From nobody  Mon Jun 16 09:15:11 1997
Received: (from nobody@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id JAA13613;
          Mon, 16 Jun 1997 09:15:11 -0700 (PDT)
Message-Id: <199706161615.JAA13613@hub.freebsd.org>
Date: Mon, 16 Jun 1997 09:15:11 -0700 (PDT)
From: Dominic.Froud@dcs.qmw.ac.uk
To: freebsd-gnats-submit@freebsd.org
Subject: @+netgroup entries break +NIS-user entries in passwd when using getpwent(3)
X-Send-Pr-Version: www-1.0

>Number:         3883
>Category:       misc
>Synopsis:       @+netgroup entries break +NIS-user entries in passwd when using getpwent(3)
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Jun 16 09:20:01 PDT 1997
>Closed-Date:    Thu Mar 11 03:41:25 PST 1999
>Last-Modified:  Thu Mar 11 03:43:33 PST 1999
>Originator:     Dominic Froud
>Release:        2.2-STABLE
>Organization:
Queen Mary & Westfield College
>Environment:
FreeBSD iron.dcs.qmw.ac.uk 2.2-STABLE FreeBSD 2.2-STABLE #1: Fri Jun  6 09:49:02 GMT 1997     md@iron.dcs.qmw.ac.uk:/usr/src/sys/compile/IRON  i386

>Description:
When getpwent(3) encounters a +@netgroup entry in the /etc/passwd file,
it sets a flag (_pw_stepping_yp) to 1. This short-circuits successive
calls to getpwent() so that they jump to 'grabbing the next NIS entry'.
This flag isn't reset when all the netgroup members have been retrieved.
This causes a problem when another NIS-style entry (specifically named
NIS users) is mentioned because getpwent() is permanently locked to
retrieving the same user entry (and hence loops based around getpwent()
never return).
>How-To-Repeat:
Add lines in the following format to the end of /etc/passwd (using vipw):
+@netgroup-that-exists:::::::::
+NIS-user-that-exists:::::::::
+:::::::::/bin/true

Try: finger NIS-added-user-not-included-above

finger(1) will hang and a kernel trace will show 
a NIS lookup in passwd.byname for NIS-user-that-exists followed by
a successful return of their passwd entry.
After that, the trace is filled with nothing but gettimeofday(2) calls.
>Fix:
Non-rebuild workaround:

Place all +user entries before any +@netgroup entries in /etc/passwd
if possible. I don't think inserting a local user between the two
entries will work.

Software fix:

amend /usr/src/lib/libc/gen/getpwent.c as follows, and rebuild libc:

*** getpwent.c  Mon Jun 16 17:04:57 1997
--- fixed-getpwent.c      Mon Jun 16 16:36:17 1997
***************
*** 409,414 ****
--- 409,415 ----
                                        endgrent();
                                        latch = 0;
                                        gr = NULL;
+                                       _pw_stepping_yp = 0; /* DOM */
                                        return(0);
                                }
                        }
 
>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: sheldonh 
State-Changed-When: Thu Mar 11 03:41:25 PST 1999 
State-Changed-Why:  
Problem can't be reproduced in RELENG_2_2. Thanks to Dominic for the 
feedback. Closed with his consent. 
>Unformatted:
