Update to the latest upstream release: rpcbind-0_2_1-rc4 (bz 869365)

Signed-off-by: Steve Dickson <steved@redhat.com>
2012-10-23 13:15:54 -04:00 · 2012-10-23 13:15:54 -04:00 · 61bf0fadca
commit 61bf0fadca
parent 38d29a63e7
3 changed files with 276 additions and 37 deletions
--- a/rpcbind-0.2.0-rpcuser.patch
+++ b/rpcbind-0.2.0-rpcuser.patch
@ -1,24 +0,0 @@
-commit e81d689a6a8605cfc3b90a62a357705e180f532c
-Author: Steve Dickson <steved@redhat.com>
-Date:   Sun Oct 14 12:20:04 2012 -0400
-
-    Fixed typo in Makefile.am which cause rpcbind to run as root
-    
-    Commit 8d7a0708 introduce a regression that cause rpcbind
-    to run as root instead of the user define by RPCBIND_USER
-    
-    Signed-off-by: Steve Dickson <steved@redhat.com>
-
-diff --git a/Makefile.am b/Makefile.am
-index 9fa608e..d10c906 100644
--- a/Makefile.am
-+++ b/Makefile.am
-@@ -5,7 +5,7 @@ AM_CPPFLAGS = \
- 	-DSEVERITY=LOG_INFO \
- 	-DINET6 \
- 	-DRPCBIND_STATEDIR="\"$(statedir)\"" \
-	-DRPCUSER="\"$(rpcuser)\"" \
-+	-DRPCBIND_USER="\"$(rpcuser)\"" \
- 	-D_GNU_SOURCE \
- 	$(TIRPC_CFLAGS)
- 
--- a/rpcbind-0_2_1-rc4.patch
+++ b/rpcbind-0_2_1-rc4.patch
@ -396,7 +396,7 @@ index 98e5d87..7d1c323 100644
 `configure --help' for more details.
 
 diff --git a/Makefile.am b/Makefile.am
-index cd56148..1809e3d 100644
+index cd56148..d10c906 100644
 --- a/Makefile.am
 +++ b/Makefile.am
@@ -1,2 +1,44 @@
@ -408,7 +408,7 @@ index cd56148..1809e3d 100644
 +	-DSEVERITY=LOG_INFO \
 +	-DINET6 \
 +	-DRPCBIND_STATEDIR="\"$(statedir)\"" \
-+	-DRPCUSER="\"$(rpcuser)\"" \
+	-DRPCBIND_USER="\"$(rpcuser)\"" \
 +	-D_GNU_SOURCE \
 +	$(TIRPC_CFLAGS)
 
@ -444,7 +444,7 @@ index cd56148..1809e3d 100644
 +rpcinfo_SOURCES =       src/rpcinfo.c
 +rpcinfo_LDADD   =       $(TIRPC_LIBS)
 +
-+dist_man8_MANS = man/rpcbind.8
+dist_man8_MANS = man/rpcbind.8 man/rpcinfo.8
 diff --git a/autogen.sh b/autogen.sh
 index 1613b6d..761db90 100755
 --- a/autogen.sh
@ -573,7 +573,7 @@ index 84818e9..0000000
 -man8_MANS   = rpcbind.8
 -EXTRA_DIST  = $(man8_MANS)
 diff --git a/man/rpcbind.8 b/man/rpcbind.8
-index 32806d4..c5b8fb7 100644
+index 32806d4..da32701 100644
 --- a/man/rpcbind.8
 +++ b/man/rpcbind.8
@@ -82,6 +82,8 @@ during operation, and will abort on certain errors if
@ -585,6 +585,14 @@ index 32806d4..c5b8fb7 100644
 .It Fl h
 Specify specific IP addresses to bind to for UDP requests.
 This option
+@@ -141,7 +143,6 @@ All RPC servers must be restarted if
+ .Nm
+ is restarted.
+ .Sh SEE ALSO
+-.Xr rpcbind 3 ,
+ .Xr rpcinfo 8
+ .Sh LINUX PORT
+ .Bl Aurelien Charbon <aurelien.charbon@bull.net>
 diff --git a/src/Makefile.am b/src/Makefile.am
 deleted file mode 100644
 index cc0a85b..0000000
@ -736,8 +744,167 @@ index 67a0e39..0000000
 -/* This defines the uid to run as */
 -#undef RPCBIND_USER
 -
+diff --git a/src/pmap_svc.c b/src/pmap_svc.c
+index 4736700..337e64d 100644
+--- a/src/pmap_svc.c
+++ b/src/pmap_svc.c
+@@ -80,7 +80,7 @@ pmap_service(struct svc_req *rqstp, SVCXPRT *xprt)
+ 		if (debugging)
+ 			fprintf(stderr, "PMAPPROC_NULL\n");
+ #endif
+-		check_access(xprt, rqstp->rq_proc, NULL, PMAPVERS);
+		check_access(xprt, rqstp->rq_proc, 0, PMAPVERS);
+ 		if ((!svc_sendreply(xprt, (xdrproc_t) xdr_void, NULL)) &&
+ 			debugging) {
+ 			if (doabort) {
+@@ -201,11 +201,11 @@ pmapproc_change(struct svc_req *rqstp /*__unused*/, SVCXPRT *xprt, unsigned long
+ 		  reg.pm_prog, reg.pm_vers);
+ #endif
+ 
+-	if (!check_access(xprt, op, &reg, PMAPVERS)) {
+	if (!check_access(xprt, op, reg.pm_prog, PMAPVERS)) {
+ 		svcerr_weakauth(xprt);
+ 		return (FALSE);
+ 	}
+-		
+
+ 	rpcbreg.r_prog = reg.pm_prog;
+ 	rpcbreg.r_vers = reg.pm_vers;
+ 
+@@ -276,7 +276,7 @@ pmapproc_getport(struct svc_req *rqstp /*__unused*/, SVCXPRT *xprt)
+ 		return (FALSE);
+ 	}
+ 
+-	if (!check_access(xprt, PMAPPROC_GETPORT, &reg, PMAPVERS)) {
+	if (!check_access(xprt, PMAPPROC_GETPORT, reg.pm_prog, PMAPVERS)) {
+ 		svcerr_weakauth(xprt);
+ 		return FALSE;
+ 	}
+@@ -340,7 +340,7 @@ pmapproc_dump(struct svc_req *rqstp /*__unused*/, SVCXPRT *xprt)
+ 		return (FALSE);
+ 	}
+ 
+-	if (!check_access(xprt, PMAPPROC_DUMP, NULL, PMAPVERS)) {
+	if (!check_access(xprt, PMAPPROC_DUMP, 0, PMAPVERS)) {
+ 		svcerr_weakauth(xprt);
+ 		return FALSE;
+ 	}
+diff --git a/src/rpcb_svc.c b/src/rpcb_svc.c
+index 0514ba5..e350f85 100644
+--- a/src/rpcb_svc.c
+++ b/src/rpcb_svc.c
+@@ -75,6 +75,7 @@ rpcb_service_3(struct svc_req *rqstp, SVCXPRT *transp)
+ 	char *result;
+ 	xdrproc_t xdr_argument, xdr_result;
+ 	void *(*local) __P((void *, struct svc_req *, SVCXPRT *, rpcvers_t));
+	rpcprog_t setprog = 0;
+ 
+ 	rpcbs_procinfo(RPCBVERS_3_STAT, rqstp->rq_proc);
+ 
+@@ -88,7 +89,7 @@ rpcb_service_3(struct svc_req *rqstp, SVCXPRT *transp)
+ 			fprintf(stderr, "RPCBPROC_NULL\n");
+ #endif
+ 		/* This call just logs, no actual checks */
+-		check_access(transp, rqstp->rq_proc, NULL, RPCBVERS);
+		check_access(transp, rqstp->rq_proc, 0, RPCBVERS);
+ 		(void) svc_sendreply(transp, (xdrproc_t)xdr_void, (char *)NULL);
+ 		return;
+ 
+@@ -166,7 +167,13 @@ rpcb_service_3(struct svc_req *rqstp, SVCXPRT *transp)
+ 			(void) fprintf(stderr, "rpcbind: could not decode\n");
+ 		return;
+ 	}
+-	if (!check_access(transp, rqstp->rq_proc, &argument, RPCBVERS)) {
+
+	if (rqstp->rq_proc == RPCBPROC_SET
+	 || rqstp->rq_proc == RPCBPROC_UNSET
+	 || rqstp->rq_proc == RPCBPROC_GETADDR)
+		setprog = argument.rpcbproc_set_3_arg.r_prog;
+
+	if (!check_access(transp, rqstp->rq_proc, setprog, RPCBVERS)) {
+ 		svcerr_weakauth(transp);
+ 		goto done;
+ 	}
+diff --git a/src/rpcb_svc_4.c b/src/rpcb_svc_4.c
+index 9fd5bef..313e6d1 100644
+--- a/src/rpcb_svc_4.c
+++ b/src/rpcb_svc_4.c
+@@ -78,6 +78,7 @@ rpcb_service_4(struct svc_req *rqstp, SVCXPRT *transp)
+ 	char *result;
+ 	xdrproc_t xdr_argument, xdr_result;
+ 	void *(*local) __P((void *, struct svc_req *, SVCXPRT *, rpcvers_t));
+	rpcprog_t setprog = 0;
+ 
+ 	rpcbs_procinfo(RPCBVERS_4_STAT, rqstp->rq_proc);
+ 
+@@ -90,7 +91,7 @@ rpcb_service_4(struct svc_req *rqstp, SVCXPRT *transp)
+ 		if (debugging)
+ 			fprintf(stderr, "RPCBPROC_NULL\n");
+ #endif
+-		check_access(transp, rqstp->rq_proc, NULL, RPCBVERS4);
+		check_access(transp, rqstp->rq_proc, 0, RPCBVERS4);
+ 		(void) svc_sendreply(transp, (xdrproc_t) xdr_void,
+ 					(char *)NULL);
+ 		return;
+@@ -220,7 +221,13 @@ rpcb_service_4(struct svc_req *rqstp, SVCXPRT *transp)
+ 			(void) fprintf(stderr, "rpcbind: could not decode\n");
+ 		return;
+ 	}
+-	if (!check_access(transp, rqstp->rq_proc, &argument, RPCBVERS4)) {
+
+	if (rqstp->rq_proc == RPCBPROC_SET
+	 || rqstp->rq_proc == RPCBPROC_UNSET
+	 || rqstp->rq_proc == RPCBPROC_GETADDR)
+		setprog = argument.rpcbproc_set_4_arg.r_prog;
+
+	if (!check_access(transp, rqstp->rq_proc, setprog, RPCBVERS4)) {
+ 		svcerr_weakauth(transp);
+ 		goto done;
+ 	}
+diff --git a/src/rpcb_svc_com.c b/src/rpcb_svc_com.c
+index 291421f..f6bd6bd 100644
+--- a/src/rpcb_svc_com.c
+++ b/src/rpcb_svc_com.c
+@@ -1227,6 +1227,8 @@ send_svcsyserr(SVCXPRT *xprt, struct finfo *fi)
+ 	return;
+ }
+ 
+extern SVCAUTH svc_auth_none;
+
+ static void
+ handle_reply(int fd, SVCXPRT *xprt)
+ {
+@@ -1293,7 +1295,10 @@ handle_reply(int fd, SVCXPRT *xprt)
+ 	a.rmt_localvers = fi->versnum;
+ 
+ 	xprt_set_caller(xprt, fi);
+	xprt->xp_auth = &svc_auth_none;
+ 	svc_sendreply(xprt, (xdrproc_t) xdr_rmtcall_result, (char *) &a);
+	SVCAUTH_DESTROY(xprt->xp_auth);
+	xprt->xp_auth = NULL;
+ done:
+ 	if (buffer)
+ 		free(buffer);
+@@ -1372,10 +1377,13 @@ static char *
+ getowner(SVCXPRT *transp, char *owner, size_t ownersize)
+ {
+ 	uid_t uid;
+- 
+-	if (__rpc_get_local_uid(transp, &uid) < 0)
+-		snprintf(owner, ownersize, "unknown");
+-	else if (uid == 0)
+
+	if (__rpc_get_local_uid(transp, &uid) < 0) {
+		if (is_localroot(svc_getrpccaller(transp)))
+			snprintf(owner, ownersize, "superuser");
+		else 
+			snprintf(owner, ownersize, "unknown");
+	} else if (uid == 0)
+ 		snprintf(owner, ownersize, "superuser");
+ 	else
+ 		snprintf(owner, ownersize, "%d", uid);  
 diff --git a/src/rpcbind.c b/src/rpcbind.c
-index 525ffba..24e069b 100644
+index 525ffba..9a0504d 100644
 --- a/src/rpcbind.c
 +++ b/src/rpcbind.c
@@ -68,7 +68,6 @@
@ -767,7 +934,18 @@ index 525ffba..24e069b 100644
         		err(1, "fork failed");
 	}
 
-@@ -276,6 +276,7 @@ init_transport(struct netconfig *nconf)
+@@ -236,6 +236,10 @@ main(int argc, char *argv[])
+                         syslog(LOG_ERR, "setgid to '%s' (%d) failed: %m", id, p->pw_gid);
+                         exit(1);
+                 }
+		if (setgroups(0, NULL) == -1) {
+			syslog(LOG_ERR, "dropping supplemental groups failed: %m");
+			exit(1);
+		}
+ 		if (setuid(p->pw_uid) == -1) {
+ 			syslog(LOG_ERR, "setuid to '%s' (%d) failed: %m", id, p->pw_uid);
+ 			exit(1);
+@@ -276,6 +280,7 @@ init_transport(struct netconfig *nconf)
 	int addrlen = 0;
 	int nhostsbak;
 	int checkbind;
@ -775,7 +953,7 @@ index 525ffba..24e069b 100644
 	struct sockaddr *sa = NULL;
 	u_int32_t host_addr[4];  /* IPv4 or IPv6 */
 	struct sockaddr_un sun;
-@@ -493,6 +494,14 @@ init_transport(struct netconfig *nconf)
+@@ -493,6 +498,14 @@ init_transport(struct netconfig *nconf)
 		}
 		oldmask = umask(S_IXUSR|S_IXGRP|S_IXOTH);
 		__rpc_fd2sockinfo(fd, &si);
@ -790,7 +968,7 @@ index 525ffba..24e069b 100644
 		if (bind(fd, sa, addrlen) < 0) {
 			syslog(LOG_ERR, "cannot bind %s: %m", nconf->nc_netid);
 			if (res != NULL)
-@@ -731,7 +740,7 @@ parseargs(int argc, char *argv[])
+@@ -731,7 +744,7 @@ parseargs(int argc, char *argv[])
 {
 	int c;
 	oldstyle_local = 1;
@ -799,7 +977,7 @@ index 525ffba..24e069b 100644
 		switch (c) {
 		case 'a':
 			doabort = 1;	/* when debugging, do an abort on */
-@@ -758,13 +767,16 @@ parseargs(int argc, char *argv[])
+@@ -758,13 +771,16 @@ parseargs(int argc, char *argv[])
 		case 's':
 			runasdaemon = 1;
 			break;
@ -817,6 +995,90 @@ index 525ffba..24e069b 100644
 			exit (1);
 		}
 	}
+diff --git a/src/rpcbind.h b/src/rpcbind.h
+index c800577..74f9591 100644
+--- a/src/rpcbind.h
+++ b/src/rpcbind.h
+@@ -119,7 +119,7 @@ void rpcbind_abort(void);
+ void reap(int);
+ void toggle_verboselog(int);
+ 
+-int check_access(SVCXPRT *, rpcproc_t, void *, unsigned int);
+int check_access(SVCXPRT *, rpcproc_t, rpcprog_t, unsigned int);
+ int check_callit(SVCXPRT *, struct r_rmtcall_args *, int);
+ void logit(int, struct sockaddr *, rpcproc_t, rpcprog_t, const char *);
+ int is_loopback(struct netbuf *);
+diff --git a/src/security.c b/src/security.c
+index 0edeac6..d272f74 100644
+--- a/src/security.c
+++ b/src/security.c
+@@ -62,34 +62,21 @@ int log_severity = PORTMAP_LOG_FACILITY|PORTMAP_LOG_SEVERITY;
+ extern int verboselog;
+ 
+ int 
+-check_access(SVCXPRT *xprt, rpcproc_t proc, void *args, unsigned int rpcbvers)
+check_access(SVCXPRT *xprt, rpcproc_t proc, rpcprog_t prog, unsigned int rpcbvers)
+ {
+ 	struct netbuf *caller = svc_getrpccaller(xprt);
+ 	struct sockaddr *addr = (struct sockaddr *)caller->buf;
+ #ifdef LIBWRAP
+ 	struct request_info req;
+ #endif
+-	rpcprog_t prog = 0;
+-	rpcb *rpcbp;
+-	struct pmap *pmap;
+ 
+ 	/*
+ 	 * The older PMAP_* equivalents have the same numbers, so
+ 	 * they are accounted for here as well.
+ 	 */
+ 	switch (proc) {
+-	case RPCBPROC_GETADDR:
+ 	case RPCBPROC_SET:
+ 	case RPCBPROC_UNSET:
+-		if (rpcbvers > PMAPVERS) {
+-			rpcbp = (rpcb *)args;
+-			prog = rpcbp->r_prog;
+-		} else {
+-			pmap = (struct pmap *)args;
+-			prog = pmap->pm_prog;
+-		}
+-		if (proc == RPCBPROC_GETADDR)
+-			break;
+ 		if (!insecure && !is_loopback(caller)) {
+ #ifdef RPCBIND_DEBUG
+ 			  if (debugging)
+@@ -101,6 +88,7 @@ check_access(SVCXPRT *xprt, rpcproc_t proc, void *args, unsigned int rpcbvers)
+ 			return 0;
+ 		}
+ 		break;
+	case RPCBPROC_GETADDR:
+ 	case RPCBPROC_CALLIT:
+ 	case RPCBPROC_INDIRECT:
+ 	case RPCBPROC_DUMP:
+@@ -150,8 +138,7 @@ is_loopback(struct netbuf *nbuf)
+ 				  "Checking caller's adress (port = %d)\n",
+ 				  ntohs(sin->sin_port));
+ #endif
+-	       	return ((sin->sin_addr.s_addr == htonl(INADDR_LOOPBACK)) &&
+-		    (ntohs(sin->sin_port) < IPPORT_RESERVED));
+	       	return (sin->sin_addr.s_addr == htonl(INADDR_LOOPBACK));
+ #ifdef INET6
+ 	case AF_INET6:
+ 		if (!oldstyle_local)
+@@ -163,10 +150,9 @@ is_loopback(struct netbuf *nbuf)
+ 				  "Checking caller's adress (port = %d)\n",
+ 				  ntohs(sin6->sin6_port));
+ #endif
+-		return ((IN6_IS_ADDR_LOOPBACK(&sin6->sin6_addr) ||
+		return (IN6_IS_ADDR_LOOPBACK(&sin6->sin6_addr) ||
+ 			 (IN6_IS_ADDR_V4MAPPED(&sin6->sin6_addr) &&
+-			  sin6->sin6_addr.s6_addr32[3] == htonl(INADDR_LOOPBACK))) &&
+-		        (ntohs(sin6->sin6_port) < IPV6PORT_RESERVED));
+			  sin6->sin6_addr.s6_addr32[3] == htonl(INADDR_LOOPBACK)));
+ #endif
+ 	case AF_LOCAL:
+ 		return 1;
 diff --git a/src/warmstart.c b/src/warmstart.c
 index 25e5d89..d1bb971 100644
 --- a/src/warmstart.c
--- a/rpcbind.spec
+++ b/rpcbind.spec
@ -1,6 +1,6 @@
 Name:           rpcbind
 Version:        0.2.0
-Release:        19%{?dist}
+Release:        20%{?dist}
 Summary:        Universal Addresses to RPC Program Number Mapper
 Group:          System Environment/Daemons
 License:        BSD
@ -12,8 +12,7 @@ Source1: rpcbind.service
 Source2: rpcbind.socket
 Source3: rpcbind.sysconfig

-Patch001: rpcbind-0_2_1-rc3.patch
-Patch002: rpcbind-0.2.0-rpcuser.patch
+Patch001: rpcbind-0_2_1-rc4.patch

 Requires: glibc-common setup
 Conflicts: man-pages < 2.43-12
@ -35,7 +34,6 @@ RPC calls on a server on that machine.
 %prep
 %setup -q
 %patch001 -p1
-%patch002 -p1

 %build
 %ifarch s390 s390x
@ -135,6 +133,9 @@ fi
 %dir %attr(700,rpc,rpc) /var/lib/rpcbind

 %changelog
+* Tue Oct 23 2012 Steve Dickson <steved@redhat.com> - 0.2.0-20
+- Update to the latest upstream release: rpcbind-0_2_1-rc4 (bz 869365)
+
 * Tue Oct 16 2012 Steve Dickson <steved@redhat.com> - 0.2.0-19
 - Renamed RPCBINDOPTS to RPCBIND_ARGS for backward compatibility (bz 861025)