From 441536af1cb88c79ac1a59cc2790309960d7a2b5 Mon Sep 17 00:00:00 2001 From: Steve Dickson Date: Fri, 1 Dec 2006 21:10:33 +0000 Subject: [PATCH] > - Fixed leaking ports (bz 217874) > - Log all server bindings (bz 217782) > - Added better quoting to init script (bz 216739) --- ypbind-mt-1.19-log-binds.patch | 173 +++++++++++++++++++++++++++++++++ ypbind-mt-1.19-port-leak.patch | 53 ++++++++++ ypbind.init | 2 +- ypbind.spec | 20 +++- 4 files changed, 243 insertions(+), 5 deletions(-) create mode 100644 ypbind-mt-1.19-log-binds.patch create mode 100644 ypbind-mt-1.19-port-leak.patch diff --git a/ypbind-mt-1.19-log-binds.patch b/ypbind-mt-1.19-log-binds.patch new file mode 100644 index 0000000..f23703b --- /dev/null +++ b/ypbind-mt-1.19-log-binds.patch @@ -0,0 +1,173 @@ +--- ypbind-mt-1.19/src/serv_list.c.orig 2006-12-01 13:47:28.000000000 -0500 ++++ ypbind-mt-1.19/src/serv_list.c 2006-12-01 14:00:09.000000000 -0500 +@@ -50,6 +50,8 @@ + #include "local.h" + #include "pthread_np.h" + ++extern int verbose_flag; ++ + #if (defined(__sun__) || defined(sun)) && defined(__svr4__) + typedef uint32_t u_int32_t; + #endif +@@ -80,6 +82,22 @@ struct binding + struct bound_server ypset; + CLIENT *client_handle; + }; ++static inline char * ++bound_host(struct binding *bptr) ++{ ++ struct bound_server *sptr; ++ ++ if (bptr->active >= 0) ++ sptr = &bptr->server[bptr->active]; ++ else if (bptr->active == -2) ++ sptr = &bptr->ypset; ++ else ++ return "Unknown Host"; ++ ++ if (sptr->host != NULL) ++ return(sptr->host); ++ return (inet_ntoa(sptr->addr)); ++} + + static struct binding *domainlist = NULL; + static int max_domains = 0; +@@ -224,6 +242,12 @@ change_binding (const char *domain, ypbi + pthread_rdwr_rlock_np (&domainlock); + update_bindingfile (&domainlist[i]); + pthread_rdwr_runlock_np (&domainlock); ++ if (verbose_flag) ++ { ++ log_msg (LOG_NOTICE, "NIS server set to '%s'" ++ " for domain '%s'", ++ bound_host(&domainlist[i]), domainlist[i].domain); ++ } + + return; + } +@@ -792,6 +816,10 @@ ping_all (struct binding *list) + list->server[i].port = s_in.sin_port; + if (s_in.sin_port == 0) + { ++ if (verbose_flag && list->active == i) ++ log_msg (LOG_NOTICE, "NIS server '%s' not repsonding " ++ "for domain '%s'", list->server[i].host, list->domain); ++ + if (debug_flag) + log_msg (LOG_DEBUG, _("host '%s' doesn't answer."), + list->server[i].host); +@@ -996,13 +1024,21 @@ ping_all (struct binding *list) + void + do_binding (void) + { +- int i; ++ int i, active; + + pthread_mutex_lock (&search_lock); + for (i = 0; i < max_domains; ++i) + { ++ if (verbose_flag) ++ active = domainlist[i].active; + if (!ping_all (&domainlist[i]) && domainlist[i].use_broadcast) + do_broadcast (&domainlist[i]); ++ if (verbose_flag && ++ domainlist[i].active >= 0 && active != domainlist[i].active) ++ { ++ log_msg (LOG_NOTICE, "NIS server is '%s' for domain '%s'", ++ bound_host(&domainlist[i]), domainlist[i].domain); ++ } + } + pthread_mutex_unlock (&search_lock); + } +@@ -1031,7 +1067,8 @@ test_bindings (void *param __attribute__ + pthread_exit (&success); + + lastcheck += ping_interval; +- if (lastcheck >= 900) /* 900 = 15min. */ ++ //if (lastcheck >= 900) /* 900 = 15min. */ ++ if (lastcheck >= 60) /* 900 = 15min. */ + lastcheck = 0; + + lastcheck = test_bindings_once (lastcheck, NULL); +@@ -1081,6 +1118,7 @@ retry: + domainlist[i].active = -1; + } + ++ active = domainlist[i].active; + if (domainlist[i].active != -1) + { + /* The binding is in use, check if it is still valid and +@@ -1097,6 +1135,10 @@ retry: + YPPROC_DOMAIN, (xdrproc_t) ypbind_xdr_domainname, + (caddr_t) &domain, (xdrproc_t) xdr_bool, + (caddr_t) &out, time_out); ++ if (verbose_flag && status != RPC_SUCCESS) ++ log_msg (LOG_NOTICE, "NIS server '%s' not responding" ++ " for domain '%s'", bound_host(&domainlist[i]), ++ domainlist[i].domain); + } + + /* time to search a new fastest server, but only if the current +@@ -1186,6 +1228,12 @@ retry: + pthread_mutex_unlock (&search_lock); + pthread_rdwr_wlock_np (&domainlock); + } ++ if (verbose_flag && ++ domainlist[i].active >= 0 && active != domainlist[i].active) ++ { ++ log_msg (LOG_NOTICE, "NIS server is '%s' for domain '%s'", ++ bound_host(&domainlist[i]), domainlist[i].domain); ++ } + } /* end for () all domains */ + + pthread_rdwr_wunlock_np (&domainlock); +--- ypbind-mt-1.19/src/ypbind-mt.c.orig 2006-12-01 13:47:28.000000000 -0500 ++++ ypbind-mt-1.19/src/ypbind-mt.c 2006-12-01 13:55:04.000000000 -0500 +@@ -463,12 +463,13 @@ sig_handler (void *v_param __attribute_ + } + } + } ++int verbose_flag; + + static void + usage (void) + { + fputs (_("Usage:\n"), stderr); +- fputs (_("\typbind [-broadcast | -ypset | -ypsetme] [-p port] [-f configfile]\n\t [-no-ping] [-broken-server] [-local-only] [-i ping-interval] [-debug]\n"), stderr); ++ fputs (_("\typbind [-broadcast | -ypset | -ypsetme] [-p port] [-f configfile]\n\t [-no-ping] [-broken-server] [-local-only] [-i ping-interval] [-debug] [-verbose]\n"), stderr); + fputs (_("\typbind -c [-f configfile]\n"), stderr); + fputs (_("\typbind --version\n"), stderr); + exit (1); +@@ -505,6 +506,9 @@ main (int argc, char **argv) + else if (strcmp ("-d", argv[i]) == 0 || + strcmp ("-debug", argv[i]) == 0) + debug_flag = 1; ++ else if (strcmp ("-v", argv[i]) == 0 || ++ strcmp ("-verbose", argv[i]) == 0) ++ verbose_flag = 1; + else if (strcmp ("-broken-server", argv[i]) == 0 || + strcmp ("-broken_server", argv[i]) == 0) + broken_server = 1; +--- ypbind-mt-1.19/man/ypbind.8.in.orig 2006-12-01 13:47:44.000000000 -0500 ++++ ypbind-mt-1.19/man/ypbind.8.in 2006-12-01 13:55:04.000000000 -0500 +@@ -31,6 +31,8 @@ ypbind + ] [ + .BR \-d | \-debug + ] [ ++.BR \-v | \-verbose ++] [ + .B \-broadcast + ] [ + .B \-broken-server +@@ -208,6 +210,11 @@ in debug mode. + will not put itself into background, and error messages and debug + output are written to standard error. + .TP ++.B "\-verbose" ++Causes ++.B ypbind ++to syslog(2) any and all changes in the server its bound to. ++.TP + .B "\-broken-server" + lets + .B ypbind diff --git a/ypbind-mt-1.19-port-leak.patch b/ypbind-mt-1.19-port-leak.patch new file mode 100644 index 0000000..594f78c --- /dev/null +++ b/ypbind-mt-1.19-port-leak.patch @@ -0,0 +1,53 @@ +--- ypbind-mt-1.19/src/serv_list.c.orig 2005-07-02 05:24:15.000000000 -0400 ++++ ypbind-mt-1.19/src/serv_list.c 2006-11-30 11:41:06.000000000 -0500 +@@ -1043,6 +1043,7 @@ int + test_bindings_once (int lastcheck, const char *req_domain) + { + int i; ++ int active; + + /* Since we need the write lock later, getting the read lock here is + not enough. During the time, where we wait for the write lock, the +@@ -1070,7 +1071,8 @@ test_bindings_once (int lastcheck, const + req_domain, domain); + continue; + } +- ++retry: ++ active = domainlist[i].active; + /* We should never run into this. For debugging. */ + if (domainlist[i].client_handle == NULL && domainlist[i].active != -1) + { +@@ -1153,9 +1155,14 @@ test_bindings_once (int lastcheck, const + the write lock again. */ + pthread_rdwr_wunlock_np (&domainlock); + pthread_mutex_lock (&search_lock); +- if (!ping_all (&domainlist[i]) && +- domainlist[i].use_broadcast) +- do_broadcast (&domainlist[i]); ++ /* Make sure the active has not changed while we ++ were sleeping. If it has, just punt on this for now */ ++ if (domainlist[i].active == -1) ++ { ++ if (!ping_all (&domainlist[i]) && ++ domainlist[i].use_broadcast) ++ do_broadcast (&domainlist[i]); ++ } + pthread_mutex_unlock (&search_lock); + pthread_rdwr_wlock_np (&domainlock); + } +@@ -1166,6 +1173,14 @@ test_bindings_once (int lastcheck, const + server */ + pthread_rdwr_wunlock_np (&domainlock); + pthread_mutex_lock (&search_lock); ++ /* see if the active state has change while we were ++ sleeping. If so start again */ ++ if (active != domainlist[i].active) ++ { ++ pthread_mutex_unlock (&search_lock); ++ pthread_rdwr_wlock_np (&domainlock); ++ goto retry; ++ } + if (!ping_all (&domainlist[i]) && domainlist[i].use_broadcast) + do_broadcast (&domainlist[i]); + pthread_mutex_unlock (&search_lock); diff --git a/ypbind.init b/ypbind.init index ecfb6f8..53508ef 100755 --- a/ypbind.init +++ b/ypbind.init @@ -25,7 +25,7 @@ OTHER_YPBIND_OPTS="" [ -z "$NISTIMEOUT" ] && NISTIMEOUT=20 # Check that networking is configured. -[ ${NETWORKING} = "no" ] && exit 0 +[ "${NETWORKING}" = "no" ] && exit 0 selinux_on() { [ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled || return diff --git a/ypbind.spec b/ypbind.spec index 3f86046..5936302 100644 --- a/ypbind.spec +++ b/ypbind.spec @@ -1,7 +1,7 @@ Summary: The NIS daemon which binds NIS clients to an NIS domain. Name: ypbind Version: 1.19 -Release: 6 +Release: 8%{?dist} License: GPL Group: System Environment/Daemons Source0: ftp://ftp.us.kernel.org/pub/linux/utils/net/NIS/ypbind-mt-%{PACKAGE_VERSION}.tar.bz2 @@ -10,6 +10,9 @@ Source1: ypbind.init Patch1: ypbind-1.11-broadcast.patch Patch2: ypbind-1.11-gettextdomain.patch Patch3: ypbind-1.19-debuginfo.patch +Patch4: ypbind-mt-1.19-port-leak.patch +Patch5: ypbind-mt-1.19-log-binds.patch + Prereq: /sbin/chkconfig Requires: portmap, yp-tools, bash >= 2.0 Epoch: 3 @@ -36,9 +39,11 @@ also need to install the ypserv package to a machine on your network. %prep %setup -q -n ypbind-mt-%{version} -%patch1 -p1 -b .broadcast -%patch2 -p1 -b .fixit -%patch3 -p1 -b .debuginfo +%patch1 -p1 +%patch2 -p1 +%patch3 -p1 +%patch4 -p1 +%patch5 -p1 %build autoreconf @@ -85,6 +90,13 @@ exit 0 %doc README NEWS %changelog +* Fri Dec 1 2006 Steve Dickson - 3:1.19-8 +- Fixed leaking ports (bz 217874) +- Log all server bindings (bz 217782) + +* Wed Nov 29 2006 Steve Dickson 3:1.19-7 +- Added better quoting to init script (bz 216739) + * Mon Nov 27 2006 Dan Walsh - 3:1.19-6 - Correct ordering of turning off SELinux boolean