diff --git a/0005-Use-TI-RPC-functions-if-we-compile-and-link-against-.patch b/0005-Use-TI-RPC-functions-if-we-compile-and-link-against-.patch new file mode 100644 index 0000000..1e0e5af --- /dev/null +++ b/0005-Use-TI-RPC-functions-if-we-compile-and-link-against-.patch @@ -0,0 +1,155 @@ +From 549aef483c9f1852e1fbefabc4ebbbe72e00c243 Mon Sep 17 00:00:00 2001 +From: Thorsten Kukuk +Date: Fri, 1 Apr 2016 15:28:09 +0200 +Subject: [PATCH] Use TI-RPC functions if we compile and link against libtirpc. + The old SunRPC functions don't work with IPv6. + +* configure.ac: Set and restore CPPFLAGS +* modules/pam_unix/pam_unix_passwd.c: Replace getrpcport with + rpcb_getaddr if available. +--- + configure.ac | 4 +++ + modules/pam_unix/pam_unix_passwd.c | 73 +++++++++++++++++++++++++++++++++++++- + 2 files changed, 76 insertions(+), 1 deletion(-) + +diff --git a/configure.ac b/configure.ac +index 534194d..20f6ba3 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -451,18 +451,21 @@ AC_ARG_ENABLE([nis], + + AS_IF([test "x$enable_nis" != "xno"], [ + old_CFLAGS=$CFLAGS ++ old_CPPFLAGS=$CPPFLAGS + old_LIBS=$LIBS + + dnl if there's libtirpc available, prefer that over the system + dnl implementation. + PKG_CHECK_MODULES([TIRPC], [libtirpc], [ + CFLAGS="$CFLAGS $TIRPC_CFLAGS" ++ CPPFLAGS="$CPPFLAGS $TIRPC_CFLAGS" + LIBS="$LIBS $TIRPC_LIBS" + ], [:;]) + + PKG_CHECK_MODULES([NSL], [libnsl], [], + [AC_CHECK_LIB([nsl],[yp_match],[NSL_LIBS="-lnsl"],[NSL_LIBS=""])]) + CFLAGS="$CFLAGS $NSL_CFLAGS" ++ CPPFLAGS="$CPPFLAGS $NSL_CFLAGS" + LIBS="$LIBS $NSL_LIBS" + + AC_CHECK_FUNCS([yp_get_default_domain yperr_string yp_master yp_bind yp_match yp_unbind]) +@@ -475,6 +478,7 @@ AS_IF([test "x$enable_nis" != "xno"], [ + ]) + + CFLAGS="$old_CFLAGS" ++ CPPFLAGS="$old_CPPFLAGS" + LIBS="$old_LIBS" + ]) + +diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c +index e3d3209..fa29327 100644 +--- a/modules/pam_unix/pam_unix_passwd.c ++++ b/modules/pam_unix/pam_unix_passwd.c +@@ -92,7 +92,7 @@ + + # include "yppasswd.h" + +-# if !HAVE_DECL_GETRPCPORT ++# if !HAVE_DECL_GETRPCPORT &&!HAVE_RPCB_GETADDR + extern int getrpcport(const char *host, unsigned long prognum, + unsigned long versnum, unsigned int proto); + # endif /* GNU libc 2.1 */ +@@ -114,11 +114,48 @@ extern int getrpcport(const char *host, unsigned long prognum, + #define MAX_PASSWD_TRIES 3 + + #ifdef HAVE_NIS ++#ifdef HAVE_RPCB_GETADDR ++static unsigned short ++__taddr2port (const struct netconfig *nconf, const struct netbuf *nbuf) ++{ ++ unsigned short port = 0; ++ struct __rpc_sockinfo si; ++ struct sockaddr_in *sin; ++ struct sockaddr_in6 *sin6; ++ if (!__rpc_nconf2sockinfo(nconf, &si)) ++ return 0; ++ ++ switch (si.si_af) ++ { ++ case AF_INET: ++ sin = nbuf->buf; ++ port = sin->sin_port; ++ break; ++ case AF_INET6: ++ sin6 = nbuf->buf; ++ port = sin6->sin6_port; ++ break; ++ default: ++ break; ++ } ++ ++ return htons (port); ++} ++#endif ++ + static char *getNISserver(pam_handle_t *pamh, unsigned int ctrl) + { + char *master; + char *domainname; + int port, err; ++#if defined(HAVE_RPCB_GETADDR) ++ struct netconfig *nconf; ++ struct netbuf svcaddr; ++ char addrbuf[INET6_ADDRSTRLEN]; ++ void *handle; ++ int found; ++#endif ++ + + #ifdef HAVE_YP_GET_DEFAULT_DOMAIN + if ((err = yp_get_default_domain(&domainname)) != 0) { +@@ -146,7 +183,41 @@ static char *getNISserver(pam_handle_t *pamh, unsigned int ctrl) + yperr_string(err)); + return NULL; + } ++#ifdef HAVE_RPCB_GETADDR ++ svcaddr.len = 0; ++ svcaddr.maxlen = sizeof (addrbuf); ++ svcaddr.buf = addrbuf; ++ port = 0; ++ found = 0; ++ ++ handle = setnetconfig(); ++ while ((nconf = getnetconfig(handle)) != NULL) { ++ if (!strcmp(nconf->nc_proto, "udp")) { ++ if (rpcb_getaddr(YPPASSWDPROG, YPPASSWDPROC_UPDATE, ++ nconf, &svcaddr, master)) { ++ port = __taddr2port (nconf, &svcaddr); ++ endnetconfig (handle); ++ found=1; ++ break; ++ } ++ ++ if (rpc_createerr.cf_stat != RPC_UNKNOWNHOST) { ++ clnt_pcreateerror (master); ++ pam_syslog (pamh, LOG_ERR, ++ "rpcb_getaddr (%s) failed!", master); ++ return NULL; ++ } ++ } ++ } ++ ++ if (!found) { ++ pam_syslog (pamh, LOG_ERR, ++ "Cannot find suitable transport for protocol 'udp'"); ++ return NULL; ++ } ++#else + port = getrpcport(master, YPPASSWDPROG, YPPASSWDPROC_UPDATE, IPPROTO_UDP); ++#endif + if (port == 0) { + pam_syslog(pamh, LOG_WARNING, + "yppasswdd not running on NIS master host"); +-- +1.8.5.6 + diff --git a/pam.changes b/pam.changes index e8b1596..23c3bc1 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Fri Apr 1 15:32:37 CEST 2016 - kukuk@suse.de + +- Add 0005-Use-TI-RPC-functions-if-we-compile-and-link-against-.patch + - Replace IPv4 only functions + ------------------------------------------------------------------- Fri Apr 1 10:37:58 CEST 2016 - kukuk@suse.de diff --git a/pam.spec b/pam.spec index bc338e7..36037e2 100644 --- a/pam.spec +++ b/pam.spec @@ -25,7 +25,8 @@ BuildRequires: audit-devel BuildRequires: bison BuildRequires: cracklib-devel BuildRequires: flex -#BuildRequires: pkgconfig(libtirpc) +BuildRequires: pkgconfig(libnsl) +BuildRequires: pkgconfig(libtirpc) %if %{enable_selinux} BuildRequires: libselinux-devel %endif @@ -58,6 +59,7 @@ Patch4: 0001-Remove-YP-dependencies-from-pam_access-they-were-nev.patch Patch5: 0002-Remove-enable-static-modules-option-and-support-from.patch Patch6: 0003-fix-nis-checks.patch Patch7: 0004-PAM_EXTERN-isn-t-needed-anymore-but-don-t-remove-it-.patch +Patch8: 0005-Use-TI-RPC-functions-if-we-compile-and-link-against-.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build # Remove with next version update: BuildRequires: autoconf @@ -112,6 +114,7 @@ building both PAM-aware applications and modules for use with PAM. %patch5 -p1 %patch6 -p1 %patch7 -p1 +%patch8 -p1 %build autoreconf -fiv