diff --git a/libtirpc-0.2.4-rc2.patch b/libtirpc-0.2.4-rc2.patch deleted file mode 100644 index d07b3fa..0000000 --- a/libtirpc-0.2.4-rc2.patch +++ /dev/null @@ -1,170 +0,0 @@ -diff -up libtirpc-0.2.3/autogen.sh.orig libtirpc-0.2.3/autogen.sh ---- libtirpc-0.2.3/autogen.sh.orig 2013-02-13 10:13:59.000000000 -0500 -+++ libtirpc-0.2.3/autogen.sh 2013-07-01 10:08:16.723416858 -0400 -@@ -37,6 +37,6 @@ fi - - aclocal - libtoolize --force --copy --autoheader -+#autoheader - automake --add-missing --copy --gnu # -Wall - autoconf # -Wall -diff -up libtirpc-0.2.3/configure.ac.orig libtirpc-0.2.3/configure.ac ---- libtirpc-0.2.3/configure.ac.orig 2013-02-13 10:13:59.000000000 -0500 -+++ libtirpc-0.2.3/configure.ac 2013-07-01 10:08:16.723416858 -0400 -@@ -1,19 +1,34 @@ - AC_INIT(libtirpc, 0.2.3) --AM_INIT_AUTOMAKE(libtirpc, 0.2.3) -+AM_INIT_AUTOMAKE - AM_MAINTAINER_MODE - AC_CONFIG_SRCDIR([src/auth_des.c]) - AC_CONFIG_MACRO_DIR([m4]) - - AC_ARG_ENABLE(gss,[ --enable-gss Turn on gss api], [case "${enableval}" in -- yes) gss=true ; AC_CHECK_LIB([gssapi],[gss_init_sec_context]) ;; -+ yes) gss=true ;; - no) gss=false ;; - *) AC_MSG_ERROR(bad value ${enableval} for --enable-gss) ;; - esac],[gss=false]) - AM_CONDITIONAL(GSS, test x$gss = xtrue) -+AC_ARG_WITH(gssglue, -+ [ --with-gssglue Use libgssglue], -+ [case "${enableval}" in -+ yes) gssglue=true ;; -+ no) gssglue=false ;; -+ *) AC_MSG_ERROR(bad value ${enableval} for --with-gssglue) ;; -+ esac], -+ [gssglue=false]) -+AM_CONDITIONAL(USEGSSGLUE, test x$gssglue = xtrue) - if test x$gss = xtrue; then -- AC_DEFINE(HAVE_LIBGSSAPI, 1, []) -- PKG_CHECK_MODULES(GSSGLUE, libgssglue, [], -- AC_MSG_ERROR([Unable to locate information required to use libgssglue.])) -+ if test x$gssglue = xtrue; then -+ PKG_CHECK_MODULES(GSSAPI, libgssglue, [], -+ AC_MSG_ERROR([Unable to locate information required to use libgssglue.])) -+ else -+ GSSAPI_CFLAGS=`krb5-config --cflags gssapi` -+ GSSAPI_LIBS=`krb5-config --libs gssapi` -+ AC_SUBST([GSSAPI_CFLAGS]) -+ AC_SUBST([GSSAPI_LIBS]) -+ fi - fi - AC_ARG_ENABLE(ipv6, - [AC_HELP_STRING([--disable-ipv6], [Disable IPv6 support @<:@default=no@:>@])], -@@ -24,7 +39,7 @@ if test "x$enable_ipv6" != xno; then - fi - - AC_PROG_CC --AM_CONFIG_HEADER(config.h) -+m4_pattern_allow(AM_CONFIG_HEADERS(config.h)) - AC_PROG_LIBTOOL - AC_HEADER_DIRENT - AC_PREFIX_DEFAULT(/usr) -diff -up libtirpc-0.2.3/src/auth_gss.c.orig libtirpc-0.2.3/src/auth_gss.c ---- libtirpc-0.2.3/src/auth_gss.c.orig 2013-02-13 10:13:59.000000000 -0500 -+++ libtirpc-0.2.3/src/auth_gss.c 2013-07-01 10:08:16.724416786 -0400 -@@ -269,6 +269,7 @@ authgss_get_private_data(AUTH *auth, str - * send an RPCSEC_GSS_DESTROY request which might inappropriately - * destroy the context. - */ -+ gd->ctx = GSS_C_NO_CONTEXT; - gd->gc.gc_ctx.length = 0; - gd->gc.gc_ctx.value = NULL; - -@@ -284,7 +285,8 @@ authgss_free_private_data(struct authgss - if (!pd) - return (FALSE); - -- pd->pd_ctx = NULL; -+ if (pd->pd_ctx != GSS_C_NO_CONTEXT) -+ gss_delete_sec_context(&min_stat, &pd->pd_ctx, NULL); - gss_release_buffer(&min_stat, &pd->pd_ctx_hndl); - memset(&pd->pd_ctx_hndl, 0, sizeof(pd->pd_ctx_hndl)); - pd->pd_seq_win = 0; -diff -up libtirpc-0.2.3/src/clnt_vc.c.orig libtirpc-0.2.3/src/clnt_vc.c ---- libtirpc-0.2.3/src/clnt_vc.c.orig 2013-02-13 10:13:59.000000000 -0500 -+++ libtirpc-0.2.3/src/clnt_vc.c 2013-07-01 10:08:16.724416786 -0400 -@@ -505,7 +505,7 @@ clnt_vc_control(cl, request, info) - sigset_t newmask; - int rpc_lock_value; - u_int32_t tmp; -- u_long ltmp; -+ u_int32_t ltmp; - - assert(cl != NULL); - -diff -up libtirpc-0.2.3/src/Makefile.am.orig libtirpc-0.2.3/src/Makefile.am ---- libtirpc-0.2.3/src/Makefile.am.orig 2013-02-13 10:13:59.000000000 -0500 -+++ libtirpc-0.2.3/src/Makefile.am 2013-07-01 10:08:16.723416858 -0400 -@@ -6,7 +6,7 @@ - ## anything like that. - - --INCLUDES = -I$(top_srcdir)/tirpc -DPORTMAP -DINET6 -DVERSION="\"$(VERSION)\"" \ -+AM_CPPFLAGS = -I$(top_srcdir)/tirpc -DPORTMAP -DINET6 \ - -D_GNU_SOURCE -Wall -pipe - - lib_LTLIBRARIES = libtirpc.la -@@ -58,8 +58,8 @@ libtirpc_la_SOURCES += xdr.c xdr_rec.c x - ## Secure-RPC - if GSS - libtirpc_la_SOURCES += auth_gss.c authgss_prot.c svc_auth_gss.c -- libtirpc_la_LDFLAGS += $(GSSGLUE_LIBS) -- libtirpc_la_CFLAGS = -DHAVE_RPCSEC_GSS $(GSSGLUE_CFLAGS) -+ libtirpc_la_LDFLAGS += $(GSSAPI_LIBS) -+ libtirpc_la_CFLAGS = -DHAVE_RPCSEC_GSS $(GSSAPI_CFLAGS) - endif - - ## libtirpc_a_SOURCES += key_call.c key_prot_xdr.c getpublickey.c -diff -up libtirpc-0.2.3/src/svc_dg.c.orig libtirpc-0.2.3/src/svc_dg.c ---- libtirpc-0.2.3/src/svc_dg.c.orig 2013-02-13 10:13:59.000000000 -0500 -+++ libtirpc-0.2.3/src/svc_dg.c 2013-07-01 10:08:16.725416716 -0400 -@@ -284,7 +284,6 @@ svc_dg_getargs(xprt, xdr_args, args_ptr) - { - if (! SVCAUTH_UNWRAP(xprt->xp_auth, &(su_data(xprt)->su_xdrs), - xdr_args, args_ptr)) { -- (void)svc_freeargs(xprt, xdr_args, args_ptr); - return FALSE; - } - return TRUE; -diff -up libtirpc-0.2.3/tirpc/rpc/auth.h.orig libtirpc-0.2.3/tirpc/rpc/auth.h ---- libtirpc-0.2.3/tirpc/rpc/auth.h.orig 2013-02-13 10:13:59.000000000 -0500 -+++ libtirpc-0.2.3/tirpc/rpc/auth.h 2013-07-01 10:08:16.725416716 -0400 -@@ -51,7 +51,6 @@ - #include - #include - #include --#include - - - #define MAX_AUTH_BYTES 400 -@@ -249,19 +248,11 @@ auth_put(AUTH *auth) - #define auth_refresh(auth, msg) \ - ((*((auth)->ah_ops->ah_refresh))(auth, msg)) - --#if defined(__GNUC__) && defined(DEBUG) --#define auth_log_debug(fmt,args...) printf(stderr, fmt, args) --#else --#define auth_log_debug(fmt,args...) --#endif -- - #define AUTH_DESTROY(auth) \ - do { \ - int refs; \ - if ((refs = auth_put((auth))) == 0) \ - ((*((auth)->ah_ops->ah_destroy))(auth));\ -- auth_log_debug("%s: auth_put(), refs %d\n", \ -- __func__, refs); \ - } while (0) - - #define auth_destroy(auth) \ -@@ -269,8 +260,6 @@ auth_put(AUTH *auth) - int refs; \ - if ((refs = auth_put((auth))) == 0) \ - ((*((auth)->ah_ops->ah_destroy))(auth));\ -- auth_log_debug("%s: auth_put(), refs %d\n", \ -- __func__, refs); \ - } while (0) - - #define AUTH_WRAP(auth, xdrs, xfunc, xwhere) \ diff --git a/libtirpc-1.0.2-rc3.patch b/libtirpc-1.0.2-rc3.patch new file mode 100644 index 0000000..3dde763 --- /dev/null +++ b/libtirpc-1.0.2-rc3.patch @@ -0,0 +1,737 @@ +diff --git a/src/Makefile.am b/src/Makefile.am +index e4ed8aa..fba2aa4 100644 +--- a/src/Makefile.am ++++ b/src/Makefile.am +@@ -24,7 +24,7 @@ libtirpc_la_SOURCES = auth_none.c auth_unix.c authunix_prot.c bindresvport.c cln + rpcb_st_xdr.c svc.c svc_auth.c svc_dg.c svc_auth_unix.c svc_auth_none.c \ + svc_auth_des.c \ + svc_generic.c svc_raw.c svc_run.c svc_simple.c svc_vc.c getpeereid.c \ +- auth_time.c auth_des.c authdes_prot.c debug.c ++ auth_time.c auth_des.c authdes_prot.c debug.c des_crypt.c des_impl.c + + ## XDR + libtirpc_la_SOURCES += xdr.c xdr_rec.c xdr_array.c xdr_float.c xdr_mem.c xdr_reference.c xdr_stdio.c xdr_sizeof.c +diff --git a/src/auth_des.c b/src/auth_des.c +index 4d3639e..af2f61f 100644 +--- a/src/auth_des.c ++++ b/src/auth_des.c +@@ -46,8 +46,8 @@ + #include + #include + #include +-#undef NIS +-#include ++ ++#include "nis.h" + + #if defined(LIBC_SCCS) && !defined(lint) + #endif +diff --git a/src/auth_gss.c b/src/auth_gss.c +index 9b88c38..5959893 100644 +--- a/src/auth_gss.c ++++ b/src/auth_gss.c +@@ -526,6 +526,14 @@ _rpc_gss_refresh(AUTH *auth, rpc_gss_options_ret_t *options_ret) + gr.gr_major != GSS_S_CONTINUE_NEEDED)) { + options_ret->major_status = gr.gr_major; + options_ret->minor_status = gr.gr_minor; ++ if (call_stat != RPC_SUCCESS) { ++ struct rpc_err err; ++ clnt_geterr(gd->clnt, &err); ++ LIBTIRPC_DEBUG(1, ("authgss_refresh: %s errno: %s", ++ clnt_sperrno(call_stat), strerror(err.re_errno))); ++ } else ++ gss_log_status("authgss_refresh:", ++ gr.gr_major, gr.gr_minor); + return FALSE; + } + +diff --git a/src/auth_time.c b/src/auth_time.c +index 10e58eb..7f83ab4 100644 +--- a/src/auth_time.c ++++ b/src/auth_time.c +@@ -44,8 +44,8 @@ + #include + //#include + #include +-#undef NIS +-#include ++ ++#include "nis.h" + + + #ifdef TESTING +diff --git a/src/des_impl.c b/src/des_impl.c +index c5b7ed6..9dbccaf 100644 +--- a/src/des_impl.c ++++ b/src/des_impl.c +@@ -6,7 +6,8 @@ + /* see to obtain a copy. */ + #include + #include +-#include ++#include ++#include + + + static const uint32_t des_SPtrans[8][64] = +diff --git a/src/getpublickey.c b/src/getpublickey.c +index 764a5f9..8cf4dc2 100644 +--- a/src/getpublickey.c ++++ b/src/getpublickey.c +@@ -38,8 +38,10 @@ + #include + #include + #include ++#ifdef YP + #include + #include ++#endif + #include + #include + +diff --git a/src/nis.h b/src/nis.h +new file mode 100644 +index 0000000..588c041 +--- /dev/null ++++ b/src/nis.h +@@ -0,0 +1,70 @@ ++/* ++ * Copyright (c) 2010, Oracle America, Inc. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions are ++ * met: ++ * ++ * * Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * * Redistributions in binary form must reproduce the above ++ * copyright notice, this list of conditions and the following ++ * disclaimer in the documentation and/or other materials ++ * provided with the distribution. ++ * * Neither the name of the "Oracle America, Inc." nor the names of its ++ * contributors may be used to endorse or promote products derived ++ * from this software without specific prior written permission. ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ++ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT ++ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS ++ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE ++ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, ++ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE ++ * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS ++ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, ++ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING ++ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE ++ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ++ */ ++ ++#ifndef _INTERNAL_NIS_H ++#define _INTERNAL_NIS_H 1 ++ ++/* This file only contains the definition of nis_server, to be ++ able to compile libtirpc without the need to have a glibc ++ with sunrpc or a libnsl already installed. */ ++ ++#define NIS_PK_NONE 0 ++ ++struct nis_attr { ++ char *zattr_ndx; ++ struct { ++ u_int zattr_val_len; ++ char *zattr_val_val; ++ } zattr_val; ++}; ++typedef struct nis_attr nis_attr; ++ ++typedef char *nis_name; ++ ++struct endpoint { ++ char *uaddr; ++ char *family; ++ char *proto; ++}; ++typedef struct endpoint endpoint; ++ ++struct nis_server { ++ nis_name name; ++ struct { ++ u_int ep_len; ++ endpoint *ep_val; ++ } ep; ++ uint32_t key_type; ++ netobj pkey; ++}; ++typedef struct nis_server nis_server; ++ ++#endif /* ! _INTERNAL_NIS_H */ +diff --git a/src/rpc_dtablesize.c b/src/rpc_dtablesize.c +index 13d320c..3fe503a 100644 +--- a/src/rpc_dtablesize.c ++++ b/src/rpc_dtablesize.c +@@ -27,22 +27,14 @@ + */ + + #include +- + #include +- +-int _rpc_dtablesize(void); /* XXX */ ++#include ++#include + + /* + * Cache the result of getdtablesize(), so we don't have to do an + * expensive system call every time. + */ +-/* +- * XXX In FreeBSD 2.x, you can have the maximum number of open file +- * descriptors be greater than FD_SETSIZE (which us 256 by default). +- * +- * Since old programs tend to use this call to determine the first arg +- * for _select(), having this return > FD_SETSIZE is a Bad Idea(TM)! +- */ + int + _rpc_dtablesize(void) + { +diff --git a/src/rpc_soc.c b/src/rpc_soc.c +index 1ec7b3f..ed0892a 100644 +--- a/src/rpc_soc.c ++++ b/src/rpc_soc.c +@@ -61,8 +61,8 @@ + #include + #include + #include +-#include + ++#include "nis.h" + #include "rpc_com.h" + + extern mutex_t rpcsoc_lock; +diff --git a/src/rtime.c b/src/rtime.c +index c34e0af..b642840 100644 +--- a/src/rtime.c ++++ b/src/rtime.c +@@ -46,6 +46,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -67,7 +68,8 @@ rtime(addrp, timep, timeout) + struct timeval *timeout; + { + int s; +- fd_set readfds; ++ struct pollfd fd; ++ int milliseconds; + int res; + unsigned long thetime; + struct sockaddr_in from; +@@ -94,31 +96,32 @@ rtime(addrp, timep, timeout) + addrp->sin_port = serv->s_port; + + if (type == SOCK_DGRAM) { +- res = sendto(s, (char *)&thetime, sizeof(thetime), 0, ++ res = sendto(s, (char *)&thetime, sizeof(thetime), 0, + (struct sockaddr *)addrp, sizeof(*addrp)); + if (res < 0) { + do_close(s); +- return(-1); ++ return(-1); + } +- do { +- FD_ZERO(&readfds); +- FD_SET(s, &readfds); +- res = select(_rpc_dtablesize(), &readfds, +- (fd_set *)NULL, (fd_set *)NULL, timeout); +- } while (res < 0 && errno == EINTR); ++ ++ milliseconds = (timeout->tv_sec * 1000) + (timeout->tv_usec / 1000); ++ fd.fd = s; ++ fd.events = POLLIN; ++ do ++ res = poll (&fd, 1, milliseconds); ++ while (res < 0 && errno == EINTR); + if (res <= 0) { + if (res == 0) { + errno = ETIMEDOUT; + } + do_close(s); +- return(-1); ++ return(-1); + } + fromlen = sizeof(from); +- res = recvfrom(s, (char *)&thetime, sizeof(thetime), 0, ++ res = recvfrom(s, (char *)&thetime, sizeof(thetime), 0, + (struct sockaddr *)&from, &fromlen); + do_close(s); + if (res < 0) { +- return(-1); ++ return(-1); + } + } else { + if (connect(s, (struct sockaddr *)addrp, sizeof(*addrp)) < 0) { +diff --git a/src/svc.c b/src/svc.c +index 9c41445..b59467b 100644 +--- a/src/svc.c ++++ b/src/svc.c +@@ -99,7 +99,7 @@ xprt_register (xprt) + { + __svc_xports = (SVCXPRT **) calloc (_rpc_dtablesize(), sizeof (SVCXPRT *)); + if (__svc_xports == NULL) +- return; ++ goto unlock; + } + if (sock < _rpc_dtablesize()) + { +@@ -120,14 +120,14 @@ xprt_register (xprt) + svc_pollfd[i].fd = sock; + svc_pollfd[i].events = (POLLIN | POLLPRI | + POLLRDNORM | POLLRDBAND); +- return; ++ goto unlock; + } + + new_svc_pollfd = (struct pollfd *) realloc (svc_pollfd, + sizeof (struct pollfd) + * (svc_max_pollfd + 1)); + if (new_svc_pollfd == NULL) /* Out of memory */ +- return; ++ goto unlock; + svc_pollfd = new_svc_pollfd; + ++svc_max_pollfd; + +@@ -135,6 +135,7 @@ xprt_register (xprt) + svc_pollfd[svc_max_pollfd - 1].events = (POLLIN | POLLPRI | + POLLRDNORM | POLLRDBAND); + } ++unlock: + rwlock_unlock (&svc_fd_lock); + } + +diff --git a/src/svc_auth_des.c b/src/svc_auth_des.c +index 5bc264c..2e90146 100644 +--- a/src/svc_auth_des.c ++++ b/src/svc_auth_des.c +@@ -86,13 +86,13 @@ static struct cache_entry *authdes_cache/* [AUTHDES_CACHESZ] */; + static short *authdes_lru/* [AUTHDES_CACHESZ] */; + + static void cache_init(); /* initialize the cache */ +-static short cache_spot(); /* find an entry in the cache */ +-static void cache_ref(/*short sid*/); /* note that sid was ref'd */ ++static short cache_spot(des_block *key, char *name, struct timeval *timestamp); /* find an entry in the cache */ ++static void cache_ref(short sid); /* note that sid was ref'd */ + +-static void invalidate(); /* invalidate entry in cache */ ++static void invalidate(char *cred); /* invalidate entry in cache */ + + /* +- * cache statistics ++ * cache statistics + */ + static struct { + u_long ncachehits; /* times cache hit, and is not replay */ +diff --git a/src/svc_auth_gss.c b/src/svc_auth_gss.c +index b6aa407..bece46a 100644 +--- a/src/svc_auth_gss.c ++++ b/src/svc_auth_gss.c +@@ -129,6 +129,8 @@ struct svc_rpc_gss_data { + ((struct svc_rpc_gss_data *)(auth)->svc_ah_private) + + /* Global server credentials. */ ++static u_int _svcauth_req_time = 0; ++static gss_OID_set_desc _svcauth_oid_set = {1, GSS_C_NULL_OID }; + static gss_cred_id_t _svcauth_gss_creds; + static gss_name_t _svcauth_gss_name = GSS_C_NO_NAME; + static char * _svcauth_svc_name = NULL; +@@ -167,6 +169,7 @@ svcauth_gss_import_name(char *service) + gss_name_t name; + gss_buffer_desc namebuf; + OM_uint32 maj_stat, min_stat; ++ bool_t result; + + gss_log_debug("in svcauth_gss_import_name()"); + +@@ -181,22 +184,21 @@ svcauth_gss_import_name(char *service) + maj_stat, min_stat); + return (FALSE); + } +- if (svcauth_gss_set_svc_name(name) != TRUE) { +- gss_release_name(&min_stat, &name); +- return (FALSE); +- } +- return (TRUE); ++ result = svcauth_gss_set_svc_name(name); ++ gss_release_name(&min_stat, &name); ++ return result; + } + + static bool_t +-svcauth_gss_acquire_cred(u_int req_time, gss_OID_set_desc *oid_set) ++svcauth_gss_acquire_cred(void) + { + OM_uint32 maj_stat, min_stat; + + gss_log_debug("in svcauth_gss_acquire_cred()"); + +- maj_stat = gss_acquire_cred(&min_stat, _svcauth_gss_name, req_time, +- oid_set, GSS_C_ACCEPT, ++ maj_stat = gss_acquire_cred(&min_stat, _svcauth_gss_name, ++ _svcauth_req_time, &_svcauth_oid_set, ++ GSS_C_ACCEPT, + &_svcauth_gss_creds, NULL, NULL); + + if (maj_stat != GSS_S_COMPLETE) { +@@ -300,6 +302,8 @@ svcauth_gss_accept_sec_context(struct svc_req *rqst, + NULL, + &gd->deleg); + ++ xdr_free((xdrproc_t)xdr_rpc_gss_init_args, (caddr_t)&recv_tok); ++ + if (gr->gr_major != GSS_S_COMPLETE && + gr->gr_major != GSS_S_CONTINUE_NEEDED) { + gss_log_status("svcauth_gss_accept_sec_context: accept_sec_context", +@@ -352,8 +356,11 @@ svcauth_gss_accept_sec_context(struct svc_req *rqst, + return (FALSE); + + rqst->rq_xprt->xp_verf.oa_flavor = RPCSEC_GSS; +- rqst->rq_xprt->xp_verf.oa_base = checksum.value; ++ memcpy(rqst->rq_xprt->xp_verf.oa_base, checksum.value, ++ checksum.length); + rqst->rq_xprt->xp_verf.oa_length = checksum.length; ++ ++ gss_release_buffer(&min_stat, &checksum); + } + return (TRUE); + } +@@ -435,10 +442,13 @@ svcauth_gss_nextverf(struct svc_req *rqst, u_int num) + maj_stat, min_stat); + return (FALSE); + } ++ + rqst->rq_xprt->xp_verf.oa_flavor = RPCSEC_GSS; +- rqst->rq_xprt->xp_verf.oa_base = (caddr_t)checksum.value; ++ memcpy(rqst->rq_xprt->xp_verf.oa_base, checksum.value, checksum.length); + rqst->rq_xprt->xp_verf.oa_length = (u_int)checksum.length; + ++ gss_release_buffer(&min_stat, &checksum); ++ + return (TRUE); + } + +@@ -568,6 +578,8 @@ _svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, bool_t *no_dispatch) + gss_qop_t qop; + struct svcauth_gss_cache_entry **ce; + time_t now; ++ enum auth_stat result = AUTH_OK; ++ OM_uint32 min_stat; + + gss_log_debug("in svcauth_gss()"); + +@@ -621,19 +633,25 @@ _svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, bool_t *no_dispatch) + XDR_DESTROY(&xdrs); + + /* Check version. */ +- if (gc->gc_v != RPCSEC_GSS_VERSION) +- return (AUTH_BADCRED); ++ if (gc->gc_v != RPCSEC_GSS_VERSION) { ++ result = AUTH_BADCRED; ++ goto out; ++ } + + /* Check RPCSEC_GSS service. */ + if (gc->gc_svc != RPCSEC_GSS_SVC_NONE && + gc->gc_svc != RPCSEC_GSS_SVC_INTEGRITY && +- gc->gc_svc != RPCSEC_GSS_SVC_PRIVACY) +- return (AUTH_BADCRED); ++ gc->gc_svc != RPCSEC_GSS_SVC_PRIVACY) { ++ result = AUTH_BADCRED; ++ goto out; ++ } + + /* Check sequence number. */ + if (gd->established) { +- if (gc->gc_seq > MAXSEQ) +- return (RPCSEC_GSS_CTXPROBLEM); ++ if (gc->gc_seq > MAXSEQ) { ++ result = RPCSEC_GSS_CTXPROBLEM; ++ goto out; ++ } + + if ((offset = gd->seqlast - gc->gc_seq) < 0) { + gd->seqlast = gc->gc_seq; +@@ -643,7 +661,8 @@ _svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, bool_t *no_dispatch) + } + else if (offset >= gd->win || (gd->seqmask & (1 << offset))) { + *no_dispatch = 1; +- return (RPCSEC_GSS_CTXPROBLEM); ++ result = RPCSEC_GSS_CTXPROBLEM; ++ goto out; + } + gd->seq = gc->gc_seq; + gd->seqmask |= (1 << offset); +@@ -654,35 +673,52 @@ _svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, bool_t *no_dispatch) + rqst->rq_svcname = (char *)gd->ctx; + } + ++ rqst->rq_xprt->xp_verf.oa_base = msg->rm_call.cb_verf.oa_base; ++ + /* Handle RPCSEC_GSS control procedure. */ + switch (gc->gc_proc) { + + case RPCSEC_GSS_INIT: + case RPCSEC_GSS_CONTINUE_INIT: +- if (rqst->rq_proc != NULLPROC) +- return (AUTH_FAILED); /* XXX ? */ ++ if (rqst->rq_proc != NULLPROC) { ++ result = AUTH_FAILED; /* XXX ? */ ++ break; ++ } + + if (_svcauth_gss_name == GSS_C_NO_NAME) { +- if (!svcauth_gss_import_name("nfs")) +- return (AUTH_FAILED); ++ if (!svcauth_gss_import_name("nfs")) { ++ result = AUTH_FAILED; ++ break; ++ } + } + +- if (!svcauth_gss_acquire_cred(0, GSS_C_NULL_OID_SET)) +- return (AUTH_FAILED); ++ if (!svcauth_gss_acquire_cred()) { ++ result = AUTH_FAILED; ++ break; ++ } + +- if (!svcauth_gss_accept_sec_context(rqst, &gr)) +- return (AUTH_REJECTEDCRED); ++ if (!svcauth_gss_accept_sec_context(rqst, &gr)) { ++ result = AUTH_REJECTEDCRED; ++ break; ++ } + +- if (!svcauth_gss_nextverf(rqst, htonl(gr.gr_win))) +- return (AUTH_FAILED); ++ if (!svcauth_gss_nextverf(rqst, htonl(gr.gr_win))) { ++ result = AUTH_FAILED; ++ break; ++ } + + *no_dispatch = TRUE; + + call_stat = svc_sendreply(rqst->rq_xprt, + (xdrproc_t)xdr_rpc_gss_init_res, (caddr_t)&gr); + +- if (!call_stat) +- return (AUTH_FAILED); ++ gss_release_buffer(&min_stat, &gr.gr_token); ++ free(gr.gr_ctx.value); ++ ++ if (!call_stat) { ++ result = AUTH_FAILED; ++ break; ++ } + + if (gr.gr_major == GSS_S_COMPLETE) + gd->established = TRUE; +@@ -690,27 +726,37 @@ _svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, bool_t *no_dispatch) + break; + + case RPCSEC_GSS_DATA: +- if (!svcauth_gss_validate(gd, msg, &qop)) +- return (RPCSEC_GSS_CREDPROBLEM); ++ if (!svcauth_gss_validate(gd, msg, &qop)) { ++ result = RPCSEC_GSS_CREDPROBLEM; ++ break; ++ } + +- if (!svcauth_gss_nextverf(rqst, htonl(gc->gc_seq))) +- return (AUTH_FAILED); ++ if (!svcauth_gss_nextverf(rqst, htonl(gc->gc_seq))) { ++ result = AUTH_FAILED; ++ break; ++ } + + if (!gd->callback_done) { + gd->callback_done = TRUE; + gd->sec.qop = qop; + (void)rpc_gss_num_to_qop(gd->rcred.mechanism, + gd->sec.qop, &gd->rcred.qop); +- if (!svcauth_gss_callback(rqst, gd)) +- return (AUTH_REJECTEDCRED); ++ if (!svcauth_gss_callback(rqst, gd)) { ++ result = AUTH_REJECTEDCRED; ++ break; ++ } + } + + if (gd->locked) { + if (gd->rcred.service != +- _rpc_gss_svc_to_service(gc->gc_svc)) +- return (AUTH_FAILED); +- if (gd->sec.qop != qop) +- return (AUTH_BADVERF); ++ _rpc_gss_svc_to_service(gc->gc_svc)) { ++ result = AUTH_FAILED; ++ break; ++ } ++ if (gd->sec.qop != qop) { ++ result = AUTH_BADVERF; ++ break; ++ } + } + + if (gd->sec.qop != qop) { +@@ -724,17 +770,25 @@ _svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, bool_t *no_dispatch) + break; + + case RPCSEC_GSS_DESTROY: +- if (rqst->rq_proc != NULLPROC) +- return (AUTH_FAILED); /* XXX ? */ ++ if (rqst->rq_proc != NULLPROC) { ++ result = AUTH_FAILED; /* XXX ? */ ++ break; ++ } + +- if (!svcauth_gss_validate(gd, msg, &qop)) +- return (RPCSEC_GSS_CREDPROBLEM); ++ if (!svcauth_gss_validate(gd, msg, &qop)) { ++ result = RPCSEC_GSS_CREDPROBLEM; ++ break; ++ } + +- if (!svcauth_gss_nextverf(rqst, htonl(gc->gc_seq))) +- return (AUTH_FAILED); ++ if (!svcauth_gss_nextverf(rqst, htonl(gc->gc_seq))) { ++ result = AUTH_FAILED; ++ break; ++ } + +- if (!svcauth_gss_release_cred()) +- return (AUTH_FAILED); ++ if (!svcauth_gss_release_cred()) { ++ result = AUTH_FAILED; ++ break; ++ } + + SVCAUTH_DESTROY(&SVC_XP_AUTH(rqst->rq_xprt)); + SVC_XP_AUTH(rqst->rq_xprt).svc_ah_ops = svc_auth_none.svc_ah_ops; +@@ -743,10 +797,12 @@ _svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, bool_t *no_dispatch) + break; + + default: +- return (AUTH_REJECTEDCRED); ++ result = AUTH_REJECTEDCRED; + break; + } +- return (AUTH_OK); ++out: ++ xdr_free((xdrproc_t)xdr_rpc_gss_cred, (caddr_t)gc); ++ return result; + } + + static bool_t +@@ -890,7 +946,6 @@ bool_t + rpc_gss_set_svc_name(char *principal, char *mechanism, u_int req_time, + u_int UNUSED(program), u_int UNUSED(version)) + { +- gss_OID_set_desc oid_set; + rpc_gss_OID oid; + char *save; + +@@ -902,14 +957,13 @@ rpc_gss_set_svc_name(char *principal, char *mechanism, u_int req_time, + + if (!rpc_gss_mech_to_oid(mechanism, &oid)) + goto out_err; +- oid_set.count = 1; +- oid_set.elements = (gss_OID)oid; + + if (!svcauth_gss_import_name(principal)) + goto out_err; +- if (!svcauth_gss_acquire_cred(req_time, &oid_set)) +- goto out_err; + ++ _svcauth_req_time = req_time; ++ _svcauth_oid_set.count = 1; ++ _svcauth_oid_set.elements = (gss_OID)oid; + free(_svcauth_svc_name); + _svcauth_svc_name = save; + return TRUE; +diff --git a/src/svc_vc.c b/src/svc_vc.c +index 6ae613d..97a76a3 100644 +--- a/src/svc_vc.c ++++ b/src/svc_vc.c +@@ -270,14 +270,8 @@ makefd_xprt(fd, sendsize, recvsize) + struct cf_conn *cd; + const char *netid; + struct __rpc_sockinfo si; +- +- assert(fd != -1); + +- if (fd >= FD_SETSIZE) { +- warnx("svc_vc: makefd_xprt: fd too high\n"); +- xprt = NULL; +- goto done; +- } ++ assert(fd != -1); + + xprt = mem_alloc(sizeof(SVCXPRT)); + if (xprt == NULL) { +@@ -338,22 +332,10 @@ rendezvous_request(xprt, msg) + r = (struct cf_rendezvous *)xprt->xp_p1; + again: + len = sizeof addr; +- if ((sock = accept(xprt->xp_fd, (struct sockaddr *)(void *)&addr, +- &len)) < 0) { ++ sock = accept(xprt->xp_fd, (struct sockaddr *)(void *)&addr, &len); ++ if (sock < 0) { + if (errno == EINTR) + goto again; +- +- if (errno == EMFILE || errno == ENFILE) { +- /* If there are no file descriptors available, then accept will fail. +- We want to delay here so the connection request can be dequeued; +- otherwise we can bounce between polling and accepting, never +- giving the request a chance to dequeue and eating an enormous +- amount of cpu time in svc_run if we're polling on many file +- descriptors. */ +- struct timespec ts = { .tv_sec = 0, .tv_nsec = 50000000 }; +- nanosleep (&ts, NULL); +- goto again; +- } + return (FALSE); + } + /* +diff --git a/tirpc/rpc/des.h b/tirpc/rpc/des.h +index d2881ad..018aa48 100644 +--- a/tirpc/rpc/des.h ++++ b/tirpc/rpc/des.h +@@ -82,6 +82,6 @@ struct desparams { + /* + * Software DES. + */ +-extern int _des_crypt( char *, int, struct desparams * ); ++extern int _des_crypt( char *, unsigned, struct desparams * ); + + #endif +diff --git a/tirpc/rpc/rpcent.h b/tirpc/rpc/rpcent.h +index 147f909..e07503c 100644 +--- a/tirpc/rpc/rpcent.h ++++ b/tirpc/rpc/rpcent.h +@@ -60,10 +60,11 @@ struct rpcent { + extern struct rpcent *getrpcbyname(const char *); + extern struct rpcent *getrpcbynumber(int); + extern struct rpcent *getrpcent(void); +-#endif + + extern void setrpcent(int); + extern void endrpcent(void); ++#endif ++ + #ifdef __cplusplus + } + #endif diff --git a/libtirpc.spec b/libtirpc.spec index 6f54f80..9919e22 100644 --- a/libtirpc.spec +++ b/libtirpc.spec @@ -2,7 +2,7 @@ Name: libtirpc Version: 1.0.1 -Release: 2.rc2%{?dist} +Release: 3.rc3%{?dist} Summary: Transport Independent RPC Library Group: System Environment/Libraries License: SISSL and BSD @@ -10,7 +10,7 @@ URL: http://nfsv4.bullopensource.org/ BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) Source0: http://downloads.sourceforge.net/libtirpc/libtirpc-%{version}.tar.bz2 -Patch001: libtirpc-1.0.2-rc2.patch +Patch001: libtirpc-1.0.2-rc3.patch BuildRequires: automake, autoconf, libtool, pkgconfig BuildRequires: krb5-devel @@ -135,6 +135,9 @@ rm -rf %{buildroot} %{_mandir}/*/* %changelog +* Mon Apr 4 2016 Steve Dickson 1.0.1-3.rc3 +- Updated to latest upstream RC release: libtirpc-1-0-2-rc3 + * Thu Mar 3 2016 Steve Dickson 1.0.1-2.rc2 - Updated to latest upstream RC release: libtirpc-1-0-2-rc2