ykohut/rpcbind
1
0
Fork 0
forked from rpms/rpcbind
Code Pull Requests Activity

Set password and service lookups to be local (bz 447092)

Browse Source
This commit is contained in:
Steve Dickson 2008-06-27 17:38:53 +00:00
parent 27d02e3e71
commit 33e86f3132
2 changed files with 55 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
rpcbind-0.1.5-nss-config.patch Normal file
View File

@ -0,0 +1,48 @@
commit 77f7556878d1fe03dc3e285c97dd822db38f618c
Author: Ulrich Drepper <drepper@redhat.com>
Date: Fri Jun 27 13:29:20 2008 -0400
Due to an installation mistake (somehow rpm messed up) I ended up with an passwd
file which didn't have a rpc entry. This meant that during startup the
getpwnam() call to determine the details for user rpc caused the normal process
for passwd lookups to be followed. For me this meant after looking at
/etc/passwd the lookup tried to use NIS. This of course deadlocked since as
part of the NIS lookup rpcbind has to be contacted.
The workaround is quite simple: use __nss_configure_lookup() to restrict
the lookup.
Signed-off-by: Ulrich Drepper <drepper@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
diff --git a/src/rpcbind.c b/src/rpcbind.c
index fb75517..550fefd 100644
--- a/src/rpcbind.c
+++ b/src/rpcbind.c
@@ -155,6 +155,13 @@ main(int argc, char *argv[])
fprintf(stderr, "Sorry. You are not superuser\n");
exit(1);
}
+
+ /*
+ * Make sure we use the local service file
+ * for service lookkups
+ */
+ __nss_configure_lookup("services", "files");
+
nc_handle = setnetconfig(); /* open netconfig file */
if (nc_handle == NULL) {
syslog(LOG_ERR, "could not read /etc/netconfig");
@@ -212,6 +219,12 @@ main(int argc, char *argv[])
struct passwd *p;
char *id = runasdaemon ? RUN_AS : rpcbinduser;
+ /*
+ * Make sure we use the local password file
+ * for these lookups.
+ */
+ __nss_configure_lookup("passwd", "files");
+
if((p = getpwnam(id)) == NULL) {
syslog(LOG_ERR, "cannot get uid of '%s': %m", id);
exit(1);

9
rpcbind.spec
View File

@ -2,7 +2,7 @@
Name: rpcbind Name: rpcbind
Version: 0.1.5 Version: 0.1.5
Release: 2%{?dist} Release: 3%{?dist}
Summary: Universal Addresses to RPC Program Number Mapper Summary: Universal Addresses to RPC Program Number Mapper
Group: System Environment/Daemons Group: System Environment/Daemons
License: GPL License: GPL
@ -27,6 +27,7 @@ Obsoletes: portmap <= 4.0-65.3
Patch1: rpcbind-0.1.4-iff_up.patch Patch1: rpcbind-0.1.4-iff_up.patch
Patch2: rpcbind-0.1.5-setgid.patch Patch2: rpcbind-0.1.5-setgid.patch
Patch3: rpcbind-0.1.5-nss-config.patch
%description %description
The rpcbind utility is a server that converts RPC program numbers into The rpcbind utility is a server that converts RPC program numbers into
@ -38,6 +39,7 @@ RPC calls on a server on that machine.
%patch1 -p1 %patch1 -p1
%patch2 -p1 %patch2 -p1
%patch3 -p1
%build %build
%ifarch s390 s390x %ifarch s390 s390x
@ -117,7 +119,10 @@ fi
%dir %attr(700,rpc,rpc) /var/lib/rpcbind %dir %attr(700,rpc,rpc) /var/lib/rpcbind
%changelog %changelog
* Mon Jun 23 2008 Steve Dickson <steved@redhat.com> 0.1.5-1 * Fri Jun 27 2008 Steve Dickson <steved@redhat.com> 0.1.5-3
- Set password and service lookups to be local (bz 447092)
* Mon Jun 23 2008 Steve Dickson <steved@redhat.com> 0.1.5-2
- rpcbind needs to downgrade to non-priviledgied group. - rpcbind needs to downgrade to non-priviledgied group.
* Mon Jun 23 2008 Steve Dickson <steved@redhat.com> 0.1.5-1 * Mon Jun 23 2008 Steve Dickson <steved@redhat.com> 0.1.5-1