mirror of
https://github.com/opnsense/src.git
synced 2026-03-17 08:02:24 -04:00
a393cc06f5
as an NIS client. The pw_breakout_yp routines that are used to populate the _pw_passwd structire only do anything if the bits in the pw_fields member _pw_passwd are cleared. Unfortunately, we can get into a state where pw_fields has garbage in it right before the YP lookup functions are called, which causes the breakout functions to screw up in a big way. Here's how to duplicate the problem: - Configure FreeBSD as an NIS client - Log in as a user who's password database records reside only in the NIS passwd maps. - Type ps -aux Result: your processes appear to be owned by 'root' or 'deamon.' /bin/ls can exhibit the same problem. The reason this happens: - When ps(1) needs to match a username to a UID, it calls getpwuid(). - root is in the local password file, so getpwuid() calls __hashpw() and __hashpw() populates the _pw_passwd struct, including the pw_fields member. This happens before NIS lookups take place because, by coincidence, ps(1) tends to display processes owned by root before it happens upon a proccess owned by you. - When your UID comes up, __hashpw() fails to find your entry in the local password database, so it bails out, BUT THE BITS IN THE pw_fields STRUCTURE OF _pw_passwd ARE NEVER CLEARED AND STILL CONTAIN INFORMATION FROM THE PREVIOUS CALL TO __hash_pw()!! - If we have NIS enabled, the NIS lookup functions are called. - The pw_breakout_yp routines see that the pw_fields bits are set and decline to place the data retrieved from the NIS passwd maps into the _pw_passwd structure. - getpwuid() returns the results of the last __hashpw() lookup instead of the valid NIS data. - Hijinxs ensue when user_from_uid() caches this bogus information and starts handing out the wrong usernames. AAAARRRRRRRRRGGGGGGHHHHHHHHHH!!! *Please* don't tell me I'm the only person to have noticed this. Fixed by having __hashpw() check the state of pw_fields just before bailing out on a failed lookup and clearing away any leftover garbage. What a fun way to spend an afternoon. |
||
|---|---|---|
| .. | ||
| csu/i386 | ||
| libc | ||
| libcom_err | ||
| libcompat | ||
| libcrypt | ||
| libcurses | ||
| libedit | ||
| libf2c | ||
| libF77 | ||
| libforms | ||
| libI77 | ||
| libkvm | ||
| libm | ||
| libmd | ||
| libmytinfo | ||
| libncurses | ||
| libpam/modules | ||
| libpcap | ||
| libresolv | ||
| librpc | ||
| librpcsvc | ||
| libscsi | ||
| libskey | ||
| libss | ||
| libtelnet | ||
| libterm | ||
| libtermcap | ||
| libutil | ||
| liby | ||
| msun | ||
| ncurses/ncurses | ||
| rpcsvc | ||
| Makefile | ||
| Makefile.inc | ||