rpms
/
libtirpc
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Updated to the latest upstream release: 1.0.2 

Signed-off-by: Steve Dickson <steved@redhat.com>
This commit is contained in:
Steve Dickson 2017-07-05 14:27:13 -04:00
parent 9a5d1d2d14
commit 954393d4a4
11 changed files with 8 additions and 5043 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
.gitignore vendored
View File

@ -1,9 +1,5 @@
Makefile
cscope*
x86_64/
libtirpc-0.3.1
/libtirpc-0.3.1.tar.bz2
libtirpc-0.3.2
/libtirpc-0.3.2.tar.bz2
/libtirpc-1.0.1.tar.bz2
libtirpc-1.0.1
/libtirpc-1.0.2.tar.bz2
libtirpc-1.0.2

838
libtirpc-0.2.4-rc3.patch
View File

@ -1,838 +0,0 @@
diff -up libtirpc-0.2.3/autogen.sh.orig libtirpc-0.2.3/autogen.sh
--- libtirpc-0.2.3/autogen.sh.orig 2013-02-13 10:13:59.000000000 -0500
+++ libtirpc-0.2.3/autogen.sh 2013-11-25 15:26:11.377054660 -0500
@@ -37,6 +37,6 @@ fi
aclocal
libtoolize --force --copy
-autoheader
+#autoheader
automake --add-missing --copy --gnu # -Wall
autoconf # -Wall
diff -up libtirpc-0.2.3/configure.ac.orig libtirpc-0.2.3/configure.ac
--- libtirpc-0.2.3/configure.ac.orig 2013-02-13 10:13:59.000000000 -0500
+++ libtirpc-0.2.3/configure.ac 2013-11-25 15:26:11.378054666 -0500
@@ -1,19 +1,34 @@
AC_INIT(libtirpc, 0.2.3)
-AM_INIT_AUTOMAKE(libtirpc, 0.2.3)
+AM_INIT_AUTOMAKE
AM_MAINTAINER_MODE
AC_CONFIG_SRCDIR([src/auth_des.c])
AC_CONFIG_MACRO_DIR([m4])
AC_ARG_ENABLE(gss,[ --enable-gss Turn on gss api], [case "${enableval}" in
- yes) gss=true ; AC_CHECK_LIB([gssapi],[gss_init_sec_context]) ;;
+ yes) gss=true ;;
no) gss=false ;;
*) AC_MSG_ERROR(bad value ${enableval} for --enable-gss) ;;
esac],[gss=false])
AM_CONDITIONAL(GSS, test x$gss = xtrue)
+AC_ARG_WITH(gssglue,
+ [ --with-gssglue Use libgssglue],
+ [case "${enableval}" in
+ yes) gssglue=true ;;
+ no) gssglue=false ;;
+ *) AC_MSG_ERROR(bad value ${enableval} for --with-gssglue) ;;
+ esac],
+ [gssglue=false])
+AM_CONDITIONAL(USEGSSGLUE, test x$gssglue = xtrue)
if test x$gss = xtrue; then
- AC_DEFINE(HAVE_LIBGSSAPI, 1, [])
- PKG_CHECK_MODULES(GSSGLUE, libgssglue, [],
- AC_MSG_ERROR([Unable to locate information required to use libgssglue.]))
+ if test x$gssglue = xtrue; then
+ PKG_CHECK_MODULES(GSSAPI, libgssglue, [],
+ AC_MSG_ERROR([Unable to locate information required to use libgssglue.]))
+ else
+ GSSAPI_CFLAGS=`krb5-config --cflags gssapi`
+ GSSAPI_LIBS=`krb5-config --libs gssapi`
+ AC_SUBST([GSSAPI_CFLAGS])
+ AC_SUBST([GSSAPI_LIBS])
+ fi
fi
AC_ARG_ENABLE(ipv6,
[AC_HELP_STRING([--disable-ipv6], [Disable IPv6 support @<:@default=no@:>@])],
@@ -24,7 +39,7 @@ if test "x$enable_ipv6" != xno; then
fi
AC_PROG_CC
-AM_CONFIG_HEADER(config.h)
+m4_pattern_allow(AM_CONFIG_HEADERS(config.h))
AC_PROG_LIBTOOL
AC_HEADER_DIRENT
AC_PREFIX_DEFAULT(/usr)
diff -up libtirpc-0.2.3/INSTALL.orig libtirpc-0.2.3/INSTALL
--- libtirpc-0.2.3/INSTALL.orig 2013-02-13 10:13:59.000000000 -0500
+++ libtirpc-0.2.3/INSTALL 2013-06-17 05:16:35.000000000 -0400
@@ -1,35 +1,25 @@
-Copyright 1994, 1995, 1996, 1999, 2000, 2001, 2002 Free Software
-Foundation, Inc.
+Installation Instructions
+*************************
- This file is free documentation; the Free Software Foundation gives
-unlimited permission to copy, distribute and modify it.
-
-
-TI-RPC Library Quick Installation
-=================================
-
- Without GSS API
-
-$ ./configure
-$ make
-# make install
-
- To enable utilization of RPCSEC via GSS API use following commands
-but you need to install libgssapi from the CITI before
-
-$ ./configure --enable-gss
-$ make
-# make install
-
- Once installed, you can customize the /etc/netconfig configuration file
-to configure the supported protocols. To support INET6 udp/tcp, uncomment
-the udp6/tcp6 lines.
+Copyright (C) 1994-1996, 1999-2002, 2004-2013 Free Software Foundation,
+Inc.
+ Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved. This file is offered as-is,
+without warranty of any kind.
Basic Installation
==================
- These are generic installation instructions.
+ Briefly, the shell commands `./configure; make; make install' should
+configure, build, and install this package. The following
+more-detailed instructions are generic; see the `README' file for
+instructions specific to this package. Some packages provide this
+`INSTALL' file but do not implement all of the features documented
+below. The lack of an optional feature in a given package is not
+necessarily a bug. More recommendations for GNU packages can be found
+in *note Makefile Conventions: (standards)Makefile Conventions.
The `configure' shell script attempts to guess correct values for
various system-dependent variables used during compilation. It uses
@@ -42,9 +32,9 @@ debugging `configure').
It can also use an optional file (typically called `config.cache'
and enabled with `--cache-file=config.cache' or simply `-C') that saves
-the results of its tests to speed up reconfiguring. (Caching is
+the results of its tests to speed up reconfiguring. Caching is
disabled by default to prevent problems with accidental use of stale
-cache files.)
+cache files.
If you need to do unusual things to compile the package, please try
to figure out how `configure' could check whether to do them, and mail
@@ -54,30 +44,37 @@ some point `config.cache' contains resul
may remove or edit it.
The file `configure.ac' (or `configure.in') is used to create
-`configure' by a program called `autoconf'. You only need
-`configure.ac' if you want to change it or regenerate `configure' using
-a newer version of `autoconf'.
+`configure' by a program called `autoconf'. You need `configure.ac' if
+you want to change it or regenerate `configure' using a newer version
+of `autoconf'.
-The simplest way to compile this package is:
+ The simplest way to compile this package is:
1. `cd' to the directory containing the package's source code and type
- `./configure' to configure the package for your system. If you're
- using `csh' on an old version of System V, you might need to type
- `sh ./configure' instead to prevent `csh' from trying to execute
- `configure' itself.
+ `./configure' to configure the package for your system.
- Running `configure' takes awhile. While running, it prints some
- messages telling which features it is checking for.
+ Running `configure' might take a while. While running, it prints
+ some messages telling which features it is checking for.
2. Type `make' to compile the package.
3. Optionally, type `make check' to run any self-tests that come with
- the package.
+ the package, generally using the just-built uninstalled binaries.
4. Type `make install' to install the programs and any data files and
- documentation.
+ documentation. When installing into a prefix owned by root, it is
+ recommended that the package be configured and built as a regular
+ user, and only the `make install' phase executed with root
+ privileges.
+
+ 5. Optionally, type `make installcheck' to repeat any self-tests, but
+ this time using the binaries in their final installed location.
+ This target does not install anything. Running this target as a
+ regular user, particularly if the prior `make install' required
+ root privileges, verifies that the installation completed
+ correctly.
- 5. You can remove the program binaries and object files from the
+ 6. You can remove the program binaries and object files from the
source code directory by typing `make clean'. To also remove the
files that `configure' created (so you can compile the package for
a different kind of computer), type `make distclean'. There is
@@ -86,6 +83,16 @@ The simplest way to compile this package
all sorts of other programs in order to regenerate files that came
with the distribution.
+ 7. Often, you can also type `make uninstall' to remove the installed
+ files again. In practice, not all packages have tested that
+ uninstallation works correctly, even though it is required by the
+ GNU Coding Standards.
+
+ 8. Some packages, particularly those that use Automake, provide `make
+ distcheck', which can by used by developers to test that all other
+ targets like `make install' and `make uninstall' work correctly.
+ This target is generally not run by end users.
+
Compilers and Options
=====================
@@ -97,7 +104,7 @@ for details on some of the pertinent env
by setting variables in the command line or in the environment. Here
is an example:
- ./configure CC=c89 CFLAGS=-O2 LIBS=-lposix
+ ./configure CC=c99 CFLAGS=-g LIBS=-lposix
*Note Defining Variables::, for more details.
@@ -106,44 +113,89 @@ Compiling For Multiple Architectures
You can compile the package for more than one kind of computer at the
same time, by placing the object files for each architecture in their
-own directory. To do this, you must use a version of `make' that
-supports the `VPATH' variable, such as GNU `make'. `cd' to the
+own directory. To do this, you can use GNU `make'. `cd' to the
directory where you want the object files and executables to go and run
the `configure' script. `configure' automatically checks for the
-source code in the directory that `configure' is in and in `..'.
+source code in the directory that `configure' is in and in `..'. This
+is known as a "VPATH" build.
- If you have to use a `make' that does not support the `VPATH'
-variable, you have to compile the package for one architecture at a
-time in the source code directory. After you have installed the
-package for one architecture, use `make distclean' before reconfiguring
-for another architecture.
+ With a non-GNU `make', it is safer to compile the package for one
+architecture at a time in the source code directory. After you have
+installed the package for one architecture, use `make distclean' before
+reconfiguring for another architecture.
+
+ On MacOS X 10.5 and later systems, you can create libraries and
+executables that work on multiple system types--known as "fat" or
+"universal" binaries--by specifying multiple `-arch' options to the
+compiler but only a single `-arch' option to the preprocessor. Like
+this:
+
+ ./configure CC="gcc -arch i386 -arch x86_64 -arch ppc -arch ppc64" \
+ CXX="g++ -arch i386 -arch x86_64 -arch ppc -arch ppc64" \
+ CPP="gcc -E" CXXCPP="g++ -E"
+
+ This is not guaranteed to produce working output in all cases, you
+may have to build one architecture at a time and combine the results
+using the `lipo' tool if you have problems.
Installation Names
==================
- By default, `make install' will install the package's files in
-`/usr/local/bin', `/usr/local/man', etc. You can specify an
-installation prefix other than `/usr/local' by giving `configure' the
-option `--prefix=PATH'.
+ By default, `make install' installs the package's commands under
+`/usr/local/bin', include files under `/usr/local/include', etc. You
+can specify an installation prefix other than `/usr/local' by giving
+`configure' the option `--prefix=PREFIX', where PREFIX must be an
+absolute file name.
You can specify separate installation prefixes for
architecture-specific files and architecture-independent files. If you
-give `configure' the option `--exec-prefix=PATH', the package will use
-PATH as the prefix for installing programs and libraries.
-Documentation and other data files will still use the regular prefix.
+pass the option `--exec-prefix=PREFIX' to `configure', the package uses
+PREFIX as the prefix for installing programs and libraries.
+Documentation and other data files still use the regular prefix.
In addition, if you use an unusual directory layout you can give
-options like `--bindir=PATH' to specify different values for particular
+options like `--bindir=DIR' to specify different values for particular
kinds of files. Run `configure --help' for a list of the directories
-you can set and what kinds of files go in them.
+you can set and what kinds of files go in them. In general, the
+default for these options is expressed in terms of `${prefix}', so that
+specifying just `--prefix' will affect all of the other directory
+specifications that were not explicitly provided.
+
+ The most portable way to affect installation locations is to pass the
+correct locations to `configure'; however, many packages provide one or
+both of the following shortcuts of passing variable assignments to the
+`make install' command line to change installation locations without
+having to reconfigure or recompile.
+
+ The first method involves providing an override variable for each
+affected directory. For example, `make install
+prefix=/alternate/directory' will choose an alternate location for all
+directory configuration variables that were expressed in terms of
+`${prefix}'. Any directories that were specified during `configure',
+but not in terms of `${prefix}', must each be overridden at install
+time for the entire installation to be relocated. The approach of
+makefile variable overrides for each directory variable is required by
+the GNU Coding Standards, and ideally causes no recompilation.
+However, some platforms have known limitations with the semantics of
+shared libraries that end up requiring recompilation when using this
+method, particularly noticeable in packages that use GNU Libtool.
+
+ The second method involves providing the `DESTDIR' variable. For
+example, `make install DESTDIR=/alternate/directory' will prepend
+`/alternate/directory' before all installation names. The approach of
+`DESTDIR' overrides is not required by the GNU Coding Standards, and
+does not work on platforms that have drive letters. On the other hand,
+it does better at avoiding recompilation issues, and works well even
+when some directory options were not specified in terms of `${prefix}'
+at `configure' time.
+
+Optional Features
+=================
If the package supports it, you can cause programs to be installed
with an extra prefix or suffix on their names by giving `configure' the
option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'.
-Optional Features
-=================
-
Some packages pay attention to `--enable-FEATURE' options to
`configure', where FEATURE indicates an optional part of the package.
They may also pay attention to `--with-PACKAGE' options, where PACKAGE
@@ -156,6 +208,50 @@ find the X include and library files aut
you can use the `configure' options `--x-includes=DIR' and
`--x-libraries=DIR' to specify their locations.
+ Some packages offer the ability to configure how verbose the
+execution of `make' will be. For these packages, running `./configure
+--enable-silent-rules' sets the default to minimal output, which can be
+overridden with `make V=1'; while running `./configure
+--disable-silent-rules' sets the default to verbose, which can be
+overridden with `make V=0'.
+
+Particular systems
+==================
+
+ On HP-UX, the default C compiler is not ANSI C compatible. If GNU
+CC is not installed, it is recommended to use the following options in
+order to use an ANSI C compiler:
+
+ ./configure CC="cc -Ae -D_XOPEN_SOURCE=500"
+
+and if that doesn't work, install pre-built binaries of GCC for HP-UX.
+
+ HP-UX `make' updates targets which have the same time stamps as
+their prerequisites, which makes it generally unusable when shipped
+generated files such as `configure' are involved. Use GNU `make'
+instead.
+
+ On OSF/1 a.k.a. Tru64, some versions of the default C compiler cannot
+parse its `<wchar.h>' header file. The option `-nodtk' can be used as
+a workaround. If GNU CC is not installed, it is therefore recommended
+to try
+
+ ./configure CC="cc"
+
+and if that doesn't work, try
+
+ ./configure CC="cc -nodtk"
+
+ On Solaris, don't put `/usr/ucb' early in your `PATH'. This
+directory contains several dysfunctional programs; working variants of
+these programs are available in `/usr/bin'. So, if you need `/usr/ucb'
+in your `PATH', put it _after_ `/usr/bin'.
+
+ On Haiku, software installed for all users goes in `/boot/common',
+not `/usr/local'. It is recommended to use the following options:
+
+ ./configure --prefix=/boot/common
+
Specifying the System Type
==========================
@@ -171,14 +267,15 @@ type, such as `sun4', or a canonical nam
where SYSTEM can have one of these forms:
- OS KERNEL-OS
+ OS
+ KERNEL-OS
See the file `config.sub' for the possible values of each field. If
`config.sub' isn't included in this package, then this package doesn't
need to know the machine type.
If you are _building_ compiler tools for cross-compiling, you should
-use the `--target=TYPE' option to select the type of system they will
+use the option `--target=TYPE' to select the type of system they will
produce code for.
If you want to _use_ a cross compiler, that generates code for a
@@ -208,9 +305,15 @@ them in the `configure' command line, us
./configure CC=/usr/local2/bin/gcc
-will cause the specified gcc to be used as the C compiler (unless it is
+causes the specified `gcc' to be used as the C compiler (unless it is
overridden in the site shell script).
+Unfortunately, this technique does not work for `CONFIG_SHELL' due to
+an Autoconf limitation. Until the limitation is lifted, you can use
+this workaround:
+
+ CONFIG_SHELL=/bin/bash ./configure CONFIG_SHELL=/bin/bash
+
`configure' Invocation
======================
@@ -219,7 +322,14 @@ operates.
`--help'
`-h'
- Print a summary of the options to `configure', and exit.
+ Print a summary of all of the options to `configure', and exit.
+
+`--help=short'
+`--help=recursive'
+ Print a summary of the options unique to this package's
+ `configure', and exit. The `short' variant lists options used
+ only in the top level, while the `recursive' variant lists options
+ also present in any nested packages.
`--version'
`-V'
@@ -246,6 +356,15 @@ operates.
Look for the package's source code in directory DIR. Usually
`configure' can determine that directory automatically.
+`--prefix=DIR'
+ Use DIR as the installation prefix. *note Installation Names::
+ for more details, including other options available for fine-tuning
+ the installation locations.
+
+`--no-create'
+`-n'
+ Run the configure checks, but stop before creating any output
+ files.
+
`configure' also accepts some other, not widely useful, options. Run
`configure --help' for more details.
-
diff -up libtirpc-0.2.3/src/auth_gss.c.orig libtirpc-0.2.3/src/auth_gss.c
--- libtirpc-0.2.3/src/auth_gss.c.orig 2013-02-13 10:13:59.000000000 -0500
+++ libtirpc-0.2.3/src/auth_gss.c 2013-11-25 15:26:11.378054666 -0500
@@ -269,6 +269,7 @@ authgss_get_private_data(AUTH *auth, str
* send an RPCSEC_GSS_DESTROY request which might inappropriately
* destroy the context.
*/
+ gd->ctx = GSS_C_NO_CONTEXT;
gd->gc.gc_ctx.length = 0;
gd->gc.gc_ctx.value = NULL;
@@ -284,7 +285,8 @@ authgss_free_private_data(struct authgss
if (!pd)
return (FALSE);
- pd->pd_ctx = NULL;
+ if (pd->pd_ctx != GSS_C_NO_CONTEXT)
+ gss_delete_sec_context(&min_stat, &pd->pd_ctx, NULL);
gss_release_buffer(&min_stat, &pd->pd_ctx_hndl);
memset(&pd->pd_ctx_hndl, 0, sizeof(pd->pd_ctx_hndl));
pd->pd_seq_win = 0;
diff -up libtirpc-0.2.3/src/bindresvport.c.orig libtirpc-0.2.3/src/bindresvport.c
--- libtirpc-0.2.3/src/bindresvport.c.orig 2013-02-13 10:13:59.000000000 -0500
+++ libtirpc-0.2.3/src/bindresvport.c 2013-11-25 15:26:11.378054666 -0500
@@ -46,6 +46,9 @@
#include <rpc/rpc.h>
#include <string.h>
+#include <reentrant.h>
+
+extern pthread_mutex_t port_lock;
/*
* Bind a socket to a privileged IP port
@@ -80,16 +83,21 @@ bindresvport_sa(sd, sa)
static u_int16_t port;
static short startport = STARTPORT;
socklen_t salen;
- int nports = ENDPORT - startport + 1;
+ int nports;
int endport = ENDPORT;
int i;
+ mutex_lock(&port_lock);
+ nports = ENDPORT - startport + 1;
+
if (sa == NULL) {
salen = sizeof(myaddr);
sa = (struct sockaddr *)&myaddr;
- if (getsockname(sd, (struct sockaddr *)&myaddr, &salen) == -1)
- return -1; /* errno is correctly set */
+ if (getsockname(sd, (struct sockaddr *)&myaddr, &salen) == -1) {
+ mutex_unlock(&port_lock);
+ return -1; /* errno is correctly set */
+ }
af = myaddr.ss_family;
} else
@@ -112,6 +120,7 @@ bindresvport_sa(sd, sa)
#endif
default:
errno = EPFNOSUPPORT;
+ mutex_unlock(&port_lock);
return (-1);
}
sa->sa_family = af;
@@ -137,6 +146,8 @@ bindresvport_sa(sd, sa)
port = LOWPORT + port % (STARTPORT - LOWPORT);
goto again;
}
+ mutex_unlock(&port_lock);
+
return (res);
}
#else
diff -up libtirpc-0.2.3/src/clnt_vc.c.orig libtirpc-0.2.3/src/clnt_vc.c
--- libtirpc-0.2.3/src/clnt_vc.c.orig 2013-02-13 10:13:59.000000000 -0500
+++ libtirpc-0.2.3/src/clnt_vc.c 2013-11-25 15:26:11.378054666 -0500
@@ -133,6 +133,7 @@ struct ct_data {
* should be the first thing fixed. One step at a time.
*/
static int *vc_fd_locks;
+extern pthread_mutex_t disrupt_lock;
extern mutex_t clnt_fd_lock;
static cond_t *vc_cv;
#define release_fd_lock(fd, mask) { \
@@ -179,8 +180,10 @@ clnt_vc_create(fd, raddr, prog, vers, se
socklen_t slen;
struct __rpc_sockinfo si;
+ mutex_lock(&disrupt_lock);
if (disrupt == 0)
disrupt = (u_int32_t)(long)raddr;
+ mutex_unlock(&disrupt_lock);
cl = (CLIENT *)mem_alloc(sizeof (*cl));
ct = (struct ct_data *)mem_alloc(sizeof (*ct));
@@ -270,7 +273,9 @@ clnt_vc_create(fd, raddr, prog, vers, se
* Initialize call message
*/
(void)gettimeofday(&now, NULL);
+ mutex_lock(&disrupt_lock);
call_msg.rm_xid = ((u_int32_t)++disrupt) ^ __RPC_GETXID(&now);
+ mutex_unlock(&disrupt_lock);
call_msg.rm_direction = CALL;
call_msg.rm_call.cb_rpcvers = RPC_MSG_VERSION;
call_msg.rm_call.cb_prog = (u_int32_t)prog;
@@ -505,7 +510,7 @@ clnt_vc_control(cl, request, info)
sigset_t newmask;
int rpc_lock_value;
u_int32_t tmp;
- u_long ltmp;
+ u_int32_t ltmp;
assert(cl != NULL);
diff -up libtirpc-0.2.3/src/getnetconfig.c.orig libtirpc-0.2.3/src/getnetconfig.c
--- libtirpc-0.2.3/src/getnetconfig.c.orig 2013-02-13 10:13:59.000000000 -0500
+++ libtirpc-0.2.3/src/getnetconfig.c 2013-11-25 15:26:11.379054666 -0500
@@ -120,6 +120,7 @@ static struct netconfig *dup_ncp(struct
static FILE *nc_file; /* for netconfig db */
static struct netconfig_info ni = { 0, 0, NULL, NULL};
+extern pthread_mutex_t nc_db_lock;
#define MAXNETCONFIGLINE 1000
@@ -146,7 +147,8 @@ __nc_error()
return (&nc_error);
}
if ((nc_addr = (int *)thr_getspecific(nc_key)) == NULL) {
- nc_addr = (int *)malloc(sizeof (int));
+ if((nc_addr = (int *)malloc(sizeof (int))) == NULL)
+ return (&nc_error);
if (thr_setspecific(nc_key, (void *) nc_addr) != 0) {
if (nc_addr)
free(nc_addr);
@@ -191,14 +193,17 @@ setnetconfig()
* For multiple calls, i.e. nc_file is not NULL, we just return the
* handle without reopening the netconfig db.
*/
+ mutex_lock(&nc_db_lock);
ni.ref++;
if ((nc_file != NULL) || (nc_file = fopen(NETCONFIG, "r")) != NULL) {
nc_vars->valid = NC_VALID;
nc_vars->flag = 0;
nc_vars->nc_configs = ni.head;
+ mutex_unlock(&nc_db_lock);
return ((void *)nc_vars);
}
ni.ref--;
+ mutex_unlock(&nc_db_lock);
nc_error = NC_NONETCONFIG;
free(nc_vars);
return (NULL);
@@ -221,12 +226,15 @@ void *handlep;
char *stringp; /* tmp string pointer */
struct netconfig_list *list;
struct netconfig *np;
+ struct netconfig *result;
/*
* Verify that handle is valid
*/
+ mutex_lock(&nc_db_lock);
if (ncp == NULL || nc_file == NULL) {
nc_error = NC_NOTINIT;
+ mutex_unlock(&nc_db_lock);
return (NULL);
}
@@ -243,11 +251,14 @@ void *handlep;
if (ncp->flag == 0) { /* first time */
ncp->flag = 1;
ncp->nc_configs = ni.head;
- if (ncp->nc_configs != NULL) /* entry already exist */
+ if (ncp->nc_configs != NULL) /* entry already exist */ {
+ mutex_unlock(&nc_db_lock);
return(ncp->nc_configs->ncp);
+ }
}
else if (ncp->nc_configs != NULL && ncp->nc_configs->next != NULL) {
ncp->nc_configs = ncp->nc_configs->next;
+ mutex_unlock(&nc_db_lock);
return(ncp->nc_configs->ncp);
}
@@ -255,16 +266,22 @@ void *handlep;
* If we cannot find the entry in the list and is end of file,
* we give up.
*/
- if (ni.eof == 1) return(NULL);
+ if (ni.eof == 1) {
+ mutex_unlock(&nc_db_lock);
+ return(NULL);
+ }
break;
default:
nc_error = NC_NOTINIT;
+ mutex_unlock(&nc_db_lock);
return (NULL);
}
stringp = (char *) malloc(MAXNETCONFIGLINE);
- if (stringp == NULL)
- return (NULL);
+ if (stringp == NULL) {
+ mutex_unlock(&nc_db_lock);
+ return (NULL);
+ }
#ifdef MEM_CHK
if (malloc_verify() == 0) {
@@ -280,6 +297,7 @@ void *handlep;
if (fgets(stringp, MAXNETCONFIGLINE, nc_file) == NULL) {
free(stringp);
ni.eof = 1;
+ mutex_unlock(&nc_db_lock);
return (NULL);
}
} while (*stringp == '#');
@@ -287,12 +305,14 @@ void *handlep;
list = (struct netconfig_list *) malloc(sizeof (struct netconfig_list));
if (list == NULL) {
free(stringp);
+ mutex_unlock(&nc_db_lock);
return(NULL);
}
np = (struct netconfig *) malloc(sizeof (struct netconfig));
if (np == NULL) {
free(stringp);
- free(list);
+ free(list);
+ mutex_unlock(&nc_db_lock);
return(NULL);
}
list->ncp = np;
@@ -303,6 +323,7 @@ void *handlep;
free(stringp);
free(np);
free(list);
+ mutex_unlock(&nc_db_lock);
return (NULL);
}
else {
@@ -320,7 +341,9 @@ void *handlep;
ni.tail = ni.tail->next;
}
ncp->nc_configs = ni.tail;
- return(ni.tail->ncp);
+ result = ni.tail->ncp;
+ mutex_unlock(&nc_db_lock);
+ return result;
}
}
@@ -354,8 +377,10 @@ void *handlep;
nc_handlep->valid = NC_INVALID;
nc_handlep->flag = 0;
nc_handlep->nc_configs = NULL;
+ mutex_lock(&nc_db_lock);
if (--ni.ref > 0) {
- free(nc_handlep);
+ mutex_unlock(&nc_db_lock);
+ free(nc_handlep);
return(0);
}
@@ -376,9 +401,11 @@ void *handlep;
q = p;
}
free(nc_handlep);
-
- fclose(nc_file);
+ if(nc_file != NULL) {
+ fclose(nc_file);
+ }
nc_file = NULL;
+ mutex_unlock(&nc_db_lock);
return (0);
}
@@ -426,16 +453,21 @@ getnetconfigent(netid)
* If all the netconfig db has been read and placed into the list and
* there is no match for the netid, return NULL.
*/
+ mutex_lock(&nc_db_lock);
if (ni.head != NULL) {
for (list = ni.head; list; list = list->next) {
if (strcmp(list->ncp->nc_netid, netid) == 0) {
- return(dup_ncp(list->ncp));
+ ncp = dup_ncp(list->ncp);
+ mutex_unlock(&nc_db_lock);
+ return ncp;
}
}
- if (ni.eof == 1) /* that's all the entries */
- return(NULL);
+ if (ni.eof == 1) { /* that's all the entries */
+ mutex_unlock(&nc_db_lock);
+ return(NULL);
+ }
}
-
+ mutex_unlock(&nc_db_lock);
if ((file = fopen(NETCONFIG, "r")) == NULL) {
nc_error = NC_NONETCONFIG;
diff -up libtirpc-0.2.3/src/Makefile.am.orig libtirpc-0.2.3/src/Makefile.am
--- libtirpc-0.2.3/src/Makefile.am.orig 2013-02-13 10:13:59.000000000 -0500
+++ libtirpc-0.2.3/src/Makefile.am 2013-11-25 15:26:11.378054666 -0500
@@ -6,7 +6,7 @@
## anything like that.
-INCLUDES = -I$(top_srcdir)/tirpc -DPORTMAP -DINET6 -DVERSION="\"$(VERSION)\"" \
+AM_CPPFLAGS = -I$(top_srcdir)/tirpc -DPORTMAP -DINET6 \
-D_GNU_SOURCE -Wall -pipe
lib_LTLIBRARIES = libtirpc.la
@@ -58,8 +58,8 @@ libtirpc_la_SOURCES += xdr.c xdr_rec.c x
## Secure-RPC
if GSS
libtirpc_la_SOURCES += auth_gss.c authgss_prot.c svc_auth_gss.c
- libtirpc_la_LDFLAGS += $(GSSGLUE_LIBS)
- libtirpc_la_CFLAGS = -DHAVE_RPCSEC_GSS $(GSSGLUE_CFLAGS)
+ libtirpc_la_LDFLAGS += $(GSSAPI_LIBS)
+ libtirpc_la_CFLAGS = -DHAVE_RPCSEC_GSS $(GSSAPI_CFLAGS)
endif
## libtirpc_a_SOURCES += key_call.c key_prot_xdr.c getpublickey.c
diff -up libtirpc-0.2.3/src/mt_misc.c.orig libtirpc-0.2.3/src/mt_misc.c
--- libtirpc-0.2.3/src/mt_misc.c.orig 2013-02-13 10:13:59.000000000 -0500
+++ libtirpc-0.2.3/src/mt_misc.c 2013-11-25 15:26:11.379054666 -0500
@@ -91,6 +91,15 @@ pthread_mutex_t xprtlist_lock = PTHREAD_
/* serializes calls to public key routines */
pthread_mutex_t serialize_pkey = PTHREAD_MUTEX_INITIALIZER;
+/* protects global variables ni and nc_file (getnetconfig.c) */
+pthread_mutex_t nc_db_lock = PTHREAD_MUTEX_INITIALIZER;
+
+/* protects static port and startport (bindresvport.c) */
+pthread_mutex_t port_lock = PTHREAD_MUTEX_INITIALIZER;
+
+/* protects static disrupt (clnt_vc.c) */
+pthread_mutex_t disrupt_lock = PTHREAD_MUTEX_INITIALIZER;
+
#undef rpc_createerr
struct rpc_createerr rpc_createerr;
diff -up libtirpc-0.2.3/src/svc_dg.c.orig libtirpc-0.2.3/src/svc_dg.c
--- libtirpc-0.2.3/src/svc_dg.c.orig 2013-02-13 10:13:59.000000000 -0500
+++ libtirpc-0.2.3/src/svc_dg.c 2013-11-25 15:26:11.379054666 -0500
@@ -284,7 +284,6 @@ svc_dg_getargs(xprt, xdr_args, args_ptr)
{
if (! SVCAUTH_UNWRAP(xprt->xp_auth, &(su_data(xprt)->su_xdrs),
xdr_args, args_ptr)) {
- (void)svc_freeargs(xprt, xdr_args, args_ptr);
return FALSE;
}
return TRUE;
diff -up libtirpc-0.2.3/tirpc/rpc/auth.h.orig libtirpc-0.2.3/tirpc/rpc/auth.h
--- libtirpc-0.2.3/tirpc/rpc/auth.h.orig 2013-02-13 10:13:59.000000000 -0500
+++ libtirpc-0.2.3/tirpc/rpc/auth.h 2013-11-25 15:26:11.380054663 -0500
@@ -51,7 +51,6 @@
#include <sys/cdefs.h>
#include <sys/socket.h>
#include <sys/types.h>
-#include <stdio.h>
#define MAX_AUTH_BYTES 400
@@ -249,19 +248,11 @@ auth_put(AUTH *auth)
#define auth_refresh(auth, msg) \
((*((auth)->ah_ops->ah_refresh))(auth, msg))
-#if defined(__GNUC__) && defined(DEBUG)
-#define auth_log_debug(fmt,args...) printf(stderr, fmt, args)
-#else
-#define auth_log_debug(fmt,args...)
-#endif
-
#define AUTH_DESTROY(auth) \
do { \
int refs; \
if ((refs = auth_put((auth))) == 0) \
((*((auth)->ah_ops->ah_destroy))(auth));\
- auth_log_debug("%s: auth_put(), refs %d\n", \
- __func__, refs); \
} while (0)
#define auth_destroy(auth) \
@@ -269,8 +260,6 @@ auth_put(AUTH *auth)
int refs; \
if ((refs = auth_put((auth))) == 0) \
((*((auth)->ah_ops->ah_destroy))(auth));\
- auth_log_debug("%s: auth_put(), refs %d\n", \
- __func__, refs); \
} while (0)
#define AUTH_WRAP(auth, xdrs, xfunc, xwhere) \

157
libtirpc-0.3.3-rc1.patch
View File

@ -1,157 +0,0 @@
diff --git a/src/Makefile.am b/src/Makefile.am
index 6cc567a..18b1cec 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -41,7 +41,7 @@ lib_LTLIBRARIES = libtirpc.la
# release number of your package. This is an abuse that only fosters
# misunderstanding of the purpose of library versions."
#
-libtirpc_la_LDFLAGS = -lpthread -version-info 1:10:0
+libtirpc_la_LDFLAGS = -Wl,-no-undefined -lpthread -version-info 1:10:0
libtirpc_la_SOURCES = auth_none.c auth_unix.c authunix_prot.c bindresvport.c clnt_bcast.c \
clnt_dg.c clnt_generic.c clnt_perror.c clnt_raw.c clnt_simple.c \
@@ -69,7 +69,7 @@ if GSS
endif
libtirpc_la_SOURCES += key_call.c key_prot_xdr.c getpublickey.c
-libtirpc_la_SOURCES += netname.c netnamer.c rtime.c
+libtirpc_la_SOURCES += netname.c netnamer.c rpcdname.c rtime.c
CLEANFILES = cscope.* *~
DISTCLEANFILES = Makefile.in
diff --git a/src/libtirpc.map b/src/libtirpc.map
index 063cddd..449b769 100644
--- a/src/libtirpc.map
+++ b/src/libtirpc.map
@@ -316,6 +316,13 @@ TIRPC_0.3.2 {
xdr_unixcred;
} TIRPC_0.3.1;
+TIRPC_0.3.3 {
+ __getpublickey_LOCAL;
+ __key_decryptsession_pk_LOCAL;
+ __key_encryptsession_pk_LOCAL;
+ __key_gendes_LOCAL;
+} TIRPC_0.3.2;
+
TIRPC_PRIVATE {
global:
__libc_clntudp_bufcreate;
diff --git a/src/rpcdname.c b/src/rpcdname.c
new file mode 100644
index 0000000..3e6a988
--- /dev/null
+++ b/src/rpcdname.c
@@ -0,0 +1,72 @@
+/*
+ * Copyright (c) 2009, Sun Microsystems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * - Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ * - Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ * - Neither the name of Sun Microsystems, Inc. nor the names of its
+ * contributors may be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * rpcdname.c
+ * Gets the default domain name
+ */
+
+#include <stdlib.h>
+#include <unistd.h>
+#include <string.h>
+
+static char *default_domain = 0;
+
+static char *
+get_default_domain()
+{
+ char temp[256];
+
+ if (default_domain)
+ return (default_domain);
+ if (getdomainname(temp, sizeof(temp)) < 0)
+ return (0);
+ if ((int) strlen(temp) > 0) {
+ default_domain = (char *)malloc((strlen(temp)+(unsigned)1));
+ if (default_domain == 0)
+ return (0);
+ (void) strcpy(default_domain, temp);
+ return (default_domain);
+ }
+ return (0);
+}
+
+/*
+ * This is a wrapper for the system call getdomainname which returns a
+ * ypclnt.h error code in the failure case. It also checks to see that
+ * the domain name is non-null, knowing that the null string is going to
+ * get rejected elsewhere in the NIS client package.
+ */
+int
+__rpc_get_default_domain(domain)
+ char **domain;
+{
+ if ((*domain = get_default_domain()) != 0)
+ return (0);
+ return (-1);
+}
diff --git a/src/svc_generic.c b/src/svc_generic.c
index f49d776..7aae796 100644
--- a/src/svc_generic.c
+++ b/src/svc_generic.c
@@ -283,6 +283,8 @@ svc_tli_create(fd, nconf, bindaddr, sendsz, recvsz)
xprt->xp_type = __rpc_socktype2seman(si.si_socktype);
if (nconf) {
+ if (xprt->xp_netid != NULL)
+ free(xprt->xp_netid);
xprt->xp_netid = strdup(nconf->nc_netid);
xprt->xp_tp = strdup(nconf->nc_device);
}
diff --git a/src/svc_vc.c b/src/svc_vc.c
index 9824631..6848c09 100644
--- a/src/svc_vc.c
+++ b/src/svc_vc.c
@@ -392,6 +392,12 @@ svc_vc_destroy(xprt)
__svc_vc_dodestroy(xprt);
}
+static bool_t
+__svc_rendezvous_socket(xprt)
+ SVCXPRT *xprt;
+{
+ return (xprt->xp_ops->xp_recv == rendezvous_request);
+}
static void
__svc_vc_dodestroy(xprt)
SVCXPRT *xprt;
@@ -403,7 +409,7 @@ __svc_vc_dodestroy(xprt)
if (xprt->xp_fd != RPC_ANYFD)
(void)close(xprt->xp_fd);
- if (xprt->xp_port != 0) {
+ if (__svc_rendezvous_socket(xprt)) {
/* a rendezvouser socket */
r = (struct cf_rendezvous *)xprt->xp_p1;
mem_free(r, sizeof (struct cf_rendezvous));

837
libtirpc-0.3.3-rc2.patch
View File

@ -1,837 +0,0 @@
diff --git a/configure.ac b/configure.ac
index 99a0d33..06f2fca 100644
--- a/configure.ac
+++ b/configure.ac
@@ -5,6 +5,33 @@ AC_CONFIG_SRCDIR([src/auth_des.c])
AC_CONFIG_MACRO_DIR([m4])
AC_PROG_CC
+# LT_VERSION_INFO="current:revision:age"
+#
+# From the libtool manual:
+#
+# 1. Start with version information of 0:0:0 for each libtool library.
+# 2. Update the version information only immediately before a public
+# release of your software. More frequent updates are unnecessary,
+# and only guarantee that the current interface number gets larger faster.
+# 3. If the library source code has changed at all since the last update,
+# then increment revision (c:r:a becomes c:r+1:a).
+# 4. If any interfaces have been added, removed, or changed since the last
+# update, increment current, and set revision to 0.
+# 5. If any interfaces have been added since the last public release,
+# then increment age.
+# 6. If any interfaces have been removed since the last public release,
+# then set age to 0.
+#
+# _Never_ try to set the interface numbers so that they correspond to the
+# release number of your package. This is an abuse that only fosters
+# misunderstanding of the purpose of library versions.
+#
+# In addition to these rules, symbol versioning is now in effect. soname
+# changes should be avoided.
+#
+LT_VERSION_INFO="2:0:1"
+AC_SUBST([LT_VERSION_INFO])
+
AC_CHECK_HEADER([gssapi/gssapi.h], [HAVE_GSSAPI_H=yes], [HAVE_GSSAPI_H=no])
AC_ARG_ENABLE(gssapi,
diff --git a/man/rpc_gss_get_mech_info.3t b/man/rpc_gss_get_mech_info.3t
index 1f3ba04..44f0df3 100644
--- a/man/rpc_gss_get_mech_info.3t
+++ b/man/rpc_gss_get_mech_info.3t
@@ -29,28 +29,33 @@
.Os
.Sh NAME
.Nm rpc_gss_get_mech_info
-.Nd "Get extra information about a security mechanism"
+.Nd "Get Quality of Protection information for a security mechanism"
.Sh SYNOPSIS
.In rpc/rpcsec_gss.h
.Ft const char **
.Fn rpc_gss_get_mech_info "const char *mech" "rpc_gss_service_t *service"
.Sh DESCRIPTION
-This function looks up a mechanism by name by reading the file
-/etc/gss/mech and queries it for its capabilities.
+This function returns the list of QOP names supported by the
+GSS_API mechanism named "mech".
.Sh PARAMETERS
.Bl -tag -width ".It service"
.It mech
-The mechanism to search for
+The name of a GSS_API mechanism.
+"kerberos_v5" is currently the only supported mechanism.
.It service
-If the mechanism is found, the maximum supported service type is
-returned in
-.Fa *service
+Buffer in which maximum service type is planted
.El
.Sh RETURN VALUES
-If the mechanism is found,
-a list of the supported qualities of protection is returned,
-otherwise
-.Dv NULL .
+If the named GSS_API mechanism is recognized,
+a list of the supported Qualities of Protection is returned.
+The maximum supported service type for the mechanism is returned in
+.Fa *service .
+Otherwise
+.Dv NULL
+is returned.
+.Pp
+Note: The returned QOP list is statically allocated memory.
+The caller must not free this array.
.Sh AVAILABILITY
The
.Fn rpc_gss_get_mech_info
diff --git a/man/rpc_gss_getcred.3t b/man/rpc_gss_getcred.3t
index 8589f08..691df31 100644
--- a/man/rpc_gss_getcred.3t
+++ b/man/rpc_gss_getcred.3t
@@ -51,7 +51,6 @@ If non-null,
.Fa *rcred
is set to point at the raw credentials for this request
.It ucred
-.It rcred
If non-null,
.Fa *ucred
is set to point at the corresponding unix credentials
diff --git a/man/rpc_gss_is_installed.3t b/man/rpc_gss_is_installed.3t
index 274a1f0..d5f5e44 100644
--- a/man/rpc_gss_is_installed.3t
+++ b/man/rpc_gss_is_installed.3t
@@ -29,23 +29,24 @@
.Os
.Sh NAME
.Nm rpc_gss_is_installed
-.Nd "Query for the presence os a security mechanism"
+.Nd "Query for the presence of a security mechanism"
.Sh SYNOPSIS
.In rpc/rpcsec_gss.h
.Ft bool_t
.Fn rpc_gss_is_installed "const char *mech"
.Sh DESCRIPTION
-This function looks up a mechanism by name by reading the file
-/etc/gss/mech.
+This function indicates whether the GSS_API mechanism named "mech"
+is installed and enabled.
.Sh PARAMETERS
.Bl -tag -width ".It mech"
.It mech
-The mechanism to search for
+The name of a GSS_API mechanism.
+"kerberos_v5" is currently the only supported mechanism.
.El
.Sh RETURN VALUES
Returns
.Dv TRUE
-if the mechanism is installed,
+if the named GSS_API mechanism is installed and enabled,
.Dv FALSE
otherwise.
.Sh AVAILABILITY
diff --git a/man/rpc_gss_mech_to_oid.3t b/man/rpc_gss_mech_to_oid.3t
index 8bbe616..4a1b25d 100644
--- a/man/rpc_gss_mech_to_oid.3t
+++ b/man/rpc_gss_mech_to_oid.3t
@@ -35,22 +35,27 @@
.Ft bool_t
.Fn rpc_gss_mech_to_oid "const char *mech" "gss_OID *oid_ret"
.Sh DESCRIPTION
-This function looks up a mechanism by name by reading the file
-/etc/gss/mech.
+This function returns the GSS OID associated with the GSS_API
+mechanism "mech".
.Sh PARAMETERS
.Bl -tag -width ".It oid_ret"
.It mech
-The mechanism name to search for
+The name of a GSS_API mechanism.
+"kerberos_v5" is currently the only supported mechanism.
.It oid_ret
-If the mechanism is found, the corresponding GSS-API oid is returned
-in
-.Fa *oid_ret
+Buffer in which to place the returned OID
.El
.Sh RETURN VALUES
-If the mechanism is found,
+If the GSS_API mechanism name is recognized,
.Dv TRUE
-is returned, otherwise
-.Dv FALSE .
+is returned.
+The corresponding GSS-API oid is returned in
+.Fa *oid_ret .
+Otherwise
+.Dv FALSE
+is returned and
+.Fa *oid_ret
+is left untouched.
.Sh AVAILABILITY
The
.Fn rpc_gss_mech_to_oid
diff --git a/man/rpc_gss_qop_to_num.3t b/man/rpc_gss_qop_to_num.3t
index 3968216..7ac1a4c 100644
--- a/man/rpc_gss_qop_to_num.3t
+++ b/man/rpc_gss_qop_to_num.3t
@@ -29,30 +29,37 @@
.Os
.Sh NAME
.Nm rpc_gss_qop_to_num
-.Nd "Convert a quality of protection name to number"
+.Nd "Convert a Quality of Protection name to number"
.Sh SYNOPSIS
.In rpc/rpcsec_gss.h
.Ft bool_t
.Fn rpc_gss_qop_to_num "const char *qop" "const char *mech" "u_int *num_ret"
.Sh DESCRIPTION
-This function looks up a quality of protection by name by reading the file
-/etc/gss/qop.
+This function returns the numeric QOP value associated with the
+GSS_API QOP "qop" and mechanism "mech."
.Sh PARAMETERS
.Bl -tag -width ".It number_ret"
.It qop
-The quality of protection to search for
+The name of Quality of Protection associated with the
+GSS_API mechanism "mech".
+"GSS_C_QOP_DEFAULT" is currently the only supported QOP.
.It mech
-The mechanism name to search for
+The name of a GSS_API mechanism.
+"kerberos_v5" is currently the only supported mechanism.
.It number_ret
-If the quality of protection is found, the corresponding number is
-returned in
-.Fa *num_ret
+Buffer in which to place the returned QOP number
.El
.Sh RETURN VALUES
-If the value is found,
+If the QOP and mechanism names are recognized,
.Dv TRUE
-is returned, otherwise
-.Dv FALSE .
+is returned.
+The corresponding QOP number is returned in
+.Fa *num_ret .
+Otherwise
+.Dv FALSE
+is returned and
+.It number_ret
+is left untouched.
.Sh AVAILABILITY
The
.Fn rpc_gss_qop_to_num
diff --git a/man/rpc_gss_seccreate.3t b/man/rpc_gss_seccreate.3t
index 9f526a6..b52df19 100644
--- a/man/rpc_gss_seccreate.3t
+++ b/man/rpc_gss_seccreate.3t
@@ -55,9 +55,8 @@ For instance, a principal such as
.Qq nfs@server.example.com
might be used by an application which needs to contact an NFS server
.It mechanism
-The desired mechanism for this security context.
-The value of mechanism should be the name of one of the security
-mechanisms listed in /etc/gss/mech.
+The name of the GSS_API mechanism to use for the new security context.
+"kerberos_v5" is currently the only supported mechanism.
.It service
Type of service requested.
.Bl -tag -width "rpc_gss_svc_integrity"
@@ -72,8 +71,9 @@ RPC headers and data are integrity protected by a checksum.
RPC headers are integrity protected by a checksum and data is encrypted.
.El
.It qop
-Desired quality of protection or NULL for the default.
-Available values are listed in /etc/gss/qop
+The name of the Quality of Protection to use for the new security context,
+or NULL to use the default QOP.
+"GSS_C_QOP_DEFAULT" is currently the only supported QOP.
.It options_req
Extra security context options to be passed to the underlying GSS-API
mechanism.
diff --git a/src/Makefile.am b/src/Makefile.am
index 6cc567a..0fb827b 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -12,36 +12,8 @@ AM_CPPFLAGS = -I$(top_srcdir)/tirpc -include config.h -DPORTMAP -DINET6 \
lib_LTLIBRARIES = libtirpc.la
-#
-# Set the library version information
-#
-# According to the libtool manual:
-#
-# "This flag accepts an argument of the form current[:revision[:age]].
-#
-# If either revision or age are omitted, they default to 0. Also note that
-# age must be less than or equal to the current interface number.
-#
-# Here are a set of rules to help you update your library version information:
-#
-# 1. Start with version information of 0:0:0 for each libtool library.
-# 2. Update the version information only immediately before a public
-# release of your software. More frequent updates are unnecessary,
-# and only guarantee that the current interface number gets larger faster.
-# 3. If the library source code has changed at all since the last update,
-# then increment revision (c:r:a becomes c:r+1:a).
-# 4. If any interfaces have been added, removed, or changed since the last
-# update, increment current, and set revision to 0.
-# 5. If any interfaces have been added since the last public release,
-# then increment age.
-# 6. If any interfaces have been removed since the last public release,
-# then set age to 0.
-#
-# _Never_ try to set the interface numbers so that they correspond to the
-# release number of your package. This is an abuse that only fosters
-# misunderstanding of the purpose of library versions."
-#
-libtirpc_la_LDFLAGS = -lpthread -version-info 1:10:0
+libtirpc_la_LDFLAGS = -Wl,-no-undefined -lpthread
+libtirpc_la_LDFLAGS += -version-info @LT_VERSION_INFO@
libtirpc_la_SOURCES = auth_none.c auth_unix.c authunix_prot.c bindresvport.c clnt_bcast.c \
clnt_dg.c clnt_generic.c clnt_perror.c clnt_raw.c clnt_simple.c \
@@ -50,11 +22,12 @@ libtirpc_la_SOURCES = auth_none.c auth_unix.c authunix_prot.c bindresvport.c cln
pmap_prot.c pmap_prot2.c pmap_rmt.c rpc_prot.c rpc_commondata.c \
rpc_callmsg.c rpc_generic.c rpc_soc.c rpcb_clnt.c rpcb_prot.c \
rpcb_st_xdr.c svc.c svc_auth.c svc_dg.c svc_auth_unix.c svc_auth_none.c \
+ svc_auth_des.c \
svc_generic.c svc_raw.c svc_run.c svc_simple.c svc_vc.c getpeereid.c \
auth_time.c auth_des.c authdes_prot.c debug.c
## XDR
-libtirpc_la_SOURCES += xdr.c xdr_rec.c xdr_array.c xdr_float.c xdr_mem.c xdr_reference.c xdr_stdio.c
+libtirpc_la_SOURCES += xdr.c xdr_rec.c xdr_array.c xdr_float.c xdr_mem.c xdr_reference.c xdr_stdio.c xdr_sizeof.c
if SYMVERS
libtirpc_la_LDFLAGS += -Wl,--version-script=$(srcdir)/libtirpc.map
@@ -69,7 +42,7 @@ if GSS
endif
libtirpc_la_SOURCES += key_call.c key_prot_xdr.c getpublickey.c
-libtirpc_la_SOURCES += netname.c netnamer.c rtime.c
+libtirpc_la_SOURCES += netname.c netnamer.c rpcdname.c rtime.c
CLEANFILES = cscope.* *~
DISTCLEANFILES = Makefile.in
diff --git a/src/auth_gss.c b/src/auth_gss.c
index 722d54c..4fa8568 100644
--- a/src/auth_gss.c
+++ b/src/auth_gss.c
@@ -821,7 +821,6 @@ rpc_gss_seccreate(CLIENT *clnt, char *principal, char *mechanism,
clnt->cl_auth = auth;
if (_rpc_gss_refresh(auth, ret) == FALSE) {
- authgss_destroy(auth);
auth = NULL;
} else {
rpc_gss_clear_error();
diff --git a/src/libtirpc.map b/src/libtirpc.map
index 063cddd..7d7f40f 100644
--- a/src/libtirpc.map
+++ b/src/libtirpc.map
@@ -316,6 +316,15 @@ TIRPC_0.3.2 {
xdr_unixcred;
} TIRPC_0.3.1;
+TIRPC_0.3.3 {
+ __getpublickey_LOCAL;
+ __key_decryptsession_pk_LOCAL;
+ __key_encryptsession_pk_LOCAL;
+ __key_gendes_LOCAL;
+ xdr_sizeof;
+ authdes_pk_create;
+} TIRPC_0.3.2;
+
TIRPC_PRIVATE {
global:
__libc_clntudp_bufcreate;
diff --git a/src/rpc_com.h b/src/rpc_com.h
index 52a8c48..10bec79 100644
--- a/src/rpc_com.h
+++ b/src/rpc_com.h
@@ -40,47 +40,20 @@
#ifndef _TIRPC_RPCCOM_H
#define _TIRPC_RPCCOM_H
-
-/* #pragma ident "@(#)rpc_com.h 1.11 93/07/05 SMI" */
-
-/*
- * The max size of the transport, if the size cannot be determined
- * by other means.
- */
-#define RPC_MAXDATASIZE 9000
-#define RPC_MAXADDRSIZE 1024
-
-#define __RPC_GETXID(now) ((u_int32_t)getpid() ^ (u_int32_t)(now)->tv_sec ^ \
- (u_int32_t)(now)->tv_usec)
+#include <rpc/rpc_com.h>
#ifdef __cplusplus
extern "C" {
#endif
-extern u_int __rpc_get_a_size(int);
-extern int __rpc_dtbsize(void);
-extern struct netconfig * __rpcgettp(int);
-extern int __rpc_get_default_domain(char **);
-struct netbuf *__rpc_set_netbuf(struct netbuf *, const void *, size_t);
-char *__rpc_taddr2uaddr_af(int, const struct netbuf *);
-struct netbuf *__rpc_uaddr2taddr_af(int, const char *);
-int __rpc_fixup_addr(struct netbuf *, const struct netbuf *);
-int __rpc_sockinfo2netid(struct __rpc_sockinfo *, const char **);
-int __rpc_seman2socktype(int);
-int __rpc_socktype2seman(int);
-void *rpc_nullproc(CLIENT *);
-int __rpc_sockisbound(int);
+struct netbuf *__rpc_set_netbuf(struct netbuf *, const void *, size_t);
-struct netbuf *__rpcb_findaddr(rpcprog_t, rpcvers_t, const struct netconfig *,
- const char *, CLIENT **);
struct netbuf *__rpcb_findaddr_timed(rpcprog_t, rpcvers_t,
const struct netconfig *, const char *host, CLIENT **clpp,
struct timeval *tp);
bool_t __rpc_control(int,void *);
-char *_get_next_token(char *, int);
-
bool_t __svc_clean_idle(fd_set *, int, bool_t);
bool_t __xdrrec_setnonblock(XDR *, int);
bool_t __xdrrec_getrec(XDR *, enum xprt_stat *, bool_t);
diff --git a/src/rpc_gss_utils.c b/src/rpc_gss_utils.c
index 9a7fed3..80fc78a 100644
--- a/src/rpc_gss_utils.c
+++ b/src/rpc_gss_utils.c
@@ -159,6 +159,7 @@ static char *_rpc_gss_krb5_qop_names[] = {
NULL,
};
+/* GSS_MECH_KRB5_OID: Defined by RFC 1964 */
static struct _rpc_gss_mechanism _rpc_gss_mech_kerberos_v5 = {
.mi_name = "kerberos_v5",
.mi_oid = { 9, "\052\206\110\206\367\022\001\002\002" },
@@ -166,8 +167,17 @@ static struct _rpc_gss_mechanism _rpc_gss_mech_kerberos_v5 = {
.mi_qops = _rpc_gss_krb5_qops,
};
+/* GSS_KRB5_NT_PRINCIPAL_NAME: Defined by RFC 1964 */
+static struct _rpc_gss_mechanism _rpc_gss_mech_kerberos_v5_princname = {
+ .mi_name = "kerberos_v5",
+ .mi_oid = { 10, "\052\206\110\206\367\022\001\002\002\001" },
+ .mi_qop_names = _rpc_gss_krb5_qop_names,
+ .mi_qops = _rpc_gss_krb5_qops,
+};
+
static struct _rpc_gss_mechanism *_rpc_gss_mechanisms[] = {
&_rpc_gss_mech_kerberos_v5,
+ &_rpc_gss_mech_kerberos_v5_princname,
NULL,
};
@@ -187,13 +197,20 @@ _rpc_gss_find_mechanism(char *mechanism)
return NULL;
}
+static bool_t
+_rpc_gss_OID_equal(rpc_gss_OID o1, rpc_gss_OID o2)
+{
+ return (o1->length == o2->length) &&
+ (memcmp(o1->elements, o2->elements, o1->length) == 0);
+}
+
static struct _rpc_gss_mechanism *
_rpc_gss_find_oid(rpc_gss_OID oid)
{
unsigned int i;
for (i = 0; _rpc_gss_mechanisms[i] != NULL; i++)
- if (g_OID_equal(oid, &_rpc_gss_mechanisms[i]->mi_oid))
+ if (_rpc_gss_OID_equal(oid, &_rpc_gss_mechanisms[i]->mi_oid))
return _rpc_gss_mechanisms[i];
return NULL;
}
diff --git a/src/rpc_soc.c b/src/rpc_soc.c
index e146ed4..1ec7b3f 100644
--- a/src/rpc_soc.c
+++ b/src/rpc_soc.c
@@ -61,6 +61,7 @@
#include <string.h>
#include <unistd.h>
#include <fcntl.h>
+#include <rpcsvc/nis.h>
#include "rpc_com.h"
@@ -531,7 +532,6 @@ authdes_create(servername, window, syncaddr, ckey)
struct sockaddr *syncaddr; /* optional hostaddr to sync with */
des_block *ckey; /* optional conversation key to use */
{
- AUTH *dummy;
AUTH *nauth;
char hostname[NI_MAXHOST];
@@ -540,19 +540,68 @@ authdes_create(servername, window, syncaddr, ckey)
* Change addr to hostname, because that is the way
* new interface takes it.
*/
- if (getnameinfo(syncaddr, sizeof(syncaddr), hostname,
- sizeof hostname, NULL, 0, 0) != 0)
- goto fallback;
-
+ switch (syncaddr->sa_family) {
+ case AF_INET:
+ if (getnameinfo(syncaddr, sizeof(struct sockaddr_in), hostname,
+ sizeof hostname, NULL, 0, 0) != 0)
+ goto fallback;
+ break;
+ case AF_INET6:
+ if (getnameinfo(syncaddr, sizeof(struct sockaddr_in6), hostname,
+ sizeof hostname, NULL, 0, 0) != 0)
+ goto fallback;
+ break;
+ default:
+ goto fallback;
+ }
nauth = authdes_seccreate(servername, window, hostname, ckey);
return (nauth);
}
fallback:
- dummy = authdes_seccreate(servername, window, NULL, ckey);
- return (dummy);
+ return authdes_seccreate(servername, window, NULL, ckey);
}
/*
+ * Create the client des authentication object. Obsoleted by
+ * authdes_pk_seccreate().
+ */
+extern AUTH *authdes_pk_seccreate(const char *, netobj *, u_int, const char *,
+ const des_block *, nis_server *);
+
+AUTH *
+authdes_pk_create(servername, pkey, window, syncaddr, ckey)
+ char *servername; /* network name of server */
+ netobj *pkey; /* public key */
+ u_int window; /* time to live */
+ struct sockaddr *syncaddr; /* optional hostaddr to sync with */
+ des_block *ckey; /* optional conversation key to use */
+{
+ AUTH *nauth;
+ char hostname[NI_MAXHOST];
+
+ if (syncaddr) {
+ /*
+ * Change addr to hostname, because that is the way
+ * new interface takes it.
+ */
+ switch (syncaddr->sa_family) {
+ case AF_INET:
+ if (getnameinfo(syncaddr, sizeof(struct sockaddr_in), hostname,
+ sizeof hostname, NULL, 0, 0) != 0)
+ goto fallback;
+ break;
+ default:
+ goto fallback;
+ }
+ nauth = authdes_pk_seccreate(servername, pkey, window, hostname, ckey, NULL);
+ return (nauth);
+ }
+fallback:
+ return authdes_pk_seccreate(servername, pkey, window, NULL, ckey, NULL);
+}
+
+
+/*
* Create a client handle for a unix connection. Obsoleted by clnt_vc_create()
*/
CLIENT *
diff --git a/src/rpcdname.c b/src/rpcdname.c
new file mode 100644
index 0000000..3e6a988
--- /dev/null
+++ b/src/rpcdname.c
@@ -0,0 +1,72 @@
+/*
+ * Copyright (c) 2009, Sun Microsystems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * - Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ * - Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ * - Neither the name of Sun Microsystems, Inc. nor the names of its
+ * contributors may be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * rpcdname.c
+ * Gets the default domain name
+ */
+
+#include <stdlib.h>
+#include <unistd.h>
+#include <string.h>
+
+static char *default_domain = 0;
+
+static char *
+get_default_domain()
+{
+ char temp[256];
+
+ if (default_domain)
+ return (default_domain);
+ if (getdomainname(temp, sizeof(temp)) < 0)
+ return (0);
+ if ((int) strlen(temp) > 0) {
+ default_domain = (char *)malloc((strlen(temp)+(unsigned)1));
+ if (default_domain == 0)
+ return (0);
+ (void) strcpy(default_domain, temp);
+ return (default_domain);
+ }
+ return (0);
+}
+
+/*
+ * This is a wrapper for the system call getdomainname which returns a
+ * ypclnt.h error code in the failure case. It also checks to see that
+ * the domain name is non-null, knowing that the null string is going to
+ * get rejected elsewhere in the NIS client package.
+ */
+int
+__rpc_get_default_domain(domain)
+ char **domain;
+{
+ if ((*domain = get_default_domain()) != 0)
+ return (0);
+ return (-1);
+}
diff --git a/src/svc_auth.c b/src/svc_auth.c
index 31241c9..94029bb 100644
--- a/src/svc_auth.c
+++ b/src/svc_auth.c
@@ -38,6 +38,7 @@
#include <reentrant.h>
#include <sys/types.h>
#include <rpc/rpc.h>
+#include <rpc/auth_des.h>
#include <stdlib.h>
/*
@@ -109,11 +110,9 @@ _gss_authenticate(rqst, msg, no_dispatch)
case AUTH_SHORT:
dummy = _svcauth_short(rqst, msg);
return (dummy);
-#ifdef DES_BUILTIN
case AUTH_DES:
dummy = _svcauth_des(rqst, msg);
return (dummy);
-#endif
#ifdef HAVE_RPCSEC_GSS
case RPCSEC_GSS:
dummy = _svcauth_gss(rqst, msg, no_dispatch);
@@ -172,9 +171,7 @@ svc_auth_reg(cred_flavor, handler)
case AUTH_NULL:
case AUTH_SYS:
case AUTH_SHORT:
-#ifdef DES_BUILTIN
case AUTH_DES:
-#endif
#ifdef HAVE_RPCSEC_GSS
case RPCSEC_GSS:
#endif
diff --git a/src/svc_auth_des.c b/src/svc_auth_des.c
index 08e2bee..5bc264c 100644
--- a/src/svc_auth_des.c
+++ b/src/svc_auth_des.c
@@ -433,7 +433,6 @@ cache_spot(key, name, timestamp)
}
-#if (defined(sun) || defined(vax) || defined(__FreeBSD__))
/*
* Local credential handling stuff.
* NOTE: bsd unix dependent.
@@ -528,5 +527,3 @@ invalidate(cred)
}
((struct bsdcred *)cred)->grouplen = INVALID;
}
-#endif
-
diff --git a/src/svc_auth_gss.c b/src/svc_auth_gss.c
index 016357b..0206e5e 100644
--- a/src/svc_auth_gss.c
+++ b/src/svc_auth_gss.c
@@ -235,28 +235,20 @@ static bool_t
_rpc_gss_fill_in_creds(struct svc_rpc_gss_data *gd, struct rpc_gss_cred *gc)
{
rpc_gss_rawcred_t *rcred = &gd->rcred;
- OM_uint32 maj_stat, min_stat;
- gss_buffer_desc buf;
rcred->version = gc->gc_v;
if (!rpc_gss_oid_to_mech(gd->sec.mech, &rcred->mechanism))
return FALSE;
rcred->service = _rpc_gss_svc_to_service(gd->sec.svc);
- maj_stat = gss_export_name(&min_stat, gd->client_name, &buf);
- if (maj_stat != GSS_S_COMPLETE) {
- gss_log_status("gss_export_name", maj_stat, min_stat);
- return FALSE;
- }
rcred->client_principal = calloc(1, sizeof(rpc_gss_principal_t) +
- buf.length);
- if (rcred->client_principal == NULL) {
- (void)gss_release_buffer(&min_stat, &buf);
+ gd->cname.length);
+ if (rcred->client_principal == NULL)
return FALSE;
- }
- rcred->client_principal->len = buf.length;
- (void)memcpy(rcred->client_principal->name, buf.value, buf.length);
- (void)gss_release_buffer(&min_stat, &buf);
+
+ rcred->client_principal->len = gd->cname.length;
+ (void)memcpy(rcred->client_principal->name,
+ gd->cname.value, gd->cname.length);
rcred->svc_principal = _svcauth_svc_name;
diff --git a/src/svc_generic.c b/src/svc_generic.c
index f49d776..7aae796 100644
--- a/src/svc_generic.c
+++ b/src/svc_generic.c
@@ -283,6 +283,8 @@ svc_tli_create(fd, nconf, bindaddr, sendsz, recvsz)
xprt->xp_type = __rpc_socktype2seman(si.si_socktype);
if (nconf) {
+ if (xprt->xp_netid != NULL)
+ free(xprt->xp_netid);
xprt->xp_netid = strdup(nconf->nc_netid);
xprt->xp_tp = strdup(nconf->nc_device);
}
diff --git a/src/svc_vc.c b/src/svc_vc.c
index 9824631..6848c09 100644
--- a/src/svc_vc.c
+++ b/src/svc_vc.c
@@ -392,6 +392,12 @@ svc_vc_destroy(xprt)
__svc_vc_dodestroy(xprt);
}
+static bool_t
+__svc_rendezvous_socket(xprt)
+ SVCXPRT *xprt;
+{
+ return (xprt->xp_ops->xp_recv == rendezvous_request);
+}
static void
__svc_vc_dodestroy(xprt)
SVCXPRT *xprt;
@@ -403,7 +409,7 @@ __svc_vc_dodestroy(xprt)
if (xprt->xp_fd != RPC_ANYFD)
(void)close(xprt->xp_fd);
- if (xprt->xp_port != 0) {
+ if (__svc_rendezvous_socket(xprt)) {
/* a rendezvouser socket */
r = (struct cf_rendezvous *)xprt->xp_p1;
mem_free(r, sizeof (struct cf_rendezvous));
diff --git a/src/xdr_sizeof.c b/src/xdr_sizeof.c
index cc5414b..d23fbd1 100644
--- a/src/xdr_sizeof.c
+++ b/src/xdr_sizeof.c
@@ -90,7 +90,7 @@ x_inline(xdrs, len)
if (xdrs->x_op != XDR_ENCODE) {
return (NULL);
}
- if (len < (u_int)xdrs->x_base) {
+ if (len < (uintptr_t)xdrs->x_base) {
/* x_private was already allocated */
xdrs->x_handy += len;
return ((int32_t *) xdrs->x_private);
@@ -102,7 +102,7 @@ x_inline(xdrs, len)
xdrs->x_base = 0;
return (NULL);
}
- xdrs->x_base = (caddr_t) len;
+ xdrs->x_base = (caddr_t)(uintptr_t)len;
xdrs->x_handy += len;
return ((int32_t *) xdrs->x_private);
}
diff --git a/tirpc/rpc/auth.h b/tirpc/rpc/auth.h
index 3e44863..e67779c 100644
--- a/tirpc/rpc/auth.h
+++ b/tirpc/rpc/auth.h
@@ -313,6 +313,8 @@ extern AUTH *authnone_create(void); /* takes no parameters */
extern "C" {
#endif
extern AUTH *authdes_create (char *, u_int, struct sockaddr *, des_block *);
+extern AUTH *authdes_pk_create (char *, netobj *, u_int,
+ struct sockaddr *, des_block *);
extern AUTH *authdes_seccreate (const char *, const u_int, const char *,
const des_block *);
#ifdef __cplusplus
diff --git a/tirpc/rpc/auth_gss.h b/tirpc/rpc/auth_gss.h
index a17b34b..5316ed6 100644
--- a/tirpc/rpc/auth_gss.h
+++ b/tirpc/rpc/auth_gss.h
@@ -73,11 +73,6 @@ struct authgss_private_data {
u_int pd_seq_win; /* Sequence window */
};
-#define g_OID_equal(o1, o2) \
- (((o1)->length == (o2)->length) && \
- ((o1)->elements != 0) && ((o2)->elements != 0) && \
- (memcmp((o1)->elements, (o2)->elements, (int) (o1)->length) == 0))
-
/* from kerberos source, gssapi_krb5.c */
extern gss_OID_desc krb5oid;
extern gss_OID_desc spkm3oid;
diff --git a/tirpc/rpc/svc.h b/tirpc/rpc/svc.h
index 8273c95..f647095 100644
--- a/tirpc/rpc/svc.h
+++ b/tirpc/rpc/svc.h
@@ -88,6 +88,7 @@ enum xprt_stat {
*/
typedef struct __rpc_svcxprt {
int xp_fd;
+#define xp_sock xp_fd
u_short xp_port; /* associated port number */
const struct xp_ops {
/* receive incoming requests */
diff --git a/tirpc/rpc/xdr.h b/tirpc/rpc/xdr.h
index 64069ab..80b35ce 100644
--- a/tirpc/rpc/xdr.h
+++ b/tirpc/rpc/xdr.h
@@ -327,6 +327,7 @@ extern bool_t xdr_hyper(XDR *, quad_t *);
extern bool_t xdr_u_hyper(XDR *, u_quad_t *);
extern bool_t xdr_longlong_t(XDR *, quad_t *);
extern bool_t xdr_u_longlong_t(XDR *, u_quad_t *);
+extern u_long xdr_sizeof(xdrproc_t, void *);
#ifdef __cplusplus
}
#endif

1288
libtirpc-0.3.3-rc3.patch
View File

File diff suppressed because it is too large Load Diff

263
libtirpc-1.0.2-CVE-2017-8779.patch
View File

@ -1,263 +0,0 @@
commit dd9c7cf4f8f375c6d641b760d124650c418c2ce3
Author: Guido Vranken <guidovranken@gmail.com>
Date: Mon May 15 11:12:21 2017 -0400
Fix for CVE-2017-8779
Signed-off-by: Steve Dickson <steved@redhat.com>
diff --git a/src/rpc_generic.c b/src/rpc_generic.c
index 2f09a8f..589cbd5 100644
--- a/src/rpc_generic.c
+++ b/src/rpc_generic.c
@@ -615,6 +615,9 @@ __rpc_taddr2uaddr_af(int af, const struct netbuf *nbuf)
switch (af) {
case AF_INET:
+ if (nbuf->len < sizeof(*sin)) {
+ return NULL;
+ }
sin = nbuf->buf;
if (inet_ntop(af, &sin->sin_addr, namebuf, sizeof namebuf)
== NULL)
@@ -626,6 +629,9 @@ __rpc_taddr2uaddr_af(int af, const struct netbuf *nbuf)
break;
#ifdef INET6
case AF_INET6:
+ if (nbuf->len < sizeof(*sin6)) {
+ return NULL;
+ }
sin6 = nbuf->buf;
if (inet_ntop(af, &sin6->sin6_addr, namebuf6, sizeof namebuf6)
== NULL)
@@ -667,6 +673,8 @@ __rpc_uaddr2taddr_af(int af, const char *uaddr)
port = 0;
sin = NULL;
+ if (uaddr == NULL)
+ return NULL;
addrstr = strdup(uaddr);
if (addrstr == NULL)
return NULL;
diff --git a/src/rpcb_prot.c b/src/rpcb_prot.c
index 43fd385..a923c8e 100644
--- a/src/rpcb_prot.c
+++ b/src/rpcb_prot.c
@@ -41,6 +41,7 @@
#include <rpc/types.h>
#include <rpc/xdr.h>
#include <rpc/rpcb_prot.h>
+#include "rpc_com.h"
bool_t
xdr_rpcb(xdrs, objp)
@@ -53,13 +54,13 @@ xdr_rpcb(xdrs, objp)
if (!xdr_u_int32_t(xdrs, &objp->r_vers)) {
return (FALSE);
}
- if (!xdr_string(xdrs, &objp->r_netid, (u_int)~0)) {
+ if (!xdr_string(xdrs, &objp->r_netid, RPC_MAXDATASIZE)) {
return (FALSE);
}
- if (!xdr_string(xdrs, &objp->r_addr, (u_int)~0)) {
+ if (!xdr_string(xdrs, &objp->r_addr, RPC_MAXDATASIZE)) {
return (FALSE);
}
- if (!xdr_string(xdrs, &objp->r_owner, (u_int)~0)) {
+ if (!xdr_string(xdrs, &objp->r_owner, RPC_MAXDATASIZE)) {
return (FALSE);
}
return (TRUE);
@@ -159,19 +160,19 @@ xdr_rpcb_entry(xdrs, objp)
XDR *xdrs;
rpcb_entry *objp;
{
- if (!xdr_string(xdrs, &objp->r_maddr, (u_int)~0)) {
+ if (!xdr_string(xdrs, &objp->r_maddr, RPC_MAXDATASIZE)) {
return (FALSE);
}
- if (!xdr_string(xdrs, &objp->r_nc_netid, (u_int)~0)) {
+ if (!xdr_string(xdrs, &objp->r_nc_netid, RPC_MAXDATASIZE)) {
return (FALSE);
}
if (!xdr_u_int32_t(xdrs, &objp->r_nc_semantics)) {
return (FALSE);
}
- if (!xdr_string(xdrs, &objp->r_nc_protofmly, (u_int)~0)) {
+ if (!xdr_string(xdrs, &objp->r_nc_protofmly, RPC_MAXDATASIZE)) {
return (FALSE);
}
- if (!xdr_string(xdrs, &objp->r_nc_proto, (u_int)~0)) {
+ if (!xdr_string(xdrs, &objp->r_nc_proto, RPC_MAXDATASIZE)) {
return (FALSE);
}
return (TRUE);
@@ -292,7 +293,7 @@ xdr_rpcb_rmtcallres(xdrs, p)
bool_t dummy;
struct r_rpcb_rmtcallres *objp = (struct r_rpcb_rmtcallres *)(void *)p;
- if (!xdr_string(xdrs, &objp->addr, (u_int)~0)) {
+ if (!xdr_string(xdrs, &objp->addr, RPC_MAXDATASIZE)) {
return (FALSE);
}
if (!xdr_u_int(xdrs, &objp->results.results_len)) {
@@ -312,6 +313,11 @@ xdr_netbuf(xdrs, objp)
if (!xdr_u_int32_t(xdrs, (u_int32_t *) &objp->maxlen)) {
return (FALSE);
}
+
+ if (objp->maxlen > RPC_MAXDATASIZE) {
+ return (FALSE);
+ }
+
dummy = xdr_bytes(xdrs, (char **)&(objp->buf),
(u_int *)&(objp->len), objp->maxlen);
return (dummy);
diff --git a/src/rpcb_st_xdr.c b/src/rpcb_st_xdr.c
index 08db745..28e6a48 100644
--- a/src/rpcb_st_xdr.c
+++ b/src/rpcb_st_xdr.c
@@ -37,6 +37,7 @@
#include <rpc/rpc.h>
+#include "rpc_com.h"
/* Link list of all the stats about getport and getaddr */
@@ -58,7 +59,7 @@ xdr_rpcbs_addrlist(xdrs, objp)
if (!xdr_int(xdrs, &objp->failure)) {
return (FALSE);
}
- if (!xdr_string(xdrs, &objp->netid, (u_int)~0)) {
+ if (!xdr_string(xdrs, &objp->netid, RPC_MAXDATASIZE)) {
return (FALSE);
}
@@ -109,7 +110,7 @@ xdr_rpcbs_rmtcalllist(xdrs, objp)
IXDR_PUT_INT32(buf, objp->failure);
IXDR_PUT_INT32(buf, objp->indirect);
}
- if (!xdr_string(xdrs, &objp->netid, (u_int)~0)) {
+ if (!xdr_string(xdrs, &objp->netid, RPC_MAXDATASIZE)) {
return (FALSE);
}
if (!xdr_pointer(xdrs, (char **)&objp->next,
@@ -147,7 +148,7 @@ xdr_rpcbs_rmtcalllist(xdrs, objp)
objp->failure = (int)IXDR_GET_INT32(buf);
objp->indirect = (int)IXDR_GET_INT32(buf);
}
- if (!xdr_string(xdrs, &objp->netid, (u_int)~0)) {
+ if (!xdr_string(xdrs, &objp->netid, RPC_MAXDATASIZE)) {
return (FALSE);
}
if (!xdr_pointer(xdrs, (char **)&objp->next,
@@ -175,7 +176,7 @@ xdr_rpcbs_rmtcalllist(xdrs, objp)
if (!xdr_int(xdrs, &objp->indirect)) {
return (FALSE);
}
- if (!xdr_string(xdrs, &objp->netid, (u_int)~0)) {
+ if (!xdr_string(xdrs, &objp->netid, RPC_MAXDATASIZE)) {
return (FALSE);
}
if (!xdr_pointer(xdrs, (char **)&objp->next,
diff --git a/src/xdr.c b/src/xdr.c
index f3fb9ad..b9a1558 100644
--- a/src/xdr.c
+++ b/src/xdr.c
@@ -42,8 +42,10 @@
#include <stdlib.h>
#include <string.h>
+#include <rpc/rpc.h>
#include <rpc/types.h>
#include <rpc/xdr.h>
+#include <rpc/rpc_com.h>
typedef quad_t longlong_t; /* ANSI long long type */
typedef u_quad_t u_longlong_t; /* ANSI unsigned long long type */
@@ -53,7 +55,6 @@ typedef u_quad_t u_longlong_t; /* ANSI unsigned long long type */
*/
#define XDR_FALSE ((long) 0)
#define XDR_TRUE ((long) 1)
-#define LASTUNSIGNED ((u_int) 0-1)
/*
* for unit alignment
@@ -629,6 +630,7 @@ xdr_bytes(xdrs, cpp, sizep, maxsize)
{
char *sp = *cpp; /* sp is the actual string pointer */
u_int nodesize;
+ bool_t ret, allocated = FALSE;
/*
* first deal with the length since xdr bytes are counted
@@ -652,6 +654,7 @@ xdr_bytes(xdrs, cpp, sizep, maxsize)
}
if (sp == NULL) {
*cpp = sp = mem_alloc(nodesize);
+ allocated = TRUE;
}
if (sp == NULL) {
warnx("xdr_bytes: out of memory");
@@ -660,7 +663,14 @@ xdr_bytes(xdrs, cpp, sizep, maxsize)
/* FALLTHROUGH */
case XDR_ENCODE:
- return (xdr_opaque(xdrs, sp, nodesize));
+ ret = xdr_opaque(xdrs, sp, nodesize);
+ if ((xdrs->x_op == XDR_DECODE) && (ret == FALSE)) {
+ if (allocated == TRUE) {
+ free(sp);
+ *cpp = NULL;
+ }
+ }
+ return (ret);
case XDR_FREE:
if (sp != NULL) {
@@ -754,6 +764,7 @@ xdr_string(xdrs, cpp, maxsize)
char *sp = *cpp; /* sp is the actual string pointer */
u_int size;
u_int nodesize;
+ bool_t ret, allocated = FALSE;
/*
* first deal with the length since xdr strings are counted-strings
@@ -793,8 +804,10 @@ xdr_string(xdrs, cpp, maxsize)
switch (xdrs->x_op) {
case XDR_DECODE:
- if (sp == NULL)
+ if (sp == NULL) {
*cpp = sp = mem_alloc(nodesize);
+ allocated = TRUE;
+ }
if (sp == NULL) {
warnx("xdr_string: out of memory");
return (FALSE);
@@ -803,7 +816,14 @@ xdr_string(xdrs, cpp, maxsize)
/* FALLTHROUGH */
case XDR_ENCODE:
- return (xdr_opaque(xdrs, sp, size));
+ ret = xdr_opaque(xdrs, sp, size);
+ if ((xdrs->x_op == XDR_DECODE) && (ret == FALSE)) {
+ if (allocated == TRUE) {
+ free(sp);
+ *cpp = NULL;
+ }
+ }
+ return (ret);
case XDR_FREE:
mem_free(sp, nodesize);
@@ -823,7 +843,7 @@ xdr_wrapstring(xdrs, cpp)
XDR *xdrs;
char **cpp;
{
- return xdr_string(xdrs, cpp, LASTUNSIGNED);
+ return xdr_string(xdrs, cpp, RPC_MAXDATASIZE);
}
/*

365
libtirpc-1.0.2-rc1.patch
View File

@ -1,365 +0,0 @@
diff --git a/src/svc.c b/src/svc.c
index 9c41445..b59467b 100644
--- a/src/svc.c
+++ b/src/svc.c
@@ -99,7 +99,7 @@ xprt_register (xprt)
{
__svc_xports = (SVCXPRT **) calloc (_rpc_dtablesize(), sizeof (SVCXPRT *));
if (__svc_xports == NULL)
- return;
+ goto unlock;
}
if (sock < _rpc_dtablesize())
{
@@ -120,14 +120,14 @@ xprt_register (xprt)
svc_pollfd[i].fd = sock;
svc_pollfd[i].events = (POLLIN | POLLPRI |
POLLRDNORM | POLLRDBAND);
- return;
+ goto unlock;
}
new_svc_pollfd = (struct pollfd *) realloc (svc_pollfd,
sizeof (struct pollfd)
* (svc_max_pollfd + 1));
if (new_svc_pollfd == NULL) /* Out of memory */
- return;
+ goto unlock;
svc_pollfd = new_svc_pollfd;
++svc_max_pollfd;
@@ -135,6 +135,7 @@ xprt_register (xprt)
svc_pollfd[svc_max_pollfd - 1].events = (POLLIN | POLLPRI |
POLLRDNORM | POLLRDBAND);
}
+unlock:
rwlock_unlock (&svc_fd_lock);
}
diff --git a/src/svc_auth_gss.c b/src/svc_auth_gss.c
index b6aa407..bece46a 100644
--- a/src/svc_auth_gss.c
+++ b/src/svc_auth_gss.c
@@ -129,6 +129,8 @@ struct svc_rpc_gss_data {
((struct svc_rpc_gss_data *)(auth)->svc_ah_private)
/* Global server credentials. */
+static u_int _svcauth_req_time = 0;
+static gss_OID_set_desc _svcauth_oid_set = {1, GSS_C_NULL_OID };
static gss_cred_id_t _svcauth_gss_creds;
static gss_name_t _svcauth_gss_name = GSS_C_NO_NAME;
static char * _svcauth_svc_name = NULL;
@@ -167,6 +169,7 @@ svcauth_gss_import_name(char *service)
gss_name_t name;
gss_buffer_desc namebuf;
OM_uint32 maj_stat, min_stat;
+ bool_t result;
gss_log_debug("in svcauth_gss_import_name()");
@@ -181,22 +184,21 @@ svcauth_gss_import_name(char *service)
maj_stat, min_stat);
return (FALSE);
}
- if (svcauth_gss_set_svc_name(name) != TRUE) {
- gss_release_name(&min_stat, &name);
- return (FALSE);
- }
- return (TRUE);
+ result = svcauth_gss_set_svc_name(name);
+ gss_release_name(&min_stat, &name);
+ return result;
}
static bool_t
-svcauth_gss_acquire_cred(u_int req_time, gss_OID_set_desc *oid_set)
+svcauth_gss_acquire_cred(void)
{
OM_uint32 maj_stat, min_stat;
gss_log_debug("in svcauth_gss_acquire_cred()");
- maj_stat = gss_acquire_cred(&min_stat, _svcauth_gss_name, req_time,
- oid_set, GSS_C_ACCEPT,
+ maj_stat = gss_acquire_cred(&min_stat, _svcauth_gss_name,
+ _svcauth_req_time, &_svcauth_oid_set,
+ GSS_C_ACCEPT,
&_svcauth_gss_creds, NULL, NULL);
if (maj_stat != GSS_S_COMPLETE) {
@@ -300,6 +302,8 @@ svcauth_gss_accept_sec_context(struct svc_req *rqst,
NULL,
&gd->deleg);
+ xdr_free((xdrproc_t)xdr_rpc_gss_init_args, (caddr_t)&recv_tok);
+
if (gr->gr_major != GSS_S_COMPLETE &&
gr->gr_major != GSS_S_CONTINUE_NEEDED) {
gss_log_status("svcauth_gss_accept_sec_context: accept_sec_context",
@@ -352,8 +356,11 @@ svcauth_gss_accept_sec_context(struct svc_req *rqst,
return (FALSE);
rqst->rq_xprt->xp_verf.oa_flavor = RPCSEC_GSS;
- rqst->rq_xprt->xp_verf.oa_base = checksum.value;
+ memcpy(rqst->rq_xprt->xp_verf.oa_base, checksum.value,
+ checksum.length);
rqst->rq_xprt->xp_verf.oa_length = checksum.length;
+
+ gss_release_buffer(&min_stat, &checksum);
}
return (TRUE);
}
@@ -435,10 +442,13 @@ svcauth_gss_nextverf(struct svc_req *rqst, u_int num)
maj_stat, min_stat);
return (FALSE);
}
+
rqst->rq_xprt->xp_verf.oa_flavor = RPCSEC_GSS;
- rqst->rq_xprt->xp_verf.oa_base = (caddr_t)checksum.value;
+ memcpy(rqst->rq_xprt->xp_verf.oa_base, checksum.value, checksum.length);
rqst->rq_xprt->xp_verf.oa_length = (u_int)checksum.length;
+ gss_release_buffer(&min_stat, &checksum);
+
return (TRUE);
}
@@ -568,6 +578,8 @@ _svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, bool_t *no_dispatch)
gss_qop_t qop;
struct svcauth_gss_cache_entry **ce;
time_t now;
+ enum auth_stat result = AUTH_OK;
+ OM_uint32 min_stat;
gss_log_debug("in svcauth_gss()");
@@ -621,19 +633,25 @@ _svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, bool_t *no_dispatch)
XDR_DESTROY(&xdrs);
/* Check version. */
- if (gc->gc_v != RPCSEC_GSS_VERSION)
- return (AUTH_BADCRED);
+ if (gc->gc_v != RPCSEC_GSS_VERSION) {
+ result = AUTH_BADCRED;
+ goto out;
+ }
/* Check RPCSEC_GSS service. */
if (gc->gc_svc != RPCSEC_GSS_SVC_NONE &&
gc->gc_svc != RPCSEC_GSS_SVC_INTEGRITY &&
- gc->gc_svc != RPCSEC_GSS_SVC_PRIVACY)
- return (AUTH_BADCRED);
+ gc->gc_svc != RPCSEC_GSS_SVC_PRIVACY) {
+ result = AUTH_BADCRED;
+ goto out;
+ }
/* Check sequence number. */
if (gd->established) {
- if (gc->gc_seq > MAXSEQ)
- return (RPCSEC_GSS_CTXPROBLEM);
+ if (gc->gc_seq > MAXSEQ) {
+ result = RPCSEC_GSS_CTXPROBLEM;
+ goto out;
+ }
if ((offset = gd->seqlast - gc->gc_seq) < 0) {
gd->seqlast = gc->gc_seq;
@@ -643,7 +661,8 @@ _svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, bool_t *no_dispatch)
}
else if (offset >= gd->win || (gd->seqmask & (1 << offset))) {
*no_dispatch = 1;
- return (RPCSEC_GSS_CTXPROBLEM);
+ result = RPCSEC_GSS_CTXPROBLEM;
+ goto out;
}
gd->seq = gc->gc_seq;
gd->seqmask |= (1 << offset);
@@ -654,35 +673,52 @@ _svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, bool_t *no_dispatch)
rqst->rq_svcname = (char *)gd->ctx;
}
+ rqst->rq_xprt->xp_verf.oa_base = msg->rm_call.cb_verf.oa_base;
+
/* Handle RPCSEC_GSS control procedure. */
switch (gc->gc_proc) {
case RPCSEC_GSS_INIT:
case RPCSEC_GSS_CONTINUE_INIT:
- if (rqst->rq_proc != NULLPROC)
- return (AUTH_FAILED); /* XXX ? */
+ if (rqst->rq_proc != NULLPROC) {
+ result = AUTH_FAILED; /* XXX ? */
+ break;
+ }
if (_svcauth_gss_name == GSS_C_NO_NAME) {
- if (!svcauth_gss_import_name("nfs"))
- return (AUTH_FAILED);
+ if (!svcauth_gss_import_name("nfs")) {
+ result = AUTH_FAILED;
+ break;
+ }
}
- if (!svcauth_gss_acquire_cred(0, GSS_C_NULL_OID_SET))
- return (AUTH_FAILED);
+ if (!svcauth_gss_acquire_cred()) {
+ result = AUTH_FAILED;
+ break;
+ }
- if (!svcauth_gss_accept_sec_context(rqst, &gr))
- return (AUTH_REJECTEDCRED);
+ if (!svcauth_gss_accept_sec_context(rqst, &gr)) {
+ result = AUTH_REJECTEDCRED;
+ break;
+ }
- if (!svcauth_gss_nextverf(rqst, htonl(gr.gr_win)))
- return (AUTH_FAILED);
+ if (!svcauth_gss_nextverf(rqst, htonl(gr.gr_win))) {
+ result = AUTH_FAILED;
+ break;
+ }
*no_dispatch = TRUE;
call_stat = svc_sendreply(rqst->rq_xprt,
(xdrproc_t)xdr_rpc_gss_init_res, (caddr_t)&gr);
- if (!call_stat)
- return (AUTH_FAILED);
+ gss_release_buffer(&min_stat, &gr.gr_token);
+ free(gr.gr_ctx.value);
+
+ if (!call_stat) {
+ result = AUTH_FAILED;
+ break;
+ }
if (gr.gr_major == GSS_S_COMPLETE)
gd->established = TRUE;
@@ -690,27 +726,37 @@ _svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, bool_t *no_dispatch)
break;
case RPCSEC_GSS_DATA:
- if (!svcauth_gss_validate(gd, msg, &qop))
- return (RPCSEC_GSS_CREDPROBLEM);
+ if (!svcauth_gss_validate(gd, msg, &qop)) {
+ result = RPCSEC_GSS_CREDPROBLEM;
+ break;
+ }
- if (!svcauth_gss_nextverf(rqst, htonl(gc->gc_seq)))
- return (AUTH_FAILED);
+ if (!svcauth_gss_nextverf(rqst, htonl(gc->gc_seq))) {
+ result = AUTH_FAILED;
+ break;
+ }
if (!gd->callback_done) {
gd->callback_done = TRUE;
gd->sec.qop = qop;
(void)rpc_gss_num_to_qop(gd->rcred.mechanism,
gd->sec.qop, &gd->rcred.qop);
- if (!svcauth_gss_callback(rqst, gd))
- return (AUTH_REJECTEDCRED);
+ if (!svcauth_gss_callback(rqst, gd)) {
+ result = AUTH_REJECTEDCRED;
+ break;
+ }
}
if (gd->locked) {
if (gd->rcred.service !=
- _rpc_gss_svc_to_service(gc->gc_svc))
- return (AUTH_FAILED);
- if (gd->sec.qop != qop)
- return (AUTH_BADVERF);
+ _rpc_gss_svc_to_service(gc->gc_svc)) {
+ result = AUTH_FAILED;
+ break;
+ }
+ if (gd->sec.qop != qop) {
+ result = AUTH_BADVERF;
+ break;
+ }
}
if (gd->sec.qop != qop) {
@@ -724,17 +770,25 @@ _svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, bool_t *no_dispatch)
break;
case RPCSEC_GSS_DESTROY:
- if (rqst->rq_proc != NULLPROC)
- return (AUTH_FAILED); /* XXX ? */
+ if (rqst->rq_proc != NULLPROC) {
+ result = AUTH_FAILED; /* XXX ? */
+ break;
+ }
- if (!svcauth_gss_validate(gd, msg, &qop))
- return (RPCSEC_GSS_CREDPROBLEM);
+ if (!svcauth_gss_validate(gd, msg, &qop)) {
+ result = RPCSEC_GSS_CREDPROBLEM;
+ break;
+ }
- if (!svcauth_gss_nextverf(rqst, htonl(gc->gc_seq)))
- return (AUTH_FAILED);
+ if (!svcauth_gss_nextverf(rqst, htonl(gc->gc_seq))) {
+ result = AUTH_FAILED;
+ break;
+ }
- if (!svcauth_gss_release_cred())
- return (AUTH_FAILED);
+ if (!svcauth_gss_release_cred()) {
+ result = AUTH_FAILED;
+ break;
+ }
SVCAUTH_DESTROY(&SVC_XP_AUTH(rqst->rq_xprt));
SVC_XP_AUTH(rqst->rq_xprt).svc_ah_ops = svc_auth_none.svc_ah_ops;
@@ -743,10 +797,12 @@ _svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, bool_t *no_dispatch)
break;
default:
- return (AUTH_REJECTEDCRED);
+ result = AUTH_REJECTEDCRED;
break;
}
- return (AUTH_OK);
+out:
+ xdr_free((xdrproc_t)xdr_rpc_gss_cred, (caddr_t)gc);
+ return result;
}
static bool_t
@@ -890,7 +946,6 @@ bool_t
rpc_gss_set_svc_name(char *principal, char *mechanism, u_int req_time,
u_int UNUSED(program), u_int UNUSED(version))
{
- gss_OID_set_desc oid_set;
rpc_gss_OID oid;
char *save;
@@ -902,14 +957,13 @@ rpc_gss_set_svc_name(char *principal, char *mechanism, u_int req_time,
if (!rpc_gss_mech_to_oid(mechanism, &oid))
goto out_err;
- oid_set.count = 1;
- oid_set.elements = (gss_OID)oid;
if (!svcauth_gss_import_name(principal))
goto out_err;
- if (!svcauth_gss_acquire_cred(req_time, &oid_set))
- goto out_err;
+ _svcauth_req_time = req_time;
+ _svcauth_oid_set.count = 1;
+ _svcauth_oid_set.elements = (gss_OID)oid;
free(_svcauth_svc_name);
_svcauth_svc_name = save;
return TRUE;

544
libtirpc-1.0.2-rc2.patch
View File

@ -1,544 +0,0 @@
diff --git a/src/rpc_dtablesize.c b/src/rpc_dtablesize.c
index 13d320c..3fe503a 100644
--- a/src/rpc_dtablesize.c
+++ b/src/rpc_dtablesize.c
@@ -27,22 +27,14 @@
*/
#include <unistd.h>
-
#include <sys/select.h>
-
-int _rpc_dtablesize(void); /* XXX */
+#include <rpc/clnt.h>
+#include <rpc/rpc_com.h>
/*
* Cache the result of getdtablesize(), so we don't have to do an
* expensive system call every time.
*/
-/*
- * XXX In FreeBSD 2.x, you can have the maximum number of open file
- * descriptors be greater than FD_SETSIZE (which us 256 by default).
- *
- * Since old programs tend to use this call to determine the first arg
- * for _select(), having this return > FD_SETSIZE is a Bad Idea(TM)!
- */
int
_rpc_dtablesize(void)
{
diff --git a/src/rtime.c b/src/rtime.c
index c34e0af..b642840 100644
--- a/src/rtime.c
+++ b/src/rtime.c
@@ -46,6 +46,7 @@
#include <unistd.h>
#include <errno.h>
#include <sys/types.h>
+#include <sys/poll.h>
#include <sys/socket.h>
#include <sys/time.h>
#include <netinet/in.h>
@@ -67,7 +68,8 @@ rtime(addrp, timep, timeout)
struct timeval *timeout;
{
int s;
- fd_set readfds;
+ struct pollfd fd;
+ int milliseconds;
int res;
unsigned long thetime;
struct sockaddr_in from;
@@ -94,31 +96,32 @@ rtime(addrp, timep, timeout)
addrp->sin_port = serv->s_port;
if (type == SOCK_DGRAM) {
- res = sendto(s, (char *)&thetime, sizeof(thetime), 0,
+ res = sendto(s, (char *)&thetime, sizeof(thetime), 0,
(struct sockaddr *)addrp, sizeof(*addrp));
if (res < 0) {
do_close(s);
- return(-1);
+ return(-1);
}
- do {
- FD_ZERO(&readfds);
- FD_SET(s, &readfds);
- res = select(_rpc_dtablesize(), &readfds,
- (fd_set *)NULL, (fd_set *)NULL, timeout);
- } while (res < 0 && errno == EINTR);
+
+ milliseconds = (timeout->tv_sec * 1000) + (timeout->tv_usec / 1000);
+ fd.fd = s;
+ fd.events = POLLIN;
+ do
+ res = poll (&fd, 1, milliseconds);
+ while (res < 0 && errno == EINTR);
if (res <= 0) {
if (res == 0) {
errno = ETIMEDOUT;
}
do_close(s);
- return(-1);
+ return(-1);
}
fromlen = sizeof(from);
- res = recvfrom(s, (char *)&thetime, sizeof(thetime), 0,
+ res = recvfrom(s, (char *)&thetime, sizeof(thetime), 0,
(struct sockaddr *)&from, &fromlen);
do_close(s);
if (res < 0) {
- return(-1);
+ return(-1);
}
} else {
if (connect(s, (struct sockaddr *)addrp, sizeof(*addrp)) < 0) {
diff --git a/src/svc.c b/src/svc.c
index 9c41445..b59467b 100644
--- a/src/svc.c
+++ b/src/svc.c
@@ -99,7 +99,7 @@ xprt_register (xprt)
{
__svc_xports = (SVCXPRT **) calloc (_rpc_dtablesize(), sizeof (SVCXPRT *));
if (__svc_xports == NULL)
- return;
+ goto unlock;
}
if (sock < _rpc_dtablesize())
{
@@ -120,14 +120,14 @@ xprt_register (xprt)
svc_pollfd[i].fd = sock;
svc_pollfd[i].events = (POLLIN | POLLPRI |
POLLRDNORM | POLLRDBAND);
- return;
+ goto unlock;
}
new_svc_pollfd = (struct pollfd *) realloc (svc_pollfd,
sizeof (struct pollfd)
* (svc_max_pollfd + 1));
if (new_svc_pollfd == NULL) /* Out of memory */
- return;
+ goto unlock;
svc_pollfd = new_svc_pollfd;
++svc_max_pollfd;
@@ -135,6 +135,7 @@ xprt_register (xprt)
svc_pollfd[svc_max_pollfd - 1].events = (POLLIN | POLLPRI |
POLLRDNORM | POLLRDBAND);
}
+unlock:
rwlock_unlock (&svc_fd_lock);
}
diff --git a/src/svc_auth_des.c b/src/svc_auth_des.c
index 5bc264c..2e90146 100644
--- a/src/svc_auth_des.c
+++ b/src/svc_auth_des.c
@@ -86,13 +86,13 @@ static struct cache_entry *authdes_cache/* [AUTHDES_CACHESZ] */;
static short *authdes_lru/* [AUTHDES_CACHESZ] */;
static void cache_init(); /* initialize the cache */
-static short cache_spot(); /* find an entry in the cache */
-static void cache_ref(/*short sid*/); /* note that sid was ref'd */
+static short cache_spot(des_block *key, char *name, struct timeval *timestamp); /* find an entry in the cache */
+static void cache_ref(short sid); /* note that sid was ref'd */
-static void invalidate(); /* invalidate entry in cache */
+static void invalidate(char *cred); /* invalidate entry in cache */
/*
- * cache statistics
+ * cache statistics
*/
static struct {
u_long ncachehits; /* times cache hit, and is not replay */
diff --git a/src/svc_auth_gss.c b/src/svc_auth_gss.c
index b6aa407..bece46a 100644
--- a/src/svc_auth_gss.c
+++ b/src/svc_auth_gss.c
@@ -129,6 +129,8 @@ struct svc_rpc_gss_data {
((struct svc_rpc_gss_data *)(auth)->svc_ah_private)
/* Global server credentials. */
+static u_int _svcauth_req_time = 0;
+static gss_OID_set_desc _svcauth_oid_set = {1, GSS_C_NULL_OID };
static gss_cred_id_t _svcauth_gss_creds;
static gss_name_t _svcauth_gss_name = GSS_C_NO_NAME;
static char * _svcauth_svc_name = NULL;
@@ -167,6 +169,7 @@ svcauth_gss_import_name(char *service)
gss_name_t name;
gss_buffer_desc namebuf;
OM_uint32 maj_stat, min_stat;
+ bool_t result;
gss_log_debug("in svcauth_gss_import_name()");
@@ -181,22 +184,21 @@ svcauth_gss_import_name(char *service)
maj_stat, min_stat);
return (FALSE);
}
- if (svcauth_gss_set_svc_name(name) != TRUE) {
- gss_release_name(&min_stat, &name);
- return (FALSE);
- }
- return (TRUE);
+ result = svcauth_gss_set_svc_name(name);
+ gss_release_name(&min_stat, &name);
+ return result;
}
static bool_t
-svcauth_gss_acquire_cred(u_int req_time, gss_OID_set_desc *oid_set)
+svcauth_gss_acquire_cred(void)
{
OM_uint32 maj_stat, min_stat;
gss_log_debug("in svcauth_gss_acquire_cred()");
- maj_stat = gss_acquire_cred(&min_stat, _svcauth_gss_name, req_time,
- oid_set, GSS_C_ACCEPT,
+ maj_stat = gss_acquire_cred(&min_stat, _svcauth_gss_name,
+ _svcauth_req_time, &_svcauth_oid_set,
+ GSS_C_ACCEPT,
&_svcauth_gss_creds, NULL, NULL);
if (maj_stat != GSS_S_COMPLETE) {
@@ -300,6 +302,8 @@ svcauth_gss_accept_sec_context(struct svc_req *rqst,
NULL,
&gd->deleg);
+ xdr_free((xdrproc_t)xdr_rpc_gss_init_args, (caddr_t)&recv_tok);
+
if (gr->gr_major != GSS_S_COMPLETE &&
gr->gr_major != GSS_S_CONTINUE_NEEDED) {
gss_log_status("svcauth_gss_accept_sec_context: accept_sec_context",
@@ -352,8 +356,11 @@ svcauth_gss_accept_sec_context(struct svc_req *rqst,
return (FALSE);
rqst->rq_xprt->xp_verf.oa_flavor = RPCSEC_GSS;
- rqst->rq_xprt->xp_verf.oa_base = checksum.value;
+ memcpy(rqst->rq_xprt->xp_verf.oa_base, checksum.value,
+ checksum.length);
rqst->rq_xprt->xp_verf.oa_length = checksum.length;
+
+ gss_release_buffer(&min_stat, &checksum);
}
return (TRUE);
}
@@ -435,10 +442,13 @@ svcauth_gss_nextverf(struct svc_req *rqst, u_int num)
maj_stat, min_stat);
return (FALSE);
}
+
rqst->rq_xprt->xp_verf.oa_flavor = RPCSEC_GSS;
- rqst->rq_xprt->xp_verf.oa_base = (caddr_t)checksum.value;
+ memcpy(rqst->rq_xprt->xp_verf.oa_base, checksum.value, checksum.length);
rqst->rq_xprt->xp_verf.oa_length = (u_int)checksum.length;
+ gss_release_buffer(&min_stat, &checksum);
+
return (TRUE);
}
@@ -568,6 +578,8 @@ _svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, bool_t *no_dispatch)
gss_qop_t qop;
struct svcauth_gss_cache_entry **ce;
time_t now;
+ enum auth_stat result = AUTH_OK;
+ OM_uint32 min_stat;
gss_log_debug("in svcauth_gss()");
@@ -621,19 +633,25 @@ _svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, bool_t *no_dispatch)
XDR_DESTROY(&xdrs);
/* Check version. */
- if (gc->gc_v != RPCSEC_GSS_VERSION)
- return (AUTH_BADCRED);
+ if (gc->gc_v != RPCSEC_GSS_VERSION) {
+ result = AUTH_BADCRED;
+ goto out;
+ }
/* Check RPCSEC_GSS service. */
if (gc->gc_svc != RPCSEC_GSS_SVC_NONE &&
gc->gc_svc != RPCSEC_GSS_SVC_INTEGRITY &&
- gc->gc_svc != RPCSEC_GSS_SVC_PRIVACY)
- return (AUTH_BADCRED);
+ gc->gc_svc != RPCSEC_GSS_SVC_PRIVACY) {
+ result = AUTH_BADCRED;
+ goto out;
+ }
/* Check sequence number. */
if (gd->established) {
- if (gc->gc_seq > MAXSEQ)
- return (RPCSEC_GSS_CTXPROBLEM);
+ if (gc->gc_seq > MAXSEQ) {
+ result = RPCSEC_GSS_CTXPROBLEM;
+ goto out;
+ }
if ((offset = gd->seqlast - gc->gc_seq) < 0) {
gd->seqlast = gc->gc_seq;
@@ -643,7 +661,8 @@ _svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, bool_t *no_dispatch)
}
else if (offset >= gd->win || (gd->seqmask & (1 << offset))) {
*no_dispatch = 1;
- return (RPCSEC_GSS_CTXPROBLEM);
+ result = RPCSEC_GSS_CTXPROBLEM;
+ goto out;
}
gd->seq = gc->gc_seq;
gd->seqmask |= (1 << offset);
@@ -654,35 +673,52 @@ _svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, bool_t *no_dispatch)
rqst->rq_svcname = (char *)gd->ctx;
}
+ rqst->rq_xprt->xp_verf.oa_base = msg->rm_call.cb_verf.oa_base;
+
/* Handle RPCSEC_GSS control procedure. */
switch (gc->gc_proc) {
case RPCSEC_GSS_INIT:
case RPCSEC_GSS_CONTINUE_INIT:
- if (rqst->rq_proc != NULLPROC)
- return (AUTH_FAILED); /* XXX ? */
+ if (rqst->rq_proc != NULLPROC) {
+ result = AUTH_FAILED; /* XXX ? */
+ break;
+ }
if (_svcauth_gss_name == GSS_C_NO_NAME) {
- if (!svcauth_gss_import_name("nfs"))
- return (AUTH_FAILED);
+ if (!svcauth_gss_import_name("nfs")) {
+ result = AUTH_FAILED;
+ break;
+ }
}
- if (!svcauth_gss_acquire_cred(0, GSS_C_NULL_OID_SET))
- return (AUTH_FAILED);
+ if (!svcauth_gss_acquire_cred()) {
+ result = AUTH_FAILED;
+ break;
+ }
- if (!svcauth_gss_accept_sec_context(rqst, &gr))
- return (AUTH_REJECTEDCRED);
+ if (!svcauth_gss_accept_sec_context(rqst, &gr)) {
+ result = AUTH_REJECTEDCRED;
+ break;
+ }
- if (!svcauth_gss_nextverf(rqst, htonl(gr.gr_win)))
- return (AUTH_FAILED);
+ if (!svcauth_gss_nextverf(rqst, htonl(gr.gr_win))) {
+ result = AUTH_FAILED;
+ break;
+ }
*no_dispatch = TRUE;
call_stat = svc_sendreply(rqst->rq_xprt,
(xdrproc_t)xdr_rpc_gss_init_res, (caddr_t)&gr);
- if (!call_stat)
- return (AUTH_FAILED);
+ gss_release_buffer(&min_stat, &gr.gr_token);
+ free(gr.gr_ctx.value);
+
+ if (!call_stat) {
+ result = AUTH_FAILED;
+ break;
+ }
if (gr.gr_major == GSS_S_COMPLETE)
gd->established = TRUE;
@@ -690,27 +726,37 @@ _svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, bool_t *no_dispatch)
break;
case RPCSEC_GSS_DATA:
- if (!svcauth_gss_validate(gd, msg, &qop))
- return (RPCSEC_GSS_CREDPROBLEM);
+ if (!svcauth_gss_validate(gd, msg, &qop)) {
+ result = RPCSEC_GSS_CREDPROBLEM;
+ break;
+ }
- if (!svcauth_gss_nextverf(rqst, htonl(gc->gc_seq)))
- return (AUTH_FAILED);
+ if (!svcauth_gss_nextverf(rqst, htonl(gc->gc_seq))) {
+ result = AUTH_FAILED;
+ break;
+ }
if (!gd->callback_done) {
gd->callback_done = TRUE;
gd->sec.qop = qop;
(void)rpc_gss_num_to_qop(gd->rcred.mechanism,
gd->sec.qop, &gd->rcred.qop);
- if (!svcauth_gss_callback(rqst, gd))
- return (AUTH_REJECTEDCRED);
+ if (!svcauth_gss_callback(rqst, gd)) {
+ result = AUTH_REJECTEDCRED;
+ break;
+ }
}
if (gd->locked) {
if (gd->rcred.service !=
- _rpc_gss_svc_to_service(gc->gc_svc))
- return (AUTH_FAILED);
- if (gd->sec.qop != qop)
- return (AUTH_BADVERF);
+ _rpc_gss_svc_to_service(gc->gc_svc)) {
+ result = AUTH_FAILED;
+ break;
+ }
+ if (gd->sec.qop != qop) {
+ result = AUTH_BADVERF;
+ break;
+ }
}
if (gd->sec.qop != qop) {
@@ -724,17 +770,25 @@ _svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, bool_t *no_dispatch)
break;
case RPCSEC_GSS_DESTROY:
- if (rqst->rq_proc != NULLPROC)
- return (AUTH_FAILED); /* XXX ? */
+ if (rqst->rq_proc != NULLPROC) {
+ result = AUTH_FAILED; /* XXX ? */
+ break;
+ }
- if (!svcauth_gss_validate(gd, msg, &qop))
- return (RPCSEC_GSS_CREDPROBLEM);
+ if (!svcauth_gss_validate(gd, msg, &qop)) {
+ result = RPCSEC_GSS_CREDPROBLEM;
+ break;
+ }
- if (!svcauth_gss_nextverf(rqst, htonl(gc->gc_seq)))
- return (AUTH_FAILED);
+ if (!svcauth_gss_nextverf(rqst, htonl(gc->gc_seq))) {
+ result = AUTH_FAILED;
+ break;
+ }
- if (!svcauth_gss_release_cred())
- return (AUTH_FAILED);
+ if (!svcauth_gss_release_cred()) {
+ result = AUTH_FAILED;
+ break;
+ }
SVCAUTH_DESTROY(&SVC_XP_AUTH(rqst->rq_xprt));
SVC_XP_AUTH(rqst->rq_xprt).svc_ah_ops = svc_auth_none.svc_ah_ops;
@@ -743,10 +797,12 @@ _svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, bool_t *no_dispatch)
break;
default:
- return (AUTH_REJECTEDCRED);
+ result = AUTH_REJECTEDCRED;
break;
}
- return (AUTH_OK);
+out:
+ xdr_free((xdrproc_t)xdr_rpc_gss_cred, (caddr_t)gc);
+ return result;
}
static bool_t
@@ -890,7 +946,6 @@ bool_t
rpc_gss_set_svc_name(char *principal, char *mechanism, u_int req_time,
u_int UNUSED(program), u_int UNUSED(version))
{
- gss_OID_set_desc oid_set;
rpc_gss_OID oid;
char *save;
@@ -902,14 +957,13 @@ rpc_gss_set_svc_name(char *principal, char *mechanism, u_int req_time,
if (!rpc_gss_mech_to_oid(mechanism, &oid))
goto out_err;
- oid_set.count = 1;
- oid_set.elements = (gss_OID)oid;
if (!svcauth_gss_import_name(principal))
goto out_err;
- if (!svcauth_gss_acquire_cred(req_time, &oid_set))
- goto out_err;
+ _svcauth_req_time = req_time;
+ _svcauth_oid_set.count = 1;
+ _svcauth_oid_set.elements = (gss_OID)oid;
free(_svcauth_svc_name);
_svcauth_svc_name = save;
return TRUE;
diff --git a/src/svc_vc.c b/src/svc_vc.c
index 6ae613d..97a76a3 100644
--- a/src/svc_vc.c
+++ b/src/svc_vc.c
@@ -270,14 +270,8 @@ makefd_xprt(fd, sendsize, recvsize)
struct cf_conn *cd;
const char *netid;
struct __rpc_sockinfo si;
-
- assert(fd != -1);
- if (fd >= FD_SETSIZE) {
- warnx("svc_vc: makefd_xprt: fd too high\n");
- xprt = NULL;
- goto done;
- }
+ assert(fd != -1);
xprt = mem_alloc(sizeof(SVCXPRT));
if (xprt == NULL) {
@@ -338,22 +332,10 @@ rendezvous_request(xprt, msg)
r = (struct cf_rendezvous *)xprt->xp_p1;
again:
len = sizeof addr;
- if ((sock = accept(xprt->xp_fd, (struct sockaddr *)(void *)&addr,
- &len)) < 0) {
+ sock = accept(xprt->xp_fd, (struct sockaddr *)(void *)&addr, &len);
+ if (sock < 0) {
if (errno == EINTR)
goto again;
-
- if (errno == EMFILE || errno == ENFILE) {
- /* If there are no file descriptors available, then accept will fail.
- We want to delay here so the connection request can be dequeued;
- otherwise we can bounce between polling and accepting, never
- giving the request a chance to dequeue and eating an enormous
- amount of cpu time in svc_run if we're polling on many file
- descriptors. */
- struct timespec ts = { .tv_sec = 0, .tv_nsec = 50000000 };
- nanosleep (&ts, NULL);
- goto again;
- }
return (FALSE);
}
/*
diff --git a/tirpc/rpc/rpcent.h b/tirpc/rpc/rpcent.h
index 147f909..e07503c 100644
--- a/tirpc/rpc/rpcent.h
+++ b/tirpc/rpc/rpcent.h
@@ -60,10 +60,11 @@ struct rpcent {
extern struct rpcent *getrpcbyname(const char *);
extern struct rpcent *getrpcbynumber(int);
extern struct rpcent *getrpcent(void);
-#endif
extern void setrpcent(int);
extern void endrpcent(void);
+#endif
+
#ifdef __cplusplus
}
#endif

737
libtirpc-1.0.2-rc3.patch
View File

@ -1,737 +0,0 @@
diff --git a/src/Makefile.am b/src/Makefile.am
index e4ed8aa..fba2aa4 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -24,7 +24,7 @@ libtirpc_la_SOURCES = auth_none.c auth_unix.c authunix_prot.c bindresvport.c cln
rpcb_st_xdr.c svc.c svc_auth.c svc_dg.c svc_auth_unix.c svc_auth_none.c \
svc_auth_des.c \
svc_generic.c svc_raw.c svc_run.c svc_simple.c svc_vc.c getpeereid.c \
- auth_time.c auth_des.c authdes_prot.c debug.c
+ auth_time.c auth_des.c authdes_prot.c debug.c des_crypt.c des_impl.c
## XDR
libtirpc_la_SOURCES += xdr.c xdr_rec.c xdr_array.c xdr_float.c xdr_mem.c xdr_reference.c xdr_stdio.c xdr_sizeof.c
diff --git a/src/auth_des.c b/src/auth_des.c
index 4d3639e..af2f61f 100644
--- a/src/auth_des.c
+++ b/src/auth_des.c
@@ -46,8 +46,8 @@
#include <rpc/clnt.h>
#include <rpc/xdr.h>
#include <sys/socket.h>
-#undef NIS
-#include <rpcsvc/nis.h>
+
+#include "nis.h"
#if defined(LIBC_SCCS) && !defined(lint)
#endif
diff --git a/src/auth_gss.c b/src/auth_gss.c
index 9b88c38..5959893 100644
--- a/src/auth_gss.c
+++ b/src/auth_gss.c
@@ -526,6 +526,14 @@ _rpc_gss_refresh(AUTH *auth, rpc_gss_options_ret_t *options_ret)
gr.gr_major != GSS_S_CONTINUE_NEEDED)) {
options_ret->major_status = gr.gr_major;
options_ret->minor_status = gr.gr_minor;
+ if (call_stat != RPC_SUCCESS) {
+ struct rpc_err err;
+ clnt_geterr(gd->clnt, &err);
+ LIBTIRPC_DEBUG(1, ("authgss_refresh: %s errno: %s",
+ clnt_sperrno(call_stat), strerror(err.re_errno)));
+ } else
+ gss_log_status("authgss_refresh:",
+ gr.gr_major, gr.gr_minor);
return FALSE;
}
diff --git a/src/auth_time.c b/src/auth_time.c
index 10e58eb..7f83ab4 100644
--- a/src/auth_time.c
+++ b/src/auth_time.c
@@ -44,8 +44,8 @@
#include <rpc/rpcb_prot.h>
//#include <clnt_soc.h>
#include <sys/select.h>
-#undef NIS
-#include <rpcsvc/nis.h>
+
+#include "nis.h"
#ifdef TESTING
diff --git a/src/des_impl.c b/src/des_impl.c
index c5b7ed6..9dbccaf 100644
--- a/src/des_impl.c
+++ b/src/des_impl.c
@@ -6,7 +6,8 @@
/* see <http://www.gnu.org/licenses/> to obtain a copy. */
#include <string.h>
#include <stdint.h>
-#include <rpc/rpc_des.h>
+#include <sys/types.h>
+#include <rpc/des.h>
static const uint32_t des_SPtrans[8][64] =
diff --git a/src/getpublickey.c b/src/getpublickey.c
index 764a5f9..8cf4dc2 100644
--- a/src/getpublickey.c
+++ b/src/getpublickey.c
@@ -38,8 +38,10 @@
#include <pwd.h>
#include <rpc/rpc.h>
#include <rpc/key_prot.h>
+#ifdef YP
#include <rpcsvc/yp_prot.h>
#include <rpcsvc/ypclnt.h>
+#endif
#include <string.h>
#include <stdlib.h>
diff --git a/src/nis.h b/src/nis.h
new file mode 100644
index 0000000..588c041
--- /dev/null
+++ b/src/nis.h
@@ -0,0 +1,70 @@
+/*
+ * Copyright (c) 2010, Oracle America, Inc.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
+ * met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following
+ * disclaimer in the documentation and/or other materials
+ * provided with the distribution.
+ * * Neither the name of the "Oracle America, Inc." nor the names of its
+ * contributors may be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
+ * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef _INTERNAL_NIS_H
+#define _INTERNAL_NIS_H 1
+
+/* This file only contains the definition of nis_server, to be
+ able to compile libtirpc without the need to have a glibc
+ with sunrpc or a libnsl already installed. */
+
+#define NIS_PK_NONE 0
+
+struct nis_attr {
+ char *zattr_ndx;
+ struct {
+ u_int zattr_val_len;
+ char *zattr_val_val;
+ } zattr_val;
+};
+typedef struct nis_attr nis_attr;
+
+typedef char *nis_name;
+
+struct endpoint {
+ char *uaddr;
+ char *family;
+ char *proto;
+};
+typedef struct endpoint endpoint;
+
+struct nis_server {
+ nis_name name;
+ struct {
+ u_int ep_len;
+ endpoint *ep_val;
+ } ep;
+ uint32_t key_type;
+ netobj pkey;
+};
+typedef struct nis_server nis_server;
+
+#endif /* ! _INTERNAL_NIS_H */
diff --git a/src/rpc_dtablesize.c b/src/rpc_dtablesize.c
index 13d320c..3fe503a 100644
--- a/src/rpc_dtablesize.c
+++ b/src/rpc_dtablesize.c
@@ -27,22 +27,14 @@
*/
#include <unistd.h>
-
#include <sys/select.h>
-
-int _rpc_dtablesize(void); /* XXX */
+#include <rpc/clnt.h>
+#include <rpc/rpc_com.h>
/*
* Cache the result of getdtablesize(), so we don't have to do an
* expensive system call every time.
*/
-/*
- * XXX In FreeBSD 2.x, you can have the maximum number of open file
- * descriptors be greater than FD_SETSIZE (which us 256 by default).
- *
- * Since old programs tend to use this call to determine the first arg
- * for _select(), having this return > FD_SETSIZE is a Bad Idea(TM)!
- */
int
_rpc_dtablesize(void)
{
diff --git a/src/rpc_soc.c b/src/rpc_soc.c
index 1ec7b3f..ed0892a 100644
--- a/src/rpc_soc.c
+++ b/src/rpc_soc.c
@@ -61,8 +61,8 @@
#include <string.h>
#include <unistd.h>
#include <fcntl.h>
-#include <rpcsvc/nis.h>
+#include "nis.h"
#include "rpc_com.h"
extern mutex_t rpcsoc_lock;
diff --git a/src/rtime.c b/src/rtime.c
index c34e0af..b642840 100644
--- a/src/rtime.c
+++ b/src/rtime.c
@@ -46,6 +46,7 @@
#include <unistd.h>
#include <errno.h>
#include <sys/types.h>
+#include <sys/poll.h>
#include <sys/socket.h>
#include <sys/time.h>
#include <netinet/in.h>
@@ -67,7 +68,8 @@ rtime(addrp, timep, timeout)
struct timeval *timeout;
{
int s;
- fd_set readfds;
+ struct pollfd fd;
+ int milliseconds;
int res;
unsigned long thetime;
struct sockaddr_in from;
@@ -94,31 +96,32 @@ rtime(addrp, timep, timeout)
addrp->sin_port = serv->s_port;
if (type == SOCK_DGRAM) {
- res = sendto(s, (char *)&thetime, sizeof(thetime), 0,
+ res = sendto(s, (char *)&thetime, sizeof(thetime), 0,
(struct sockaddr *)addrp, sizeof(*addrp));
if (res < 0) {
do_close(s);
- return(-1);
+ return(-1);
}
- do {
- FD_ZERO(&readfds);
- FD_SET(s, &readfds);
- res = select(_rpc_dtablesize(), &readfds,
- (fd_set *)NULL, (fd_set *)NULL, timeout);
- } while (res < 0 && errno == EINTR);
+
+ milliseconds = (timeout->tv_sec * 1000) + (timeout->tv_usec / 1000);
+ fd.fd = s;
+ fd.events = POLLIN;
+ do
+ res = poll (&fd, 1, milliseconds);
+ while (res < 0 && errno == EINTR);
if (res <= 0) {
if (res == 0) {
errno = ETIMEDOUT;
}
do_close(s);
- return(-1);
+ return(-1);
}
fromlen = sizeof(from);
- res = recvfrom(s, (char *)&thetime, sizeof(thetime), 0,
+ res = recvfrom(s, (char *)&thetime, sizeof(thetime), 0,
(struct sockaddr *)&from, &fromlen);
do_close(s);
if (res < 0) {
- return(-1);
+ return(-1);
}
} else {
if (connect(s, (struct sockaddr *)addrp, sizeof(*addrp)) < 0) {
diff --git a/src/svc.c b/src/svc.c
index 9c41445..b59467b 100644
--- a/src/svc.c
+++ b/src/svc.c
@@ -99,7 +99,7 @@ xprt_register (xprt)
{
__svc_xports = (SVCXPRT **) calloc (_rpc_dtablesize(), sizeof (SVCXPRT *));
if (__svc_xports == NULL)
- return;
+ goto unlock;
}
if (sock < _rpc_dtablesize())
{
@@ -120,14 +120,14 @@ xprt_register (xprt)
svc_pollfd[i].fd = sock;
svc_pollfd[i].events = (POLLIN | POLLPRI |
POLLRDNORM | POLLRDBAND);
- return;
+ goto unlock;
}
new_svc_pollfd = (struct pollfd *) realloc (svc_pollfd,
sizeof (struct pollfd)
* (svc_max_pollfd + 1));
if (new_svc_pollfd == NULL) /* Out of memory */
- return;
+ goto unlock;
svc_pollfd = new_svc_pollfd;
++svc_max_pollfd;
@@ -135,6 +135,7 @@ xprt_register (xprt)
svc_pollfd[svc_max_pollfd - 1].events = (POLLIN | POLLPRI |
POLLRDNORM | POLLRDBAND);
}
+unlock:
rwlock_unlock (&svc_fd_lock);
}
diff --git a/src/svc_auth_des.c b/src/svc_auth_des.c
index 5bc264c..2e90146 100644
--- a/src/svc_auth_des.c
+++ b/src/svc_auth_des.c
@@ -86,13 +86,13 @@ static struct cache_entry *authdes_cache/* [AUTHDES_CACHESZ] */;
static short *authdes_lru/* [AUTHDES_CACHESZ] */;
static void cache_init(); /* initialize the cache */
-static short cache_spot(); /* find an entry in the cache */
-static void cache_ref(/*short sid*/); /* note that sid was ref'd */
+static short cache_spot(des_block *key, char *name, struct timeval *timestamp); /* find an entry in the cache */
+static void cache_ref(short sid); /* note that sid was ref'd */
-static void invalidate(); /* invalidate entry in cache */
+static void invalidate(char *cred); /* invalidate entry in cache */
/*
- * cache statistics
+ * cache statistics
*/
static struct {
u_long ncachehits; /* times cache hit, and is not replay */
diff --git a/src/svc_auth_gss.c b/src/svc_auth_gss.c
index b6aa407..bece46a 100644
--- a/src/svc_auth_gss.c
+++ b/src/svc_auth_gss.c
@@ -129,6 +129,8 @@ struct svc_rpc_gss_data {
((struct svc_rpc_gss_data *)(auth)->svc_ah_private)
/* Global server credentials. */
+static u_int _svcauth_req_time = 0;
+static gss_OID_set_desc _svcauth_oid_set = {1, GSS_C_NULL_OID };
static gss_cred_id_t _svcauth_gss_creds;
static gss_name_t _svcauth_gss_name = GSS_C_NO_NAME;
static char * _svcauth_svc_name = NULL;
@@ -167,6 +169,7 @@ svcauth_gss_import_name(char *service)
gss_name_t name;
gss_buffer_desc namebuf;
OM_uint32 maj_stat, min_stat;
+ bool_t result;
gss_log_debug("in svcauth_gss_import_name()");
@@ -181,22 +184,21 @@ svcauth_gss_import_name(char *service)
maj_stat, min_stat);
return (FALSE);
}
- if (svcauth_gss_set_svc_name(name) != TRUE) {
- gss_release_name(&min_stat, &name);
- return (FALSE);
- }
- return (TRUE);
+ result = svcauth_gss_set_svc_name(name);
+ gss_release_name(&min_stat, &name);
+ return result;
}
static bool_t
-svcauth_gss_acquire_cred(u_int req_time, gss_OID_set_desc *oid_set)
+svcauth_gss_acquire_cred(void)
{
OM_uint32 maj_stat, min_stat;
gss_log_debug("in svcauth_gss_acquire_cred()");
- maj_stat = gss_acquire_cred(&min_stat, _svcauth_gss_name, req_time,
- oid_set, GSS_C_ACCEPT,
+ maj_stat = gss_acquire_cred(&min_stat, _svcauth_gss_name,
+ _svcauth_req_time, &_svcauth_oid_set,
+ GSS_C_ACCEPT,
&_svcauth_gss_creds, NULL, NULL);
if (maj_stat != GSS_S_COMPLETE) {
@@ -300,6 +302,8 @@ svcauth_gss_accept_sec_context(struct svc_req *rqst,
NULL,
&gd->deleg);
+ xdr_free((xdrproc_t)xdr_rpc_gss_init_args, (caddr_t)&recv_tok);
+
if (gr->gr_major != GSS_S_COMPLETE &&
gr->gr_major != GSS_S_CONTINUE_NEEDED) {
gss_log_status("svcauth_gss_accept_sec_context: accept_sec_context",
@@ -352,8 +356,11 @@ svcauth_gss_accept_sec_context(struct svc_req *rqst,
return (FALSE);
rqst->rq_xprt->xp_verf.oa_flavor = RPCSEC_GSS;
- rqst->rq_xprt->xp_verf.oa_base = checksum.value;
+ memcpy(rqst->rq_xprt->xp_verf.oa_base, checksum.value,
+ checksum.length);
rqst->rq_xprt->xp_verf.oa_length = checksum.length;
+
+ gss_release_buffer(&min_stat, &checksum);
}
return (TRUE);
}
@@ -435,10 +442,13 @@ svcauth_gss_nextverf(struct svc_req *rqst, u_int num)
maj_stat, min_stat);
return (FALSE);
}
+
rqst->rq_xprt->xp_verf.oa_flavor = RPCSEC_GSS;
- rqst->rq_xprt->xp_verf.oa_base = (caddr_t)checksum.value;
+ memcpy(rqst->rq_xprt->xp_verf.oa_base, checksum.value, checksum.length);
rqst->rq_xprt->xp_verf.oa_length = (u_int)checksum.length;
+ gss_release_buffer(&min_stat, &checksum);
+
return (TRUE);
}
@@ -568,6 +578,8 @@ _svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, bool_t *no_dispatch)
gss_qop_t qop;
struct svcauth_gss_cache_entry **ce;
time_t now;
+ enum auth_stat result = AUTH_OK;
+ OM_uint32 min_stat;
gss_log_debug("in svcauth_gss()");
@@ -621,19 +633,25 @@ _svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, bool_t *no_dispatch)
XDR_DESTROY(&xdrs);
/* Check version. */
- if (gc->gc_v != RPCSEC_GSS_VERSION)
- return (AUTH_BADCRED);
+ if (gc->gc_v != RPCSEC_GSS_VERSION) {
+ result = AUTH_BADCRED;
+ goto out;
+ }
/* Check RPCSEC_GSS service. */
if (gc->gc_svc != RPCSEC_GSS_SVC_NONE &&
gc->gc_svc != RPCSEC_GSS_SVC_INTEGRITY &&
- gc->gc_svc != RPCSEC_GSS_SVC_PRIVACY)
- return (AUTH_BADCRED);
+ gc->gc_svc != RPCSEC_GSS_SVC_PRIVACY) {
+ result = AUTH_BADCRED;
+ goto out;
+ }
/* Check sequence number. */
if (gd->established) {
- if (gc->gc_seq > MAXSEQ)
- return (RPCSEC_GSS_CTXPROBLEM);
+ if (gc->gc_seq > MAXSEQ) {
+ result = RPCSEC_GSS_CTXPROBLEM;
+ goto out;
+ }
if ((offset = gd->seqlast - gc->gc_seq) < 0) {
gd->seqlast = gc->gc_seq;
@@ -643,7 +661,8 @@ _svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, bool_t *no_dispatch)
}
else if (offset >= gd->win || (gd->seqmask & (1 << offset))) {
*no_dispatch = 1;
- return (RPCSEC_GSS_CTXPROBLEM);
+ result = RPCSEC_GSS_CTXPROBLEM;
+ goto out;
}
gd->seq = gc->gc_seq;
gd->seqmask |= (1 << offset);
@@ -654,35 +673,52 @@ _svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, bool_t *no_dispatch)
rqst->rq_svcname = (char *)gd->ctx;
}
+ rqst->rq_xprt->xp_verf.oa_base = msg->rm_call.cb_verf.oa_base;
+
/* Handle RPCSEC_GSS control procedure. */
switch (gc->gc_proc) {
case RPCSEC_GSS_INIT:
case RPCSEC_GSS_CONTINUE_INIT:
- if (rqst->rq_proc != NULLPROC)
- return (AUTH_FAILED); /* XXX ? */
+ if (rqst->rq_proc != NULLPROC) {
+ result = AUTH_FAILED; /* XXX ? */
+ break;
+ }
if (_svcauth_gss_name == GSS_C_NO_NAME) {
- if (!svcauth_gss_import_name("nfs"))
- return (AUTH_FAILED);
+ if (!svcauth_gss_import_name("nfs")) {
+ result = AUTH_FAILED;
+ break;
+ }
}
- if (!svcauth_gss_acquire_cred(0, GSS_C_NULL_OID_SET))
- return (AUTH_FAILED);
+ if (!svcauth_gss_acquire_cred()) {
+ result = AUTH_FAILED;
+ break;
+ }
- if (!svcauth_gss_accept_sec_context(rqst, &gr))
- return (AUTH_REJECTEDCRED);
+ if (!svcauth_gss_accept_sec_context(rqst, &gr)) {
+ result = AUTH_REJECTEDCRED;
+ break;
+ }
- if (!svcauth_gss_nextverf(rqst, htonl(gr.gr_win)))
- return (AUTH_FAILED);
+ if (!svcauth_gss_nextverf(rqst, htonl(gr.gr_win))) {
+ result = AUTH_FAILED;
+ break;
+ }
*no_dispatch = TRUE;
call_stat = svc_sendreply(rqst->rq_xprt,
(xdrproc_t)xdr_rpc_gss_init_res, (caddr_t)&gr);
- if (!call_stat)
- return (AUTH_FAILED);
+ gss_release_buffer(&min_stat, &gr.gr_token);
+ free(gr.gr_ctx.value);
+
+ if (!call_stat) {
+ result = AUTH_FAILED;
+ break;
+ }
if (gr.gr_major == GSS_S_COMPLETE)
gd->established = TRUE;
@@ -690,27 +726,37 @@ _svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, bool_t *no_dispatch)
break;
case RPCSEC_GSS_DATA:
- if (!svcauth_gss_validate(gd, msg, &qop))
- return (RPCSEC_GSS_CREDPROBLEM);
+ if (!svcauth_gss_validate(gd, msg, &qop)) {
+ result = RPCSEC_GSS_CREDPROBLEM;
+ break;
+ }
- if (!svcauth_gss_nextverf(rqst, htonl(gc->gc_seq)))
- return (AUTH_FAILED);
+ if (!svcauth_gss_nextverf(rqst, htonl(gc->gc_seq))) {
+ result = AUTH_FAILED;
+ break;
+ }
if (!gd->callback_done) {
gd->callback_done = TRUE;
gd->sec.qop = qop;
(void)rpc_gss_num_to_qop(gd->rcred.mechanism,
gd->sec.qop, &gd->rcred.qop);
- if (!svcauth_gss_callback(rqst, gd))
- return (AUTH_REJECTEDCRED);
+ if (!svcauth_gss_callback(rqst, gd)) {
+ result = AUTH_REJECTEDCRED;
+ break;
+ }
}
if (gd->locked) {
if (gd->rcred.service !=
- _rpc_gss_svc_to_service(gc->gc_svc))
- return (AUTH_FAILED);
- if (gd->sec.qop != qop)
- return (AUTH_BADVERF);
+ _rpc_gss_svc_to_service(gc->gc_svc)) {
+ result = AUTH_FAILED;
+ break;
+ }
+ if (gd->sec.qop != qop) {
+ result = AUTH_BADVERF;
+ break;
+ }
}
if (gd->sec.qop != qop) {
@@ -724,17 +770,25 @@ _svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, bool_t *no_dispatch)
break;
case RPCSEC_GSS_DESTROY:
- if (rqst->rq_proc != NULLPROC)
- return (AUTH_FAILED); /* XXX ? */
+ if (rqst->rq_proc != NULLPROC) {
+ result = AUTH_FAILED; /* XXX ? */
+ break;
+ }
- if (!svcauth_gss_validate(gd, msg, &qop))
- return (RPCSEC_GSS_CREDPROBLEM);
+ if (!svcauth_gss_validate(gd, msg, &qop)) {
+ result = RPCSEC_GSS_CREDPROBLEM;
+ break;
+ }
- if (!svcauth_gss_nextverf(rqst, htonl(gc->gc_seq)))
- return (AUTH_FAILED);
+ if (!svcauth_gss_nextverf(rqst, htonl(gc->gc_seq))) {
+ result = AUTH_FAILED;
+ break;
+ }
- if (!svcauth_gss_release_cred())
- return (AUTH_FAILED);
+ if (!svcauth_gss_release_cred()) {
+ result = AUTH_FAILED;
+ break;
+ }
SVCAUTH_DESTROY(&SVC_XP_AUTH(rqst->rq_xprt));
SVC_XP_AUTH(rqst->rq_xprt).svc_ah_ops = svc_auth_none.svc_ah_ops;
@@ -743,10 +797,12 @@ _svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, bool_t *no_dispatch)
break;
default:
- return (AUTH_REJECTEDCRED);
+ result = AUTH_REJECTEDCRED;
break;
}
- return (AUTH_OK);
+out:
+ xdr_free((xdrproc_t)xdr_rpc_gss_cred, (caddr_t)gc);
+ return result;
}
static bool_t
@@ -890,7 +946,6 @@ bool_t
rpc_gss_set_svc_name(char *principal, char *mechanism, u_int req_time,
u_int UNUSED(program), u_int UNUSED(version))
{
- gss_OID_set_desc oid_set;
rpc_gss_OID oid;
char *save;
@@ -902,14 +957,13 @@ rpc_gss_set_svc_name(char *principal, char *mechanism, u_int req_time,
if (!rpc_gss_mech_to_oid(mechanism, &oid))
goto out_err;
- oid_set.count = 1;
- oid_set.elements = (gss_OID)oid;
if (!svcauth_gss_import_name(principal))
goto out_err;
- if (!svcauth_gss_acquire_cred(req_time, &oid_set))
- goto out_err;
+ _svcauth_req_time = req_time;
+ _svcauth_oid_set.count = 1;
+ _svcauth_oid_set.elements = (gss_OID)oid;
free(_svcauth_svc_name);
_svcauth_svc_name = save;
return TRUE;
diff --git a/src/svc_vc.c b/src/svc_vc.c
index 6ae613d..97a76a3 100644
--- a/src/svc_vc.c
+++ b/src/svc_vc.c
@@ -270,14 +270,8 @@ makefd_xprt(fd, sendsize, recvsize)
struct cf_conn *cd;
const char *netid;
struct __rpc_sockinfo si;
-
- assert(fd != -1);
- if (fd >= FD_SETSIZE) {
- warnx("svc_vc: makefd_xprt: fd too high\n");
- xprt = NULL;
- goto done;
- }
+ assert(fd != -1);
xprt = mem_alloc(sizeof(SVCXPRT));
if (xprt == NULL) {
@@ -338,22 +332,10 @@ rendezvous_request(xprt, msg)
r = (struct cf_rendezvous *)xprt->xp_p1;
again:
len = sizeof addr;
- if ((sock = accept(xprt->xp_fd, (struct sockaddr *)(void *)&addr,
- &len)) < 0) {
+ sock = accept(xprt->xp_fd, (struct sockaddr *)(void *)&addr, &len);
+ if (sock < 0) {
if (errno == EINTR)
goto again;
-
- if (errno == EMFILE || errno == ENFILE) {
- /* If there are no file descriptors available, then accept will fail.
- We want to delay here so the connection request can be dequeued;
- otherwise we can bounce between polling and accepting, never
- giving the request a chance to dequeue and eating an enormous
- amount of cpu time in svc_run if we're polling on many file
- descriptors. */
- struct timespec ts = { .tv_sec = 0, .tv_nsec = 50000000 };
- nanosleep (&ts, NULL);
- goto again;
- }
return (FALSE);
}
/*
diff --git a/tirpc/rpc/des.h b/tirpc/rpc/des.h
index d2881ad..018aa48 100644
--- a/tirpc/rpc/des.h
+++ b/tirpc/rpc/des.h
@@ -82,6 +82,6 @@ struct desparams {
/*
* Software DES.
*/
-extern int _des_crypt( char *, int, struct desparams * );
+extern int _des_crypt( char *, unsigned, struct desparams * );
#endif
diff --git a/tirpc/rpc/rpcent.h b/tirpc/rpc/rpcent.h
index 147f909..e07503c 100644
--- a/tirpc/rpc/rpcent.h
+++ b/tirpc/rpc/rpcent.h
@@ -60,10 +60,11 @@ struct rpcent {
extern struct rpcent *getrpcbyname(const char *);
extern struct rpcent *getrpcbynumber(int);
extern struct rpcent *getrpcent(void);
-#endif
extern void setrpcent(int);
extern void endrpcent(void);
+#endif
+
#ifdef __cplusplus
}
#endif

12
libtirpc.spec
View File

@ -1,8 +1,8 @@
%define _root_libdir /%{_lib}
Name: libtirpc
Version: 1.0.1
Release: 4.rc3%{?dist}
Version: 1.0.2
Release: 0%{?dist}
Summary: Transport Independent RPC Library
Group: System Environment/Libraries
License: SISSL and BSD
@ -10,8 +10,6 @@ URL: http://nfsv4.bullopensource.org/
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
Source0: http://downloads.sourceforge.net/libtirpc/libtirpc-%{version}.tar.bz2
Patch001: libtirpc-1.0.2-rc3.patch
Patch002: libtirpc-1.0.2-CVE-2017-8779.patch
BuildRequires: automake, autoconf, libtool, pkgconfig
BuildRequires: krb5-devel
@ -42,9 +40,6 @@ developing programs which use the tirpc library.
%prep
%setup -q
%patch001 -p1
%patch002 -p1
# Remove .orig files
find . -name "*.orig" | xargs rm -f
@ -137,6 +132,9 @@ rm -rf %{buildroot}
%{_mandir}/*/*
%changelog
* Wed Jul 5 2017 Steve Dickson <steved@redhat.com> 1.0.2
- Updated to the latest upstream release: 1.0.2
* Mon May 15 2017 Steve Dickson <steved@redhat.com> 1.0.1-4.rc3
- Fix for CVE-2017-8779 (bz 1448127)

2
sources
View File

@ -1 +1 @@
36ce1c0ff80863bb0839d54aa0b94014 libtirpc-1.0.1.tar.bz2
SHA512 (libtirpc-1.0.2.tar.bz2) = 6c819019a8e81d8263d3c509b2eee59ba1ef092222c5a0a8d28f004c711afa252097eca7e6b0b919b2d780883dfd9ee7a363df4cee7fd2c9159a065257637cec