This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [PATCH] Fix nscd lookup for innetgr when netgroup has wildcards (BZ #16758)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 03/26/2014 05:48 AM, Siddhesh Poyarekar wrote:
> nscd works correctly when the request in innetgr is a wildcard,
> i.e. when one or more of host, user or domain parameters is NULL.
> However, it does not work when the the triplet in the netgroup
> definition has a wildcard.  This is easy to reproduce for a triplet
> defined as follows:
> 
>     foonet (,foo,)
> 
> Here, an innetgr call that looks like this:
> 
>     innetgr ("foonet", "foohost", "foo", NULL);
> 
> should succeed and so should:
> 
>     innetgr ("foonet", NULL, "foo", "foodomain");
> 
> It does succeed with nscd disabled, but not with nscd enabled.  This
> fix adds this additional check for all three parts of the triplet so
> that it gives the correct result.
> 
> Tested on x86_64.
> 
> Siddhesh
> 
> 	[BZ #16758]
> 	* nscd/netgroupcache.c (addinnetgrX): Succeed if triplet has
> 	blank values.

OK to checkin as long as for the sake of completeness tested the
other two missing combinations of NULLs in calls to innetgr with
and without nscd and it worked.

I reviewed the code around this, the netgroup cache code, and this
looks correct to me.

I frown every time I have to review this code without adding a
regression test. We're going to have to talk about this at 
Cauldron 2014 e.g. the need for network testing and whole
system integration testing.

> ---
>  nscd/netgroupcache.c | 10 +++++++---
>  1 file changed, 7 insertions(+), 3 deletions(-)
> 
> diff --git a/nscd/netgroupcache.c b/nscd/netgroupcache.c
> index 5ba1e1f..5d15aa4 100644
> --- a/nscd/netgroupcache.c
> +++ b/nscd/netgroupcache.c
> @@ -560,15 +560,19 @@ addinnetgrX (struct database_dyn *db, int fd, request_header *req,
>  	{
>  	  bool success = true;
>  
> -	  if (host != NULL)
> +	  /* For the host, user and domain in each triplet, we assume success
> +	     if the value is blank because that is how the wildcard entry to
> +	     match anything is stored in the netgroup cache.  */
> +	  if (host != NULL && *triplets != '\0')

OK.

>  	    success = strcmp (host, triplets) == 0;
>  	  triplets = (const char *) rawmemchr (triplets, '\0') + 1;
>  
> -	  if (success && user != NULL)
> +	  if (success && user != NULL && *triplets != '\0')

OK.

>  	    success = strcmp (user, triplets) == 0;
>  	  triplets = (const char *) rawmemchr (triplets, '\0') + 1;
>  
> -	  if (success && (domain == NULL || strcmp (domain, triplets) == 0))
> +	  if (success && (domain == NULL || *triplets == '\0'
> +			  || strcmp (domain, triplets) == 0))

OK.

>  	    {
>  	      dataset->resp.result = 1;
>  	      break;
> 

Cheers,
Carlos.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBAgAGBQJTM0ynAAoJECXvCkNsKkr/neAH/14um4ud99PomrLI6opYgKK0
qssxRjKQeYAePze952dBRYpSiH2dTS4TfYFCmYynxvNlJ1ICcbn8ty4CV6M3RCbb
1ehTPHLvo//3r0dwBDlMAd/91g+H1OKpCvkC1q9TUDJVcwvI0hakBPYmJRufw6p1
WFv3EHujsJh10efUIdZUTE4eA7dsiPZ2JtIuD+Ho4tKaYoJgoBsEohtT3U4hnWF+
qX4nI8kpTkc7sX5HZU588uAiA6FEAHugUwC4s20a+E1j4aEafJlbswhXWqHNuHtC
fMxo4UnmdkrB+NJGn3OYKja0t7LG4YR6lO3NIZF1R/0mv7rs+BoHV/Bg573e+1M=
=BTTa
-----END PGP SIGNATURE-----


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]