Re: NIS broken by pw_scan.c commits?

2002-10-02 Thread Lars Eggert 

Robert Watson wrote:
 It looks like someone has broken support for NIS in /etc/master.passwd by
 tightening the formatting rules for the file incorrectly.  Whereas a
 perfectly valid NIS password file used to work a month or so ago, it now
 generates a syntax error: 

Ran into the same thing last week when uprading from -stable. A 
workaround is to use nsswitch.conf to make the loopkups use NIS, but 
that doesn't help if you need to share the password file with other 
versions/platforms.

Lars
-- 
Lars Eggert [EMAIL PROTECTED]   USC Information Sciences Institute



smime.p7s
Description: S/MIME Cryptographic Signature

Re: NIS broken by pw_scan.c commits?

2002-10-02 Thread Maxim Konovalov 


Hello,

On 07:43+0400, Oct 2, 2002, Robert Watson wrote:


 It looks like someone has broken support for NIS in /etc/master.passwd by
 tightening the formatting rules for the file incorrectly.  Whereas a
 perfectly valid NIS password file used to work a month or so ago, it now
 generates a syntax error:

 www:*:80:80::0:0:World Wide Web Owner:/nonexistent:/sbin/nologin
 nobody:*:65534:65534::0:0:Unprivileged user:/nonexistent:/sbin/nologin
 +:

 cboss# pwd_mkdb -p /etc/master.passwd
 pwd_mkdb:  uid is incorrect
 pwd_mkdb: at line #22
 pwd_mkdb: /etc/master.passwd: Inappropriate file type or format

 (line 22 is the +::... line)

 If whoever did this could please *undo* the change, it would appreciate
 it: breaking services like NIS is not a good idea.  I won't have a chance
 to investigate more tonight, but I strongly suspect pw_scan.c:1.22 by
 Maxim.  It could be another commit; I'll try backing this out tomorrow

Yes, it is my bug, fixed in rev. 1.23, sorry for inconvenience.

By the way, there is still an issue: pw_scan() allows an empty GID in
non-NIS entries too. Any objections to a patch below?

Index: libc/gen/pw_scan.c
===
RCS file: /home/ncvs/src/lib/libc/gen/pw_scan.c,v
retrieving revision 1.22
diff -u -r1.22 pw_scan.c
--- libc/gen/pw_scan.c  25 Sep 2002 08:49:19 -  1.22
+++ libc/gen/pw_scan.c  2 Oct 2002 07:04:42 -
@@ -124,6 +124,13 @@
goto fmt;
if (p[0])
pw-pw_fields |= _PWF_GID;
+   else {
+   if (pw-pw_name[0] != '+'  pw-pw_name[0] != '-') {
+   if (flags  _PWSCAN_WARN)
+   warnx(no gid for user %s, pw-pw_name);
+   return (0);
+   }
+   }
id = strtoul(p, ep, 10);
if (errno == ERANGE) {
if (flags  _PWSCAN_WARN)

%%%

[ Note: this bug is not my :-) ]

 morning and see if things start working.  Requiring a valid integer value
 is bogus in the case where the field is filled in from NIS.

 Robert N M Watson FreeBSD Core Team, TrustedBSD Projects
 [EMAIL PROTECTED]  Network Associates Laboratories



-- 
Maxim Konovalov, [EMAIL PROTECTED]




To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-current in the body of the message

Re: NIS broken by pw_scan.c commits?

2002-10-02 Thread Robert Watson 


On Wed, 2 Oct 2002, Maxim Konovalov wrote:

 Yes, it is my bug, fixed in rev. 1.23, sorry for inconvenience. 

No problem -- sorry for getting a bit snippy.  I was just a bit surprised
and couldn't imagine at first what I had broken in my password file :-). 

 By the way, there is still an issue: pw_scan() allows an empty GID in
 non-NIS entries too. Any objections to a patch below? 

It looks to me like this is a reasonable approach, but if for some reason
it doesn't work out, I'll be sure to whine when it hits my office
machines. :-)

Robert N M Watson FreeBSD Core Team, TrustedBSD Projects
[EMAIL PROTECTED]  Network Associates Laboratories


To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-current in the body of the message