Commit Graph

91 Commits

Author SHA1 Message Date
Andrey A. Chernov
ff17906bc9 Fix bracket error for LogMask
Submitted by: Ruslan Belkin <rus@home2.UA.net>
1995-05-02 17:46:30 +00:00
Joerg Wunsch
85c30cfa12 Added function and man page for ftok(3), used in conjunction with
the so-called "System V IPC".

Submitted by:	jbeukema@HK.Super.Net (John Beukema)
Obtained from:  Th. Lockert <tholo@sigmasoft.com>, via NetBSD
1995-05-01 08:53:21 +00:00
Bill Paul
04adcdacbf Small fix for the following problems:
- If you take the wheel entry out of /etc/group and turn on NIS,
the '+:*::' line is incorrectly flagged as the entry for wheel (the
empty gid section is translated to 0), hence getgrgid() returns '+'
as the name of the group instead of 'wheel.'

- Using just '+:' as the 'turn on NIS' switch in /etc/group makes
getgrgid() dump core because of a null pointer dereference. (Last
time I was in here, I foolishly assumed that fixing the core dump
problems with getgrnam() and getgrent() would fix getgrgid() too.
Silly me.)
1995-04-29 17:14:50 +00:00
Bill Paul
243ae8c754 in _freecaches(): strdup() allocates us memory -- remember to free it. 1995-04-22 17:28:04 +00:00
Bruce Evans
55e2b2c608 Fix bugs in opendir():
- it succeeded on non-directories (see POSIX 5.1.2.4).
- it hung on (non-open) named pipes.
- it leaked memory if the second malloc() failed.
- it didn't preserve errno across errors in close().
1995-04-21 15:23:27 +00:00
Bill Paul
8efe1172e2 Head off potential core dump in _havemaster() (we don't need to free any
memory here: the underlying YP routines handle this one for us).
1995-04-15 03:11:55 +00:00
Bill Paul
c98fda6ec8 Better conformance to SunOS behavior: if we can't match a user to one
of the plus or minus lists at all, reject him. This lets you create
a +@netgroup list of users that you want to admit and reject everybody
else. If you end your +@netgroup list with the wildcard line
(+:::::::::) then you'll have a +@netgroup list that remaps the
specified people but leaves people not in any netgroup unaffected.
1995-04-14 14:56:28 +00:00
Garrett Wollman
3688be0eeb Add err_set_file() and err_set_exit() functions to make it possible for
programs which use err(3) to work nicely in a wider range of environments
(e.g., dialog).
1995-04-13 18:04:11 +00:00
Andrey A. Chernov
929fb7fedd Add missing header reference 1995-04-09 04:59:40 +00:00
Joerg Wunsch
d108492508 The man page setmode(3) declares `void setmode' when it should be
declared `void *setmode'.

Submitted by:	kargl@troutmask.apl.washington.edu
1995-04-05 22:56:45 +00:00
Bill Paul
958f4e365d getpwent.c: fix problem with emacs dumping core when NIS is enabled. Also
add #includes for YP headers when compiling with -DYP to avoid some implicit
declarations.

getgrent.c & getnetgrent.c: add some #includes to avoid implicit declarations
of YP functions.
1995-04-04 05:36:16 +00:00
Andrey A. Chernov
3437da9391 Clear IGNPAR in cfmakeraw() instead of set it. 1995-03-29 19:28:35 +00:00
Bill Paul
b38bb6d374 Use yp_order() instead of yp_first() in _havemaster() to check for the
presence of the master.passwd.byname map, and remember to free the
returned order value before exiting.
1995-03-27 20:46:40 +00:00
Poul-Henning Kamp
e169c6670b scandir(3) didn't transfer d_type, and d_ino is called d_fileno now. 1995-03-25 07:39:02 +00:00
Bill Paul
f05daed916 Add calls to endgrent() and endnetgrent() to the end of _createcaches(). 1995-03-25 00:30:35 +00:00
Bill Paul
0ffe27f544 Make sanity checks saner: don't let setnetgrent() or innetgr() swallow
any bogus arguments.
1995-03-24 20:42:28 +00:00
Andrey A. Chernov
bee5b8efe8 Change strtok() to strsep(), using strtok() can cause memory corruption
if user program use it too in the same time.
1995-03-24 16:33:44 +00:00
Bill Paul
828447008a Yikes! Fix stupid mistake I made in last commit that made getpwent() ignore
local password entries when YP was enabled. (How the heck did that
get by me!?)
1995-03-24 08:01:01 +00:00
Bill Paul
d34ef3d62b As per Justin T. Gibbs's request, agument the +@netgroup/-@netgroup
remapping mechanism in the following manner: if given an entry +@foo
and there is no netgroup named 'foo,' try searching for a regular
user group called 'foo' and build the cache using the members of
group 'foo' instead. If both a netgroup 'foo' and a user group 'foo'
exist, the 'foo' netgroup takes precedence, since we're primarily
interested in netgroup matching anyway.

This allows access control schemes based on ordinary user groups
(which are also available via NIS) rather than netgroups, since
netgroups on some systems are limited in really brain-damaged ways.
1995-03-24 05:46:47 +00:00
Bill Paul
62a771700f Don't let setnetgrent() operate on a null or empty group name: it can
tickle a bug in ypserv and make a serious mess of things.
1995-03-23 22:21:16 +00:00
Bill Paul
353fefe325 Very important sanity checks: today I clobbered all four NIS servers on
my network because setnetgrent() was trying to do a lookup on group "".
It seems that an attempt to do a yp_match() (and possible yp_next())
on a null or empty key causes Sun's ypserv in SunOS 4.1.3 to exit
suddenly (and without warning). Our ypserv behaves badly in this
situation too, thoush it doesn't appear to crash. In any event, getpwent,
getnetgrent and yp_match() and yp_next() are now extra careful not to
accidentally pass on null or empty arguments.

Also made a small change to getpwent.c to allow +::::::::: wildcarding,
which I had disabled previously.
1995-03-23 22:18:00 +00:00
Bill Paul
5f115c9d15 Lots of fixes/improvements in the +user substitution handling:
- Have the +@netgroup/-@netgroup caches handle the +user/-user cases too.
- Clean up getpwent() to take advantage of the improved +user/-user handling.
1995-03-23 17:33:19 +00:00
Bill Paul
89395683ea Small cleanups:
- Prepend a '_' to a couple of things
- Make sure YP is enabled in _createcaches()
- Remove a couple of unused/uneeded variables from _createcaches()
1995-03-23 04:04:01 +00:00
Bill Paul
9531ca9353 Phew! Done at last: getpwent now understands +@netgroup/-@netgroup directives
in addition to the existing NIS substitutions. I may tweak this a bit in
the future, but the important stuff is all here.
1995-03-23 00:59:15 +00:00
Bill Paul
8516cd0fa5 Use better/stronger/faster NIS lookup code: by using yp_match() instead of
the yp_first()/yp_next() combo, we let the database code in ypserv do some
of the work for us.
1995-03-21 19:47:12 +00:00
Bill Paul
e80307946b Whoops: expanding netgroups that reference multiple netgroups doesn't
work because parse_netgrp() doesn't recurse properly. Fixed by
changing

if (parse_netgrp(spos))
	return(1);
to

if (parse_netgrp(spos))
	continue;

inside parse_netgrp(). (Lucky for me I happen to have a fairly complex
'live' netgroup database to test this stuff with.)
1995-03-19 22:19:52 +00:00
Bill Paul
409495f6c7 Two major changes:
- Added support for reading netgroups from NIS/YP in addition to the
local /etc/netgroups file. (Note that SunOS and many other systems only
support reading netgroups via NIS, which is a bit odd.)

- Fix Evil Null Pointer Dereferences From Hell (tm) that caused
parse_netgrp() to SEGV when expanding netgroups that include
references to other netgroups. Funny how nobody else noticed this.

This is the first step in implimenting +@netgroup substitution in
getpwent.c and any other places that could use it and don't already
support it (which is probably everywhere).
1995-03-19 06:16:03 +00:00
Bill Paul
89047c9c7c Fix 'putting +: in /etc/group causes many programs to dump core' bug
by heading off possible null pointer dereferences in grscan(). Also
change getgrnam() slightly to properly handle the change: if grscan()
returns an rval of 1 and leaves a '+' in the gr_name field and YP is
enabled, poll the YP group.byname map before giving up. This should
insure that we make every effort to find a match in the local and
YP group databases before bailing out.
1995-03-18 05:03:10 +00:00
Andrey A. Chernov
b76cc0f831 stdio.h --> unistd.h 1995-03-09 17:45:23 +00:00
Poul-Henning Kamp
728736c058 Explain the full story, and make it understandable too. 1995-02-25 04:43:20 +00:00
Poul-Henning Kamp
888bbd45f9 fix the synopsis to show
|     void
|    *signal(int sig, void (*func)(int))

instead of

|     void
|     *signal(sig, func())
|
|     void
|     (*func)()
1995-02-24 07:35:49 +00:00
Andrey A. Chernov
977e8ea0c9 Add missing #include <time.h> with time() prototype 1995-02-24 01:02:59 +00:00
Stefan Eßer
b5fd1704b2 Bruce pointed out, that a misleading warning would be issued
in an (unlikely) border case (maxgroups==1 and the user is on
an /etc/group line for the same group and that group only ...).

Now this case is dealt with as before ...
1995-02-17 19:45:21 +00:00
Stefan Eßer
f067e922a9 Protect against duplicate gids in group list (as could be the
result of being a member of some group in both /etc/group and YP).
1995-02-17 17:36:09 +00:00
David Greenman
16be381004 Backed out Keith Bostic's getcwd/$PWD hack. It is causing things to break
all over the place.
1995-02-07 05:52:57 +00:00
Poul-Henning Kamp
d55ceee7a3 Document the getenv(PWD) feature. 1995-02-05 18:14:38 +00:00
Bill Paul
d66efc62bd Collapsed _masterpw_breakout_yp() and _pw_breakout_yp() into a
single function.
1995-02-05 02:12:49 +00:00
Poul-Henning Kamp
03cfe806a2 A cute hack to speed up things by Keith: if getenv("PWD") is the same
inode as ".", then just return that.  I added a check so it must start with
a '/'.

Reviewed by:	phk
Submitted by:	bostic@cs.berkeley.edu (Keith Bostic)
1995-02-04 19:29:22 +00:00
Bruce Evans
66a96c4ca4 Include <time.h> instead of <sys/time.h> to get CLK_TCK. Including
<sys/time.h> works because <sys/time.h> includes <time.h> if KERNEL
is not defined, but is ugly.
1995-02-03 22:28:34 +00:00
Bruce Evans
711fbb0afc Change CLK_TCK to CLOCKS_PER_SEC.
Add a missing apostrophe that suggests inverting the frequency to get
tick size.  It read better before because `CLK_TCK' suggests a tick
size although it is actually a frequency.
1995-02-03 22:09:56 +00:00
Bruce Evans
3652b5c25d Change CLK_TCK to CLOCKS_PER_SEC. (CLK_TCK is a deprecated POSIX feature
and is not necessarily related to the ANSI CLOCKS_PER_SEC).

Parenthesize macro args.
1995-02-03 21:59:45 +00:00
Bruce Evans
6231933da9 Fix previous change to preserve const'ness. 1995-02-03 21:54:03 +00:00
Bill Paul
a393cc06f5 Fixed a rather serious bug that presents itself when FreeBSD is configured
as an NIS client. The pw_breakout_yp routines that are used to populate the
_pw_passwd structire only do anything if the bits in the pw_fields member
_pw_passwd are cleared. Unfortunately, we can get into a state where
pw_fields has garbage in it right before the YP lookup functions are
called, which causes the breakout functions to screw up in a big way.
Here's how to duplicate the problem:

- Configure FreeBSD as an NIS client
- Log in as a user who's password database records reside only in
  the NIS passwd maps.
- Type ps -aux

Result: your processes appear to be owned by 'root' or 'deamon.'
/bin/ls can exhibit the same problem.

The reason this happens:

- When ps(1) needs to match a username to a UID, it calls getpwuid().

- root is in the local password file, so getpwuid() calls  __hashpw()
  and __hashpw() populates the _pw_passwd struct, including the pw_fields
  member. This happens before NIS lookups take place because, by coincidence,
  ps(1) tends to display processes owned by root before it happens upon
  a proccess owned by you.

- When your UID comes up, __hashpw() fails to find your entry in the
  local password database, so it bails out, BUT THE BITS IN THE pw_fields
  STRUCTURE OF _pw_passwd ARE NEVER CLEARED AND STILL CONTAIN INFORMATION
  FROM THE PREVIOUS CALL TO __hash_pw()!!

- If we have NIS enabled, the NIS lookup functions are called.

- The pw_breakout_yp routines see that the pw_fields bits are set and
  decline to place the data retrieved from the NIS passwd maps into the
  _pw_passwd structure.

- getpwuid() returns the results of the last __hashpw() lookup instead
  of the valid NIS data.

- Hijinxs ensue when user_from_uid() caches this bogus information and
  starts handing out the wrong usernames.

AAAARRRRRRRRRGGGGGGHHHHHHHHHH!!!

*Please* don't tell me I'm the only person to have noticed this.

Fixed by having __hashpw() check the state of pw_fields just before
bailing out on a failed lookup and clearing away any leftover garbage.
What a fun way to spend an afternoon.
1995-02-03 01:09:35 +00:00
Bill Paul
320ce7b758 Fix for that last fix... pass the hat. :) 1995-02-01 20:09:00 +00:00
Bill Paul
c768efa1a8 Small fix to _getyppass(): sometimes we can construct the wrong mapname
when looking for master.passwd.whatever.
1995-02-01 20:06:33 +00:00
Bill Paul
d0ef66889a Some changes for YP password map handling:
- FreeBSD's NIS server can supply a master.passwd map, which has
  more fields in it than a standard passwd map, so we need a
  _master_pw_breakout() fuction.

- When doing passwd map lookups, look for master.passwd.* by attempting
  a _yp_first() on master.passwd.byname. If it exists, we're being served
  by a FreeBSD NIS server and we should use this map.

- If we aren't the superuser, retrieve only the standard passwd maps.
  If we're being served by a FreeBSD system, then the passwd map has
  no passwords in it, and it won't serve us the master.passwd map unless
  we're superuser anyway.

There's a small speed hit for the superuser inherent in the check for
the master.passwd map, but this lets us dynamically decide what to do
rather than rely on a non-standard config file somewhere. Since all
of this is bypassed for normal users, they shouldn't notice the
difference.
1995-01-31 10:04:18 +00:00
David Greenman
cc6f628176 Be sure to properly fail if there are not enough fields. Problem
reported by MARC Giannoni <marc@cmc.eng.comsat.com>, this fix is by me.
1995-01-27 22:30:03 +00:00
Doug Rabson
6de86c13d8 Reclaim memory used for telldir cookies on closedir. 1995-01-27 13:51:18 +00:00
Garrett Wollman
bb38a730ff Fix unbalanced #endif introduced by yesterday's change. 1995-01-19 19:01:50 +00:00
Garrett Wollman
c7da24ddb6 Prevent sites from shooting themselves in the foot while enabling/disabling
YP by disallowing `+' entries as logins in all cases.  (This handles the
case of a `+' entry in the password file but YP not running, which should
never happen but is easy enough to check for so we'll apply some
prophylaxis.)
1995-01-17 23:17:38 +00:00