From nobody Sat Jan 31 07:01:24 1998 Received: (from nobody@localhost) by hub.freebsd.org (8.8.8/8.8.8) id HAA20986; Sat, 31 Jan 1998 07:01:24 -0800 (PST) (envelope-from nobody) Message-Id: <199801311501.HAA20986@hub.freebsd.org> Date: Sat, 31 Jan 1998 07:01:24 -0800 (PST) From: kmitch@cslab.vt.edu To: freebsd-gnats-submit@freebsd.org Subject: getpwnam and getpwuid do not use the +@netgroup convention in /etc/passwd. X-Send-Pr-Version: www-1.0 >Number: 5610 >Category: bin >Synopsis: getpwnam and getpwuid do not use the +@netgroup convention in /etc/passwd. >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: closed >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sat Jan 31 07:10:00 PST 1998 >Closed-Date: Thu Feb 12 16:22:28 PST 1998 >Last-Modified: Thu Feb 12 16:33:45 PST 1998 >Originator: Keith Mitchell >Release: 2.2.5-STABLE >Organization: Virginia Tech Comp. Sci. Department >Environment: FreeBSD labrador.cslab.vt.edu 2.2.5-STABLE FreeBSD 2.2.5-STABLE #0: Thu Jan 15 18:44:52 EST 1998 kmitch@labrador.cslab.vt.edu:/src/src/sys/compile/LABRADOR i386 >Description: The getpwnam and getpwuid system calls do not correctly lookup netgroups int the passwd file via a +@netgroup entry. They do, however work with a +user entry. The getpwent system call does parse the netgroup imports. >How-To-Repeat: >Fix: >Release-Note: >Audit-Trail: From: Dirk Froemberg To: freebsd-gnats-submit@freebsd.org, kmitch@cslab.vt.edu, wpaul@freebsd.org, freebsd-bugs@freebsd.org Cc: Subject: Re: bin/5610: getpwnam and getpwuid do not use the +@netgroup convention in /etc/passwd. Date: Wed, 11 Feb 1998 20:35:42 +0100 --6TrnltStXW4iwmi0 Content-Type: text/plain; charset=us-ascii Keith Mitchell wrote: > The getpwnam and getpwuid system calls do not correctly lookup netgroups > int the passwd file via a +@netgroup entry. They do, however work with > a +user entry. The getpwent system call does parse the netgroup > imports. Hello! The problem seems to be _listmatch() in /usr/src/lib/libc/gen/getnetgrent.c:278. It is used by innetgr(3). If the first argument to _listmatch() is not a comma seperated list, ptr increases "forever" in line 296/297. The attached patch to getnetgrent.c solved the problem for me. Please have a look at it and feel free to use it. Best regards Dirk -- e-mail: ibex@physik.tu-berlin.de --6TrnltStXW4iwmi0 Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="getnetgrent.c.diff" *** getnetgrent.c.dist Wed Nov 19 22:41:42 1997 --- getnetgrent.c Wed Feb 11 19:46:02 1998 *************** *** 286,299 **** while(isspace(*ptr)) ptr++; ! while (ptr < list + len) { ! cptr = ptr; ! while(*ptr != ',' && !isspace(*ptr)) ! ptr++; ! if (strncmp(cptr, group, glen) == 0 && glen == (ptr - cptr)) return(1); ! while(*ptr == ',' || isspace(*ptr)) ! ptr++; } return(0); --- 286,305 ---- while(isspace(*ptr)) ptr++; ! if ((strchr(list, ',') == NULL)) { ! if (strncmp(ptr, group, glen) == 0) { return(1); ! } ! } else { ! while (ptr < list + len) { ! cptr = ptr; ! while(*ptr != ',' && !isspace(*ptr)) ! ptr++; ! if (strncmp(cptr, group, glen) == 0 && glen == (ptr - cptr)) ! return(1); ! while(*ptr == ',' || isspace(*ptr)) ! ptr++; ! } } return(0); --6TrnltStXW4iwmi0-- State-Changed-From-To: open->closed State-Changed-By: wpaul State-Changed-When: Thu Feb 12 16:22:28 PST 1998 State-Changed-Why: The PR description implies that +@netgroup substitutions don't work _at all_, which is not true. They do work, however it seems there was a bug that caused them to not work correctly in some circumstances. If you had a user that was a member of only one netgroup, then there was a bug in the getnetgrent.c module that would prevent the membership from being evaluated correctly. This has been fixed (thanks to Dirk for the patch) in both the -current and 2.2.x branch. There is some question that this is the cause of the problem that prompted this PR, due to the fact that no example is provided that demonstrates the failure. Without explaining the exact circumstances where the netgroup substitution breaks, there's no way to reproduce or fix the problem. However, I strongly suspect that this bug is in fact the culprit here, so I'm going to close out the PR. If the problem persists, please submit a new PR that includes a set of sample passwd and netgroup data, or any other configuration information, that illustrate the failure you are seeing. -Bill >Unformatted: