Head off potential core dump in _havemaster() (we don't need to free any
memory here: the underlying YP routines handle this one for us).

Better conformance to SunOS behavior: if we can't match a user to one
of the plus or minus lists at all, reject him. This lets you create
a +@netgroup list of users that you want to admit and reject

Better conformance to SunOS behavior: if we can't match a user to one
of the plus or minus lists at all, reject him. This lets you create
a +@netgroup list of users that you want to admit and reject everybody
else. If you end your +@netgroup list with the wildcard line
(+:::::::::) then you'll have a +@netgroup list that remaps the
specified people but leaves people not in any netgroup unaffected.

show more ...

getpwent.c: fix problem with emacs dumping core when NIS is enabled. Also
add #includes for YP headers when compiling with -DYP to avoid some implicit
declarations.

getgrent.c & getnetgrent.c: add s

getpwent.c: fix problem with emacs dumping core when NIS is enabled. Also
add #includes for YP headers when compiling with -DYP to avoid some implicit
declarations.

getgrent.c & getnetgrent.c: add some #includes to avoid implicit declarations
of YP functions.

show more ...

Use yp_order() instead of yp_first() in _havemaster() to check for the
presence of the master.passwd.byname map, and remember to free the
returned order value before exiting.

Add calls to endgrent() and endnetgrent() to the end of _createcaches().

Yikes! Fix stupid mistake I made in last commit that made getpwent() ignore
local password entries when YP was enabled. (How the heck did that
get by me!?)

As per Justin T. Gibbs's request, agument the +@netgroup/-@netgroup
remapping mechanism in the following manner: if given an entry +@foo
and there is no netgroup named 'foo,' try searching for a regu

As per Justin T. Gibbs's request, agument the +@netgroup/-@netgroup
remapping mechanism in the following manner: if given an entry +@foo
and there is no netgroup named 'foo,' try searching for a regular
user group called 'foo' and build the cache using the members of
group 'foo' instead. If both a netgroup 'foo' and a user group 'foo'
exist, the 'foo' netgroup takes precedence, since we're primarily
interested in netgroup matching anyway.

This allows access control schemes based on ordinary user groups
(which are also available via NIS) rather than netgroups, since
netgroups on some systems are limited in really brain-damaged ways.

show more ...

Very important sanity checks: today I clobbered all four NIS servers on
my network because setnetgrent() was trying to do a lookup on group "".
It seems that an attempt to do a yp_match() (and possib

Very important sanity checks: today I clobbered all four NIS servers on
my network because setnetgrent() was trying to do a lookup on group "".
It seems that an attempt to do a yp_match() (and possible yp_next())
on a null or empty key causes Sun's ypserv in SunOS 4.1.3 to exit
suddenly (and without warning). Our ypserv behaves badly in this
situation too, thoush it doesn't appear to crash. In any event, getpwent,
getnetgrent and yp_match() and yp_next() are now extra careful not to
accidentally pass on null or empty arguments.

Also made a small change to getpwent.c to allow +::::::::: wildcarding,
which I had disabled previously.

show more ...

Lots of fixes/improvements in the +user substitution handling:

- Have the +@netgroup/-@netgroup caches handle the +user/-user cases too.
- Clean up getpwent() to take advantage of the improved +user

Lots of fixes/improvements in the +user substitution handling:

- Have the +@netgroup/-@netgroup caches handle the +user/-user cases too.
- Clean up getpwent() to take advantage of the improved +user/-user handling.

show more ...

Small cleanups:
- Prepend a '_' to a couple of things
- Make sure YP is enabled in _createcaches()
- Remove a couple of unused/uneeded variables from _createcaches()

Phew! Done at last: getpwent now understands +@netgroup/-@netgroup directives
in addition to the existing NIS substitutions. I may tweak this a bit in
the future, but the important stuff is all here.

Collapsed _masterpw_breakout_yp() and _pw_breakout_yp() into a
single function.

