Update to new upstream version, which fixes several bugs; Use Tokyo Cabinet as DBM and rebuild maps after updating
This commit is contained in:
parent
e966eb4663
commit
ecf988feae
|
@ -3,3 +3,4 @@ ypserv-2.23.tar.bz2
|
|||
/ypserv-2.25.tar.bz2
|
||||
/ypserv-2.26.tar.bz2
|
||||
/ypserv-2.27.tar.bz2
|
||||
/ypserv-2.28.tar.bz2
|
||||
|
|
2
sources
2
sources
|
@ -1 +1 @@
|
|||
fd9c43aec932a92be07b723c647b02a4 ypserv-2.27.tar.bz2
|
||||
ed64f489bab494218fc5c5942b95d5b6 ypserv-2.28.tar.bz2
|
||||
|
|
|
@ -1,64 +0,0 @@
|
|||
diff -up ypserv-2.19/rpc.yppasswdd/yppasswdd.c.ports ypserv-2.19/rpc.yppasswdd/yppasswdd.c
|
||||
--- ypserv-2.19/rpc.yppasswdd/yppasswdd.c.ports 2006-01-10 20:22:20.000000000 +0100
|
||||
+++ ypserv-2.19/rpc.yppasswdd/yppasswdd.c 2008-09-25 13:11:23.000000000 +0200
|
||||
@@ -333,6 +333,12 @@ main (int argc, char **argv)
|
||||
break;
|
||||
case '\253':
|
||||
my_port = atoi (optarg);
|
||||
+ if (my_port <= 0 || my_port > 0xffff) {
|
||||
+ /* Invalid port number */
|
||||
+ fprintf (stdout, "Warning: rpc.yppasswdd: Invalid port %d (0x%x)\n",
|
||||
+ my_port, my_port);
|
||||
+ my_port = -1;
|
||||
+ }
|
||||
if (debug_flag)
|
||||
log_msg ("Using port %d\n", my_port);
|
||||
break;
|
||||
diff -up ypserv-2.19/rpc.ypxfrd/ypxfrd.c.ports ypserv-2.19/rpc.ypxfrd/ypxfrd.c
|
||||
--- ypserv-2.19/rpc.ypxfrd/ypxfrd.c.ports 2006-01-10 20:22:20.000000000 +0100
|
||||
+++ ypserv-2.19/rpc.ypxfrd/ypxfrd.c 2008-09-25 13:11:23.000000000 +0200
|
||||
@@ -199,6 +199,12 @@ main (int argc, char **argv)
|
||||
break;
|
||||
case 'p':
|
||||
my_port = atoi(optarg);
|
||||
+ if (my_port <= 0 || my_port > 0xffff) {
|
||||
+ /* Invalid port number */
|
||||
+ fprintf (stdout, "Warning: rpc.ypxfrd: Invalid port %d (0x%x)\n",
|
||||
+ my_port, my_port);
|
||||
+ my_port = -1;
|
||||
+ }
|
||||
if (debug_flag)
|
||||
log_msg("Using port %d\n", my_port);
|
||||
break;
|
||||
diff -up ypserv-2.19/yppush/yppush.c.ports ypserv-2.19/yppush/yppush.c
|
||||
--- ypserv-2.19/yppush/yppush.c.ports 2005-05-31 11:14:40.000000000 +0200
|
||||
+++ ypserv-2.19/yppush/yppush.c 2008-09-25 13:11:23.000000000 +0200
|
||||
@@ -649,6 +649,12 @@ main (int argc, char **argv)
|
||||
log_msg ("yppush cannot run in parallel with a fixed port");
|
||||
return 1;
|
||||
}
|
||||
+ if (my_port <= 0 || my_port > 0xffff) {
|
||||
+ /* Invalid port number */
|
||||
+ fprintf (stdout, "Warning: yppush: Invalid port %d (0x%x)\n",
|
||||
+ my_port, my_port);
|
||||
+ my_port = -1;
|
||||
+ }
|
||||
break;
|
||||
default:
|
||||
Usage (1);
|
||||
diff -up ypserv-2.19/ypserv/ypserv.c.ports ypserv-2.19/ypserv/ypserv.c
|
||||
--- ypserv-2.19/ypserv/ypserv.c.ports 2008-09-25 13:11:23.000000000 +0200
|
||||
+++ ypserv-2.19/ypserv/ypserv.c 2008-09-25 13:11:23.000000000 +0200
|
||||
@@ -492,6 +492,12 @@ main (int argc, char **argv)
|
||||
break;
|
||||
case 'p':
|
||||
my_port = atoi (optarg);
|
||||
+ if (my_port <= 0 || my_port > 0xffff) {
|
||||
+ /* Invalid port number */
|
||||
+ fprintf (stdout, "Warning: ypserv: Invalid port %d (0x%x)\n",
|
||||
+ my_port, my_port);
|
||||
+ my_port = -1;
|
||||
+ }
|
||||
if (debug_flag)
|
||||
log_msg ("Using port %d\n", my_port);
|
||||
break;
|
|
@ -1,12 +0,0 @@
|
|||
diff -up ypserv-2.26/scripts/ypinit.in.emptydomain ypserv-2.26/scripts/ypinit.in
|
||||
--- ypserv-2.26/scripts/ypinit.in.emptydomain 2011-11-24 09:12:31.267702768 +0100
|
||||
+++ ypserv-2.26/scripts/ypinit.in 2011-11-24 09:13:09.881700121 +0100
|
||||
@@ -156,7 +156,7 @@ then
|
||||
exit 1
|
||||
fi
|
||||
|
||||
-if [ -z "$DOMAIN" ]
|
||||
+if [ "${DOMAIN}x" = "x" ] || [ "${DOMAIN}" = "(none)" ]
|
||||
then
|
||||
echo "The local host's domain name hasn't been set. Please set it."
|
||||
exit 1
|
|
@ -1,21 +0,0 @@
|
|||
diff -up ypserv-2.26/rpc.yppasswdd/update.c.errmsg ypserv-2.26/rpc.yppasswdd/update.c
|
||||
--- ypserv-2.26/rpc.yppasswdd/update.c.errmsg 2011-10-10 13:24:05.124197343 +0200
|
||||
+++ ypserv-2.26/rpc.yppasswdd/update.c 2011-10-10 13:24:38.955195031 +0200
|
||||
@@ -1006,7 +1006,7 @@ external_update_pipe (yppasswd *yppw, ch
|
||||
if (!fgets(childresponse, 1024, fp))
|
||||
{
|
||||
childresponse[0] = '\0';
|
||||
- log_msg ("fgets() call failed.");
|
||||
+ log_msg ("fgets() call failed or EOF.");
|
||||
}
|
||||
fclose(fp);
|
||||
|
||||
@@ -1016,7 +1016,7 @@ external_update_pipe (yppasswd *yppw, ch
|
||||
if (strspn(childresponse, "OK") < 2)
|
||||
{
|
||||
log_msg ("%s failed. Change request: %s", logbuf, parentmsg);
|
||||
- log_msg ("Response was %s", childresponse);
|
||||
+ log_msg ("Response was '%s'", childresponse);
|
||||
free (parentmsg);
|
||||
return res;
|
||||
}
|
|
@ -1,133 +0,0 @@
|
|||
diff -up ypserv-2.26/rpc.yppasswdd/update.c.shadow ypserv-2.26/rpc.yppasswdd/update.c
|
||||
--- ypserv-2.26/rpc.yppasswdd/update.c.shadow 2011-09-14 10:34:51.689163960 +0200
|
||||
+++ ypserv-2.26/rpc.yppasswdd/update.c 2011-09-14 10:44:16.592158574 +0200
|
||||
@@ -79,6 +79,8 @@ char *path_shadow_old = NULL;
|
||||
/* Will be set by the main function */
|
||||
char *external_update_program = NULL;
|
||||
|
||||
+static bool_t adjuct_used = FALSE;
|
||||
+
|
||||
static int external_update_env (yppasswd *yppw);
|
||||
static int external_update_pipe (yppasswd *yppw, char *logbuf);
|
||||
static int update_files (yppasswd *yppw, char *logbuf, int *shadow_changed,
|
||||
@@ -142,6 +144,76 @@ shell_ok (char *shell)
|
||||
return 0;
|
||||
}
|
||||
|
||||
+/* Read shadow file manually, to handle different colons count.
|
||||
+ When we use passwd.adjunct, shadow file contains 6 colons, but if
|
||||
+ we don't use passwd.adjunct, shadow file contains 8 colons.
|
||||
+ This function can handle both counts, but fgetspent doesn't */
|
||||
+static struct spwd *
|
||||
+fgetspent_adjunct(FILE *fp)
|
||||
+{
|
||||
+ static char line_buffer[1024];
|
||||
+ char *buffer_mark;
|
||||
+ struct spwd* result;
|
||||
+ int i, colons = 0;
|
||||
+
|
||||
+ /* Reserve two bytes for theoretic colons */
|
||||
+ while (fgets(line_buffer, sizeof(line_buffer) - 2, fp) != NULL)
|
||||
+ {
|
||||
+ /* We don't need a new line character in the end */
|
||||
+ if ((buffer_mark = strchr(line_buffer, '\n')) != NULL)
|
||||
+ buffer_mark[0] = '\0';
|
||||
+
|
||||
+ /* Skip commented or empty lines */
|
||||
+ if (line_buffer[0] == '\0' || line_buffer[0] == '#')
|
||||
+ continue;
|
||||
+
|
||||
+ /* Count number of colons in the line */
|
||||
+ for (i = 0; line_buffer[i] != '\0'; ++i)
|
||||
+ if (line_buffer[i] == ':')
|
||||
+ ++colons;
|
||||
+
|
||||
+ /* When we use passwd.adjunct, shadow file contains 6 colons,
|
||||
+ but we need 8 colons to properly parse the line, so we
|
||||
+ just add two colons to the end of the line */
|
||||
+ if (colons == 6)
|
||||
+ {
|
||||
+ strcat(line_buffer, "::");
|
||||
+ adjuct_used = TRUE;
|
||||
+ }
|
||||
+
|
||||
+ /* Try to parse the line, if not success, read the next line */
|
||||
+ if (result = sgetspent(line_buffer))
|
||||
+ return result;
|
||||
+
|
||||
+ }
|
||||
+ return NULL;
|
||||
+}
|
||||
+
|
||||
+/* Write an entry to the given stream.
|
||||
+ When we use passwd.adjunct, shadow file contains 6 colons, but if
|
||||
+ we don't use passwd.adjunct, shadow file contains 8 colons.
|
||||
+ This function can handle both counts, but putspent doesn't */
|
||||
+static int
|
||||
+putspent_adjunct (const struct spwd *p, FILE *stream)
|
||||
+{
|
||||
+ if (!adjuct_used)
|
||||
+ return putspent(p, stream);
|
||||
+
|
||||
+ int errors = 0;
|
||||
+
|
||||
+ flockfile (stream);
|
||||
+
|
||||
+ if (fprintf (stream, "%s:%s:::::", p->sp_namp, p->sp_pwdp ? p->sp_pwdp : "") < 0)
|
||||
+ ++errors;
|
||||
+
|
||||
+ if (putc_unlocked ('\n', stream) == EOF)
|
||||
+ ++errors;
|
||||
+
|
||||
+ funlockfile (stream);
|
||||
+
|
||||
+ return errors ? -1 : 0;
|
||||
+}
|
||||
+
|
||||
/* Check if the password the user supplied matches the old one */
|
||||
static int
|
||||
password_ok (char *plain, char *crypted, char *root)
|
||||
@@ -476,11 +548,12 @@ update_files (yppasswd *yppw, char *logb
|
||||
|
||||
/* Check the password. At first check for a shadow password. */
|
||||
if (oldsf != NULL &&
|
||||
- pw->pw_passwd[0] == 'x' && pw->pw_passwd[1] == '\0')
|
||||
+ ((pw->pw_passwd[0] == 'x' && pw->pw_passwd[1] == '\0') ||
|
||||
+ (pw->pw_passwd[0] == '#' && pw->pw_passwd[1] == '#')))
|
||||
{
|
||||
#ifdef HAVE_GETSPNAM /* shadow password */
|
||||
/* Search for the shadow entry of this user */
|
||||
- while ((spw = fgetspent (oldsf)) != NULL)
|
||||
+ while ((spw = fgetspent_adjunct (oldsf)) != NULL)
|
||||
{
|
||||
if (strcmp (yppw->newpw.pw_name, spw->sp_namp) == 0)
|
||||
{
|
||||
@@ -493,7 +566,7 @@ update_files (yppasswd *yppw, char *logb
|
||||
/* Password is ok, leave while loop */
|
||||
break;
|
||||
}
|
||||
- else if (putspent (spw, newsf) < 0)
|
||||
+ else if (putspent_adjunct (spw, newsf) < 0)
|
||||
{
|
||||
log_msg ("%s failed", logbuf);
|
||||
log_msg ("Error while writing new shadow file: %m");
|
||||
@@ -545,7 +618,7 @@ update_files (yppasswd *yppw, char *logb
|
||||
goto error;
|
||||
}
|
||||
}
|
||||
- if (putspent (spw, newsf) < 0)
|
||||
+ if (putspent_adjunct (spw, newsf) < 0)
|
||||
{
|
||||
log_msg ("%s failed", logbuf);
|
||||
log_msg ("Error while writing new shadow file: %m");
|
||||
@@ -554,8 +627,8 @@ update_files (yppasswd *yppw, char *logb
|
||||
}
|
||||
|
||||
/* Copy all missing entries */
|
||||
- while ((spw = fgetspent (oldsf)) != NULL)
|
||||
- if (putspent (spw, newsf) < 0)
|
||||
+ while ((spw = fgetspent_adjunct (oldsf)) != NULL)
|
||||
+ if (putspent_adjunct (spw, newsf) < 0)
|
||||
{
|
||||
log_msg ("%s failed", logbuf);
|
||||
log_msg ("Error while writing new shadow file: %m");
|
|
@ -1,52 +0,0 @@
|
|||
diff -up ypserv-2.27/rpc.yppasswdd/update.c.crypt ypserv-2.27/rpc.yppasswdd/update.c
|
||||
--- ypserv-2.27/rpc.yppasswdd/update.c.crypt 2012-04-23 13:43:11.180743268 +0200
|
||||
+++ ypserv-2.27/rpc.yppasswdd/update.c 2012-04-23 13:43:15.747726695 +0200
|
||||
@@ -216,14 +216,27 @@ putspent_adjunct (const struct spwd *p,
|
||||
|
||||
/* Check if the password the user supplied matches the old one */
|
||||
static int
|
||||
-password_ok (char *plain, char *crypted, char *root)
|
||||
+password_ok (char *plain, char *crypted, char *root, char *logbuf)
|
||||
{
|
||||
+ char *crypted_new;
|
||||
if (crypted[0] == '\0')
|
||||
return 1;
|
||||
- if (strcmp (crypt (plain, crypted), crypted) == 0)
|
||||
+ crypted_new = crypt (plain, crypted);
|
||||
+ if (crypted_new == NULL)
|
||||
+ {
|
||||
+ log_msg ("crypt() call failed.", logbuf);
|
||||
+ return 0;
|
||||
+ }
|
||||
+ if (strcmp (crypted_new, crypted) == 0)
|
||||
return 1;
|
||||
#if CHECKROOT
|
||||
- if (strcmp (crypt (plain, root), root) == 0)
|
||||
+ crypted_new = crypt (plain, root);
|
||||
+ if (crypted_new == NULL)
|
||||
+ {
|
||||
+ log_msg ("crypt() call failed.", logbuf);
|
||||
+ return 0;
|
||||
+ }
|
||||
+ if (strcmp (crypted_new, root) == 0)
|
||||
return 1;
|
||||
#endif
|
||||
|
||||
@@ -557,7 +570,7 @@ update_files (yppasswd *yppw, char *logb
|
||||
{
|
||||
if (strcmp (yppw->newpw.pw_name, spw->sp_namp) == 0)
|
||||
{
|
||||
- if (!password_ok (yppw->oldpass, spw->sp_pwdp, rootpass))
|
||||
+ if (!password_ok (yppw->oldpass, spw->sp_pwdp, rootpass, logbuf))
|
||||
{
|
||||
log_msg ("%s rejected", logbuf);
|
||||
log_msg ("Invalid password.");
|
||||
@@ -579,7 +592,7 @@ update_files (yppasswd *yppw, char *logb
|
||||
/* We don't have a shadow password file or we don't find the
|
||||
user in it. */
|
||||
if (spw == NULL &&
|
||||
- !password_ok (yppw->oldpass, pw->pw_passwd, rootpass))
|
||||
+ !password_ok (yppw->oldpass, pw->pw_passwd, rootpass, logbuf))
|
||||
{
|
||||
log_msg ("%s rejected", logbuf);
|
||||
log_msg ("Invalid password.");
|
42
ypserv.spec
42
ypserv.spec
|
@ -1,10 +1,10 @@
|
|||
%global first_qdbm_version 2.27-4
|
||||
%global first_tc_version 2.28-1
|
||||
|
||||
Summary: The NIS (Network Information Service) server
|
||||
Url: http://www.linux-nis.org/nis/ypserv/index.html
|
||||
Name: ypserv
|
||||
Version: 2.27
|
||||
Release: 5%{?dist}
|
||||
Version: 2.28
|
||||
Release: 1%{?dist}
|
||||
License: GPLv2
|
||||
Group: System Environment/Daemons
|
||||
Source0: ftp://ftp.kernel.org/pub/linux/utils/net/NIS/ypserv-%{version}.tar.bz2
|
||||
|
@ -15,7 +15,7 @@ Source4: rpc.yppasswdd.env
|
|||
Source5: yppasswdd-pre-setdomain
|
||||
|
||||
Requires: gawk, make, portmap, bash >= 2.0
|
||||
Requires: qdbm
|
||||
Requires: tokyocabinet
|
||||
Requires(post): systemd-units
|
||||
Requires(preun): systemd-units
|
||||
Requires(postun): systemd-units
|
||||
|
@ -25,20 +25,15 @@ Patch0: ypserv-2.5-redhat.patch
|
|||
Patch1: ypserv-2.21-path.patch
|
||||
Patch2: ypserv-2.5-nfsnobody2.patch
|
||||
Patch3: ypserv-2.13-ypxfr-zeroresp.patch
|
||||
Patch4: ypserv-2.19-inval-ports.patch
|
||||
Patch5: ypserv-2.13-nonedomain.patch
|
||||
Patch6: ypserv-2.19-slp-warning.patch
|
||||
Patch7: ypserv-2.24-manfix.patch
|
||||
Patch8: ypserv-2.24-aliases.patch
|
||||
Patch9: ypserv-2.25-systemd.patch
|
||||
Patch12: ypserv-2.26-shadow.patch
|
||||
Patch13: ypserv-2.26-errmsg.patch
|
||||
Patch14: ypserv-2.26-emptydomain.patch
|
||||
Patch16: ypserv-2.27-confpost.patch
|
||||
Patch17: ypserv-2.27-cloexec.patch
|
||||
Patch18: ypserv-2.27-crypt.patch
|
||||
|
||||
BuildRequires: qdbm-devel
|
||||
BuildRequires: tokyocabinet-devel
|
||||
BuildRequires: systemd-units
|
||||
BuildRequires: autoconf, automake
|
||||
|
||||
|
@ -67,18 +62,13 @@ machines.
|
|||
%patch1 -p1 -b .path
|
||||
%patch2 -p1 -b .nfsnobody
|
||||
%patch3 -p1 -b .respzero
|
||||
%patch4 -p1 -b .ports
|
||||
%patch5 -p1 -b .nonedomain
|
||||
%patch6 -p1 -b .slp-warning
|
||||
%patch7 -p1 -b .manfix
|
||||
%patch8 -p1 -b .aliases
|
||||
%patch9 -p1 -b .systemd
|
||||
%patch12 -p1 -b .shadow
|
||||
%patch13 -p1 -b .errmsg
|
||||
%patch14 -p1 -b .emptydomain
|
||||
%patch16 -p1 -b .confpost
|
||||
%patch17 -p1 -b .cloexec
|
||||
%patch18 -p1 -b .crypt
|
||||
|
||||
autoreconf
|
||||
|
||||
|
@ -93,7 +83,7 @@ export CFLAGS="$RPM_OPT_FLAGS -fpic"
|
|||
--enable-checkroot \
|
||||
--enable-fqdn \
|
||||
--libexecdir=%{_libdir}/yp \
|
||||
--with-dbmliborder=qdbm
|
||||
--with-dbmliborder=tokyocabinet
|
||||
make
|
||||
|
||||
%install
|
||||
|
@ -170,10 +160,20 @@ if [ "$1" -ge "1" ] ; then
|
|||
/bin/systemctl try-restart ypserv.service ypxfrd.service yppasswdd.service >/dev/null 2>&1 || :
|
||||
fi
|
||||
|
||||
# after switching from gdbm to qdbm we need to rebuild maps
|
||||
%triggerpostun -- ypserv < %{first_qdbm_version}
|
||||
# After switching from gdbm to Tokyo Cabinet we need to rebuild maps
|
||||
# during update, but without pushing to slave servers
|
||||
# In case domainname is not set, but it is defined in
|
||||
# /etc/sysconfig/network, we do the same work as service yppasswdd
|
||||
# do before starting.
|
||||
# The original domainname value is set back in the end.
|
||||
%triggerpostun -- ypserv < %{first_tc_version}
|
||||
olddomain=`/bin/domainname`
|
||||
. /etc/sysconfig/network
|
||||
export NISDOMAIN
|
||||
%{scripts_path}/yppasswdd-pre-setdomain || :
|
||||
touch /var/yp/Makefile
|
||||
make -C /var/yp >&2 || :
|
||||
NOPUSH=true make -eC /var/yp >&2 || :
|
||||
/bin/domainname "$olddomain"
|
||||
|
||||
%files
|
||||
%defattr(-,root,root)
|
||||
|
@ -191,6 +191,10 @@ make -C /var/yp >&2 || :
|
|||
%{_includedir}/*/*
|
||||
|
||||
%changelog
|
||||
* Fri Jun 01 2012 Honza Horak <hhorak@redhat.com> - 2.28-1
|
||||
- Update to new upstream version, which fixes several bugs
|
||||
- Use Tokyo Cabinet as DBM and rebuild maps after updating
|
||||
|
||||
* Mon May 14 2012 Honza Horak <hhorak@redhat.com> - 2.27-5
|
||||
- Checking if domainname is set moved from ypserv.service
|
||||
to yppasswdd.service
|
||||
|
|
Loading…
Reference in New Issue