From nobody Mon Jun 16 09:15:11 1997 Received: (from nobody@localhost) by hub.freebsd.org (8.8.5/8.8.5) id JAA13613; Mon, 16 Jun 1997 09:15:11 -0700 (PDT) Message-Id: <199706161615.JAA13613@hub.freebsd.org> Date: Mon, 16 Jun 1997 09:15:11 -0700 (PDT) From: Dominic.Froud@dcs.qmw.ac.uk To: freebsd-gnats-submit@freebsd.org Subject: @+netgroup entries break +NIS-user entries in passwd when using getpwent(3) X-Send-Pr-Version: www-1.0 >Number: 3883 >Category: misc >Synopsis: @+netgroup entries break +NIS-user entries in passwd when using getpwent(3) >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-bugs >State: closed >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Mon Jun 16 09:20:01 PDT 1997 >Closed-Date: Thu Mar 11 03:41:25 PST 1999 >Last-Modified: Thu Mar 11 03:43:33 PST 1999 >Originator: Dominic Froud >Release: 2.2-STABLE >Organization: Queen Mary & Westfield College >Environment: FreeBSD iron.dcs.qmw.ac.uk 2.2-STABLE FreeBSD 2.2-STABLE #1: Fri Jun 6 09:49:02 GMT 1997 md@iron.dcs.qmw.ac.uk:/usr/src/sys/compile/IRON i386 >Description: When getpwent(3) encounters a +@netgroup entry in the /etc/passwd file, it sets a flag (_pw_stepping_yp) to 1. This short-circuits successive calls to getpwent() so that they jump to 'grabbing the next NIS entry'. This flag isn't reset when all the netgroup members have been retrieved. This causes a problem when another NIS-style entry (specifically named NIS users) is mentioned because getpwent() is permanently locked to retrieving the same user entry (and hence loops based around getpwent() never return). >How-To-Repeat: Add lines in the following format to the end of /etc/passwd (using vipw): +@netgroup-that-exists::::::::: +NIS-user-that-exists::::::::: +:::::::::/bin/true Try: finger NIS-added-user-not-included-above finger(1) will hang and a kernel trace will show a NIS lookup in passwd.byname for NIS-user-that-exists followed by a successful return of their passwd entry. After that, the trace is filled with nothing but gettimeofday(2) calls. >Fix: Non-rebuild workaround: Place all +user entries before any +@netgroup entries in /etc/passwd if possible. I don't think inserting a local user between the two entries will work. Software fix: amend /usr/src/lib/libc/gen/getpwent.c as follows, and rebuild libc: *** getpwent.c Mon Jun 16 17:04:57 1997 --- fixed-getpwent.c Mon Jun 16 16:36:17 1997 *************** *** 409,414 **** --- 409,415 ---- endgrent(); latch = 0; gr = NULL; + _pw_stepping_yp = 0; /* DOM */ return(0); } } >Release-Note: >Audit-Trail: State-Changed-From-To: open->closed State-Changed-By: sheldonh State-Changed-When: Thu Mar 11 03:41:25 PST 1999 State-Changed-Why: Problem can't be reproduced in RELENG_2_2. Thanks to Dominic for the feedback. Closed with his consent. >Unformatted: