Interesting Info - to get on the ph mailing list, send mail to majordomo@listserv.cso.uiuc.edu with "subscribe info-ph" in the BODY (not Subject: !) - qi.tar.gz (server) lives on vixen.cso.uiuc.edu, pub subdirectory. - ph.tar.gz (clients) lives on vixen.cso.uiuc.edu, pub subdirectory. Files with the .gz extension require the GNU gunzip package for decompression. Source for gzip, which can also handle regular compress(1) files, is in vixen.cso.uiuc.edu:gnu/gzip-1.2.2.tar . The version number will increase over time so use the ftp dir command to find the latest. Release Notes for the CSO Nameserver 03/11/94 ########################### Alan Crosswell contributed many improvements. Most notable is a more seamless integration of Kerberos V4 authentication into qi. I've changed the order of attempts in the api/LoginQi.c module contributed to try email authentication first. More detail in the README.COLUMBIA file. A tricky malloc'ed area overrun was located and fixed. This should cure many of the "oops, lost connection to server" errors. qi is gradually moving towards POSIX conformance with string operators coming first (index->strchr,bcopy->memmove,etc). The MAILDOMAIN and CHARSET settings have been added to siteinfo. Fields marked LocalPub are now invisible to outsiders (not shown in fields command, can't be searched, or specified in a return clause). At the moment, only "ns" works as an instance for Kerberos authentication. I could not get "csnet-ns" to work either paired in the srvtab file with "ns" or by itself. This may be a non-problem as anyone installing a Kerberos ph client here can be told only to use "ns". 01/22/94 ########################### The Solaris /usr/lib/libresolv.a does NOT canonicalize names. This can cause Kerberos authentication to fail if the ph server host is compiled into ph as a CNAME that points to the real host. At UIUC, ns.uiuc.edu points to argus.cso.uiuc.edu. With the Solaris libresolv.a, the mutual authentication is done with ns.uiuc.edu (wrong) rather than with argus.cso.uiuc.edu (right). The fix is to install the Bind 4.9 or later libresolv.a. All instances of index/rindex converted to strchr/strrchr. Ditto for bcopy/bzero to memmove/memset. It's probably safe enough here to #define memmove memcpy if memmove isn't available (memmove supports overlapping copies like bcopy). The Columbia speedup changes to qi/dbi.c and util/makei.c work fine while building the database, but fail on read-write databases during operation. Entries disappear with "unmake_lookup deletestr failed" errors in syslog. This is under investigation. 07/22/93 ########################### Added new directory name to configs/defaults. $QiExecDir now states where the qi program is installed. $QiUtilDir indicates where the other support programs go. Previously all qi programs, except ph, were installed in $QiExecDir. Default value for $QiExecDir is now /usr/local/libexec. 06/22/93 ########################### Systems using the BSD shadow password facilty have a getpass() that can return up to 128 characters. To provide a uniform interface, the ph client now truncates passwords at PH_PW_LEN (8) characters. Added a beginning application program interface library for network queries. qi, phquery, and qtacacsd (ph authentication for cisco terminal servers) now use it. qtacacsd is available from vixen.cso.uiuc.edu in the net/qtacacsd directory. If you have @WantDirs() in your host-specific configuration file, be sure to add "api" to the list after "lib". A sloppy bug that caused qi to die when conversing with unregistered hosts has been fixed. The source to the primes and factor programs included in xtra/primes.shar . primes is used in sample/Makefile to size the database. 05/06/93 ########################### Somehow bogus versions of lib/fcrypt.c and qi/language.l crept into the distribution. Now fixed. mdump.c now uses strstr() to locate type keywords anywhere in the text string. Most systems seem to have it. If not, add -DNO_STRSTR to the $Cflags variable in the OS-specific file. 04/02/93 ########################### NOTICE: util/credb now takes its arguments in reverse order from before. Usage is: credb size [filename[.(idx|dir)]] This was done to allow file specification via the -DATABASE=/tmp/foo mechanism. New @Feature(): FCRYPT selects use of fcrypt() from the Crack v4.1 package. Much faster than the standard crypt() and necessary in the UIUC enviroment where ph/qi is used for terminal server validation. qi sleeps after failed logins to inhibit guessing. As a consequence to the terminal server requirement, login is now permitted to read-only databases however all change operations are inhibited. Another new @Feature(): KERBEROS selects V4 Kerberos authentication rather than passwords. From the original changes done by Brown University. N.B., For Kerberos, klanguage.l must be used instead of language.l to build lex.yy.c . If someone can combine these neatly into one file, I'd appreciate it. Kerberos changes un-tested at UIUC. qi now supports "LocalPub" keyword in prod.cnf. Use instead of "Public" in fields such as home_phone and home_address to keep them from being shown to remote queries. They will be shown to queries that come from hosts listed in @LocalAddrs(). Example: @LocalAddrs(".uiuc.edu", "128.174."); would show LocalPub tagged fields to a query from uxc.cso.uiuc.edu and from any host on the 128.174.0.0 net that lacked an inverse DNS entry. Domain matches are anchored to the end of the remote host name, IP address matches are anchored to the front. The RESTRICTED @Feature() has been depreciated. To obtain the same functionalty, make @OkAddrs() non-empty as in @LocalAddrs() above. Most C programs in the util/ directory will now take arguments of the form -DATABASE=/tmp/db/prod to override default settings in the Strings[] array. To help prevent disaster, the name of the database to be smashed, ummmm built, is printed prior to a sleep(5) statement. Many globals and functions were made static to their source file. 02/27/93 ########################### **IMPORTANT** All #define foos have been upper-cased to FOOS. Impact is that all files in the configs directory will need any $DefineStrings converted to upper case. Example: $DefineStrings{"Database"} = "/nameserv/db/prod"; becomes $DefineStrings{"DATABASE"} = "/nameserv/db/prod"; qi now supports the less-than-all-powerful hero. If the hero field contains the string "opr", "oper", or "operator", then the user is allowed nearly unlimited proxy-like priviledges. The exception is that the operator may not change an entry of any user that has a non-empty hero field. Use is for consultants so that they can change passwords and email entries, but not name or id fields. In addition they can't add or delete entries. Re-ordered the tests in WhoAreYou() because S5R3.2 allows lseek() on network sockets. WhoAreYou() now sets SO_KEEPALIVE on network connections. Made qi more paranoid about checking given hostnames. Define NOCHECKNET to disable. Add common nicknames to badKeys to compensate for extra nickname fields generated by util/addnickname. Replaced '%m' in IssueMessage() calls with '%s' filled in with strerror(). Add $Cflags .= " -DNO_STRERROR"; to your OS file in the configs directory if your system lacks strerror(). Checks under EMAIL_AUTH are now case insensitive and check only the first address in the email field after deleting any leading and trailing whitespace. Absolute paths for ls and expand removed. Several System 5 changes: some files have one or more of a) #include instead of b) Defining index/rindex as strchr/strrchr c) Provide missing definitions for L_SET, L_CUR, L_XTND. util/mdump.c now has "generics" argument for producing IDA sendmail compatible generics file. Sample inetd.conf entry in xtra directory plus other goodies. 9/5/92 ############################# Revised doc/introduction.me document courtesy of Lynn Ward, CCSO. New directory "sample" created to illustrate database building process. N.B., copy the directory to a temp location and work there. lib/flock.[ch] added for those sites w.o. flock(). Set either FCNTL_FLOCK (preferred) or LOCKF_FLOCK in @Features . 7/29/92 ############################# Maintenenance and development transferred to Paul Pomes (paul-pomes@uiuc.edu) after Steve Dorner left the University. Code completely re-formatted to use full-tab indents and wrappers around ANSI prototypes to allow compilation on non-ANSI C equipped hosts. Tested on VAX-3500 with Ultrix-3.2, and SUN4 with SunOS 4.1.2. Compiled but not extensively tested on Convex, RS6000, and MIPS with RISCos. Last vestiges of f.config eliminated. Most file names lower-cased. All usages of theArg, theValue, thePassword, theEtc eliminated in favor of shorter names that omit the leading "the". Ick. All docs converted to native UNIX format - troff and -man macros for man pages, troff and -me macros for everything else. 4/2/92 ############################# doc/install is now at least minimally useful. 3/12/92 ############################# IMPORTANT - the field config file should now be named database.cnf, where "database" is the basename of your database (eg, prod.cnf). I've included a sample of our field config file. IMPORTANT - a new field has been included in the field config file. Util/merge3 is the only program that cares about it; but it must be present. NOTE - qi now will print the contents of database.bnr (eg, prod.bnr) as part of the response to a "status" command. 2/26/92 ############################# I've completely revised the configuration process. Hopefully, I've made it easier; it's certainly been easier for me. The idea now is that you create perl scripts in the Configs subdirectory. These scripts are run by the master script (Configure), after it has run ConfigDefaults. Look in ConfigDefaults for what sorts of things you can configure. Some example configurations are in the Configs subdirectory. To do a configuration, cd to the top of the source tree, and type: perl Configure [other config files...] Eg, when I install Qi for our production nameserver, I say: perl Configure Ultrix garcon For our "Network Navigator" (please don't ask), I do: perl Configure NeXT net-nav I'm having good luck using the exact same source tree for different databases and even record sizes, which is nice, since I run several Qi databases. It's not quite finished, and there are some inconsistencies in how the Configure script goes about its business. But it's much nicer than it was. I've successfully used this set of sources on Ultrix, NeXT, Convex, Dynix, and AIX. (At least, the Qi part; I'm not sure I've compiled the attendant stuff from this tree on all those platforms.) The documentation remains woefully out of date. I have decided to start updating it, however, so it should be better in a few months (I can only give it a couple hours per week). 