sprintf -> snprintf paranoia

YP/NIS code: remove unnecessary endgrent() calls which can cause fail on
next try over chroot (descriptor closed). getgrnam() used already handles
endgrent() properly and honors _gr_stayopen. Automat

YP/NIS code: remove unnecessary endgrent() calls which can cause fail on
next try over chroot (descriptor closed). getgrnam() used already handles
endgrent() properly and honors _gr_stayopen. Automatically call
setgroupent(1) when _pw_stayopen is set (for YP/NIS code).

show more ...

Fix longstanding bug "unused stayopen" introduced in rev1.11

PR: 14201

Don't forget to reset _pw_stepping_yp to 0 before returning. Fixes a bug
where getpwent() would ignore wildcard entries that followed a netgroup
entry.

PR: misc/12999
Submitted by: David Hedley <da

Don't forget to reset _pw_stepping_yp to 0 before returning. Fixes a bug
where getpwent() would ignore wildcard entries that followed a netgroup
entry.

PR: misc/12999
Submitted by: David Hedley <david@inty.net>

show more ...

Apply patch for PR #12008: remember to reset _yp_enabled flag in
endpwent() so we don't trip over a NULL db pointer later.

PR: 12008
Submitted by: Valentin Netchayev <netch@lucky.net>

Partial fix for the forking problem: if we can't access the master maps,
try again with the unrestricted map.

PR: bin/10821

Restore old semantics (broken in rev 1.47's buffer overflow fix).

Prevent buffer overflow in getpwnam()

PR: bin/8176
Submitted by: Archie Cobbs <archie@whistle.com>

Replace memory leaking instances of realloc with non-leaking reallocf.
In some cases replace if (a == null) a = malloc(x); else a =
realloc(a, x); with simple reallocf(a, x). Per ANSI-C, this is
gua

Replace memory leaking instances of realloc with non-leaking reallocf.
In some cases replace if (a == null) a = malloc(x); else a =
realloc(a, x); with simple reallocf(a, x). Per ANSI-C, this is
guaranteed to be the same thing.

I've been running these on my system here w/o ill effects for some
time. However, the CTM-express is at part 6 of 34 for the CAM
changes, so I've not been able to do a build world with the CAM in the
tree with these changes. Shouldn't impact anything, but...

show more ...

Don't initialize NIS until it is really necessary. Now, in case of network
or NIS server problems, local user can login without a pause.

Also, -Wsomething cleanup.

XOpen says the void setpwent(void) is correct. Also call setpassent(0)
instead of duplicating code, albeit trivial (inspired by NetBSD).

PR: 5524

Many places in the code NULL is used in integer context, where
plain 0 should be used. This happens to work because we #define
NULL to 0, but is stylistically wrong and can cause problems
for people

Many places in the code NULL is used in integer context, where
plain 0 should be used. This happens to work because we #define
NULL to 0, but is stylistically wrong and can cause problems
for people trying to port bits of code to other environments.

PR: 2752
Submitted by: Arne Henrik Juul <arnej@imf.unit.no>

show more ...

Fix yet a minor stylistic nit from Bruce.
(`cvs diff -ib' print one new char ;-).

Potential bufferflow in getpwent(), getpwnam() and getpwuid()

PR: bin/4134
Submitted by: nick@foobar.org

Remove minor warning (for -Wall -Wshadow); clarifies code.

Merge from Lite2:
filesystem include updates, duplicate group suppression, cleanups,
filesystem whiteout support (unionfs), bidir popen().

Import CSRG 4.4BSD-Lite2 lib/libc onto vendor branch

Fix brain-o in SunOS passwd.adjunct stuff: !strstr(s, "##") is a) bad
style and b) the wrong logic. Should be strstr(s, "##") != NULL. (Note
that the passwd.adjunct stuff has not been merged into 2.2

Fix brain-o in SunOS passwd.adjunct stuff: !strstr(s, "##") is a) bad
style and b) the wrong logic. Should be strstr(s, "##") != NULL. (Note
that the passwd.adjunct stuff has not been merged into 2.2 so this bug
is not in that branch.)

show more ...

Small yet significant tweaks/cleanups:

- getpwent:
o adjunctbuf should be NUL terminated after copying
o _pw_breakout_yp() needs to know the length of the buffer returned
from YP so it can p

Small yet significant tweaks/cleanups:

- getpwent:
o adjunctbuf should be NUL terminated after copying
o _pw_breakout_yp() needs to know the length of the buffer returned
from YP so it can properly NUL terminate its local buffer.

- getgrent:
o YP buffers should be YPMAXRECORD + 2 bytes long and NUL terminated.
(Previously they were hardcoded to 1024 bytes.)

- getnetgrent:
o YP data should be copied with snprintf(), not sprintf()

These are 2.2 candidates. I will wait a few days to make sure these don't
break anything and then, if there are no objections, move them to the 2.2
branch.

show more ...

Add support for detecting and hopefully using the passwd.adjunct.byname
NIS map which is present on SunOS NIS servers with the SunOS C2 security
hack^Woption installed. I'm convinced that the C2 secu

Add support for detecting and hopefully using the passwd.adjunct.byname
NIS map which is present on SunOS NIS servers with the SunOS C2 security
hack^Woption installed. I'm convinced that the C2 security option restricts
access to the passwd.adjunct.byname map in the same way that I restrict
access to the master.passwd.{byname,buid} maps (checking for reserved ports),
which means that we should be able to handle passwd.adjunct.byname map
correctly.

If _havemaster() doesn't find a master.passwd.byname map, it will now
test for a passwd.adjunct.byname map before defaulting back to the
standard non-shadowed passwd.{byname,byuid} maps. If _pw_breakout_yp()
sees that the adjunct map was found and the password from the standard
maps starts with ##, it will try to grab the correct password field
from the adjunct map. As with the master.passwd maps, this only happens
if the caller is root, so the shadowing feature is preserved; non-root
users just get back ##username as the encrypted password.

Note that all we do is grab the second field from the passwd.adjunct.byname
entry, which is designated to be the real encrypted password. There are
other auditing fields in the entry but they aren't of much use to us.

Also switched back to using yp_order() to probe for the maps (instead
of yp_first()). The original problem with yp_order() was that it barfed
with NIS+ servers in YP compat mode since they don't support the
YPPROC_ORDER procedure. This condition is handled a bit more gracefully
in yplib now: we can detect the error and just punt on the probing.

show more ...

General -Wall warning cleanup, part I.
Submitted-By: Kent Vander Velden <graphix@iastate.edu>

Grrrr... yet another variation on Murphy's Law: the best way to find
bugs in your code is to put it in the -stable branch. (Corollary: the
day you discover the bug is the day the Internet decides to

Grrrr... yet another variation on Murphy's Law: the best way to find
bugs in your code is to put it in the -stable branch. (Corollary: the
day you discover the bug is the day the Internet decides to route your
telnet session to the repository box via Zimbabwe.)

Remove one bogus free(result) (from _havemaster()) that slipped by me.

Flagged by: phkmalloc
Pointed out to me by: Stefan Esser

show more ...

Very minor tweak:

In __initdb(), a failure to open the local password database is supposed
to result in a warning message being syslog()ed. This warning is only
supposed to be generated as long as t

Very minor tweak:

In __initdb(), a failure to open the local password database is supposed
to result in a warning message being syslog()ed. This warning is only
supposed to be generated as long as the 'warned' flag hasn't been yet;
once the warning is generated, the flag should be set so that the message
is only syslog()ed once. However, while the state of the flag is checked
properly, the flag's state is never changed, so you always get multiple
warnings instead of just one.

Pointed out by: Peter Wemm

show more ...

NIS cleanups and fixes, the next generation.

getnetgrent.c:

- Catch one bogon that snuck by: in _listmatch(), check for '\0'
rather than '\n'; strings returned from yp_match() are terminated
wi

NIS cleanups and fixes, the next generation.

getnetgrent.c:

- Catch one bogon that snuck by: in _listmatch(), check for '\0'
rather than '\n'; strings returned from yp_match() are terminated
with a nul, not a newline.

getpwent.c:

- Rip out all of the +inclusion/-exclusion stuff from before and
replace it with something a little less grotty. The main problem
with the old mechanism was that it wasted many cycles processing
NIS entries even after it already knew they were to be exlcuded
(or not included, depending on your pointof view). The highlights
of these changes include:

o Uses an in-memory hash database table to keep track of all the
-@netgroup, -user, and -@group exclusions.

o Tries harder to duplicate the behavior normally obtained when using
NIS inclusions/exclusions on a flat /etc/passwd file (meaning things
come out in much the same order).

o Uses seperate methods for handling getpwent() and getpwnam()/getpwuid()
operations instead of trying to do everything with one general
function, which didn't work as well as I thought it would.

o Uses both getnetgrent() and innetgr() to try to save time where
possible.

o Use only one special token in the local password database
(_PW_KEYYPBYNUM) instead of seperate tokens to mark + and -
entries (and stop using the counter tokens too). If this new
token doesn't exist, the code will make due with the standard
_PW_KEYBYNUM token in order to support older databases that
won't have the new token in them.

All this is an attempt to make this stuff work better in environments
with large NIS passwd databases.

show more ...

Getpwent() and getservent() can wind up calling free() with
an invalid pointer if a call to yp_first() fails. Closes PR # 964,
and possibly # 952.