Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.anu.edu.au!harbinger.cc.monash.edu.au!simtel!news.kei.com!sol.ctr.columbia.edu!startide.ctr.columbia.edu!wpaul
From: wpaul@ctr.columbia.edu (Bill Paul)
Newsgroups: comp.unix.bsd.freebsd.misc
Subject: Re: Bug in the resolve libraries (again)
Date: 26 Sep 1995 00:28:26 GMT
Organization: Columbia University Center for Telecommunications Research
Lines: 78
Message-ID: <447hfb$fl7@sol.ctr.columbia.edu>
References: <446900$lss@sand.cis.ufl.edu>
NNTP-Posting-Host: startide.ctr.columbia.edu
X-Newsreader: TIN [version 1.2 PL2]
Daring to challenge the will of the almighty Leviam00se, James F. Hranicky
(jfh@cis.ufl.edu) had the courage to say:
: Ok...someone else (I can't remember who) did an
: "rsh bounce-bsd.cis.ufl.edu ls" and this time, it recognized exactly
: who they are, and reported that the user's login was unknown, printing
: the FQDN just fine.
: So, I went to another domain on campus, and tried the rsh as the
: "guest" account (which is disabled now, BTW), and _voila_, there
: was the FQDN in the logs. BUT, when I tried the rsh as "jfh" on the
: same domain, the same "jfh@ddr.arpa Permission denied" showed up.
: Apparently, this problem only shows up when the user on one machine
: does an rsh to the bsd machine and there exists an account with the
: same name on the bsd machine as on the machine they do the rsh.
: Anyone know what is the deal, or do I need to go climbing through the
: source...??
I think I already crawled through the source that's responsible for
this bug. And I think it's already been fixed.
Bill Fenner at Xerox filed a bug report a while back that said the
+@netgroup recognition code for /etc/hosts.equiv didn't work. This
puzzled the heck out of me since I had it working fine over here for
some time.
After giving him some debugging tips, he discovered the problem. From
/usr/src/lib/libc/net/rcmd.c:
char hname[MAXHOSTNAMELEN];
[...]
/* We need to get the damn hostname back for netgroup matching. */
if ((hp = gethostbyaddr((char *)&raddr, sizeof(u_long),
AF_INET)) == NULL)
return (-1);
strcpy(hname, hp->h_name);
The code that does netgroup matching (which, in FreeBSD, does not necessarily
require NIS to be turned on) needs to have the real name of the host to
check again, but the __ivaliduser() function is only passed the IP address.
So it has to do a gethostbyaddr() to get the name back. The problem is
that the gethostbyaddr() and gethostbyname() functions have a way of
stepping over each other: you need to copy the hostname to a seperate
buffer because the next call to gethostbywhatever() will overwrite the
data returned by the previous call. (For example, if you do two
gethostbyname()s in a row, the second one will scramble the hostent
struct returned by the first.) Bill's fix was to add the extra hname
buffer to hold the hostname and use that in the netgroup checking. This
is necessary because before the netgroup checking code is finished,
there's a call made to __icheckhost() which does a gethostbyname()
that clobbers the data returned by the gethostbyaddr() shown above.
Anyway, there's a good chance this is related to your problem. The
downside is that you need to rebuild libc to test and/or fix it.
What you might try to do is grab a copy of /usr/src/lib/libc/net/rcmd.c
from FreeBSD-STABLE or FreeBSD-current (they should be the same)
and compile rlogind and rshd with it (remember to compile it with -DYP).
If they work with the new rcmd.c, then you've isloated the bug and
you can make a new libc.
You might want to share with us the contents of your /etc/hosts.equiv
file. The reason I had such a hard time duplicating this bug on my
test system was that it only manifested itself with certain hosts.equiv
configurations.
-Bill
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~T~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-Bill Paul (212) 854-6020 | System Manager
Work: wpaul@ctr.columbia.edu | Center for Telecommunications Research
Home: wpaul@skynet.ctr.columbia.edu | Columbia University, New York City
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The Møøse Illuminati: ignore it and be confused, or join it and be confusing!
~~~~~~ "Welcome to All Things BSDish! If it's not BSDish, it's crap!" ~~~~~~~