- Add 0005-Use-TI-RPC-functions-if-we-compile-and-link-against-.patch

- Replace IPv4 only functions

OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=158

0005-Use-TI-RPC-functions-if-we-compile-and-link-against-.patch

@@ -0,0 +1,155 @@
+From 549aef483c9f1852e1fbefabc4ebbbe72e00c243 Mon Sep 17 00:00:00 2001
+From: Thorsten Kukuk <kukuk@thkukuk.de>
+Date: Fri, 1 Apr 2016 15:28:09 +0200
+Subject: [PATCH] Use TI-RPC functions if we compile and link against libtirpc.
+ The old SunRPC functions don't work with IPv6.
+
+* configure.ac: Set and restore CPPFLAGS
+* modules/pam_unix/pam_unix_passwd.c: Replace getrpcport with
+  rpcb_getaddr if available.
+---
+ configure.ac                       |  4 +++
+ modules/pam_unix/pam_unix_passwd.c | 73 +++++++++++++++++++++++++++++++++++++-
+ 2 files changed, 76 insertions(+), 1 deletion(-)
+
+diff --git a/configure.ac b/configure.ac
+index 534194d..20f6ba3 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -451,18 +451,21 @@ AC_ARG_ENABLE([nis],
+ 
+ AS_IF([test "x$enable_nis" != "xno"], [
+   old_CFLAGS=$CFLAGS
++  old_CPPFLAGS=$CPPFLAGS
+   old_LIBS=$LIBS
+ 
+   dnl if there's libtirpc available, prefer that over the system
+   dnl implementation.
+   PKG_CHECK_MODULES([TIRPC], [libtirpc], [
+     CFLAGS="$CFLAGS $TIRPC_CFLAGS"
++    CPPFLAGS="$CPPFLAGS $TIRPC_CFLAGS"
+     LIBS="$LIBS $TIRPC_LIBS"
+   ], [:;])
+ 
+   PKG_CHECK_MODULES([NSL], [libnsl], [],
+     [AC_CHECK_LIB([nsl],[yp_match],[NSL_LIBS="-lnsl"],[NSL_LIBS=""])])
+   CFLAGS="$CFLAGS $NSL_CFLAGS"
++  CPPFLAGS="$CPPFLAGS $NSL_CFLAGS"
+   LIBS="$LIBS $NSL_LIBS"
+ 
+   AC_CHECK_FUNCS([yp_get_default_domain yperr_string yp_master yp_bind yp_match yp_unbind])
+@@ -475,6 +478,7 @@ AS_IF([test "x$enable_nis" != "xno"], [
+   ])
+ 
+   CFLAGS="$old_CFLAGS"
++  CPPFLAGS="$old_CPPFLAGS"
+   LIBS="$old_LIBS"
+ ])
+ 
+diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c
+index e3d3209..fa29327 100644
+--- a/modules/pam_unix/pam_unix_passwd.c
++++ b/modules/pam_unix/pam_unix_passwd.c
+@@ -92,7 +92,7 @@
+ 
+ # include "yppasswd.h"
+ 
+-# if !HAVE_DECL_GETRPCPORT
++# if !HAVE_DECL_GETRPCPORT &&!HAVE_RPCB_GETADDR
+ extern int getrpcport(const char *host, unsigned long prognum,
+ 		      unsigned long versnum, unsigned int proto);
+ # endif				/* GNU libc 2.1 */
+@@ -114,11 +114,48 @@ extern int getrpcport(const char *host, unsigned long prognum,
+ #define MAX_PASSWD_TRIES	3
+ 
+ #ifdef HAVE_NIS
++#ifdef HAVE_RPCB_GETADDR
++static unsigned short
++__taddr2port (const struct netconfig *nconf, const struct netbuf *nbuf)
++{
++  unsigned short port = 0;
++  struct __rpc_sockinfo si;
++  struct sockaddr_in *sin;
++  struct sockaddr_in6 *sin6;
++  if (!__rpc_nconf2sockinfo(nconf, &si))
++    return 0;
++
++  switch (si.si_af)
++    {
++    case AF_INET:
++      sin = nbuf->buf;
++      port = sin->sin_port;
++      break;
++    case AF_INET6:
++      sin6 = nbuf->buf;
++      port = sin6->sin6_port;
++      break;
++    default:
++      break;
++    }
++
++  return htons (port);
++}
++#endif
++
+ static char *getNISserver(pam_handle_t *pamh, unsigned int ctrl)
+ {
+ 	char *master;
+ 	char *domainname;
+ 	int port, err;
++#if defined(HAVE_RPCB_GETADDR)
++	struct netconfig *nconf;
++	struct netbuf svcaddr;
++	char addrbuf[INET6_ADDRSTRLEN];
++	void *handle;
++	int found;
++#endif
++
+ 
+ #ifdef HAVE_YP_GET_DEFAULT_DOMAIN
+ 	if ((err = yp_get_default_domain(&domainname)) != 0) {
+@@ -146,7 +183,41 @@ static char *getNISserver(pam_handle_t *pamh, unsigned int ctrl)
+ 			 yperr_string(err));
+ 		return NULL;
+ 	}
++#ifdef HAVE_RPCB_GETADDR
++	svcaddr.len = 0;
++	svcaddr.maxlen = sizeof (addrbuf);
++	svcaddr.buf = addrbuf;
++	port = 0;
++	found = 0;
++
++	handle = setnetconfig();
++	while ((nconf = getnetconfig(handle)) != NULL) {
++	  if (!strcmp(nconf->nc_proto, "udp")) {
++	    if (rpcb_getaddr(YPPASSWDPROG, YPPASSWDPROC_UPDATE,
++			     nconf, &svcaddr, master)) {
++              port = __taddr2port (nconf, &svcaddr);
++              endnetconfig (handle);
++              found=1;
++              break;
++            }
++
++	    if (rpc_createerr.cf_stat != RPC_UNKNOWNHOST) {
++	      clnt_pcreateerror (master);
++              pam_syslog (pamh, LOG_ERR,
++			  "rpcb_getaddr (%s) failed!", master);
++              return NULL;
++            }
++	  }
++	}
++
++	if (!found) {
++	  pam_syslog (pamh, LOG_ERR,
++		      "Cannot find suitable transport for protocol 'udp'");
++	  return NULL;
++	}
++#else
+ 	port = getrpcport(master, YPPASSWDPROG, YPPASSWDPROC_UPDATE, IPPROTO_UDP);
++#endif
+ 	if (port == 0) {
+ 		pam_syslog(pamh, LOG_WARNING,
+ 		         "yppasswdd not running on NIS master host");
+-- 
+1.8.5.6
+

pam.changes

@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Fri Apr  1 15:32:37 CEST 2016 - kukuk@suse.de
+
+- Add 0005-Use-TI-RPC-functions-if-we-compile-and-link-against-.patch
+  - Replace IPv4 only functions
+
 -------------------------------------------------------------------
 Fri Apr  1 10:37:58 CEST 2016 - kukuk@suse.de
 

pam.spec

@@ -25,7 +25,8 @@ BuildRequires:  audit-devel
 BuildRequires:  bison
 BuildRequires:  cracklib-devel
 BuildRequires:  flex
-#BuildRequires:  pkgconfig(libtirpc)
+BuildRequires:  pkgconfig(libnsl)
+BuildRequires:  pkgconfig(libtirpc)
 %if %{enable_selinux}
 BuildRequires:  libselinux-devel
 %endif
@@ -58,6 +59,7 @@ Patch4:         0001-Remove-YP-dependencies-from-pam_access-they-were-nev.patch
 Patch5:         0002-Remove-enable-static-modules-option-and-support-from.patch
 Patch6:         0003-fix-nis-checks.patch
 Patch7:         0004-PAM_EXTERN-isn-t-needed-anymore-but-don-t-remove-it-.patch
+Patch8:         0005-Use-TI-RPC-functions-if-we-compile-and-link-against-.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 # Remove with next version update:
 BuildRequires:  autoconf
@@ -112,6 +114,7 @@ building both PAM-aware applications and modules for use with PAM.
 %patch5 -p1
 %patch6 -p1
 %patch7 -p1
+%patch8 -p1
 
 %build
 autoreconf -fiv