rpms/rpcbind/devel rpcbind-0.1.4-localaddr.patch, NONE, 1.1 rpcbind.spec, 1.23, 1.24
Steve Dickson (steved)
fedora-extras-commits at redhat.com
Mon Dec 17 19:53:00 UTC 2007
- Previous message (by thread): rpms/libtirpc/F-8 libtirpc-0.1.7-netconfig.patch, 1.3, 1.4 libtirpc.spec, 1.20, 1.21
- Next message (by thread): rpms/ganglia/F-8 .cvsignore, 1.4, 1.5 ganglia.spec, 1.7, 1.8 sources, 1.5, 1.6
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: steved
Update of /cvs/pkgs/rpms/rpcbind/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv12407
Modified Files:
rpcbind.spec
Added Files:
rpcbind-0.1.4-localaddr.patch
Log Message:
- Changed is_loopback() and check_access() see if the calling
address is an address on a local interface, just not a loopback
address (bz 358621).
rpcbind-0.1.4-localaddr.patch:
--- NEW FILE rpcbind-0.1.4-localaddr.patch ---
commit 913c1d3396ba57052054d6da0745b29f82ece4eb
Author: Steve Dickson <steved at redhat.com>
Date: Mon Dec 17 14:28:03 2007 -0500
Changed is_loopback() and check_access() see if the calling
address is an address on a local interface, just not a loopback
address.
Signed-off-by: Steve Dickson <steved at redhat.com>
diff --git a/src/security.c b/src/security.c
index 7e6f3a9..b1a2b76 100644
--- a/src/security.c
+++ b/src/security.c
@@ -31,6 +31,7 @@
#ifdef LIBWRAP
# include <tcpd.h>
+# include <ifaddrs.h>
#ifndef LIBWRAP_ALLOW_FACILITY
# define LIBWRAP_ALLOW_FACILITY LOG_AUTH
#endif
@@ -61,6 +62,49 @@ int log_severity = PORTMAP_LOG_FACILITY|PORTMAP_LOG_SEVERITY;
extern int verboselog;
+#ifdef LIBWRAP
+static int localaddr(struct sockaddr *addr)
+{
+ static struct ifaddrs *ifp = NULL;
+ struct ifaddrs *ifa = NULL;
+ void *caller, *localip;
+ struct sockaddr_in *sin;
+ struct sockaddr_in6 *sin6;
+
+ if (ifp == NULL && getifaddrs (&ifp) < 0) {
+ perror ("getifaddrs");
+ return 0;
+ }
+
+ if (addr->sa_family == AF_INET)
+ caller = (void *)&((struct sockaddr_in *)addr)->sin_addr;
+ else
+ caller = (void *)&((struct sockaddr_in6 *)addr)->sin6_addr;
+
+ for (ifa = ifp; ifa; ifa = ifa->ifa_next) {
+ socklen_t salen;
+
+ if (ifa->ifa_addr == NULL)
+ continue;
+
+ if (ifa->ifa_addr->sa_family == AF_INET) {
+ salen = sizeof (struct sockaddr_in);
+ sin = (struct sockaddr_in *)ifa->ifa_addr;
+ localip = (void *)&sin->sin_addr;
+ } else if (ifa->ifa_addr->sa_family == AF_INET6) {
+ sin6 = (struct sockaddr_in6 *)ifa->ifa_addr;
+ localip = (void *)&sin6->sin6_addr;
+ } else
+ continue;
+
+ if (memcmp(localip, caller, salen) == 0)
+ return 1;
+ }
+
+ return 0;
+}
+#endif
+
int
check_access(SVCXPRT *xprt, rpcproc_t proc, void *args, unsigned int rpcbvers)
{
@@ -115,7 +159,7 @@ check_access(SVCXPRT *xprt, rpcproc_t proc, void *args, unsigned int rpcbvers)
}
#ifdef LIBWRAP
- if (addr->sa_family == AF_LOCAL)
+ if (addr->sa_family == AF_LOCAL || localaddr(addr))
return 1;
request_init(&req, RQ_DAEMON, "rpcbind", RQ_CLIENT_SIN, addr, 0);
sock_methods(&req);
@@ -147,13 +191,17 @@ is_loopback(struct netbuf *nbuf)
case AF_INET:
if (!oldstyle_local)
return 0;
+ if (localaddr(addr))
+ return 1;
sin = (struct sockaddr_in *)addr;
- return ((sin->sin_addr.s_addr == htonl(INADDR_LOOPBACK)) &&
+ return ((sin->sin_addr.s_addr == htonl(INADDR_LOOPBACK)) &&
(ntohs(sin->sin_port) < IPPORT_RESERVED));
#ifdef INET6
case AF_INET6:
if (!oldstyle_local)
return 0;
+ if (localaddr(addr))
+ return 1;
sin6 = (struct sockaddr_in6 *)addr;
return ((IN6_IS_ADDR_LOOPBACK(&sin6->sin6_addr) ||
(IN6_IS_ADDR_V4MAPPED(&sin6->sin6_addr) &&
Index: rpcbind.spec
===================================================================
RCS file: /cvs/pkgs/rpms/rpcbind/devel/rpcbind.spec,v
retrieving revision 1.23
retrieving revision 1.24
diff -u -r1.23 -r1.24
--- rpcbind.spec 17 Oct 2007 18:41:39 -0000 1.23
+++ rpcbind.spec 17 Dec 2007 19:52:25 -0000 1.24
@@ -2,7 +2,7 @@
Name: rpcbind
Version: 0.1.4
-Release: 11%{?dist}
+Release: 12%{?dist}
Summary: Universal Addresses to RPC Program Number Mapper
Group: System Environment/Daemons
License: GPL
@@ -31,6 +31,7 @@
Patch4: rpcbind-0.1.4-rpcuser.patch
Patch5: rpcbind-0.1.4-iff_up.patch
Patch6: rpcbind-0.1.4-libwrap.patch
+Patch7: rpcbind-0.1.4-localaddr.patch
%description
The rpcbind utility is a server that converts RPC program numbers into
@@ -48,6 +49,8 @@
%patch5 -p1
# 248284: rpcbind ignores libwrap files
%patch6 -p1
+# 358621: rpcbind-0.1.4-8.fc7 breaks NFS
+%patch7 -p1
%build
%ifarch s390 s390x
@@ -127,6 +130,11 @@
%dir %attr(700,rpc,rpc) /var/lib/rpcbind
%changelog
+* Mon Dec 17 2007 Steve Dickson <steved at redhat.com> 0.1.4-12
+- Changed is_loopback() and check_access() see if the calling
+ address is an address on a local interface, just not a loopback
+ address (bz 358621).
+
* Wed Oct 17 2007 Steve Dickson <steved at redhat.com> 0.1.4-11
- Reworked logic in initscript so the correct exit is
used when networking does not exist or is set up
- Previous message (by thread): rpms/libtirpc/F-8 libtirpc-0.1.7-netconfig.patch, 1.3, 1.4 libtirpc.spec, 1.20, 1.21
- Next message (by thread): rpms/ganglia/F-8 .cvsignore, 1.4, 1.5 ganglia.spec, 1.7, 1.8 sources, 1.5, 1.6
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list