Bug 96840

Summary: [libc] [patch] getgrent() does not return large groups via NIS
Product: Base System Reporter: Kirk Webb <kwebb>
Component: binAssignee: Marcelo Araujo <araujo>
Status: Closed FIXED    
Severity: Affects Only Me CC: araujo, tcleamy
Priority: Normal    
Version: 6.0-RELEASE   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
getgrent.c.diff none

Description Kirk Webb 2006-05-05 23:40:14 UTC 
The nis_groups() function in src/lib/libc/gen/getgrent.c skips groups
with a large number of members and/or large number of total characters
in the membership list when fetching from NIS.  Thus, anything using
or vectoring through getgrent() (e.g. initgroups() and getgrouplist())
will not see these groups.  getgrent_r is also affected, although the
caller may pass in a larger buffer and so avoid the problem.  The most
obviously problematic side-effect of this behavior is that users end
up with groups missing from their groups list, and so have
reduced/incorrect permissions.

Fix: The included patch should do the trick.  The problem is that
nis_group() does not check for an ERANGE error code when coming back
from __gr_parse_entry().  Rather, it just summarily continues on
through the loop and tries to grab the next entry.

This patch works by saving the old NIS key in the NIS state structure
rather than replacing it immediately with the new key.  The new key is
saved off so long as an ERANGE is not encountered by
__gr_parse_entr().  If this happens, the "erange" trapdoor is taken
out of nis_group().  I tried to be careful with memory
allocation/dealloc, but a careful scan from a second (or more) set of
eyes is always a good idea.

The patch below should apply cleanly to the HEAD for file 
src/lib/libc/getgrent.c
How-To-Repeat: 
Add something like the following group line to an NIS server with a
FreeBSD client, with a legitimate user placed somewhere in the list
(just make sure the member list is long):

footest:*:6666:f1,f2,f3,f4,f5,f6,f7,f8,f9,f10,f11,f12,f13,f14,f15,f16,f17,f18,f19,f20,f21,f22,f23,f24,f25,f26,f27,f28,f29,f30,f31,f32,f33,f34,f35,f36,f37,f38,f39,f40,f41,f42,f43,f44,f45,f46,f47,f48,f49,f50,f51,f52,f53,f54,f55,f56,f57,f58,f59,f60,f61,f62,f63,f64,f65,f66,f67,f68,f69,f70,f71,f72,f73,f74,f75,f76,f77,f78,f79,f80,f81,f82,f83,f84,f85,f86,f87,f88,f89,f90,f91,f92,f93,f94,f95,f96,f97,f98,f99,f100,f101,f102,f103,f104,f105,f106,f107,f108,f109,f110,f111,f112,f113,f114,f115,f116,f117,f118,f119,f120,f121,f122,f123,f124,f125,f126,f127,f128,f129

Next, go to a FreeBSD 6 client bound to this server and execute
'groups' or 'id' for the user.  The test list should be missing.

Now remove half or so of the above entries, but keep the legit user,
and rebuild the server's yp database.  Execute 'groups' or 'id' against the
user on the FreeBSD 6 client and the test group should show up.
Comment 1 Andrey Zonov 2009-01-19 13:57:32 UTC 
Hi,

I encountered with bug again in last month.
This patch (reversed) help me. Thx.
Why this patch in not HEAD?

-- 
Andrey Zonov
Comment 2 Mark Linimon freebsd_committer freebsd_triage 2009-03-05 01:44:59 UTC 
State Changed
From-To: open->analyzed

Another contributor notes that this patch helps.
Comment 3 tcleamy 2014-02-28 22:28:05 UTC 
I just ran across this bug in FreeBSD 9.2 amd64.  The odd thing is that I'm migrating from 8.3 i386 and those systems don't have the issue with the same NIS maps.  So it worked for me on FreeBSD 8.2 i386 & 8.3 i386, but not 9.2 amd64.  Go figure.

I figured I should email in to push to get this patch added into the releases.  The patch work for me although the line numbers were off by ~120.  I guess a bit of code has been added since FreeBSD 6.

Tim Leamy
UC Davis
Comment 4 Kirk Webb 2014-02-28 22:35:15 UTC 
Oops... Looks like the fix didn't get pulled upstream!  We're moving
to 9.x soon, so I appreciate the heads up.

-Kirk


On Fri, Feb 28, 2014 at 3:28 PM, Tim Leamy <tcleamy@ucdavis.edu> wrote:
> I just ran across this bug in FreeBSD 9.2 amd64.  The odd thing is that I'm
> migrating from 8.3 i386 and those systems don't have the issue with the same
> NIS maps.  So it worked for me on FreeBSD 8.2 i386 & 8.3 i386, but not 9.2
> amd64.  Go figure.
>
>
>
> I figured I should email in to push to get this patch added into the
> releases.  The patch work for me although the line numbers were off by ~120.
> I guess a bit of code has been added since FreeBSD 6.
>
>
>
> Tim Leamy
>
> UC Davis
Comment 5 Marcelo Araujo freebsd_committer freebsd_triage 2015-10-02 09:25:34 UTC 
It was fixed while ago already.

Thanks for the patch.
Comment 6 tcleamy 2016-07-28 22:23:34 UTC 
I don't think this is fixed. I ran into the problem on 10.3 AMD64.  The NIS group was 616 chars long and failed to appear in "groups <user>".  I applied the patch and it resolved the issue.