NetBSD-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
lib/47293: innetgr(3) failed to match correctly
>Number: 47293
>Category: lib
>Synopsis: innetgr(3) failed to match correctly
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: lib-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Fri Dec 07 13:05:00 +0000 2012
>Originator: Dr. Wolfgang Stukenbrock
>Release: NetBSD 5.1.2
>Organization:
Dr. Nagler & Company GmbH
>Environment:
System: NetBSD test-s0 5.1.2 NetBSD 5.1.2 (NSW-WS) #1: Thu Dec 6 12:56:04 CET
2012 wgstuken@test-s0:/usr/src/sys/arch/amd64/compile/NSW-WS amd64
Architecture: x86_64
Machine: amd64
>Description:
The behaviour of the NetBSD innetgr() differs from the "reference"
Version of Sun in the following way.
If there is a netgroup entry link '(hhh,blub,XXX)' in a netgroup, it is
possible to match it
on Sun with specifying all three paramters like innetgr(<nt>, "hhh",
"blub", "XXX"), but it is
impossible to match the entry in the netbsd Version.
The problem is due to a "bad" speed optimization exit in the netbsd
version.
In file /usr/src/lib/libc/gen/getnetgrent.c in function
_local_innetgr() there is a "fast" check
against netgroup.byuser of netgroup.byhost, if only on of them is set.
But accedently the function is exited if a domain is specified.
This will fail all kind of lookups where all three parts are specified.
It will also fail to match an empty domain part in the netgroup, if
some data is passed to innetgr().
>How-To-Repeat:
Create a netgroup with all fiels filled in and try to match an entry
with all three fields specified in innetgr() call.
It will never match.
>Fix:
The following patch will fix the problem and produces the expected
matches as on Solaris.
--- getnetgrent.c.orig 2012-12-07 13:53:52.000000000 +0100
+++ getnetgrent.c 2012-12-07 13:55:42.000000000 +0100
@@ -795,16 +795,21 @@
*retval = 1;
return NS_SUCCESS;
}
+ /* If a domainname is given, we would have found a match */
+ if (domain != NULL) {
+ *retval = 0;
+ return NS_SUCCESS;
+ }
} else if (host == NULL && user != NULL) {
if (in_lookup(grp, user, domain, _NG_KEYBYUSER)) {
*retval = 1;
return NS_SUCCESS;
}
- }
- /* If a domainname is given, we would have found a match */
- if (domain != NULL) {
- *retval = 0;
- return NS_SUCCESS;
+ /* If a domainname is given, we would have found a match */
+ if (domain != NULL) {
+ *retval = 0;
+ return NS
>Unformatted:
Home |
Main Index |
Thread Index |
Old Index