Re: NIS broken by pw_scan.c commits?

Tue, 01 Oct 2002 23:49:50 -0700 


Hello,

On 07:43+0400, Oct 2, 2002, Robert Watson wrote:

>
> It looks like someone has broken support for NIS in /etc/master.passwd by
> tightening the formatting rules for the file incorrectly.  Whereas a
> perfectly valid NIS password file used to work a month or so ago, it now
> generates a syntax error:
>
> www:*:80:80::0:0:World Wide Web Owner:/nonexistent:/sbin/nologin
> nobody:*:65534:65534::0:0:Unprivileged user:/nonexistent:/sbin/nologin
> +:::::::::
>
> cboss# pwd_mkdb -p /etc/master.passwd
> pwd_mkdb:  uid is incorrect
> pwd_mkdb: at line #22
> pwd_mkdb: /etc/master.passwd: Inappropriate file type or format
>
> (line 22 is the +::... line)
>
> If whoever did this could please *undo* the change, it would appreciate
> it: breaking services like NIS is not a good idea.  I won't have a chance
> to investigate more tonight, but I strongly suspect pw_scan.c:1.22 by
> Maxim.  It could be another commit; I'll try backing this out tomorrow

Yes, it is my bug, fixed in rev. 1.23, sorry for inconvenience.

By the way, there is still an issue: pw_scan() allows an empty GID in
non-NIS entries too. Any objections to a patch below?

Index: libc/gen/pw_scan.c
===================================================================
RCS file: /home/ncvs/src/lib/libc/gen/pw_scan.c,v
retrieving revision 1.22
diff -u -r1.22 pw_scan.c
--- libc/gen/pw_scan.c  25 Sep 2002 08:49:19 -0000      1.22
+++ libc/gen/pw_scan.c  2 Oct 2002 07:04:42 -0000
@@ -124,6 +124,13 @@
                goto fmt;
        if (p[0])
                pw->pw_fields |= _PWF_GID;
+       else {
+               if (pw->pw_name[0] != '+' && pw->pw_name[0] != '-') {
+                       if (flags & _PWSCAN_WARN)
+                               warnx("no gid for user %s", pw->pw_name);
+                       return (0);
+               }
+       }
        id = strtoul(p, &ep, 10);
        if (errno == ERANGE) {
                if (flags & _PWSCAN_WARN)

%%%

[ Note: this bug is not my :-) ]

> morning and see if things start working.  Requiring a valid integer value
> is bogus in the case where the field is filled in from NIS.
>
> Robert N M Watson             FreeBSD Core Team, TrustedBSD Projects
> [EMAIL PROTECTED]      Network Associates Laboratories
>
>

-- 
Maxim Konovalov, [EMAIL PROTECTED]




To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message

Reply via email to