Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 16 Jun 1997 09:15:11 -0700 (PDT)
From:      Dominic.Froud@dcs.qmw.ac.uk
To:        freebsd-gnats-submit@FreeBSD.ORG
Subject:   misc/3883: @+netgroup entries break +NIS-user entries in passwd when using getpwent(3)
Message-ID:  <199706161615.JAA13613@hub.freebsd.org>
Resent-Message-ID: <199706161620.JAA13803@hub.freebsd.org>
next in thread | raw e-mail | index | archive | help 


>Number:         3883
>Category:       misc
>Synopsis:       @+netgroup entries break +NIS-user entries in passwd when using getpwent(3)
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-bugs
>State:          open
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Jun 16 09:20:01 PDT 1997
>Last-Modified:
>Originator:     Dominic Froud
>Organization:
Queen Mary & Westfield College
>Release:        2.2-STABLE
>Environment:
FreeBSD iron.dcs.qmw.ac.uk 2.2-STABLE FreeBSD 2.2-STABLE #1: Fri Jun  6 09:49:02 GMT 1997     md@iron.dcs.qmw.ac.uk:/usr/src/sys/compile/IRON  i386

>Description:
When getpwent(3) encounters a +@netgroup entry in the /etc/passwd file,
it sets a flag (_pw_stepping_yp) to 1. This short-circuits successive
calls to getpwent() so that they jump to 'grabbing the next NIS entry'.
This flag isn't reset when all the netgroup members have been retrieved.
This causes a problem when another NIS-style entry (specifically named
NIS users) is mentioned because getpwent() is permanently locked to
retrieving the same user entry (and hence loops based around getpwent()
never return).
>How-To-Repeat:
Add lines in the following format to the end of /etc/passwd (using vipw):
+@netgroup-that-exists:::::::::
+NIS-user-that-exists:::::::::
+:::::::::/bin/true

Try: finger NIS-added-user-not-included-above

finger(1) will hang and a kernel trace will show 
a NIS lookup in passwd.byname for NIS-user-that-exists followed by
a successful return of their passwd entry.
After that, the trace is filled with nothing but gettimeofday(2) calls.
>Fix:
Non-rebuild workaround:

Place all +user entries before any +@netgroup entries in /etc/passwd
if possible. I don't think inserting a local user between the two
entries will work.

Software fix:

amend /usr/src/lib/libc/gen/getpwent.c as follows, and rebuild libc:

*** getpwent.c  Mon Jun 16 17:04:57 1997
--- fixed-getpwent.c      Mon Jun 16 16:36:17 1997
***************
*** 409,414 ****
--- 409,415 ----
                                        endgrent();
                                        latch = 0;
                                        gr = NULL;
+                                       _pw_stepping_yp = 0; /* DOM */
                                        return(0);
                                }
                        }
 
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199706161615.JAA13613>