2/4/92 ############################# IMPORTANT - I've changed the way CPU limits are handled. The old way could result in corrupted databases, since the cpu timer could expire while changes were being made. Now, only queries are time-limited. If you don't implement the fix, you need to turn off cpu limits. I've also added a third possible response to a login challenge; validation by email-field. If ph is coming from a port <1024, and the entry's email field matches the peer host and a username supplied with a (new) "email username" command, a password is not required for login. 12/5/91 ############################# I've updated this README (see f.config warning below) and added my f.config file back into the distribution. I've also fixed yet another bug in the AliasIsUsed routine, this one minor. 12/3/91 ############################# Fixed a nasty bug in the AliasIsUsed code. If you're using the 3/28 or 10/23 versions, you'll want to update right away. 10/23/91 ############################# Rewrote most of the database rebuild tools. WARNING - I changed dir and dov record sizes in db.h; make them whatever's appropriate for your data. WARNING - I changed the format of the f.config file, adding another field before the attributes begin. I use this field for database rebuilds; see Src/Util/merge3. A few minor bug fixes. 3/28/91 ############################# Added a specific allowance for query proxy=logged-in-alias to return more than the normal maximum number of matches; handy for the Macintosh ph client that's under development. 3/11/91 ############################# Some more of the database build utilities have been converted to perl. 'Siteinfo' command added. 'Ph' client tinkered with. 12/17/90 ############################# Some of the database build utilities have been converted to perl. A line length limit imposed by lex has been excised. A table of common names was added to RateAKey; speeds some lookups by an order of magnitude. 6/27/90 ############################# This version fixes a few bugs in the utilities, which were caused by blunders while ansi-fying the code. This version of the server very occasionally dumps core. I'll fix it sometime soon. 5/18/90 ############################# This release is more or less experimental; we haven't been running it for very long. A little of the documentation has been updated, but don't get too excited. Much of the code has been ANSI-fied. I know some of you will hate me for that. I have made it run under gcc on a 4.3bsd(purdue) Sequent Balance, an Ultrix VAX, and a NeXT machine. The VAX vcc linker doesn't like it, but I don't really care why. In the process of running it on the NeXT machine, I've found some of the NULL-dereference bugs those of you with Suns know all about. I have eradicated those I found. I have fixed a bug in using the add command to add entries with aliases (specifically, it would hang, trying to read the .idx file from stdin...). I have removed the history stuff, which never worked to my satisfaction. A very rudimentary shell script is included, Util/testqi.csh, to test qi, ph, and your database. It tests a few basic things, but is by no means exhaustive. BTW - I suggest those of you running the server set up a DNS alias for its server host, using the service name. For example, you can find our server by trying "ns.uiuc.edu". This will give people a good chance of finding Nameservers in other domains. 3/22/90 ############################# Still no updated documentation. Two really nasty, ugly, horrid, embarassing bugs fixed. First, the version posted as of 2/6/90 allowed any field to be changed, whether or not it had the Change attribute. Second, the help command allowed the reading of any file accessible to the server, if you put in the right number of ..'s and /'s. This version FIXES both those things. 2/6/90 ############################# This REALLY is an interim release. There's a bug fix to makei, for one. There are other changes as well. There is a bug in the "add" command in this version; it cannot add an entry with an alias. Look for a fix soon. 10/18/89 ############################# This release is something of an interim release. The documentation is (still) out of date, and some of the new features are documented poorly or not at all. It does add significant new functionality, as well as fixes a few nasty bugs. WARNING: I've changed the indexing software in two (related) ways. First, it only indexes the first n characters of words. Second, I've drastically cut NICHARS, the size of a primary hash table entry. This leads to a much more space-efficient index, but also means that the code is INCOMPATIBLE with older databases. New Features: - a "help" command was added to the server. Syntax is help name-of-client topic-list. The help itself is kept in files, one for each topic, residing in subdirectories, one for each client. - Ph now rewrites email and alias fields into one line on the display. - Switches added to control Ph's behavior: - "-s hostname" controls what server ph uses - "-p portnumber" controls what port ph uses - "-[mM]" turns off/on use of pager - "-[rR]" turns off/on email reformatting - "-[nN]" turns off/on reading of .netrc file - "-[bB]" turns off/on beautification of query results - a switch command was added to Ph to set switches inside ph - database rebuild stuff considerably modified. A Makefile for databases included, that might serve as a guide to database builds. Bugs fixed: - Older versions of ph sometimes hung after edit command; now fixed. - Database headers were not being updated properly during simul- taneous qi sessions, leading to shared overflow blocks; fixed. - Fields command in Ph now uses pager - Some more null-dereference bugs fixed - probably others I've forgotten 7/28/89 ############################# Some bugs introduced in Ph by the last revision are fixed. 7/19/89 ############################# N.B.: The documentation distributed with this program is somewhat out-of-date. At some point in the future, the documentation will be updated. Until that time, bear in mind the contents of this file when you read the documentation. Bugs fixed: - a certain dereference of a NULL pointer was excised from commands.c - the code that checked aliases for uniqueness was broken the last time it was enhanced. It is now fixed. Behavior changed: - Previously, if a client issued a login command, and did not follow it with an answer command, the server issued a 599 reply, followed by the reply to the new command: login xyzzy 301:akdjfjfajflajfajlfjsdaslfjdf ph dorner 599:expecting answer -200... 200 I was prevailed upon to change this behavior so that clients who get out of synch won't have a problem. Now, the complaint about the missing answer is given as a -523: login xyzzy 301:akdjfjfajflajfajlfjsdaslfjdf ph dorner -523:expecting answer -200... 200 This way, a client who thinks it should read only until it gets a code >=200 and who also screws up a login won't have a problem. Enhancements: - Ph now exits with 0 if the last command was successful, or the upper digit of the code if the last command failed (e.g., exit(5) for a 500 series reply). An exit status of 1 implies some other error, not a 100 reply (since 100 is in-progress, and a final reply will be waited for). - The following enhancements were made to the server by Mark Edwards, edwards@dogie.macc.wisc.edu. If you have questions about these features, please contact him. - If a field description named "any" is added to f.config, a query like "ph dorner any=compute" will return entries that have "compute" in any one of fields marked "Wild" in f.config. - If a field descirption named "always" is added to f.config a query like "ph dorner return email always" will print, in addition to the email field, any fields marked "Always" in f.config - Various changes were made to Ph for Wisconsin use. These can be enabled by #define'ing MACC. - A directory called Xtra was added, containing a version of syslog for use by the benighted systems who do not have the 4.3 syslog. It will take some Makefile work to integrate this with qi. Some source code issues were also addressed; they are uninteresting for the most part. 5/16/89 ############################# This release differs only slightly from the 5/13 release. Some dead code has been removed from AliasIsUsed in qi/change.c. It should be noted that this code, when operational, could cause data from one entry to be duplicated and written ON TOP OF ANOTHER ENTRY. This could occur when the "alias" field was changed. If you are running a pre-5/13/89 version of qi, YOU MUST DEAL WITH AliasIsUsed, either by grabbing a newer version or hacking your own. The problem is AliasIsUsed does a standard lookup on the alias requested, to see if it exists in the database. This lookup (via DoLookup), can cause the "current entry" in dbm.c to be changed, which results in the duplication/overwrite bug. To fix AliasIsUsed, either avoid the "DoLookup" or restore dbm.c's current entry (cur_ent). We have chosen the former course, using the lowlevel, index-file only do_lookup. This results in further restrictions on aliases (now, an alias cannot appear in any indexed fields of any other entries), but we are content with the more restrictive behavior. 5/13/89 ############################# There are still two outstanding bugs in this version. One causes duplicate entries. This occurs in our database (fairly large and well-used) about once every other month. I have been unable to duplicate, find, or fix this bug. The second causes two entries to share the same overflow block. In well over a year of operation, this has happened ONCE. The fix to putdirent (see below) will make this bug even less likely to occur. If you find you can duplicate (or fix, for that matter) either of these bugs, PLEASE get in touch with me, paul-pomes@uiuc.edu. Fixed a Makefile error that caused include/conf.h not to appear before it was needed. Made whoi work after 'enhancing' it broke it. Added a "PARANOID" ifdef to dbd.c to check the contents of every entry after it is written. Suggest this be used for debugging