Fixed a rather serious bug that presents itself when FreeBSD is configured
as an NIS client. The pw_breakout_yp routines that are used to populate the
_pw_passwd structire only do anything if the bit

Fixed a rather serious bug that presents itself when FreeBSD is configured
as an NIS client. The pw_breakout_yp routines that are used to populate the
_pw_passwd structire only do anything if the bits in the pw_fields member
_pw_passwd are cleared. Unfortunately, we can get into a state where
pw_fields has garbage in it right before the YP lookup functions are
called, which causes the breakout functions to screw up in a big way.
Here's how to duplicate the problem:

- Configure FreeBSD as an NIS client
- Log in as a user who's password database records reside only in
the NIS passwd maps.
- Type ps -aux

Result: your processes appear to be owned by 'root' or 'deamon.'
/bin/ls can exhibit the same problem.

The reason this happens:

- When ps(1) needs to match a username to a UID, it calls getpwuid().

- root is in the local password file, so getpwuid() calls __hashpw()
and __hashpw() populates the _pw_passwd struct, including the pw_fields
member. This happens before NIS lookups take place because, by coincidence,
ps(1) tends to display processes owned by root before it happens upon
a proccess owned by you.

- When your UID comes up, __hashpw() fails to find your entry in the
local password database, so it bails out, BUT THE BITS IN THE pw_fields
STRUCTURE OF _pw_passwd ARE NEVER CLEARED AND STILL CONTAIN INFORMATION
FROM THE PREVIOUS CALL TO __hash_pw()!!

- If we have NIS enabled, the NIS lookup functions are called.

- The pw_breakout_yp routines see that the pw_fields bits are set and
decline to place the data retrieved from the NIS passwd maps into the
_pw_passwd structure.

- getpwuid() returns the results of the last __hashpw() lookup instead
of the valid NIS data.

- Hijinxs ensue when user_from_uid() caches this bogus information and
starts handing out the wrong usernames.

AAAARRRRRRRRRGGGGGGHHHHHHHHHH!!!

*Please* don't tell me I'm the only person to have noticed this.

Fixed by having __hashpw() check the state of pw_fields just before
bailing out on a failed lookup and clearing away any leftover garbage.
What a fun way to spend an afternoon.

show more ...

Fix for that last fix... pass the hat. :)

Small fix to _getyppass(): sometimes we can construct the wrong mapname
when looking for master.passwd.whatever.

Some changes for YP password map handling:

- FreeBSD's NIS server can supply a master.passwd map, which has
more fields in it than a standard passwd map, so we need a
_master_pw_breakout() fucti

Some changes for YP password map handling:

- FreeBSD's NIS server can supply a master.passwd map, which has
more fields in it than a standard passwd map, so we need a
_master_pw_breakout() fuction.

- When doing passwd map lookups, look for master.passwd.* by attempting
a _yp_first() on master.passwd.byname. If it exists, we're being served
by a FreeBSD NIS server and we should use this map.

- If we aren't the superuser, retrieve only the standard passwd maps.
If we're being served by a FreeBSD system, then the passwd map has
no passwords in it, and it won't serve us the master.passwd map unless
we're superuser anyway.

There's a small speed hit for the superuser inherent in the check for
the master.passwd map, but this lets us dynamically decide what to do
rather than rely on a non-standard config file somewhere. Since all
of this is bypassed for normal users, they shouldn't notice the
difference.

show more ...

Fix unbalanced #endif introduced by yesterday's change.

Prevent sites from shooting themselves in the foot while enabling/disabling
YP by disallowing `+' entries as logins in all cases. (This handles the
case of a `+' entry in the password file but YP no

Prevent sites from shooting themselves in the foot while enabling/disabling
YP by disallowing `+' entries as logins in all cases. (This handles the
case of a `+' entry in the password file but YP not running, which should
never happen but is easy enough to check for so we'll apply some
prophylaxis.)

show more ...

Second half of YP security hole fix. Needs updated password
database in order to operate.

Re-implement YP password file support from scratch. This implementation
correctly handles +user entries and + entries with local overrides.

BSD 4.4 Lite Lib Sources