From owner-freebsd-hackers Wed Mar 17 13:31:59 1999 Delivered-To: freebsd-hackers@freebsd.org Received: from niobe.ewox.org (ppp007.uio.no [129.240.240.8]) by hub.freebsd.org (Postfix) with ESMTP id 10F331554E for ; Wed, 17 Mar 1999 13:31:10 -0800 (PST) (envelope-from des@niobe.ewox.org) Received: (from des@localhost) by niobe.ewox.org (8.9.3/8.9.1) id WAA26038; Wed, 17 Mar 1999 22:25:16 +0100 (CET) (envelope-from des) To: freebsd-hackers@freebsd.org Subject: YP bogons in src/lib/libc/gen/getpwent.c From: Dag-Erling Smorgrav Date: 17 Mar 1999 22:25:15 +0100 Message-ID: <86ww0f24hw.fsf@niobe.ewox.org> Lines: 61 X-Mailer: Gnus v5.5/Emacs 19.34 Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG There is a problem in the yp routines in src/lib/libc/gen/getpwent.c which results in the malfunction of Apache (and possibly other getpwent() consumers) on NIS clients. The problem seems to arise when the getpw*() functions are called both before and after dropping privileges and forking. The first call to getpw*() causes _ypinitdb() to set _gotmaster to YP_HAVE_MASTER. This causes subsequent _getyppass() calls to attempt to access the master.passwd.byname map, which will fail after Apache has dropped privileges and forked, because the children need to rebind, but don't have permission to bind to a privileged port. The bug does not occur in debug mode (httpd -X) because Apache does not fork, so it keeps using the original socket, which is bound to a privileged port. Proposed solution: if _getyppass() fails and _gotmaster != YP_HAVE_NONE, retry with mastermap = map. If that succeeds, set _gotmaster to YP_HAVE_NONE and proceed. If not, return 0 as usual. Here's an untested patch: Index: src/lib/libc/gen/getpwent.c =================================================================== RCS file: /home/ncvs/src/lib/libc/gen/getpwent.c,v retrieving revision 1.48 diff -u -r1.48 getpwent.c --- getpwent.c 1998/12/17 16:31:02 1.48 +++ getpwent.c 1999/03/17 21:22:35 @@ -747,14 +747,21 @@ return 0; } - sprintf(mastermap,"%s",map); - if (_gotmaster == YP_HAVE_MASTER) sprintf(mastermap,"master.%s", map); + else + sprintf(mastermap,"%s",map); if(yp_match(_pw_yp_domain, (char *)&mastermap, name, strlen(name), - &result, &resultlen)) - return 0; + &result, &resultlen)) { + if (_gotmaster != YP_HAVE_MASTER) + return 0; + sprintf(mastermap,"%s",map); + if (yp_match(_pw_yp_domain, (char *)&mastermap, + name, strlen(name), &result, &resultlen)) + return 0; + _gotmaster = YP_HAVE_NONE; + } if (!_pw_stepping_yp) { s = strchr(result, ':'); It might also make sense to export a function which completely resets the getpwent() code (i.e. sets _yp_enabled to -1, _gotmaster to YP_HAVE_NONE, etc.) DES -- Dag-Erling Smorgrav - des@flood.ping.uio.no To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message