SHA256
1
0
forked from pool/pam

- Add 0005-Use-TI-RPC-functions-if-we-compile-and-link-against-.patch

- Replace IPv4 only functions

OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=158
This commit is contained in:
Thorsten Kukuk 2016-04-01 13:33:36 +00:00 committed by Git OBS Bridge
parent 1b4d87cddf
commit dff8159e4f
3 changed files with 165 additions and 1 deletions

View File

@ -0,0 +1,155 @@
From 549aef483c9f1852e1fbefabc4ebbbe72e00c243 Mon Sep 17 00:00:00 2001
From: Thorsten Kukuk <kukuk@thkukuk.de>
Date: Fri, 1 Apr 2016 15:28:09 +0200
Subject: [PATCH] Use TI-RPC functions if we compile and link against libtirpc.
The old SunRPC functions don't work with IPv6.
* configure.ac: Set and restore CPPFLAGS
* modules/pam_unix/pam_unix_passwd.c: Replace getrpcport with
rpcb_getaddr if available.
---
configure.ac | 4 +++
modules/pam_unix/pam_unix_passwd.c | 73 +++++++++++++++++++++++++++++++++++++-
2 files changed, 76 insertions(+), 1 deletion(-)
diff --git a/configure.ac b/configure.ac
index 534194d..20f6ba3 100644
--- a/configure.ac
+++ b/configure.ac
@@ -451,18 +451,21 @@ AC_ARG_ENABLE([nis],
AS_IF([test "x$enable_nis" != "xno"], [
old_CFLAGS=$CFLAGS
+ old_CPPFLAGS=$CPPFLAGS
old_LIBS=$LIBS
dnl if there's libtirpc available, prefer that over the system
dnl implementation.
PKG_CHECK_MODULES([TIRPC], [libtirpc], [
CFLAGS="$CFLAGS $TIRPC_CFLAGS"
+ CPPFLAGS="$CPPFLAGS $TIRPC_CFLAGS"
LIBS="$LIBS $TIRPC_LIBS"
], [:;])
PKG_CHECK_MODULES([NSL], [libnsl], [],
[AC_CHECK_LIB([nsl],[yp_match],[NSL_LIBS="-lnsl"],[NSL_LIBS=""])])
CFLAGS="$CFLAGS $NSL_CFLAGS"
+ CPPFLAGS="$CPPFLAGS $NSL_CFLAGS"
LIBS="$LIBS $NSL_LIBS"
AC_CHECK_FUNCS([yp_get_default_domain yperr_string yp_master yp_bind yp_match yp_unbind])
@@ -475,6 +478,7 @@ AS_IF([test "x$enable_nis" != "xno"], [
])
CFLAGS="$old_CFLAGS"
+ CPPFLAGS="$old_CPPFLAGS"
LIBS="$old_LIBS"
])
diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c
index e3d3209..fa29327 100644
--- a/modules/pam_unix/pam_unix_passwd.c
+++ b/modules/pam_unix/pam_unix_passwd.c
@@ -92,7 +92,7 @@
# include "yppasswd.h"
-# if !HAVE_DECL_GETRPCPORT
+# if !HAVE_DECL_GETRPCPORT &&!HAVE_RPCB_GETADDR
extern int getrpcport(const char *host, unsigned long prognum,
unsigned long versnum, unsigned int proto);
# endif /* GNU libc 2.1 */
@@ -114,11 +114,48 @@ extern int getrpcport(const char *host, unsigned long prognum,
#define MAX_PASSWD_TRIES 3
#ifdef HAVE_NIS
+#ifdef HAVE_RPCB_GETADDR
+static unsigned short
+__taddr2port (const struct netconfig *nconf, const struct netbuf *nbuf)
+{
+ unsigned short port = 0;
+ struct __rpc_sockinfo si;
+ struct sockaddr_in *sin;
+ struct sockaddr_in6 *sin6;
+ if (!__rpc_nconf2sockinfo(nconf, &si))
+ return 0;
+
+ switch (si.si_af)
+ {
+ case AF_INET:
+ sin = nbuf->buf;
+ port = sin->sin_port;
+ break;
+ case AF_INET6:
+ sin6 = nbuf->buf;
+ port = sin6->sin6_port;
+ break;
+ default:
+ break;
+ }
+
+ return htons (port);
+}
+#endif
+
static char *getNISserver(pam_handle_t *pamh, unsigned int ctrl)
{
char *master;
char *domainname;
int port, err;
+#if defined(HAVE_RPCB_GETADDR)
+ struct netconfig *nconf;
+ struct netbuf svcaddr;
+ char addrbuf[INET6_ADDRSTRLEN];
+ void *handle;
+ int found;
+#endif
+
#ifdef HAVE_YP_GET_DEFAULT_DOMAIN
if ((err = yp_get_default_domain(&domainname)) != 0) {
@@ -146,7 +183,41 @@ static char *getNISserver(pam_handle_t *pamh, unsigned int ctrl)
yperr_string(err));
return NULL;
}
+#ifdef HAVE_RPCB_GETADDR
+ svcaddr.len = 0;
+ svcaddr.maxlen = sizeof (addrbuf);
+ svcaddr.buf = addrbuf;
+ port = 0;
+ found = 0;
+
+ handle = setnetconfig();
+ while ((nconf = getnetconfig(handle)) != NULL) {
+ if (!strcmp(nconf->nc_proto, "udp")) {
+ if (rpcb_getaddr(YPPASSWDPROG, YPPASSWDPROC_UPDATE,
+ nconf, &svcaddr, master)) {
+ port = __taddr2port (nconf, &svcaddr);
+ endnetconfig (handle);
+ found=1;
+ break;
+ }
+
+ if (rpc_createerr.cf_stat != RPC_UNKNOWNHOST) {
+ clnt_pcreateerror (master);
+ pam_syslog (pamh, LOG_ERR,
+ "rpcb_getaddr (%s) failed!", master);
+ return NULL;
+ }
+ }
+ }
+
+ if (!found) {
+ pam_syslog (pamh, LOG_ERR,
+ "Cannot find suitable transport for protocol 'udp'");
+ return NULL;
+ }
+#else
port = getrpcport(master, YPPASSWDPROG, YPPASSWDPROC_UPDATE, IPPROTO_UDP);
+#endif
if (port == 0) {
pam_syslog(pamh, LOG_WARNING,
"yppasswdd not running on NIS master host");
--
1.8.5.6

View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Fri Apr 1 15:32:37 CEST 2016 - kukuk@suse.de
- Add 0005-Use-TI-RPC-functions-if-we-compile-and-link-against-.patch
- Replace IPv4 only functions
-------------------------------------------------------------------
Fri Apr 1 10:37:58 CEST 2016 - kukuk@suse.de

View File

@ -25,7 +25,8 @@ BuildRequires: audit-devel
BuildRequires: bison
BuildRequires: cracklib-devel
BuildRequires: flex
#BuildRequires: pkgconfig(libtirpc)
BuildRequires: pkgconfig(libnsl)
BuildRequires: pkgconfig(libtirpc)
%if %{enable_selinux}
BuildRequires: libselinux-devel
%endif
@ -58,6 +59,7 @@ Patch4: 0001-Remove-YP-dependencies-from-pam_access-they-were-nev.patch
Patch5: 0002-Remove-enable-static-modules-option-and-support-from.patch
Patch6: 0003-fix-nis-checks.patch
Patch7: 0004-PAM_EXTERN-isn-t-needed-anymore-but-don-t-remove-it-.patch
Patch8: 0005-Use-TI-RPC-functions-if-we-compile-and-link-against-.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
# Remove with next version update:
BuildRequires: autoconf
@ -112,6 +114,7 @@ building both PAM-aware applications and modules for use with PAM.
%patch5 -p1
%patch6 -p1
%patch7 -p1
%patch8 -p1
%build
autoreconf -fiv