only. Changed change.c to disallow aliases whose components result in valid lookups to persons other than the one whose alias is changed. For example, our database contains both "Steve Dorner" and "Paul Pomes". Paul is allowed to have an alias of "paul-pomes", but Steve is not. We need this for our mail forwarding scheme. Fixed language.l to understand "exit" (not "end"). Changed putdirent to reuse old overflow blocks (previously, overflow blocks were discarded, not reused, any time an entry with overflow blocks was changed, leading to monotonic growth in the .dov file, even under constant size real data). Changed ph to be consistent in its use of the PASSW define, and made a cosmetic change or two. 4/28/89 ############################# This distribution changes the procedure for creating a "hero" user, fixes a bug, adds a new service, and adds a new utility. Who the Nameserver "hero" (super-user) was used to be determined by matching the user's alias against a string compiled into qi. Now, there is a "hero" field, the presence of which means the user is a "hero". This allows for multiple "heroes". The bug was (again) in encryption/decryption synchronization. The old code restarted the encryption machine after any change was made to the logged-in user's entry. The new (fixed) code only restarts the encryption machine if the user changes his password. This is not only more reasonable behavior, it is how the client (ph) behaves. This bug caused people who changed their passwords after changing something else in their entry to wind up with bad passwords. The service is a "whois" front-end for qi. It assumes you send it a name (and only a name), and returns the results of a query on that name. This allows Nameserver sites to respond to whois queries. The utility is "nsck", which checks Nameserver databases for some obvious corruptions. There is, alas, no documentation available for nsck; read the code to see what exactly it does. It does NOT fix anything, it just will warn you of problems. 3/21/89 ############################# This distribution adds a minor feature, avoids a major bug, and implements a minor performance enhancement. The bug is that the encryption/decryption routines can get out of synch if encrypted data is not decrypted. Therefore, the server no longer prints any data at all when asked to print the values of encrypted fields. You may undo this change iff you change your clients to notice that some encrypted data has been sent to them, and make them decrypt it. The minor feature is that the "owner" field has been changed to a "proxy" field; aliases put in the "proxy" field of an entry are allowed to change the user-changeable data for that entry. The performance enhancement is that the lookup routines stop selecting entries when the overflow count has been reached. They used to con- tinue the search until all entries had been located, and then report there were too many entries to print; this extra work is now avoided. Other minor changes were made as well. 1/18/89 ############################# This distribution contains the version of the Nameserver in production use as of the date above at the University of Illinois. We provide no warrantees of any kind, and take no responsibility for anything bad that might happen as a result of using our software. The software is Copyright 1988, 1989 by the University of Illinois Board of Trustees. Portions of the software are Copyright 1985 by CSNET. This software may not be redistributed without prior consent of CSNET. While we cannot provide formal support, we ARE interested in your experiences with the software. I will answer your questions, as time permits, and am interested in bugs you discover, things you think need to be better documented, and enhancements you make. Feel free to drop me a line about any of those things. Once you have retrieved the file qi.tar.Z, you should first uncompress it: "uncompress qi.tar.Z". Then, extract the files from it: "tar xvf qi.tar". This will create several subdirectories. The first directory to examine is doc, which contains the documentation for the Nameserver. The doc directory contains nine documents. Two of them are troff manual pages (ph.1 and qi.8). Seven of them are provided in two formats; MacBinary WriteNow for the Macintosh format (.wn.Bin) and Rich Text Format (.rtf), suitable for importing to Microsoft Word for the Macintosh. While other machines (notably NeXT machines) can read both WriteNow and RTF files, the graphics in the files will be lost unless they are printed on a Macintosh. If both document formats leave you cold, send me a note with your paper mail address, and I will send you paper copies of the documentation. The document of most immediate interest to you is Installation, which covers the file layout of the distribution, and gives instructions for the installation of the software. Good luck. This document was written by Steve Dorner. Steve has since gone on to other opportunities and has left qi/ph development to Paul Pomes. Steve continues to develop Eudora and it will continue to be a free product. Paul Pomes, U of Illinois Computing Services Office Internet: Paul-Pomes@uiuc.edu Paper: 1451 DCL, MC 256 1304 W. Springfield Urbana, IL 61801