From des@flood.ping.uio.no Sat Mar 27 11:14:10 1999
Return-Path: <des@flood.ping.uio.no>
Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31])
	by hub.freebsd.org (Postfix) with ESMTP id 48C06153FA
	for <FreeBSD-gnats-submit@freebsd.org>; Sat, 27 Mar 1999 11:14:08 -0800 (PST)
	(envelope-from des@flood.ping.uio.no)
Received: (from des@localhost)
	by flood.ping.uio.no (8.9.2/8.9.1) id UAA70054;
	Sat, 27 Mar 1999 20:13:49 +0100 (CET)
	(envelope-from des)
Message-Id: <199903271913.UAA70054@flood.ping.uio.no>
Date: Sat, 27 Mar 1999 20:13:49 +0100 (CET)
From: des@flood.ping.uio.no
Reply-To: des@flood.ping.uio.no
To: FreeBSD-gnats-submit@freebsd.org
Subject: getpwent() fails on NIS clients after dropping privs
X-Send-Pr-Version: 3.2

>Number:         10821
>Category:       bin
>Synopsis:       getpwent() fails on NIS clients after dropping privs
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    des
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat Mar 27 11:20:01 PST 1999
>Closed-Date:    Sun Jan 13 08:01:26 PST 2002
>Last-Modified:  Sun Jan 13 08:01:27 PST 2002
>Originator:     Dag-Erling Smorgrav
>Release:        FreeBSD 3.1-STABLE i386
>Organization:
>Environment:

FreeBSD 3.1 or 4.0 configured as NIS client of a FreeBSD NIS server
with master.passwd maps.

>Description:

The first time it runs, the NIS code in src/lib/libc/gen/getpwent.c
attempts to determine whether or not it has access to master.passwd.
The result of this test is saved in the global variable _gotmaster. If
the NIS server is a FreeBSD machine, it will only grant access to
those maps if the request originates from a privileged port. Thus the
test will only succeed if the process has an effective UID of 0 the
first time the NIS code runs.

The catch is that the NIS lookup code in src/lib/libc/yp/yplib.c
closes the NIS socket and reconnects if it detects a fork. It does
this by storing the pid when connecting, and checking that it is still
the same before every lookup. If the calling process drops privileges
and forks, getpwent.c will try to access master.passwd, but yplib.c
will not be able to connect from a privileged port. The NIS lookup
will fail.

>How-To-Repeat:

One piece of software which very clearly exhibits this problem is the
Apache HTTP daemon. Attempts to request any user's home page will fail
if the daemon runs on a NIS client and the requested user is listed in
the NIS password maps but not in the local password database.

>Fix:
	
src/lib/libc/gen/getpwent.c should retry lookups in the regular maps
if lookups in the restricted maps fail.


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->des 
Responsible-Changed-By: des 
Responsible-Changed-When: Sat Mar 27 13:29:55 PST 1999 
Responsible-Changed-Why:  
I'm working on a fix. 

From: Gerald Pfeifer <pfeifer@dbai.tuwien.ac.at>
To: freebsd-gnats-submit@freebsd.org
Cc: des@flood.ping.uio.no,
	Andreas Kreuzinger <kreuzing@dbai.tuwien.ac.at>
Subject: Re: bin/10821: getpwent() fails on NIS clients after dropping privs
Date: Thu, 6 May 1999 12:57:18 +0200 (MET DST)

 With FreeBSD 3.1-RELEASE we experience problems that may be related.
 
 We have three identically configured clients (no differences in /etc, for
 example).
 
  o One client works fine.
 
  o One client only accepts login by local users (root).
 
  o One client is accepting SSH logins (of NIS users), but no console
    login except local users (root). 
    However, a root login with `su - NISuser` works!
 
 `ypcat passwd`, however, works correctly on *all* of these machines!
 
 NIS Server is a Solaris 2.6 host.
 
 Gerald
 
 PS: You mentioned that you're working on a fix for bin/10821. How is the
     state of that?
 -- 
 Gerald "Jerry" pfeifer@dbai.tuwien.ac.at http://www.dbai.tuwien.ac.at/~pfeifer/
 
 

From: Dag-Erling Smorgrav <des@ofug.org>
To: bug-followup@freebsd.org
Cc:  
Subject: Re: bin/10821
Date: 27 Nov 2001 14:59:38 +0100

 The relevant bits of libc have been rewritten since this PR was
 submitted.  Does the problem still occur with a newer FreeBSD version?
 Unfortunately, I no longer have a NIS client to test this on.
 
 DES
 -- 
 Dag-Erling Smorgrav - des@ofug.org
State-Changed-From-To: open->closed 
State-Changed-By: des 
State-Changed-When: Sun Jan 13 08:01:26 PST 2002 
State-Changed-Why:  
Feedback timeout 

http://www.FreeBSD.org/cgi/query-pr.cgi?pr=10821 
>Unformatted:
