1
0
mirror of https://git.FreeBSD.org/src.git synced 2024-12-26 11:47:31 +00:00
Commit Graph

60 Commits

Author SHA1 Message Date
David Malone
75328eca8d If the username we are trying to look up in the db files won't fit into
the buffer then act like it doesn't exist. The buffer is always big enough
for any valid username.

PR:		27860
Reviewed by:	nectar
2001-06-18 16:09:24 +00:00
Daniel Eischen
d201fe46e3 Remove _THREAD_SAFE and make libc thread-safe by default by
adding (weak definitions to) stubs for some of the pthread
functions.  If the threads library is linked in, the real
pthread functions will pulled in.

Use the following convention for system calls wrapped by the
threads library:
	__sys_foo - actual system call
	_foo - weak definition to __sys_foo
	foo - weak definition to __sys_foo

Change all libc uses of system calls wrapped by the threads
library from foo to _foo.  In order to define the prototypes
for _foo(), we introduce namespace.h and un-namespace.h
(suggested by bde).  All files that need to reference these
system calls, should include namespace.h before any standard
includes, then include un-namespace.h after the standard
includes and before any local includes.  <db.h> is an exception
and shouldn't be included in between namespace.h and
un-namespace.h  namespace.h will define foo to _foo, and
un-namespace.h will undefine foo.

Try to eliminate some of the recursive calls to MT-safe
functions in libc/stdio in preparation for adding a mutex
to FILE.  We have recursive mutexes, but would like to avoid
using them if possible.

Remove uneeded includes of <errno.h> from a few files.

Add $FreeBSD$ to a few files in order to pass commitprep.

Approved by:	-arch
2001-01-24 13:01:12 +00:00
Jacques Vidrine
0634de0c1f Fix bug introduced in previous commit: users obtained via compat mode
had uid, gid set to 0 if not otherwise specified!

Submitted by:	eivind
2000-11-13 21:22:50 +00:00
Jacques Vidrine
61a33b7ca5 Fix passwd entry `prototypes' in compat mode. I broke this in revision
1.55 when importing nsswitch from NetBSD.

Reported by:	Naoki Kobayashi <shibata@geo.titech.ac.jp>
2000-11-10 19:11:14 +00:00
Jacques Vidrine
580ef74769 Explicitly initialize _pw_passwd. 2000-10-27 18:27:07 +00:00
Jacques Vidrine
248aee623c Add nsswitch support. By creating an /etc/nsswitch.conf file, you can
configure FreeBSD so that various databases such as passwd and group can be
looked up using flat files, NIS, or Hesiod.

= Hesiod has been added to libc (see hesiod(3)).

= A library routine for parsing nsswitch.conf and invoking callback
  functions as specified has been added to libc (see nsdispatch(3)).

= The following C library functions have been modified to use nsdispatch:
    . getgrent, getgrnam, getgrgid
    . getpwent, getpwnam, getpwuid
    . getusershell
    . getaddrinfo
    . gethostbyname, gethostbyname2, gethostbyaddr
    . getnetbyname, getnetbyaddr
    . getipnodebyname, getipnodebyaddr, getnodebyname, getnodebyaddr

= host.conf has been removed from src/etc.  rc.network has been modified
  to warn that host.conf is no longer used at boot time.  In addition, if
  there is a host.conf but no nsswitch.conf, the latter is created at boot
  time from the former.

Obtained from:	NetBSD
2000-09-06 18:16:48 +00:00
Kris Kennaway
8f6d480067 sprintf -> snprintf paranoia 2000-08-04 10:23:42 +00:00
Andrey A. Chernov
0200080b60 YP/NIS code: remove unnecessary endgrent() calls which can cause fail on
next try over chroot (descriptor closed). getgrnam() used already handles
endgrent() properly and honors _gr_stayopen. Automatically call
setgroupent(1) when _pw_stayopen is set (for YP/NIS code).
1999-10-16 12:31:49 +00:00
Andrey A. Chernov
8b7690ea77 Fix longstanding bug "unused stayopen" introduced in rev1.11
PR:		14201
1999-10-16 11:50:37 +00:00
Dag-Erling Smørgrav
ecab1f6824 Don't forget to reset _pw_stepping_yp to 0 before returning. Fixes a bug
where getpwent() would ignore wildcard entries that followed a netgroup
entry.

