Fix unbalanced #endif introduced by yesterday's change.

Prevent sites from shooting themselves in the foot while enabling/disabling
YP by disallowing `+' entries as logins in all cases. (This handles the
case of a `+' entry in the password file but YP no

Prevent sites from shooting themselves in the foot while enabling/disabling
YP by disallowing `+' entries as logins in all cases. (This handles the
case of a `+' entry in the password file but YP not running, which should
never happen but is easy enough to check for so we'll apply some
prophylaxis.)

show more ...

Second half of YP security hole fix. Needs updated password
database in order to operate.

Re-implement YP password file support from scratch. This implementation
correctly handles +user entries and + entries with local overrides.

BSD 4.4 Lite Lib Sources

- Extend the nsswitch to support Services, Protocols and Rpc
databases.
- Make nsswitch support caching.

Submitted by: Michael Bushkov <bushman__at__rsu.ru>
Sponsored by: Google Summer of Code 2005

POSIX prohibits any library function from setting errno to 0.
Correct my previous commit and add a comment to the manpage
indicating that the user must set errno to 0 if they wish to
distinguish "no

POSIX prohibits any library function from setting errno to 0.
Correct my previous commit and add a comment to the manpage
indicating that the user must set errno to 0 if they wish to
distinguish "no such user" from "error".

Pointed out by: Jacques Vidrine (nectar@)

show more ...

If getpwent/getpwuid/getpwnam return NULL, they must also set errno.

Fix a bug that could result in getpw*() incorrectly returning NULL when NIS
adjunct maps are used. One symtom of this bug is sshd saying:
login_get_lastlog: Cannot find account for uid X
when loggi

Fix a bug that could result in getpw*() incorrectly returning NULL when NIS
adjunct maps are used. One symtom of this bug is sshd saying:
login_get_lastlog: Cannot find account for uid X
when logging in. The problem here is caused by an incorrect reuse of the rv
variable when previous values are needed later.

show more ...

Make NULL a (void*)0 whereever possible, and fix the warnings(-Werror)
that this provokes. "Wherever possible" means "In the kernel OR NOT
C++" (implying C).

There are places where (void *) pointers

Make NULL a (void*)0 whereever possible, and fix the warnings(-Werror)
that this provokes. "Wherever possible" means "In the kernel OR NOT
C++" (implying C).

There are places where (void *) pointers are not valid, such as for
function pointers, but in the special case of (void *)0, agreement
settles on it being OK.

Most of the fixes were NULL where an integer zero was needed; many
of the fixes were NULL where ascii <nul> ('\0') was needed, and a
few were just "other".

Tested on: i386 sparc64

show more ...

Kill whitespace at end of lines.

Fix a bug that could result in a null pointer dereference in
getpwent(3) or getpwuid(3) when using NIS adjunct maps. The bug was
present in the internal `nis_passwd' function. The lookup in the
adj

Fix a bug that could result in a null pointer dereference in
getpwent(3) or getpwuid(3) when using NIS adjunct maps. The bug was
present in the internal `nis_passwd' function. The lookup in the
adjunct map used the name passed into `nis_passwd', however no name
was of course supplied by getpwent or getpwuid. Correctly use the
name from the `struct pwd' that was found instead.

PR: bin/59962
Submitted by: Gabriel Gomez <ggomez@fing.edu.uy>

show more ...

Revert to using yp_order() to probe for master.paswd.by* maps and
don't probe the server at all for passwd.by* maps. This fixes
interoperability with the Services For UNIX NIS server (which is
really

Revert to using yp_order() to probe for master.paswd.by* maps and
don't probe the server at all for passwd.by* maps. This fixes
interoperability with the Services For UNIX NIS server (which is
really a front end to Captive^WActiveDirectory). This server
incorrectly returns success for all YPPROC_MASTER requests,
even for maps that don't exist, which makes it impossible to
(ab)use it to probe for the existence of the master.passwd.by*
maps.

This is a little kludgey, but basically restores the original
behavior of getpwent.c as it is in -stable, and works around both
the lack of YPPROC_ORDER on NIS+ servers as well as the broken
YPPROC_MASTER on Services For UNIX servers.

show more ...

fix NIS+ YP compat mode

PR: bin/52792
Submitted by: TOMITA Yoshinori <yoshint@flab.fujitsu.co.jp>

Back out the `hiding' of strlcpy and strlcat. Several people
vocally objected to this safety belt.

`Hide' strlcpy and strlcat (using the namespace.h / __weak_reference
technique) so that we don't wind up calling into an application's
version if the application defines them.

Inspired by: qpopper's

`Hide' strlcpy and strlcat (using the namespace.h / __weak_reference
technique) so that we don't wind up calling into an application's
version if the application defines them.

