commit 6302ec380acf17b51f108ed827d5f7aa12209034 Author: overweight <5324761+overweight@user.noreply.gitee.com> Date: Mon Sep 30 11:20:38 2019 -0400 Package init diff --git a/rpc.yppasswdd.env b/rpc.yppasswdd.env new file mode 100644 index 0000000..0dabb6c --- /dev/null +++ b/rpc.yppasswdd.env @@ -0,0 +1,30 @@ +#!/bin/bash +# +# Author: Honza Horak +# Date: 2011/11/25 +# Package: ypserv +# +# This script is part of ypserv package. +# We need to pass all environment variables set in /etc/sysconfig/yppasswdd +# to rpc.yppasswdd daemon, but only if they are not empty. However, this +# simple logic is not supported by systemd. +# This script wraps the main binary, prepares YPPASSWDD_ARGS variable +# to include all necessary variables (ETCDIR, PASSWDFILE and SHADOWFILE) +# and passes this variable to daemon. +# The script ensures, that the rpc.yppasswdd arguments are not used in case +# the appropriate environment variables are empty. + +if [ "$ETCDIR" ]; then + YPPASSWDD_ARGS="$YPPASSWDD_ARGS -D $ETCDIR" +fi + +if [ "$PASSWDFILE" ]; then + YPPASSWDD_ARGS="$YPPASSWDD_ARGS -p $PASSWDFILE" +fi + +if [ "$SHADOWFILE" ]; then + YPPASSWDD_ARGS="$YPPASSWDD_ARGS -s $SHADOWFILE" +fi + +exec /usr/sbin/rpc.yppasswdd -f $YPPASSWDD_ARGS + diff --git a/yppasswdd b/yppasswdd new file mode 100644 index 0000000..f08be61 --- /dev/null +++ b/yppasswdd @@ -0,0 +1,13 @@ +# The specified directory path of the passwd and shadow files. +#ETCDIR=/etc + +# The passwd file used by rpc.yppasswdd +# You can't mix usage of this with ETCDIR +#PASSWDFILE=/etc/passwd + +# The shadow file used by rpc.yppasswdd +# You can't mix usage of this with ETCDIR +#SHADOWFILE=/etc/shadow + +# Additional arguments passed to yppasswd +YPPASSWDD_ARGS= diff --git a/yppasswdd-pre-setdomain b/yppasswdd-pre-setdomain new file mode 100644 index 0000000..b72ba15 --- /dev/null +++ b/yppasswdd-pre-setdomain @@ -0,0 +1,21 @@ +#!/bin/sh +# +# yppasswdd-pre-setdomain +# +# description: This is part of former ypserv init script, which is used +# to setup proper domainname before starting yppasswdd daemon +# itself. If $NISDOMAIN is not defined, it fails. +# + +DOMAINNAME=`domainname` +if [ "$DOMAINNAME" = "(none)" -o "$DOMAINNAME" = "" ]; then + echo -n $"Setting NIS domain: " + if [ -n "$NISDOMAIN" ]; then + domainname $NISDOMAIN + echo $"'$NISDOMAIN' (environment variable)" + else # no domainname found + logger -t yppasswdd $"domain not found" + exit 1 + fi +fi + diff --git a/yppasswdd.service b/yppasswdd.service new file mode 100644 index 0000000..e83c5d0 --- /dev/null +++ b/yppasswdd.service @@ -0,0 +1,16 @@ +[Unit] +Description=NIS/YP (Network Information Service) Users Passwords Change Server +Requires=rpcbind.service +After=syslog.target network.target rpcbind.service + +[Service] +Type=notify +NotifyAccess=all +EnvironmentFile=-/etc/sysconfig/network +EnvironmentFile=-/etc/sysconfig/yppasswdd +ExecStartPre=/usr/libexec/yppasswdd-pre-setdomain +ExecStart=/usr/libexec/rpc.yppasswdd.env +PrivateTmp=true + +[Install] +WantedBy=multi-user.target diff --git a/ypserv-2.13-nonedomain.patch b/ypserv-2.13-nonedomain.patch new file mode 100644 index 0000000..b822169 --- /dev/null +++ b/ypserv-2.13-nonedomain.patch @@ -0,0 +1,22 @@ +diff -up ./scripts/ypMakefile.in.nonedomain ./scripts/ypMakefile.in +--- ./scripts/ypMakefile.in.nonedomain 2013-05-06 18:30:46.772434725 +0200 ++++ ./scripts/ypMakefile.in 2013-05-06 18:31:59.429495323 +0200 +@@ -106,10 +106,18 @@ NETMASKS = $(YPSRCDIR)/netmasks + YPSERVERS = $(YPDIR)/ypservers # List of all NIS slave servers + + target: Makefile ++ifeq ($(shell /bin/domainname), (none)) ++ @echo "Domain name cannot be (none)" ++else ++ifeq ($(shell /bin/domainname), ) ++ @echo "Domain name must be set" ++else + @test ! -d $(LOCALDOMAIN) && mkdir $(LOCALDOMAIN) ; \ + cd $(LOCALDOMAIN) ; \ + $(NOPUSH) || $(MAKE) -f ../Makefile ypservers; \ + $(MAKE) -f ../Makefile all ++endif ++endif + + # If you don't want some of these maps built, feel free to comment + # them out from this list. diff --git a/ypserv-2.13-ypxfr-zeroresp.patch b/ypserv-2.13-ypxfr-zeroresp.patch new file mode 100644 index 0000000..0b06549 --- /dev/null +++ b/ypserv-2.13-ypxfr-zeroresp.patch @@ -0,0 +1,11 @@ +diff -up ./ypxfr/ypxfr.c.ypxfr-zeroresp ./ypxfr/ypxfr.c +--- ./ypxfr/ypxfr.c.ypxfr-zeroresp 2013-04-10 16:43:21.000000000 +0200 ++++ ./ypxfr/ypxfr.c 2013-05-06 18:31:36.875476520 +0200 +@@ -415,6 +415,7 @@ ypxfr (char *map, char *source_host, cha + time_t masterOrderNum; + int result; + ++ memset(&resp_val, '\0', sizeof(resp_val)); + /* Name of the map file */ + if (strlen (path_ypdb) + strlen (target_domain) + strlen (map) + 3 < MAXPATHLEN) + sprintf (dbName_orig, "%s/%s/%s", path_ypdb, target_domain, map); diff --git a/ypserv-2.19-slp-warning.patch b/ypserv-2.19-slp-warning.patch new file mode 100644 index 0000000..8f1fd04 --- /dev/null +++ b/ypserv-2.19-slp-warning.patch @@ -0,0 +1,15 @@ +diff -up ./etc/ypserv.conf.slp-warning ./etc/ypserv.conf +--- ./etc/ypserv.conf.slp-warning 2006-10-12 13:03:32.000000000 +0200 ++++ ./etc/ypserv.conf 2013-05-06 18:32:16.581509617 +0200 +@@ -13,9 +13,9 @@ + + # Should we register ypserv with SLP? Only available if SLP support + # is compiled in. Deprecated functionality. +-slp: no ++# slp: no + # After how many seconds we should re-register ypserv with SLP? +-slp_timeout: 3600 ++# slp_timeout: 3600 + + # xfr requests are only allowed from ports < 1024 + xfr_check_port: yes diff --git a/ypserv-2.24-aliases.patch b/ypserv-2.24-aliases.patch new file mode 100644 index 0000000..57ee0e1 --- /dev/null +++ b/ypserv-2.24-aliases.patch @@ -0,0 +1,34 @@ +diff -up ypserv-2.32/acinclude.m4.aliases