Copy stable/9 to releng/9.3 as part of the 9.3-RELEASE cycle.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

Copy head to stable/9 as part of 9.0-RELEASE release cycle.

Approved by: re (implicit)

Implementing 'fallback' nsswitch source. 'fallback' source is used
when particular function can't be found in nsswitch-module. For
example, getgrouplist(3) will use module-supplied 'getgroupmembership'
function (which can work in an optimal way for such source as LDAP) and
will fall back to the stanard iterate-through-all-groups implementation
otherwise.

PR: ports/114655
Submitted by: Michael Hanselmann <freebsd AT hansmi DOT ch>
Reviewed by: brooks (mentor)

o Don't fseek() on closed file.

Submitted by: pgollucci@p6m7g8.com, Mark Costlow
MFC after: 3 weeks

o compat_group() and files_group() are more complicated than I thought
in rev. 1.34. Mainly I missed the fact that the buffer is used for two
purposes:

1) storing a group line from the group file;

2) __gr_parse_entry() parses the buffer and tries to put the group
members to the remaining part of the buffer and can fail if there
is no enough room for them.

Re-arrange the buffer size checks to account the latter case.

Submitted by: Kirk R Webb
MFC after: 2 weeks

o Record a file offset for a last successfully parsed group file line.
If the initial buffer size (1KB) for the given group line is not big
enough, reset the offset. It helps to do not miss this line when
getrg() reallocates the larger buffer and tries to parse the line again.

PR: bin/52433, kern/55031, bin/83696, misc/97640, misc/98111
Submitted by: bsw71@mail.ru, Philip M. Gollucci, Justin Erenkrantz
Glanced at: nectar
MFC after: 1 month

- Extend the nsswitch to support Services, Protocols and Rpc
databases.
- Make nsswitch support caching.

Submitted by: Michael Bushkov <bushman__at__rsu.ru>
Sponsored by: Google Summer of Code 2005

getgrent() and friends should set errno if there is an error.
Also, clarify the manpage description of when errno is set and
explain that clients should set errno=0 first if they want useful
error information.

Back out the `hiding' of strlcpy and strlcat. Several people
vocally objected to this safety belt.

`Hide' strlcpy and strlcat (using the namespace.h / __weak_reference
technique) so that we don't wind up calling into an application's
version if the application defines them.

Inspired by: qpopper's interfering and buggy version of strlcpy

When using `compat' mode, be sure to re-dispatch setpwent, endpwent,
setgrent, and endgrent also. (The previous NSS implementation used to
simply twiddle the internal data of the various modules directly.)

A symptom (group list set incorrectly in sshd) was
Reported by: Glenn Johnson <gjohnson@srrc.ars.usda.gov>

Sponsored by: DARPA, Network Associates Laboratories

``Strong typing is a crutch for people with weak memories.''

Correct a bug that should have wreaked havoc everywhere, but for
some reason only bit unlucky people who use `-march' optimizations.
The compiler cannot assist one in distinguishing between the two
function calls below.

int nsdispatch(void *, ...);
void *discard;

nsdispatch(&discard, ...); /* correct .. no, really! */
nsdispatch(discard, ...); /* Boom */

Robin provided me with a debugging environment in which I could see
what was going on.

Badness when using CPUTYPE was
Reported by: "Robin P. Blanchard" <Robin.Blanchard@gactr.uga.edu>
Reported by: nork

Sponsored by: DARPA, Network Associates Laboratories

Repair a bug in which a faulty group entry (one with only 2 colons)
would result in an incorrectly terminated grouplist.

login(1) crashes
Reported by: Morten Rodal <morten@rodal.no>,
Matthias Schuendehuette <msch@snafu.de>

The default if nsswitch.conf(5) is not present is supposed to be the
hated `compat' source, not `files'.

Reported by: Philip Paeps <philip@paeps.cx>
Sponsored by: DARPA, Network Associates Laboratories

= Implement thread-safe versions of the getpwent(3) and getgrent(3)
family of functions using the new nsdispatch(3) core. Remove
arbitrary size limits when using the thread-safe versions.

= Re-implement the traditional getpwent(3)/getgrent(3) functions on
top of the thread-safe versions.

= Update the on-disk format of the hashed version of the passwd(5)
databases to allow for versioned entries. The legacy version is
`3'. (Don't ask.)