Inspired by: qpopper's interfering and buggy version of strlcpy

show more ...

When using `compat' mode, be sure to re-dispatch setpwent, endpwent,
setgrent, and endgrent also. (The previous NSS implementation used to
simply twiddle the internal data of the various modules dir

When using `compat' mode, be sure to re-dispatch setpwent, endpwent,
setgrent, and endgrent also. (The previous NSS implementation used to
simply twiddle the internal data of the various modules directly.)

A symptom (group list set incorrectly in sshd) was
Reported by: Glenn Johnson <gjohnson@srrc.ars.usda.gov>

Sponsored by: DARPA, Network Associates Laboratories

show more ...

In compat mode, we `redispatch' the lookup. It is probably a good
idea to re-initialize `struct passwd', because e.g. pw_class might
get set by one module, but not by another. Add another call to t

In compat mode, we `redispatch' the lookup. It is probably a good
idea to re-initialize `struct passwd', because e.g. pw_class might
get set by one module, but not by another. Add another call to the
internal pwd_init function to accomplish this.

Sponsored by: DARPA, Network Associates Laboratories

show more ...

Don't try to access the NIS `master' maps unless we have superuser
privileges. To do so may cause the NIS server to log spurious and
annoying `access denied' messages.

Reported by: Philip Paeps <ph

Don't try to access the NIS `master' maps unless we have superuser
privileges. To do so may cause the NIS server to log spurious and
annoying `access denied' messages.

Reported by: Philip Paeps <philip@paeps.cx>
Sponsored by: DARPA, Network Associates Laboratories

show more ...

Follow-up to revision 1.74: Using the result buffer to store our empty
string was an incredibly dumb idea (of course it will be changed by an
NSS module on success!). Use a static empty string inste

Follow-up to revision 1.74: Using the result buffer to store our empty
string was an incredibly dumb idea (of course it will be changed by an
NSS module on success!). Use a static empty string instead.

Sponsored by: DARPA, Network Associates Laboratories

show more ...

Follow-up to revision 1.73: set _PWF_FILES when `compat' source is used
but user is found in local file.

Reported by: Shizuka Kudo <shizukakudo_99@yahoo.com>
Sponsored by: DARPA, Network Associates

Follow-up to revision 1.73: set _PWF_FILES when `compat' source is used
but user is found in local file.

Reported by: Shizuka Kudo <shizukakudo_99@yahoo.com>
Sponsored by: DARPA, Network Associates Laboratories

show more ...

Don't use `memset' to initialize a struct passwd. A module
may not fill in all fields, and in the case of string fields, this could
cause trouble for applications. (The only likely example is `pw_c

Don't use `memset' to initialize a struct passwd. A module
may not fill in all fields, and in the case of string fields, this could
cause trouble for applications. (The only likely example is `pw_class',
because this field is not used by all modules in all cases.)

Move initialization of struct passwd from module-specific code to the
dispatch code.

The problem of a NULL pw_class was
Noticed by: Philip Paeps <philip@paeps.cx>
and the c^Htrusty ssh(1) command.
Déjà vu by: getpwent.c revision 1.56

Sponsored by: DARPA, Network Associates Laboratories

show more ...

Correctly set _PWF_FILES in pw_fields when appropriate.
(_PWF_NIS and _PWF_HESIOD were already being set.)

Reported by: Shizuka Kudo <shizukakudo_99@yahoo.com>
Sponsored by: DARPA, Network Associate

Correctly set _PWF_FILES in pw_fields when appropriate.
(_PWF_NIS and _PWF_HESIOD were already being set.)

Reported by: Shizuka Kudo <shizukakudo_99@yahoo.com>
Sponsored by: DARPA, Network Associates Laboratories

show more ...

Revert the definitions of _PW_KEY* to their previous values. There is
at least one consumer outside of libc and pwd_mkdb.
Adjust the versioning in libc and pwd_mkdb accordingly.

named was the appli

Revert the definitions of _PW_KEY* to their previous values. There is
at least one consumer outside of libc and pwd_mkdb.
Adjust the versioning in libc and pwd_mkdb accordingly.

named was the application affected, and that fact was first
Reported by: Zherdev Anatoly <tolyar@mx.ru>

Sponsored by: DARPA, Network Associates Laboratories

show more ...

The default if nsswitch.conf(5) is not present is supposed to be the
hated `compat' source, not `files'.

Reported by: Philip Paeps <philip@paeps.cx>
Sponsored by: DARPA, Network Associates Laborator

The default if nsswitch.conf(5) is not present is supposed to be the
hated `compat' source, not `files'.

Reported by: Philip Paeps <philip@paeps.cx>
Sponsored by: DARPA, Network Associates Laboratories

show more ...