PR:		misc/12999
Submitted by:	David Hedley <david@inty.net>
1999-09-06 08:04:43 +00:00
Bill Paul
a180d48db0 Apply patch for PR #12008: remember to reset _yp_enabled flag in
endpwent() so we don't trip over a NULL db pointer later.

PR: 12008
Submitted by: Valentin Netchayev <netch@lucky.net>
1999-06-04 02:27:35 +00:00
Dag-Erling Smørgrav
9b030d1073 Partial fix for the forking problem: if we can't access the master maps,
try again with the unrestricted map.

PR:		bin/10821
1999-03-27 21:51:33 +00:00
Eivind Eklund
630dc76f4e Restore old semantics (broken in rev 1.47's buffer overflow fix). 1998-12-17 16:31:02 +00:00
Mike Smith
ebed2088fe Prevent buffer overflow in getpwnam()
PR:		bin/8176
Submitted by:	Archie Cobbs <archie@whistle.com>
1998-10-29 23:16:24 +00:00
Warner Losh
e8420087b0 Replace memory leaking instances of realloc with non-leaking reallocf.
In some cases replace if (a == null) a = malloc(x); else a =
realloc(a, x); with simple reallocf(a, x).  Per ANSI-C, this is
guaranteed to be the same thing.

I've been running these on my system here w/o ill effects for some
time.  However, the CTM-express is at part 6 of 34 for the CAM
changes, so I've not been able to do a build world with the CAM in the
tree with these changes.  Shouldn't impact anything, but...
1998-09-16 04:17:47 +00:00
Dmitrij Tejblum
b5acd0014e Don't initialize NIS until it is really necessary. Now, in case of network
or NIS server problems, local user can login without a pause.

Also, -Wsomething cleanup.
1998-09-15 16:22:30 +00:00
Steve Price
2e645a20cb XOpen says the void setpwent(void) is correct. Also call setpassent(0)
instead of duplicating code, albeit trivial (inspired by NetBSD).

PR:		5524
1998-02-01 06:16:08 +00:00
Poul-Henning Kamp
d030d2d2ae Many places in the code NULL is used in integer context, where
plain 0 should be used.  This happens to work because we #define
NULL to 0, but is stylistically wrong and can cause problems
for people trying to port bits of code to other environments.

PR:		2752
Submitted by:	Arne Henrik Juul <arnej@imf.unit.no>
1997-09-18 14:08:40 +00:00
Wolfram Schneider
211fed7e35 Fix yet a minor stylistic nit from Bruce.
(`cvs diff -ib' print one new char ;-).
1997-09-15 19:37:23 +00:00
Wolfram Schneider
8be26e5d0f Potential bufferflow in getpwent(), getpwnam() and getpwuid()
PR: bin/4134
Submitted by:	nick@foobar.org
1997-09-14 18:16:11 +00:00
David Nugent
c333ae82c1 Remove minor warning (for -Wall -Wshadow); clarifies code. 1997-03-26 15:42:09 +00:00
Peter Wemm
adf6ad9e69 Merge from Lite2:
filesystem include updates, duplicate group suppression, cleanups,
  filesystem whiteout support (unionfs), bidir popen().
1997-03-11 11:52:33 +00:00
Bill Paul
09e8462819 Fix brain-o in SunOS passwd.adjunct stuff: !strstr(s, "##") is a) bad
style and b) the wrong logic. Should be strstr(s, "##") != NULL. (Note
that the passwd.adjunct stuff has not been merged into 2.2 so this bug
is not in that branch.)
1997-03-10 16:47:19 +00:00
Bill Paul
1d2493ff77 Small yet significant tweaks/cleanups:
- getpwent:
  o adjunctbuf should be NUL terminated after copying
  o _pw_breakout_yp() needs to know the length of the buffer returned
    from YP so it can properly NUL terminate its local buffer.

- getgrent:
  o YP buffers should be YPMAXRECORD + 2 bytes long and NUL terminated.
    (Previously they were hardcoded to 1024 bytes.)

- getnetgrent:
  o YP data should be copied with snprintf(), not sprintf()

These are 2.2 candidates. I will wait a few days to make sure these don't
break anything and then, if there are no objections, move them to the 2.2
branch.
1996-12-27 19:28:46 +00:00
Bill Paul
2be5d4cba8 Add support for detecting and hopefully using the passwd.adjunct.byname
NIS map which is present on SunOS NIS servers with the SunOS C2 security
hack^Woption installed. I'm convinced that the C2 security option restricts
access to the passwd.adjunct.byname map in the same way that I restrict
access to the master.passwd.{byname,buid} maps (checking for reserved ports),
which means that we should be able to handle passwd.adjunct.byname map
correctly.

If _havemaster() doesn't find a master.passwd.byname map, it will now
test for a passwd.adjunct.byname map before defaulting back to the
standard non-shadowed passwd.{byname,byuid} maps. If _pw_breakout_yp()
sees that the adjunct map was found and the password from the standard
maps starts with ##, it will try to grab the correct password field
from the adjunct map. As with the master.passwd maps, this only happens
if the caller is root, so the shadowing feature is preserved; non-root
users just get back ##username as the encrypted password.

Note that all we do is grab the second field from the passwd.adjunct.byname
entry, which is designated to be the real encrypted password. There are
other auditing fields in the entry but they aren't of much use to us.

Also switched back to using yp_order() to probe for the maps (instead
of yp_first()). The original problem with yp_order() was that it barfed
with NIS+ servers in YP compat mode since they don't support the
YPPROC_ORDER procedure. This condition is handled a bit more gracefully
in yplib now: we can detect the error and just punt on the probing.
1996-12-03 17:55:49 +00:00
Jordan K. Hubbard
51295a4d3e General -Wall warning cleanup, part I.
Submitted-By: Kent Vander Velden <graphix@iastate.edu>
1996-07-12 18:57:58 +00:00
Bill Paul
03cee47d84 Grrrr... yet another variation on Murphy's Law: the best way to find
bugs in your code is to put it in the -stable branch. (Corollary: the
day you discover the bug is the day the Internet decides to route your
telnet session to the repository box via Zimbabwe.)

Remove one bogus free(result) (from _havemaster()) that slipped by me.

Flagged by: phkmalloc
Pointed out to me by: Stefan Esser
1996-05-07 20:51:52 +00:00
Bill Paul
88ce2dd1ef Very minor tweak:
In __initdb(), a failure to open the local password database is supposed
to result in a warning message being syslog()ed. This warning is only
supposed to be generated as long as the 'warned' flag hasn't been yet;
once the warning is generated, the flag should be set so that the message
is only syslog()ed once. However, while the state of the flag is checked
properly, the flag's state is never changed, so you always get multiple
warnings instead of just one.

Pointed out by: Peter Wemm
1996-04-29 14:48:47 +00:00
Bill Paul
94c53e1fb5 NIS cleanups and fixes, the next generation.
getnetgrent.c:

- Catch one bogon that snuck by: in _listmatch(), check for '\0'
  rather than '\n'; strings returned from yp_match() are terminated
  with a nul, not a newline.

getpwent.c:

- Rip out all of the +inclusion/-exclusion stuff from before and
  replace it with something a little less grotty. The main problem
  with the old mechanism was that it wasted many cycles processing
  NIS entries even after it already knew they were to be exlcuded
  (or not included, depending on your pointof view). The highlights
  of these changes include:

  o Uses an in-memory hash database table to keep track of all the
    -@netgroup, -user, and -@group exclusions.

  o Tries harder to duplicate the behavior normally obtained when using
    NIS inclusions/exclusions on a flat /etc/passwd file (meaning things
    come out in much the same order).

  o Uses seperate methods for handling getpwent() and getpwnam()/getpwuid()
    operations instead of trying to do everything with one general
    function, which didn't work as well as I thought it would.

  o Uses both getnetgrent() and innetgr() to try to save time where
    possible.

  o Use only one special token in the local password database
    (_PW_KEYYPBYNUM) instead of seperate tokens to mark + and -
    entries (and stop using the counter tokens too). If this new
    token doesn't exist, the code will make due with the standard
    _PW_KEYBYNUM token in order to support older databases that
    won't have the new token in them.

  All this is an attempt to make this stuff work better in environments
  with large NIS passwd databases.
1996-04-16 00:22:41 +00:00
Mike Pritchard
70520b51b9 Getpwent() and getservent() can wind up calling free() with
an invalid pointer if a call to yp_first() fails.  Closes PR # 964,
and possibly # 952.
1996-01-29 20:16:30 +00:00
Poul-Henning Kamp
8b10240709 Minor cleanup, mostly unused vars and missing #includes. 1995-10-22 14:37:11 +00:00
Bill Paul
3948edc24c Another tweak/speedup pass:
- Fix buffer overflow problem once and for all: do away with the buffer
  copies to 'user' prior to calling _scancaches() and just pass a pointer
  to the buffer returned by yp_match()/yp_first()/yp_next()/whatever.
  (We turn the first ':' to a NUL first so strcmp() works, then change it
  back later. Submitted by Bill Fenner <fenner@parc.xerox.com> and
  tweaked slightly by me.

- Give _pw_breakout_yp() the 'more elegant solution' I promised way back when.
  Eliminate several copies to static buffers and replace them with just
  one copy. (The buffer returned by the NIS functions is at most
  YPMAXRECORD bytes long, so we should only need one static buffer of
  the same length (plus 2 for paranoia's sake).)

- Also in _pw_breakout_yp(): always set pw.pw_passwd to the username
  obtained via NIS regardless of what pw_fields says: usernames cannot
  be overridden so we have no choice but to use the name returned by
  NIS.

- _Again_ in _pw_breakout_yp(): before doing anything else, check that
  the first character of the NIS-returned buffer is not a '+' or '-'.
  If it is, drop the entry. (#define EXTRA_PARANOIA 1 :)

- Probe for the master.passwd.* maps once during __initdb() instead
  of doing it each time _getyppass() or _nextyppass() is called.

- Don't copy the NIS data buffers to static memory in _getyppass()
  and _nextyppass(): this is done in _pw_breakout_yp() now.

- Test against phkmalloc and phkmalloc/2 (TNG!) to make sure we're
  free()ing the yp buffers sanely.

- Put _havemaster(), _getyppass() and nextyppass() prototypes under
  #ifdef YP. (Somehow they ended up on the wrong side of the #endif.)

- Remove unused variable ___yp_only.
1995-10-11 21:35:08 +00:00
Bill Paul
400b841301 getgrent.c: adjust _nextypgroup() slightly so that it continues processing
the group map after encountering a badly formatted entry.

getpwent.c: same as above for _nextyppass(), and also turn a couple of
sprintf()s into snprintf()s to avoid potential buffer overruns. (The
other day I nearly went mad because of a username in my NIS database
that's actually 9 characters long instead of 8. Stuffing a 9-character
username into an 8-character buffer can do some strange things.)

(This reminds me: I hope somebody's planning to fix the buffer overrun
security hole in syslog(3) before 2.1 ships.)
1995-09-05 19:52:59 +00:00
Bill Paul
d454389cc2 getpwent.c: turn the code that checks the override caches into a
seperate function to avoid duplication. Also fix getpwent() a
small bit to properly handle the case where the magic NIS '+'
entry appears before the end of the password file.

getgrent.c: be a little more SunOS-ish. Make it look like the NIS
group map is 'inserted' at the the point(s) where the magic NIS '+'
entry/entries appear.

getgrent: fix a file descriptor leak: remember to close the netgroup
file after we determine that we're using NIS-only innetgr() lookups.
1995-09-02 04:08:55 +00:00
Bill Paul
6c0828a6c6 Do the same sanity checking in _pw_breakout_yp() that we do in
_gr_breakout_yp(): if we encounter a NULL pointer generated as the
result of a badly formatted NIS passwd entry (e.g. missing fields),
we punt and return an error code, thereby silently skipping the
bad entry.
1995-06-26 16:04:57 +00:00
Bill Paul
85e8f5bee2 Make _havemaster() use yp_first() (again) instead of yp_order() to
ward off possible NIS+ evil. (I might be overly paranoid with this,
but it doesn't hurt, so...)
1995-06-17 04:00:02 +00:00
Rodney W. Grimes
d3628763db Merge RELENG_2_0_5 into HEAD 1995-06-11 19:33:05 +00:00
Rodney W. Grimes
6c06b4e2aa Remove trailing whitespace. 1995-05-30 05:51:47 +00:00
Bill Paul
243ae8c754 in _freecaches(): strdup() allocates us memory -- remember to free it. 1995-04-22 17:28:04 +00:00
Bill Paul
8efe1172e2 Head off potential core dump in _havemaster() (we don't need to free any
memory here: the underlying YP routines handle this one for us).
1995-04-15 03:11:55 +00:00
Bill Paul
c98fda6ec8 Better conformance to SunOS behavior: if we can't match a user to one
of the plus or minus lists at all, reject him. This lets you create
a +@netgroup list of users that you want to admit and reject everybody
else. If you end your +@netgroup list with the wildcard line
(+:::::::::) then you'll have a +@netgroup list that remaps the
specified people but leaves people not in any netgroup unaffected.
1995-04-14 14:56:28 +00:00
Bill Paul
958f4e365d getpwent.c: fix problem with emacs dumping core when NIS is enabled. Also
add #includes for YP headers when compiling with -DYP to avoid some implicit
declarations.

getgrent.c & getnetgrent.c: add some #includes to avoid implicit declarations
of YP functions.
1995-04-04 05:36:16 +00:00
Bill Paul
b38bb6d374 Use yp_order() instead of yp_first() in _havemaster() to check for the
presence of the master.passwd.byname map, and remember to free the
returned order value before exiting.
1995-03-27 20:46:40 +00:00
Bill Paul
f05daed916 Add calls to endgrent() and endnetgrent() to the end of _createcaches(). 1995-03-25 00:30:35 +00:00
Bill Paul
828447008a Yikes! Fix stupid mistake I made in last commit that made getpwent() ignore
local password entries when YP was enabled. (How the heck did that
get by me!?)
1995-03-24 08:01:01 +00:00
Bill Paul
d34ef3d62b As per Justin T. Gibbs's request, agument the +@netgroup/-@netgroup
remapping mechanism in the following manner: if given an entry +@foo
and there is no netgroup named 'foo,' try searching for a regular
user group called 'foo' and build the cache using the members of
group 'foo' instead. If both a netgroup 'foo' and a user group 'foo'
exist, the 'foo' netgroup takes precedence, since we're primarily
interested in netgroup matching anyway.

This allows access control schemes based on ordinary user groups
(which are also available via NIS) rather than netgroups, since
netgroups on some systems are limited in really brain-damaged ways.
1995-03-24 05:46:47 +00:00
Bill Paul
353fefe325 Very important sanity checks: today I clobbered all four NIS servers on
my network because setnetgrent() was trying to do a lookup on group "".
It seems that an attempt to do a yp_match() (and possible yp_next())
on a null or empty key causes Sun's ypserv in SunOS 4.1.3 to exit
suddenly (and without warning). Our ypserv behaves badly in this
situation too, thoush it doesn't appear to crash. In any event, getpwent,
getnetgrent and yp_match() and yp_next() are now extra careful not to
accidentally pass on null or empty arguments.

Also made a small change to getpwent.c to allow +::::::::: wildcarding,
which I had disabled previously.
1995-03-23 22:18:00 +00:00
Bill Paul
5f115c9d15 Lots of fixes/improvements in the +user substitution handling:
- Have the +@netgroup/-@netgroup caches handle the +user/-user cases too.
- Clean up getpwent() to take advantage of the improved +user/-user handling.
1995-03-23 17:33:19 +00:00
Bill Paul
89395683ea Small cleanups:
- Prepend a '_' to a couple of things
- Make sure YP is enabled in _createcaches()
- Remove a couple of unused/uneeded variables from _createcaches()
1995-03-23 04:04:01 +00:00
Bill Paul
9531ca9353 Phew! Done at last: getpwent now understands +@netgroup/-@netgroup directives
in addition to the existing NIS substitutions. I may tweak this a bit in
the future, but the important stuff is all here.
1995-03-23 00:59:15 +00:00