From nobody  Sat Jan 31 07:01:24 1998
Received: (from nobody@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id HAA20986;
          Sat, 31 Jan 1998 07:01:24 -0800 (PST)
          (envelope-from nobody)
Message-Id: <199801311501.HAA20986@hub.freebsd.org>
Date: Sat, 31 Jan 1998 07:01:24 -0800 (PST)
From: kmitch@cslab.vt.edu
To: freebsd-gnats-submit@freebsd.org
Subject: getpwnam and getpwuid do not use the +@netgroup convention in /etc/passwd.
X-Send-Pr-Version: www-1.0

>Number:         5610
>Category:       bin
>Synopsis:       getpwnam and getpwuid do not use the +@netgroup convention in /etc/passwd.
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat Jan 31 07:10:00 PST 1998
>Closed-Date:    Thu Feb 12 16:22:28 PST 1998
>Last-Modified:  Thu Feb 12 16:33:45 PST 1998
>Originator:     Keith Mitchell
>Release:        2.2.5-STABLE
>Organization:
Virginia Tech Comp. Sci. Department
>Environment:
FreeBSD labrador.cslab.vt.edu 2.2.5-STABLE FreeBSD 2.2.5-STABLE #0: Thu Jan 15 18:44:52 EST 1998     kmitch@labrador.cslab.vt.edu:/src/src/sys/compile/LABRADOR  i386

>Description:
The getpwnam and getpwuid system calls do not correctly lookup netgroups
int the passwd file via a +@netgroup entry.  They do, however work with
a +user entry.  The getpwent system call does parse the netgroup
imports.
>How-To-Repeat:

>Fix:

>Release-Note:
>Audit-Trail:

From: Dirk Froemberg <ibex@physik.TU-Berlin.DE>
To: freebsd-gnats-submit@freebsd.org, kmitch@cslab.vt.edu, wpaul@freebsd.org,
        freebsd-bugs@freebsd.org
Cc:  Subject: Re: bin/5610: getpwnam and getpwuid do not use the +@netgroup convention in /etc/passwd.
Date: Wed, 11 Feb 1998 20:35:42 +0100

 --6TrnltStXW4iwmi0
 Content-Type: text/plain; charset=us-ascii
 
 Keith Mitchell <kmitch@cslab.vt.edu> wrote:
 > The getpwnam and getpwuid system calls do not correctly lookup netgroups
 > int the passwd file via a +@netgroup entry.  They do, however work with
 > a +user entry.  The getpwent system call does parse the netgroup
 > imports.
 
 Hello!
 
 The problem seems to be _listmatch() in /usr/src/lib/libc/gen/getnetgrent.c:278.
 It is used by innetgr(3).
 
 If the first argument to _listmatch() is not a comma seperated list, ptr
 increases "forever" in line 296/297.
 
 The attached patch to getnetgrent.c solved the problem for me. Please have
 a look at it and feel free to use it.
 
 	Best regards Dirk
 
 -- 
 e-mail: ibex@physik.tu-berlin.de
 
 --6TrnltStXW4iwmi0
 Content-Type: text/plain; charset=us-ascii
 Content-Disposition: attachment; filename="getnetgrent.c.diff"
 
 *** getnetgrent.c.dist	Wed Nov 19 22:41:42 1997
 --- getnetgrent.c	Wed Feb 11 19:46:02 1998
 ***************
 *** 286,299 ****
   	while(isspace(*ptr))
   		ptr++;
   
 ! 	while (ptr < list + len) {
 ! 		cptr = ptr;
 ! 		while(*ptr != ','  && !isspace(*ptr))
 ! 			ptr++;
 ! 		if (strncmp(cptr, group, glen) == 0 && glen == (ptr - cptr))
   			return(1);
 ! 		while(*ptr == ','  || isspace(*ptr))
 ! 			ptr++;
   	}
   
   	return(0);
 --- 286,305 ----
   	while(isspace(*ptr))
   		ptr++;
   
 ! 	if ((strchr(list, ',') == NULL)) {
 ! 		if (strncmp(ptr, group, glen) == 0) {
   			return(1);
 ! 		}
 ! 	} else {
 ! 		while (ptr < list + len) {
 ! 			cptr = ptr;
 ! 			while(*ptr != ','  && !isspace(*ptr))
 ! 				ptr++;
 ! 			if (strncmp(cptr, group, glen) == 0 && glen == (ptr - cptr))
 ! 				return(1);
 ! 			while(*ptr == ','  || isspace(*ptr))
 ! 				ptr++;
 ! 		}
   	}
   
   	return(0);
 
 --6TrnltStXW4iwmi0--
State-Changed-From-To: open->closed 
State-Changed-By: wpaul 
State-Changed-When: Thu Feb 12 16:22:28 PST 1998 
State-Changed-Why:  
The PR description implies that +@netgroup substitutions don't work 
_at all_, which is not true. They do work, however it seems there was 
a bug that caused them to not work correctly in some circumstances. 
If you had a user that was a member of only one netgroup, then there 
was a bug in the getnetgrent.c module that would prevent the membership 
from being evaluated correctly. This has been fixed (thanks to Dirk 
for the patch) in both the -current and 2.2.x branch.               

There is some question that this is the cause of the problem that 
prompted this PR, due to the fact that no example is provided that 
demonstrates the failure. Without explaining the exact circumstances 
where the netgroup substitution breaks, there's no way to reproduce or 
fix the problem. 

However, I strongly suspect that this bug is in fact the culprit 
here, so I'm going to close out the PR. If the problem persists,   
please submit a new PR that includes a set of sample passwd and netgroup 
data, or any other configuration information, that illustrate the  
failure you are seeing.       

-Bill 
>Unformatted:
