From owner-freebsd-current Sun Sep 24 7:43:34 2000 Delivered-To: freebsd-current@freebsd.org Received: from rina.r.dl.itc.u-tokyo.ac.jp (rina.r.dl.itc.u-tokyo.ac.jp [133.11.199.247]) by hub.freebsd.org (Postfix) with ESMTP id 31CC137B422 for ; Sun, 24 Sep 2000 07:43:26 -0700 (PDT) Received: (from uucp@localhost) by rina.r.dl.itc.u-tokyo.ac.jp (8.9.3+3.2W/3.7W-rina.r-0.1-11.01.2000) with UUCP id XAA17981; Sun, 24 Sep 2000 23:43:15 +0900 (JST) Received: from silver.carrots.uucp.r.dl.itc.u-tokyo.ac.jp (localhost [127.0.0.1]) by silver.carrots.uucp.r.dl.itc.u-tokyo.ac.jp (8.9.3+3.2W/3.7W) with ESMTP/IPv4 id XAA34571; Sun, 24 Sep 2000 23:43:02 +0900 (JST) Date: Sun, 24 Sep 2000 23:43:01 +0900 Message-ID: <14798.4853.288090.72159A@silver.carrots.uucp.r.dl.itc.u-tokyo.ac.jp> From: Seigo Tanimura To: n@nectar.com Cc: current@freebsd.org Subject: pw_class in _pw_passwd is null if __hashpw() is not called in prior In-Reply-To: In your message of "Wed, 6 Sep 2000 15:14:31 -0500" <20000906151431.A26152@hamlet.nectar.com> References: <20000906151431.A26152@hamlet.nectar.com> Cc: Seigo Tanimura User-Agent: Wanderlust/1.0.3 (Notorious) SEMI/1.13.4 (Terai) FLIM/1.12.7 (=?ISO-8859-4?Q?Y=FEzaki?=) MULE XEmacs/21.1 (patch 9) (Canyonlands) (i386--freebsd) Organization: Carrots MIME-Version: 1.0 (generated by SEMI 1.13.4 - "Terai") Content-Type: text/plain; charset=US-ASCII Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG pw_class in _pw_passwd of src/lib/libc/gen/getpwdent.c is initialized to null. Thus if a user other than root looks up nis by getpwuid(3) or getpwnam(3) in prior to calling __hashpw, pw_class is null as well. This breaks some applications including ssh(1) because they believe that no members of struct passwd are null. The following sample code shows the problem. --- v --- sample --- v --- #include #include #include #include int main(void) { struct passwd *pw; if ((pw = getpwuid(getuid())) != NULL) printf("name:\t\%s\nclass:\t\%p\n", pw->pw_name, pw->pw_class); } --- ^ --- sample --- ^ --- If you have your passwd entry in nis, you see something like this: silver% ./getpwent name: tanimura class: 0x0 If your passwd entry is in /etc/master.passwd, the result looks like this: silver# ./getpwent name: root class: 0x804cc28 where 0x804cc28 points to an empty string, which is the expected result. As we are supposed to fill in all of the members in struct passwd (like Solaris), _pw_passwd should have its initial value other than zero. static struct passwd _pw_passwd = { "", "", (uid_t)0, /* XXX Is zero appropriate? */ (gid_t)0, (time_t)0, "", "", "", "", (time_t)0, 0, }; In addition, we should also reinitialize _pw_passwd by this initial value before rewriting _pw_passwd, because pw_class filled in by previous call to __hashpw might grant unauthorized use of resource or account. -- Seigo Tanimura To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message