byaddr YP map."
> >
> > This support currently interferes with my work to reduce the pledge(2)
> > in tcpdump(8), as the "inet" promise is required to perform these
> > lookups..
> >
> > I've come up with small a diff to remove it, but it was suggested there
> > may be some interactions with ldap, and I'm not sure how important this
> > functionality may be to existing YP users (I am not one).
>
> ypldap does not provide ethers.byname or ethers.byaddr maps, if that's the
> ldap interaction in question here.
>

Reply | Threaded
Open this post in threaded view
|

Re: YP/NIS support in /etc/ethers, libc ether_ntohost/ether_hostton

Kurt Mosiejczuk-9
On Fri, Nov 09, 2018 at 09:50:55AM -0700, Theo de Raadt wrote:
> Sure but the issue is that binaries over-reach beyond in a way that
> "getpw" supports for name lookups cannot help here.  So the ether
> library routines need another non-obvious pledge.  I refer to remove
> such YP support since use of it would be completely fringe.

I'd lean that way too. I've used YP for a long time and I think I used
the ethers map once, maybe twenty years ago. That was only because I
was new to using NIS and found its inclusion curious enough to set
it up. Never really "used" it after setup though.

--Kurt