= Add support for version `4' entries in the passwd(5) database.
Entries in this format are identical to version 3 entries except
that all integers are stored as 32-bit integers in network byte
order (big endian).

= pwd_mkdb is updated to generate both version 3 and version 4
entries.

Sponsored by: DARPA, Network Associates Laboratories

If realloc(3) fails in copyline(), do not make matters worse by
leaving without deallocating `data' thereby creating a memory leak.

Remove unused variable: sz.

* Remove __P and convert to ANSI prototypes.
* Remove 'register'. (some functions had 7+ register functions...)
* Fix SCM ID's.

Fixed world breakage due to missing include of <sys/cdefs.h> in previous
commit.

Fixed related style bugs:
basename.c: misplaced '#if 0'
dirname.c: misplaced '#if 0'
getgrent.c: missing '#if 0', and tab lossage in vendor id (the previous
commit fixed the complete corruption of the vendor id but
lost a tab)
getpwent.c: missing '#if 0'

Fix FreeBSD IDs.

Fix mostly harmless typo:

if (data);
free(data);

Discovered by: emacs cc-mode

Add nsswitch support. By creating an /etc/nsswitch.conf file, you can
configure FreeBSD so that various databases such as passwd and group can be
looked up using flat files, NIS, or Hesiod.

= Hesiod has been added to libc (see hesiod(3)).

= A library routine for parsing nsswitch.conf and invoking callback
functions as specified has been added to libc (see nsdispatch(3)).

= The following C library functions have been modified to use nsdispatch:
. getgrent, getgrnam, getgrgid
. getpwent, getpwnam, getpwuid
. getusershell
. getaddrinfo
. gethostbyname, gethostbyname2, gethostbyaddr
. getnetbyname, getnetbyaddr
. getipnodebyname, getipnodebyaddr, getnodebyname, getnodebyaddr

= host.conf has been removed from src/etc. rc.network has been modified
to warn that host.conf is no longer used at boot time. In addition, if
there is a host.conf but no nsswitch.conf, the latter is created at boot
time from the former.

Obtained from: NetBSD

Replace memory leaking instances of realloc with non-leaking reallocf.
In some cases replace if (a == null) a = malloc(x); else a =
realloc(a, x); with simple reallocf(a, x). Per ANSI-C, this is
guaranteed to be the same thing.

I've been running these on my system here w/o ill effects for some
time. However, the CTM-express is at part 6 of 34 for the CAM
changes, so I've not been able to do a build world with the CAM in the
tree with these changes. Shouldn't impact anything, but...

Allow comments in group database.

The character `#' introduces a comment. Leading spaces and tabs are
ignored: '^[ \t]*#.*\n$'

Count an empty line - only spaces, tabs or newline - also as a comment.
(to be compatibel with password database comments). '^[ \t]*\n$'

Small yet significant tweaks/cleanups:

- getpwent:
o adjunctbuf should be NUL terminated after copying
o _pw_breakout_yp() needs to know the length of the buffer returned
from YP so it can properly NUL terminate its local buffer.

- getgrent:
o YP buffers should be YPMAXRECORD + 2 bytes long and NUL terminated.
(Previously they were hardcoded to 1024 bytes.)

- getnetgrent:
o YP data should be copied with snprintf(), not sprintf()

These are 2.2 candidates. I will wait a few days to make sure these don't
break anything and then, if there are no objections, move them to the 2.2
branch.

Use dynamic allocated buffers instead static buffers. No member or
line length limit anymore - now 500 members or 5000 members are
possible. For security group lines longer than 256K will be count as
an error. 256K should be enough for 65536 users.

Support comments (lines that begin with a #) if compiled with
option -DGROUP_IGNORE_COMMENTS.

Fortunately it seems that all system utilities which use getgrent()
functions are dynamically linked executables. So you need only
rebuild libc.so.3.0 if you want this change. Note: if you have
an old X server which depend on libc.so.2.* you should rebuild
libc.so.2.* too.

Not a 2.2 candidate.

Add a missing #ifdef YP/#endif pair so that this module will
compile without -DYP.

Pointed out by: Wolfram Schneider

Apply patch to fix +group YP overrides and prevent SEGV on badly
formatted groups (foo:*).

Minor cleanup, mostly unused vars and missing #includes.

Some NIS bug stomping:

- In some cases, we don't properly resolve _all_ possible group memberships.
If a user is a member of both local and NIS groups, we sometimes lose some
of the membership info from NIS. (Reported by: Thorsten Kukuk
<kukuk@uni-paderborn.de>)

- Make NIS +groupname overrides actually work the way the SunOS group(5)
man page says they should (make them work for all cases: getgrent(),
getgrnam() and getgrgid()).

- When not compiled with -DYP, grscan() should ignore entries that
begin with a '+'. When compiled _with_ -DYP, grscan() should ignore
+groupname entries that don't refer to real NIS groups.

- Remove redundant redeclaration of fgets(), strsep() and index() inside
grscan(). We already #include all the right header files for these.

Note: -groupname exclusion as specified in the Sun documentation still
isn't supported. This'll be a 2.2 addition. Right now I just want this
stuff to work.

getgrent.c: adjust _nextypgroup() slightly so that it continues processing
the group map after encountering a badly formatted entry.

getpwent.c: same as above for _nextyppass(), and also turn a couple of
sprintf()s into snprintf()s to avoid potential buffer overruns. (The
other day I nearly went mad because of a username in my NIS database
that's actually 9 characters long instead of 8. Stuffing a 9-character
username into an 8-character buffer can do some strange things.)

(This reminds me: I hope somebody's planning to fix the buffer overrun
security hole in syslog(3) before 2.1 ships.)

getpwent.c: turn the code that checks the override caches into a
seperate function to avoid duplication. Also fix getpwent() a
small bit to properly handle the case where the magic NIS '+'
entry appears before the end of the password file.

getgrent.c: be a little more SunOS-ish. Make it look like the NIS
group map is 'inserted' at the the point(s) where the magic NIS '+'
entry/entries appear.

getgrent: fix a file descriptor leak: remember to close the netgroup
file after we determine that we're using NIS-only innetgr() lookups.

Fix for a potential problem reported by a user I bumped into on IRC
last night:

_gr_breakout_yp() doesn't check for badly formatted NIS group entries.
For example, a bogus entry like this:

bootp::user1,user2,user3

will lead to a null pointer dereference and a SEGV (note that the GID
field is missing -- this results in one of the strsep(&result, ":")
returning NULL). The symtpom of this problem is programs dumping
core left and right the moment you add a + entry to /etc/group.
Note that while this is similar to an earlier bug, it's caused by a
different set of circumstances.

The fix is to check for the NULL pointers and have _gr_breakout_yp()
punt and return a failure code if it catches one. This is more or
less the behavior of SunOS: if a bad NIS group entry is encountered,
it's silently ignored. I don't think our standard (non-NIS) group
parsing code behaves the same way. It doesn't crash though, so I'm
citing the 'it ain't broken, don't fix it' rule and leaving it alone.

I'll probably have to add similar checks to _pw_breakout_yp() in
getpwent.c to ward off the same problems. It's rare that bad NIS
map entries like this occur, but we should handle them gracefully
when they do.

Remove trailing whitespace.

Small fix for the following problems:

- If you take the wheel entry out of /etc/group and turn on NIS,
the '+:*::' line is incorrectly flagged as the entry for wheel (the
empty gid section is translated to 0), hence getgrgid() returns '+'
as the name of the group instead of 'wheel.'

- Using just '+:' as the 'turn on NIS' switch in /etc/group makes
getgrgid() dump core because of a null pointer dereference. (Last
time I was in here, I foolishly assumed that fixing the core dump
problems with getgrnam() and getgrent() would fix getgrgid() too.
Silly me.)

getpwent.c: fix problem with emacs dumping core when NIS is enabled. Also
add #includes for YP headers when compiling with -DYP to avoid some implicit
declarations.

getgrent.c & getnetgrent.c: add some #includes to avoid implicit declarations
of YP functions.

Fix 'putting +: in /etc/group causes many programs to dump core' bug
by heading off possible null pointer dereferences in grscan(). Also
change getgrnam() slightly to properly handle the change: if grscan()
returns an rval of 1 and leaves a '+' in the gr_name field and YP is
enabled, poll the YP group.byname map before giving up. This should
insure that we make every effort to find a match in the local and
YP group databases before bailing out.

My implementation of YP group file support, modeled after the
password file support done yesterday.

This commit was generated by cvs2svn to compensate for changes in r1573,
which included commits to RCS files with non-trunk default branches.

BSD 4.4 Lite Lib Sources