From 33e86f31326af753208a94acf4a931611e7c345c Mon Sep 17 00:00:00 2001 From: Steve Dickson Date: Jun 27 2008 17:38:53 +0000 Subject: Set password and service lookups to be local (bz 447092) --- diff --git a/rpcbind-0.1.5-nss-config.patch b/rpcbind-0.1.5-nss-config.patch new file mode 100644 index 0000000..70ef021 --- /dev/null +++ b/rpcbind-0.1.5-nss-config.patch @@ -0,0 +1,48 @@ +commit 77f7556878d1fe03dc3e285c97dd822db38f618c +Author: Ulrich Drepper +Date: Fri Jun 27 13:29:20 2008 -0400 + + Due to an installation mistake (somehow rpm messed up) I ended up with an passwd + file which didn't have a rpc entry. This meant that during startup the + getpwnam() call to determine the details for user rpc caused the normal process + for passwd lookups to be followed. For me this meant after looking at + /etc/passwd the lookup tried to use NIS. This of course deadlocked since as + part of the NIS lookup rpcbind has to be contacted. + + The workaround is quite simple: use __nss_configure_lookup() to restrict + the lookup. + + Signed-off-by: Ulrich Drepper + Signed-off-by: Steve Dickson + +diff --git a/src/rpcbind.c b/src/rpcbind.c +index fb75517..550fefd 100644 +--- a/src/rpcbind.c ++++ b/src/rpcbind.c +@@ -155,6 +155,13 @@ main(int argc, char *argv[]) + fprintf(stderr, "Sorry. You are not superuser\n"); + exit(1); + } ++ ++ /* ++ * Make sure we use the local service file ++ * for service lookkups ++ */ ++ __nss_configure_lookup("services", "files"); ++ + nc_handle = setnetconfig(); /* open netconfig file */ + if (nc_handle == NULL) { + syslog(LOG_ERR, "could not read /etc/netconfig"); +@@ -212,6 +219,12 @@ main(int argc, char *argv[]) + struct passwd *p; + char *id = runasdaemon ? RUN_AS : rpcbinduser; + ++ /* ++ * Make sure we use the local password file ++ * for these lookups. ++ */ ++ __nss_configure_lookup("passwd", "files"); ++ + if((p = getpwnam(id)) == NULL) { + syslog(LOG_ERR, "cannot get uid of '%s': %m", id); + exit(1); diff --git a/rpcbind.spec b/rpcbind.spec index 81dd984..65dd994 100644 --- a/rpcbind.spec +++ b/rpcbind.spec @@ -2,7 +2,7 @@ Name: rpcbind Version: 0.1.5 -Release: 2%{?dist} +Release: 3%{?dist} Summary: Universal Addresses to RPC Program Number Mapper Group: System Environment/Daemons License: GPL @@ -27,6 +27,7 @@ Obsoletes: portmap <= 4.0-65.3 Patch1: rpcbind-0.1.4-iff_up.patch Patch2: rpcbind-0.1.5-setgid.patch +Patch3: rpcbind-0.1.5-nss-config.patch %description The rpcbind utility is a server that converts RPC program numbers into @@ -38,6 +39,7 @@ RPC calls on a server on that machine. %patch1 -p1 %patch2 -p1 +%patch3 -p1 %build %ifarch s390 s390x @@ -117,7 +119,10 @@ fi %dir %attr(700,rpc,rpc) /var/lib/rpcbind %changelog -* Mon Jun 23 2008 Steve Dickson 0.1.5-1 +* Fri Jun 27 2008 Steve Dickson 0.1.5-3 +- Set password and service lookups to be local (bz 447092) + +* Mon Jun 23 2008 Steve Dickson 0.1.5-2 - rpcbind needs to downgrade to non-priviledgied group. * Mon Jun 23 2008 Steve Dickson 0.1.5-1