From fenner@parc.xerox.com  Tue Jun 13 15:22:03 1995
Received: from alpha.xerox.com (alpha.Xerox.COM [13.1.64.93])
          by freefall.cdrom.com (8.6.10/8.6.6) with SMTP id PAA20721
          for <FreeBSD-gnats-submit@freebsd.org>; Tue, 13 Jun 1995 15:22:02 -0700
Received: from baobab.parc.xerox.com ([13.2.116.113]) by alpha.xerox.com with SMTP id <14451(6)>; Tue, 13 Jun 1995 15:21:04 PDT
Received: (from fenner@localhost) by baobab.parc.xerox.com (8.6.11/8.6.9) id PAA08651; Tue, 13 Jun 1995 15:24:55 -0700
Message-Id: <199506132224.PAA08651@baobab.parc.xerox.com>
Date: Tue, 13 Jun 1995 15:24:55 PDT
From: Bill Fenner <fenner@parc.xerox.com>
Reply-To: fenner@parc.xerox.com
To: FreeBSD-gnats-submit@freebsd.org
Subject: netgroup host matching doesn't appear to work
X-Send-Pr-Version: 3.2

>Number:         510
>Category:       bin
>Synopsis:       netgroup host matching doesn't appear to work
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:
>Keywords:
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Jun 13 15:30:01 1995
>Closed-Date:    Mon Aug 14 16:53:08 PDT 1995
>Last-Modified:  Mon Aug 14 16:56:28 PDT 1995
>Originator:     Bill Fenner
>Release:        FreeBSD 2.0-BUILT-19950527 i386
>Organization:
Xerox PARC
>Environment:

	
	FreeBSD 2.0.5-ALPHA
	Existing sun NIS environment

>Description:

	
	/etc/hosts.equiv has "+@sun-access" in it
	When trying to log in from the machine "crevenia", I still get
	asked for a password.

	"crevenia" is in the sun-access netgroup as both "crevenia" and
	"crevenia.parc.xerox.com".

baobab# domainname
PARC
baobab# ypwhich
eich.parc.xerox.com
baobab# alias yk 'ypmatch -k \!* netgroup'
baobab# yk sun-access
sun-access sun-accessN  sun-accessD
baobab# yk sun-accessN
sun-accessN sun-access01N         sun-access02N         sun-access03N
baobab# yk sun-access01N
sun-access01N parc-sunsN         parc-ardenN         parc-macsN         parc-mipsN         parc-doradosN         parc-daybreaksN         parc-symbolicsN         parc-nextN
baobab# yk parc-sunsN
parc-sunsN suns01N         suns02N         suns03N         suns04N      suns05N 
        suns06N         suns07N         suns08N         suns09N         suns10N 
        suns11N
baobab# yk suns02N
suns02N parc-suns10N    parc-suns11N    parc-suns12N    parc-suns13N    parc-suns14N    parc-suns15N    parc-suns16N    parc-suns17N    parc-suns18N
baobab# yk parc-suns18N
parc-suns18N (crevenia,-,PARC)  (antarea,-,PARC)        (arcturia,-,PARC)      (thyron,-,PARC)

/* The D tree follows the N tree exactly, no point in repeating it */

baobab# yk parc-suns18D
parc-suns18D (crevenia.parc.xerox.com,-,PARC)   (antarea.parc.xerox.com,-,PARC) 
        (arcturia.parc.xerox.com,-,PARC)        (thyron.parc.xerox.com,-,PARC)

>How-To-Repeat:

	
Try to rlogin to a machine with a netgroup in /etc/hosts.equiv and a
+ in /etc/netgroup

>Fix:
	
	

>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: wpaul 
State-Changed-When: Mon Aug 14 16:53:08 PDT 1995 
State-Changed-Why:  
Fixed in revision 1.7 of rcmd.c. Having a hosts.equiv file 
with a combination of regular hostnames and netgroups can 
sometime cause the __ivalisuser() to fail: __ivaliduser() 
needs to do a gethostbyaddr() to obtain the actual name of 
the host being validated, but the buffer returned by gethostbyaddr() 
can get corrupted by subsequent resolver calls. The fix is 
to copy the hostname to a private buffer. 
>Unformatted:


