diff --git a/nfs-utils-1.2.2-rc7.patch b/nfs-utils-1.2.2-rc8.patch similarity index 94% rename from nfs-utils-1.2.2-rc7.patch rename to nfs-utils-1.2.2-rc8.patch index 418d182..c2d6d0e 100644 --- a/nfs-utils-1.2.2-rc7.patch +++ b/nfs-utils-1.2.2-rc8.patch @@ -35,6 +35,21 @@ index b3a6e91..ae7cd16 100644 MAINTAINERCLEANFILES = Makefile.in +diff --git a/aclocal/ipv6.m4 b/aclocal/ipv6.m4 +index 2490f3d..5ee8fb6 100644 +--- a/aclocal/ipv6.m4 ++++ b/aclocal/ipv6.m4 +@@ -15,8 +15,8 @@ AC_DEFUN([AC_IPV6], [ + fi + + dnl IPv6-enabled networking functions required for IPv6 +- AC_CHECK_FUNCS([getnameinfo bindresvport_sa], , +- [AC_MSG_ERROR([Missing functions needed for IPv6.])]) ++ AC_CHECK_FUNCS([getifaddrs getnameinfo bindresvport_sa], , ++ [AC_MSG_ERROR([Missing library functions needed for IPv6.])]) + + dnl Need to detect presence of IPv6 networking at run time via + dnl getaddrinfo(3); old versions of glibc do not support ADDRCONFIG diff --git a/aclocal/libcap.m4 b/aclocal/libcap.m4 new file mode 100644 index 0000000..eabe507 @@ -57,7 +72,7 @@ index 0000000..eabe507 + +])dnl diff --git a/configure.ac b/configure.ac -index 3ad415c..c77c5ba 100644 +index 3ad415c..1dc4249 100644 --- a/configure.ac +++ b/configure.ac @@ -166,6 +166,9 @@ fi @@ -70,6 +85,15 @@ index 3ad415c..c77c5ba 100644 # Check whether user wants TCP wrappers support AC_TCP_WRAPPERS +@@ -327,7 +330,7 @@ AC_FUNC_STAT + AC_FUNC_VPRINTF + AC_CHECK_FUNCS([alarm atexit dup2 fdatasync ftruncate getcwd \ + gethostbyaddr gethostbyname gethostname getmntent \ +- getnameinfo getrpcbyname \ ++ getnameinfo getrpcbyname getifaddrs \ + gettimeofday hasmntopt inet_ntoa innetgr memset mkdir pathconf \ + realpath rmdir select socket strcasecmp strchr strdup \ + strerror strrchr strtol strtoul sigprocmask]) @@ -402,6 +405,7 @@ AC_CONFIG_FILES([ support/include/Makefile support/misc/Makefile @@ -687,6 +711,28 @@ index 0000000..732514b +} + +#endif /* !NFS_UTILS_SOCKADDR_H */ +diff --git a/support/include/tcpwrapper.h b/support/include/tcpwrapper.h +index 98cf806..f735106 100644 +--- a/support/include/tcpwrapper.h ++++ b/support/include/tcpwrapper.h +@@ -5,14 +5,8 @@ + #include + #include + +-extern int verboselog; +- +-extern int allow_severity; +-extern int deny_severity; +- +-extern int good_client(char *daemon, struct sockaddr_in *addr); +-extern int from_local (struct sockaddr_in *addr); +-extern int check_default(char *daemon, struct sockaddr_in *addr, +- u_long proc, u_long prog); ++extern int from_local(const struct sockaddr *sap); ++extern int check_default(char *name, struct sockaddr *sap, ++ const unsigned long program); + + #endif /* TCP_WRAPPER_H */ diff --git a/support/include/v4root.h b/support/include/v4root.h new file mode 100644 index 0000000..706c15c @@ -708,6 +754,512 @@ index 0000000..706c15c +extern void v4root_set(void); + +#endif /* V4ROOT_H */ +diff --git a/support/misc/from_local.c b/support/misc/from_local.c +index 89ccc4a..e2de969 100644 +--- a/support/misc/from_local.c ++++ b/support/misc/from_local.c +@@ -37,32 +37,100 @@ + static char sccsid[] = "@(#) from_local.c 1.3 96/05/31 15:52:57"; + #endif + +-#ifdef TEST +-#undef perror ++#ifdef HAVE_CONFIG_H ++#include + #endif + + #include + #include ++#include + #include + #include + #include + #include + #include + #include +-#include + #include + #include + ++#include "sockaddr.h" ++#include "tcpwrapper.h" ++#include "xlog.h" ++ + #ifndef TRUE + #define TRUE 1 + #define FALSE 0 + #endif + +- /* +- * With virtual hosting, each hardware network interface can have multiple +- * network addresses. On such machines the number of machine addresses can +- * be surprisingly large. +- */ ++#ifdef HAVE_GETIFADDRS ++ ++#include ++#include ++ ++/** ++ * from_local - determine whether request comes from the local system ++ * @sap: pointer to socket address to check ++ * ++ * With virtual hosting, each hardware network interface can have ++ * multiple network addresses. On such machines the number of machine ++ * addresses can be surprisingly large. ++ * ++ * We also expect the local network configuration to change over time, ++ * so call getifaddrs(3) more than once, but not too often. ++ * ++ * Returns TRUE if the sockaddr contains an address of one of the local ++ * network interfaces. Otherwise FALSE is returned. ++ */ ++int ++from_local(const struct sockaddr *sap) ++{ ++ static struct ifaddrs *ifaddr = NULL; ++ static time_t last_update = 0; ++ struct ifaddrs *ifa; ++ unsigned int count; ++ time_t now; ++ ++ if (time(&now) == ((time_t)-1)) { ++ xlog(L_ERROR, "%s: time(2): %m", __func__); ++ ++ /* If we don't know what time it is, use the ++ * existing ifaddr list, if one exists */ ++ now = last_update; ++ if (ifaddr == NULL) ++ now++; ++ } ++ if (now != last_update) { ++ xlog(D_GENERAL, "%s: updating local if addr list", __func__); ++ ++ if (ifaddr) ++ freeifaddrs(ifaddr); ++ ++ if (getifaddrs(&ifaddr) == -1) { ++ xlog(L_ERROR, "%s: getifaddrs(3): %m", __func__); ++ return FALSE; ++ } ++ ++ last_update = now; ++ } ++ ++ count = 0; ++ for (ifa = ifaddr; ifa; ifa = ifa->ifa_next) { ++ if ((ifa->ifa_flags & IFF_UP) && ++ nfs_compare_sockaddr(sap, ifa->ifa_addr)) { ++ xlog(D_GENERAL, "%s: incoming address matches " ++ "local interface address", __func__); ++ return TRUE; ++ } else ++ count++; ++ } ++ ++ xlog(D_GENERAL, "%s: checked %u local if addrs; " ++ "incoming address not found", __func__, count); ++ return FALSE; ++} ++ ++#else /* !HAVE_GETIFADDRS */ ++ + static int num_local; + static int num_addrs; + static struct in_addr *addrs; +@@ -81,7 +149,7 @@ static int grow_addrs(void) + new_num = (addrs == 0) ? 1 : num_addrs + num_addrs; + new_addrs = (struct in_addr *) malloc(sizeof(*addrs) * new_num); + if (new_addrs == 0) { +- perror("portmap: out of memory"); ++ xlog_warn("%s: out of memory", __func__); + return (0); + } else { + if (addrs != 0) { +@@ -112,13 +180,13 @@ find_local(void) + */ + + if ((sock = socket(PF_INET, SOCK_DGRAM, 0)) < 0) { +- perror("socket"); ++ xlog_warn("%s: socket(2): %m", __func__); + return (0); + } + ifc.ifc_len = sizeof(buf); + ifc.ifc_buf = buf; + if (ioctl(sock, SIOCGIFCONF, (char *) &ifc) < 0) { +- perror("SIOCGIFCONF"); ++ xlog_warn("%s: ioctl(SIOCGIFCONF): %m", __func__); + (void) close(sock); + return (0); + } +@@ -130,10 +198,10 @@ find_local(void) + if (ifr->ifr_addr.sa_family == AF_INET) { /* IP net interface */ + ifreq = *ifr; + if (ioctl(sock, SIOCGIFFLAGS, (char *) &ifreq) < 0) { +- perror("SIOCGIFFLAGS"); ++ xlog_warn("%s: ioctl(SIOCGIFFLAGS): %m", __func__); + } else if (ifreq.ifr_flags & IFF_UP) { /* active interface */ + if (ioctl(sock, SIOCGIFADDR, (char *) &ifreq) < 0) { +- perror("SIOCGIFADDR"); ++ xlog_warn("%s: ioctl(SIOCGIFADDR): %m", __func__); + } else { + if (num_local >= num_addrs) + if (grow_addrs() == 0) +@@ -153,14 +221,28 @@ find_local(void) + return (num_local); + } + +-/* from_local - determine whether request comes from the local system */ ++/** ++ * from_local - determine whether request comes from the local system ++ * @sap: pointer to socket address to check ++ * ++ * With virtual hosting, each hardware network interface can have ++ * multiple network addresses. On such machines the number of machine ++ * addresses can be surprisingly large. ++ * ++ * Returns TRUE if the sockaddr contains an address of one of the local ++ * network interfaces. Otherwise FALSE is returned. ++ */ + int +-from_local(struct sockaddr_in *addr) ++from_local(const struct sockaddr *sap) + { ++ const struct sockaddr_in *addr = (const struct sockaddr_in *)sap; + int i; + ++ if (sap->sa_family != AF_INET) ++ return (FALSE); ++ + if (addrs == 0 && find_local() == 0) +- syslog(LOG_ERR, "cannot find any active local network interfaces"); ++ xlog(L_ERROR, "Cannot find any active local network interfaces"); + + for (i = 0; i < num_local; i++) { + if (memcmp((char *) &(addr->sin_addr), (char *) &(addrs[i]), +@@ -172,9 +254,8 @@ from_local(struct sockaddr_in *addr) + + #ifdef TEST + +-main() ++int main(void) + { +- char *inet_ntoa(); + int i; + + find_local(); +@@ -182,4 +263,6 @@ main() + printf("%s\n", inet_ntoa(addrs[i])); + } + +-#endif ++#endif /* TEST */ ++ ++#endif /* !HAVE_GETIFADDRS */ +diff --git a/support/misc/tcpwrapper.c b/support/misc/tcpwrapper.c +index 1da6020..06b0a46 100644 +--- a/support/misc/tcpwrapper.c ++++ b/support/misc/tcpwrapper.c +@@ -34,13 +34,12 @@ + #ifdef HAVE_CONFIG_H + #include + #endif ++ + #ifdef HAVE_LIBWRAP +-#include + #include + #include + #include + #include +-#include + #include + #include + #include +@@ -49,108 +48,146 @@ + #include + #include + ++#include "sockaddr.h" ++#include "tcpwrapper.h" + #include "xlog.h" + + #ifdef SYSV40 + #include + #include +-#endif ++#endif /* SYSV40 */ + +-static void logit(int severity, struct sockaddr_in *addr, +- u_long procnum, u_long prognum, char *text); +-static int check_files(void); ++#define ALLOW 1 ++#define DENY 0 + +-/* +- * These need to exist since they are externed +- * public header files. +- */ +-int verboselog = 0; +-int allow_severity = LOG_INFO; +-int deny_severity = LOG_WARNING; ++#ifdef IPV6_SUPPORTED ++static void ++present_address(const struct sockaddr *sap, char *buf, const size_t buflen) ++{ ++ const struct sockaddr_in *sin = (const struct sockaddr_in *)sap; ++ const struct sockaddr_in6 *sin6 = (const struct sockaddr_in6 *)sap; ++ socklen_t len = (socklen_t)buflen; ++ ++ switch (sap->sa_family) { ++ case AF_INET: ++ if (inet_ntop(AF_INET, &sin->sin_addr, buf, len) != 0) ++ return; ++ case AF_INET6: ++ if (inet_ntop(AF_INET6, &sin6->sin6_addr, buf, len) != 0) ++ return; ++ } + +-#define log_bad_host(addr, proc, prog) \ +- logit(deny_severity, addr, proc, prog, "request from unauthorized host") ++ memset(buf, 0, buflen); ++ strncpy(buf, "unrecognized caller", buflen); ++} ++#else /* !IPV6_SUPPORTED */ ++static void ++present_address(const struct sockaddr *sap, char *buf, const size_t buflen) ++{ ++ const struct sockaddr_in *sin = (const struct sockaddr_in *)sap; ++ socklen_t len = (socklen_t)buflen; + +-#define ALLOW 1 +-#define DENY 0 ++ if (sap->sa_family == AF_INET) ++ if (inet_ntop(AF_INET, &sin->sin_addr, buf, len) != 0) ++ return; ++ ++ memset(buf, 0, buflen); ++ strncpy(buf, "unrecognized caller", (size_t)buflen); ++} ++#endif /* !IPV6_SUPPORTED */ + + typedef struct _haccess_t { +- TAILQ_ENTRY(_haccess_t) list; +- int access; +- struct in_addr addr; ++ TAILQ_ENTRY(_haccess_t) list; ++ int allowed; ++ union nfs_sockaddr address; + } haccess_t; + + #define HASH_TABLE_SIZE 1021 + typedef struct _hash_head { + TAILQ_HEAD(host_list, _haccess_t) h_head; + } hash_head; +-hash_head haccess_tbl[HASH_TABLE_SIZE]; +-static haccess_t *haccess_lookup(struct sockaddr_in *addr, u_long); +-static void haccess_add(struct sockaddr_in *addr, u_long, int); + +-inline unsigned int strtoint(char *str) ++static hash_head haccess_tbl[HASH_TABLE_SIZE]; ++ ++static unsigned long ++strtoint(const char *str) + { +- unsigned int n = 0; +- int len = strlen(str); +- int i; ++ unsigned long i, n = 0; ++ size_t len = strlen(str); + +- for (i=0; i < len; i++) +- n+=((int)str[i])*i; ++ for (i = 0; i < len; i++) ++ n += (unsigned char)str[i] * i; + + return n; + } +-static inline int hashint(unsigned int num) ++ ++static unsigned int ++hashint(const unsigned long num) + { +- return num % HASH_TABLE_SIZE; ++ return (unsigned int)(num % HASH_TABLE_SIZE); + } +-#define HASH(_addr, _prog) \ +- hashint((strtoint((_addr))+(_prog))) + +-void haccess_add(struct sockaddr_in *addr, u_long prog, int access) ++static unsigned int ++HASH(const char *addr, const unsigned long program) ++{ ++ return hashint(strtoint(addr) + program); ++} ++ ++static void ++haccess_add(const struct sockaddr *sap, const char *address, ++ const unsigned long program, const int allowed) + { + hash_head *head; +- haccess_t *hptr; +- int hash; ++ haccess_t *hptr; ++ unsigned int hash; + + hptr = (haccess_t *)malloc(sizeof(haccess_t)); + if (hptr == NULL) + return; + +- hash = HASH(inet_ntoa(addr->sin_addr), prog); ++ hash = HASH(address, program); + head = &(haccess_tbl[hash]); + +- hptr->access = access; +- hptr->addr.s_addr = addr->sin_addr.s_addr; ++ hptr->allowed = allowed; ++ memcpy(&hptr->address, sap, (size_t)nfs_sockaddr_length(sap)); + + if (TAILQ_EMPTY(&head->h_head)) + TAILQ_INSERT_HEAD(&head->h_head, hptr, list); + else + TAILQ_INSERT_TAIL(&head->h_head, hptr, list); + } +-haccess_t *haccess_lookup(struct sockaddr_in *addr, u_long prog) ++ ++static haccess_t * ++haccess_lookup(const struct sockaddr *sap, const char *address, ++ const unsigned long program) + { + hash_head *head; +- haccess_t *hptr; +- int hash; ++ haccess_t *hptr; ++ unsigned int hash; + +- hash = HASH(inet_ntoa(addr->sin_addr), prog); ++ hash = HASH(address, program); + head = &(haccess_tbl[hash]); + + TAILQ_FOREACH(hptr, &head->h_head, list) { +- if (hptr->addr.s_addr == addr->sin_addr.s_addr) ++ if (nfs_compare_sockaddr(&hptr->address.sa, sap)) + return hptr; + } + return NULL; + } + +-int +-good_client(daemon, addr) +-char *daemon; +-struct sockaddr_in *addr; ++static void ++logit(const char *address) ++{ ++ xlog_warn("connect from %s denied: request from unauthorized host", ++ address); ++} ++ ++static int ++good_client(char *name, struct sockaddr *sap) + { + struct request_info req; + +- request_init(&req, RQ_DAEMON, daemon, RQ_CLIENT_SIN, addr, 0); ++ request_init(&req, RQ_DAEMON, name, RQ_CLIENT_SIN, sap, 0); + sock_methods(&req); + + if (hosts_access(&req)) +@@ -159,9 +196,8 @@ struct sockaddr_in *addr; + return DENY; + } + +-/* check_files - check to see if either access files have changed */ +- +-static int check_files() ++static int ++check_files(void) + { + static time_t allow_mtime, deny_mtime; + struct stat astat, dstat; +@@ -186,45 +222,48 @@ static int check_files() + return changed; + } + +-/* check_default - additional checks for NULL, DUMP, GETPORT and unknown */ +- ++/** ++ * check_default - additional checks for NULL, DUMP, GETPORT and unknown ++ * @name: pointer to '\0'-terminated ASCII string containing name of the ++ * daemon requesting the access check ++ * @sap: pointer to sockaddr containing network address of caller ++ * @program: RPC program number caller is attempting to access ++ * ++ * Returns TRUE if the caller is allowed access; otherwise FALSE is returned. ++ */ + int +-check_default(daemon, addr, proc, prog) +-char *daemon; +-struct sockaddr_in *addr; +-u_long proc; +-u_long prog; ++check_default(char *name, struct sockaddr *sap, const unsigned long program) + { + haccess_t *acc = NULL; + int changed = check_files(); ++ char buf[INET6_ADDRSTRLEN]; ++ ++ present_address(sap, buf, sizeof(buf)); + +- acc = haccess_lookup(addr, prog); +- if (acc && changed == 0) +- return (acc->access); ++ acc = haccess_lookup(sap, buf, program); ++ if (acc != NULL && changed == 0) { ++ xlog(D_GENERAL, "%s: access by %s %s (cached)", __func__, ++ buf, acc->allowed ? "ALLOWED" : "DENIED"); ++ return acc->allowed; ++ } + +- if (!(from_local(addr) || good_client(daemon, addr))) { +- log_bad_host(addr, proc, prog); +- if (acc) +- acc->access = FALSE; +- else +- haccess_add(addr, prog, FALSE); ++ if (!(from_local(sap) || good_client(name, sap))) { ++ logit(buf); ++ if (acc != NULL) ++ acc->allowed = FALSE; ++ else ++ haccess_add(sap, buf, program, FALSE); ++ xlog(D_GENERAL, "%s: access by %s DENIED", __func__, buf); + return (FALSE); + } + +- if (acc) +- acc->access = TRUE; +- else +- haccess_add(addr, prog, TRUE); ++ if (acc != NULL) ++ acc->allowed = TRUE; ++ else ++ haccess_add(sap, buf, program, TRUE); ++ xlog(D_GENERAL, "%s: access by %s ALLOWED", __func__, buf); + +- return (TRUE); ++ return (TRUE); + } + +-/* logit - report events of interest via the syslog daemon */ +- +-static void logit(int severity, struct sockaddr_in *addr, +- u_long procnum, u_long prognum, char *text) +-{ +- syslog(severity, "connect from %s denied: %s", +- inet_ntoa(addr->sin_addr), text); +-} +-#endif ++#endif /* HAVE_LIBWRAP */ diff --git a/support/nfs/Makefile.am b/support/nfs/Makefile.am index e9462fc..60400b2 100644 --- a/support/nfs/Makefile.am @@ -6559,6 +7111,25 @@ index e4e2f22..d63e10a 100644 if (found) { if (dump_to_cache(f, dom, path, &found->m_export) < 0) { +diff --git a/utils/mountd/mount_dispatch.c b/utils/mountd/mount_dispatch.c +index 199fcec..ba6981d 100644 +--- a/utils/mountd/mount_dispatch.c ++++ b/utils/mountd/mount_dispatch.c +@@ -70,12 +70,10 @@ mount_dispatch(struct svc_req *rqstp, SVCXPRT *transp) + { + union mountd_arguments argument; + union mountd_results result; +-#ifdef HAVE_TCP_WRAPPER +- struct sockaddr_in *sin = nfs_getrpccaller_in(transp); + ++#ifdef HAVE_TCP_WRAPPER + /* remote host authorization check */ +- if (sin->sin_family == AF_INET && +- !check_default("mountd", sin, rqstp->rq_proc, MOUNTPROG)) { ++ if (!check_default("mountd", nfs_getrpccaller(transp), MOUNTPROG)) { + svcerr_auth (transp, AUTH_FAILED); + return; + } diff --git a/utils/mountd/mountd.c b/utils/mountd/mountd.c index 888fd8c..a0a1f2d 100644 --- a/utils/mountd/mountd.c @@ -10565,7 +11136,7 @@ index 799239f..8d8b65e 100644 result.state = MY_STATE; return(&result); diff --git a/utils/statd/statd.c b/utils/statd/statd.c -index 1c5247e..7be6454 100644 +index 1c5247e..01fdb41 100644 --- a/utils/statd/statd.c +++ b/utils/statd/statd.c @@ -25,33 +25,21 @@ @@ -10613,7 +11184,20 @@ index 1c5247e..7be6454 100644 #ifdef SIMULATIONS extern void simulator (int, char **); -@@ -103,23 +90,26 @@ sm_prog_1_wrapper (struct svc_req *rqstp, register SVCXPRT *transp) +@@ -88,11 +75,8 @@ extern void simulator (int, char **); + static void + sm_prog_1_wrapper (struct svc_req *rqstp, register SVCXPRT *transp) + { +- struct sockaddr_in *sin = nfs_getrpccaller_in(transp); +- + /* remote host authorization check */ +- if (sin->sin_family == AF_INET && +- !check_default("statd", sin, rqstp->rq_proc, SM_PROG)) { ++ if (!check_default("statd", nfs_getrpccaller(transp), SM_PROG)) { + svcerr_auth (transp, AUTH_FAILED); + return; + } +@@ -103,23 +87,26 @@ sm_prog_1_wrapper (struct svc_req *rqstp, register SVCXPRT *transp) #define sm_prog_1 sm_prog_1_wrapper #endif @@ -10645,7 +11229,7 @@ index 1c5247e..7be6454 100644 MY_STATE); my_svc_exit(); } -@@ -140,8 +130,11 @@ static void log_modes(void) +@@ -140,8 +127,11 @@ static void log_modes(void) strcat(buf,"No-Daemon "); if (run_mode & MODE_LOG_STDERR) strcat(buf,"Log-STDERR "); @@ -10658,7 +11242,7 @@ index 1c5247e..7be6454 100644 } /* -@@ -175,13 +168,12 @@ static void create_pidfile(void) +@@ -175,13 +165,12 @@ static void create_pidfile(void) unlink(pidfile); fp = fopen(pidfile, "w"); if (!fp) @@ -10675,7 +11259,7 @@ index 1c5247e..7be6454 100644 } } -@@ -189,42 +181,10 @@ static void truncate_pidfile(void) +@@ -189,42 +178,10 @@ static void truncate_pidfile(void) { if (pidfd >= 0) { if (ftruncate(pidfd, 0) < 0) { @@ -10720,7 +11304,7 @@ index 1c5247e..7be6454 100644 } static void run_sm_notify(int outport) -@@ -266,6 +226,8 @@ int main (int argc, char **argv) +@@ -266,6 +223,8 @@ int main (int argc, char **argv) /* Default: daemon mode, no other options */ run_mode = 0; @@ -10729,7 +11313,7 @@ index 1c5247e..7be6454 100644 /* Set the basename */ if ((name_p = strrchr(argv[0],'/')) != NULL) { -@@ -274,13 +236,6 @@ int main (int argc, char **argv) +@@ -274,13 +233,6 @@ int main (int argc, char **argv) name_p = argv[0]; } @@ -10743,7 +11327,7 @@ index 1c5247e..7be6454 100644 /* Set hostname */ MY_NAME = NULL; -@@ -289,7 +244,7 @@ int main (int argc, char **argv) +@@ -289,7 +241,7 @@ int main (int argc, char **argv) switch (arg) { case 'V': /* Version */ case 'v': @@ -10752,7 +11336,7 @@ index 1c5247e..7be6454 100644 exit(0); case 'F': /* Foreground/nodaemon mode */ run_mode |= MODE_NODAEMON; -@@ -326,34 +281,8 @@ int main (int argc, char **argv) +@@ -326,34 +278,8 @@ int main (int argc, char **argv) MY_NAME = xstrdup(optarg); break; case 'P': @@ -10760,8 +11344,7 @@ index 1c5247e..7be6454 100644 - if ((DIR_BASE = xstrdup(optarg)) == NULL) { - fprintf(stderr, "%s: xstrdup(%s) failed!\n", - argv[0], optarg); -+ if (!nsm_setup_pathnames(argv[0], optarg)) - exit(1); +- exit(1); - } - - SM_DIR = xmalloc(strlen(DIR_BASE) + 1 + sizeof("sm")); @@ -10774,7 +11357,8 @@ index 1c5247e..7be6454 100644 - - fprintf(stderr, "%s: xmalloc() failed!\n", - argv[0]); -- exit(1); ++ if (!nsm_setup_pathnames(argv[0], optarg)) + exit(1); - } - if (DIR_BASE[strlen(DIR_BASE)-1] == '/') { - sprintf(SM_DIR, "%ssm", DIR_BASE ); @@ -10788,7 +11372,7 @@ index 1c5247e..7be6454 100644 break; case 'H': /* PRC: specify the ha-callout program */ if ((ha_callout_prog = xstrdup(optarg)) == NULL) { -@@ -383,7 +312,6 @@ int main (int argc, char **argv) +@@ -383,7 +309,6 @@ int main (int argc, char **argv) run_sm_notify(out_port); } @@ -10796,7 +11380,7 @@ index 1c5247e..7be6454 100644 if (!(run_mode & MODE_NODAEMON)) { run_mode &= ~MODE_LOG_STDERR; /* Never log to console in daemon mode. */ -@@ -432,10 +360,6 @@ int main (int argc, char **argv) +@@ -432,10 +357,6 @@ int main (int argc, char **argv) /* Child. */ close(pipefds[0]); setsid (); @@ -10807,7 +11391,7 @@ index 1c5247e..7be6454 100644 while (pipefds[1] <= 2) { pipefds[1] = dup(pipefds[1]); -@@ -455,7 +379,13 @@ int main (int argc, char **argv) +@@ -455,7 +376,13 @@ int main (int argc, char **argv) /* Child. */ @@ -10822,7 +11406,7 @@ index 1c5247e..7be6454 100644 log_modes(); -@@ -495,25 +425,48 @@ int main (int argc, char **argv) +@@ -495,25 +422,48 @@ int main (int argc, char **argv) * pass on any SM_NOTIFY that arrives */ load_state(); @@ -10878,7 +11462,7 @@ index 1c5247e..7be6454 100644 for (;;) { /* * Handle incoming requests: SM_NOTIFY socket requests, as -@@ -541,29 +494,3 @@ int main (int argc, char **argv) +@@ -541,29 +491,3 @@ int main (int argc, char **argv) } return 0; } @@ -10977,10 +11561,10 @@ index 88ba208..e89e666 100644 -extern const char *version_p; /* program version */ - diff --git a/utils/statd/statd.man b/utils/statd/statd.man -index e8be9f3..4ddb634 100644 +index e8be9f3..ffc5e95 100644 --- a/utils/statd/statd.man +++ b/utils/statd/statd.man -@@ -1,191 +1,403 @@ +@@ -1,191 +1,400 @@ -.\" -.\" statd(8) +.\"@(#)rpc.statd.8" @@ -11348,7 +11932,8 @@ index e8be9f3..4ddb634 100644 +and then exit. +.SH SECURITY +The -+.B rpc.statd + .B rpc.statd +-version is protected by the +daemon must be started as root to acquire privileges needed +to create sockets with privileged source ports, and to access the +state information database. @@ -11369,15 +11954,11 @@ index e8be9f3..4ddb634 100644 +the state directory. +.PP +You can also protect your - .B rpc.statd --version is protected by the ++.B rpc.statd +listeners using the +.B tcp_wrapper +library or +.BR iptables (8). -+Note that the -+.B tcp_wrapper -+library supports only IPv4 networking. +To use the .B tcp_wrapper -library. You have to give the clients access to @@ -11531,7 +12112,7 @@ index e8be9f3..4ddb634 100644 Jeff Uphoff .br Olaf Kirch -@@ -195,3 +407,5 @@ H.J. Lu +@@ -195,3 +404,5 @@ H.J. Lu Lon Hohberger .br Paul Clements diff --git a/nfs-utils.spec b/nfs-utils.spec index 58ccbfb..a3e7af4 100644 --- a/nfs-utils.spec +++ b/nfs-utils.spec @@ -2,7 +2,7 @@ Summary: NFS utilities and supporting clients and daemons for the kernel NFS ser Name: nfs-utils URL: http://sourceforge.net/projects/nfs Version: 1.2.1 -Release: 11%{?dist} +Release: 12%{?dist} Epoch: 1 # group all 32bit related archs @@ -18,7 +18,7 @@ Source13: rpcgssd.init Source14: rpcsvcgssd.init Source15: nfs.sysconfig -Patch000: nfs-utils-1.2.2-rc7.patch +Patch000: nfs-utils-1.2.2-rc8.patch Patch001: nfs-utils-1.2.1-compile.patch Patch002: nfs-utils-1.2.1-statdpath.patch @@ -51,7 +51,7 @@ BuildRequires: libgssglue-devel libevent-devel libcap-devel BuildRequires: nfs-utils-lib-devel >= 1.1.0-3 libtirpc-devel libblkid-devel BuildRequires: krb5-libs >= 1.4 autoconf >= 2.57 openldap-devel >= 2.2 BuildRequires: automake, libtool, glibc-headers -BuildRequires: e2fsprogs-devel, krb5-devel, tcp_wrappers-devel +BuildRequires: krb5-devel, tcp_wrappers-devel Requires(pre): shadow-utils >= 4.0.3-25 Requires(pre): /sbin/chkconfig /sbin/nologin Requires: nfs-utils-lib >= 1.1.0-3 libgssglue libevent @@ -250,6 +250,10 @@ fi %attr(4755,root,root) /sbin/umount.nfs4 %changelog +* Sun Jan 17 2010 Steve Dickson 1.2.1-12 +- Updated to latest upstream RC release: nfs-utils-1-2-2-rc7 + which includes Ipv6 support for tcpwrapper (disabled by default). + * Sat Jan 16 2010 Steve Dickson 1.2.1-11 - Updated to latest upstream RC release: nfs-utils-1-2-2-rc7 which includes Ipv6 support for statd (disabled by default).