ypserv-2.32/acinclude.m4 +--- ypserv-2.32/acinclude.m4.aliases 2005-04-07 14:38:44.000000000 +0200 ++++ ypserv-2.32/acinclude.m4 2013-11-18 09:57:05.082162773 +0100 +@@ -92,3 +92,18 @@ AC_DEFUN([TYPE_SOCKLEN_T], + fi + AC_MSG_RESULT($ac_cv___attribute__) + ]) ++ ++ ++dnl ++dnl Find where aliases file is located ++dnl It can be in /etc/aliases or /etc/mail/aliases ++dnl If file path is specified in argument and file path exists, it is used. ++dnl ++AC_DEFUN([FIND_ALIASES_PATH], [ ++AC_MSG_CHECKING(for aliases file path) ++tmp_aliases="$1" ++test -f /etc/mail/aliases && tmp_aliases="/etc/mail/aliases" ++test -f /etc/aliases && tmp_aliases="/etc/aliases" ++AC_MSG_RESULT($tmp_aliases) ++AC_SUBST(ALIASES, $tmp_aliases) ++]) +diff -up ypserv-2.32/configure.ac.aliases ypserv-2.32/configure.ac +--- ypserv-2.32/configure.ac.aliases 2013-11-18 09:51:17.094758957 +0100 ++++ ypserv-2.32/configure.ac 2013-11-18 09:52:07.859844276 +0100 +@@ -151,7 +151,7 @@ fi + AC_SUBST(MAKE) + + dnl Check for aliases path +-AC_PATH_PROG(ALIASES, aliases, /etc/mail/aliases, /etc/mail:/etc) ++FIND_ALIASES_PATH(/etc/aliases) + + dnl Should we use a gethostbyname after gethostname to use FQDN ? default yes + AC_ARG_ENABLE(fqdn, AS_HELP_STRING([--disable-fqdn], diff --git a/ypserv-2.27-confpost.patch b/ypserv-2.27-confpost.patch new file mode 100644 index 0000000..c5873cf --- /dev/null +++ b/ypserv-2.27-confpost.patch @@ -0,0 +1,17 @@ +diff -up ./conf_post.h.confpost ./conf_post.h +--- ./conf_post.h.confpost 2012-04-17 15:47:28.000000000 +0200 ++++ ./conf_post.h 2013-05-06 18:34:54.274640856 +0200 +@@ -8,3 +8,13 @@ + #define HAVE_COMPAT_LIBGDBM + #endif + ++/* Define common preprocessor symbol for HAVE_LIBGDBM and HAVE_LIBQDBM, since ++ * libraries gdbm and qdbm have same symbol names. */ ++#undef HAVE_COMPAT_LIBGDBM ++#ifdef HAVE_LIBGDBM ++#define HAVE_COMPAT_LIBGDBM ++#endif ++#ifdef HAVE_LIBQDBM ++#define HAVE_COMPAT_LIBGDBM ++#endif ++ diff --git a/ypserv-2.31-netgrprecur.patch b/ypserv-2.31-netgrprecur.patch new file mode 100644 index 0000000..1cdd9c3 --- /dev/null +++ b/ypserv-2.31-netgrprecur.patch @@ -0,0 +1,68 @@ +Upstream didn't accepted this patch and only replied that user should fix +the configuration. Since we believe that even if configuration is wrong, +program (especially daemon) shouldn't crash with segfault, we rather fix +this on our own to print a nice error when level of recursion exceeds 128. + +diff -up ypserv-2.31/revnetgroup/getnetgrent.c.recursive ypserv-2.31/revnetgroup/getnetgrent.c +--- ypserv-2.31/revnetgroup/getnetgrent.c.recursive 2013-05-17 12:37:08.143675080 +0200 ++++ ypserv-2.31/revnetgroup/getnetgrent.c 2013-05-17 14:20:49.376566354 +0200 +@@ -31,6 +31,8 @@ + + #include "hash.h" + ++#define NETGROUPENTRY_RECURSION_LIMIT 128 ++ + extern hash_t *input; + + void rev_setnetgrent (const char *); +@@ -53,7 +55,7 @@ struct netgrlist + }; + + +-static void rev_expand_netgroupentry (const char *, struct netgrlist *); ++static void rev_expand_netgroupentry (const char *, struct netgrlist *, int level); + static void rev_parse_entry (char *, char *, struct netgrlist *); + static void rev_netgr_free (struct netgrlist *); + static struct netgrlist list = {0, 0, NULL}; +@@ -83,7 +85,7 @@ rev_setnetgrent (const char *netgr) + { + rev_endnetgrent (); + netgroup = strdup (netgr); +- rev_expand_netgroupentry (netgr, &list); ++ rev_expand_netgroupentry (netgr, &list, 0); + } + first = 1; + } +@@ -141,7 +143,7 @@ rev_netgr_free (struct netgrlist *list) + } + + static void +-rev_expand_netgroupentry (const char *netgr, struct netgrlist *list) ++rev_expand_netgroupentry (const char *netgr, struct netgrlist *list, int level) + { + char *outval = NULL; + char *outptr = NULL; +@@ -156,6 +158,14 @@ rev_expand_netgroupentry (const char *ne + if (outptr == NULL) + return; + ++ /* check the recursion - return if we exceed the recursion limit */ ++ if (level >= NETGROUPENTRY_RECURSION_LIMIT) ++ { ++ fprintf (stderr, "WARNING: level of recursion in netgroup %s reached" ++ "%d, entry ignored\n", netgr, NETGROUPENTRY_RECURSION_LIMIT); ++ return; ++ } ++ + /* make a copy to work with */ + outval = strdup (outptr); + if (outval == NULL) +@@ -198,7 +208,7 @@ rev_expand_netgroupentry (const char *ne + *end = '\0'; + + /* recursion */ +- rev_expand_netgroupentry (start, list); ++ rev_expand_netgroupentry (start, list, level+1); + } + + /* skip to the next entry */ diff --git a/ypserv-2.5-nfsnobody2.patch b/ypserv-2.5-nfsnobody2.patch new file mode 100644 index 0000000..51605b0 --- /dev/null +++ b/ypserv-2.5-nfsnobody2.patch @@ -0,0 +1,96 @@ +diff -up ypserv-2.32/scripts/ypMakefile.in.nfsnobody ypserv-2.32/scripts/ypMakefile.in +--- ypserv-2.32/scripts/ypMakefile.in.nfsnobody 2013-11-18 09:19:58.092797179 +0100 ++++ ypserv-2.32/scripts/ypMakefile.in 2013-11-18 09:20:39.885790669 +0100 +@@ -40,6 +40,11 @@ YPPUSH_ARGS = + MINUID=$(shell TMP=`egrep '^UID_MIN\s+[0-9]+' /etc/login.defs|sed -e 's/^UID_MIN//'` ; [ -n "$$TMP" ] && echo "$$TMP" || echo 1000) + MINGID=$(shell TMP=`egrep '^GID_MIN\s+[0-9]+' /etc/login.defs|sed -e 's/^GID_MIN//'` ; [ -n "$$TMP" ] && echo "$$TMP" || echo 1000) + ++# Don't export this uid/guid (nfsnobody). ++# Set to 0 if you want to ++NFSNOBODYUID=65534 ++NFSNOBODYGID=65534 ++ + # Should we merge the passwd file with the shadow file ? + # MERGE_PASSWD=true|false + MERGE_PASSWD=true +@@ -294,7 +299,7 @@ passwd.byname: $(PASSWD) $(SHADOW) $(YPD + @echo "Updating $@..." + @$(UMASK); \ + $(MERGER) -p $(PASSWD) $(SHADOW) | \ +- $(AWK) -F: '!/^[-+#]/ { if ($$1 != "" && $$3 >= $(MINUID) ) \ ++ $(AWK) -F: '!/^[-+#]/ { if ($$1 != "" && $$3 >= $(MINUID) && $$3 != $(NFSNOBODYUID) ) \ + print $$1"\t"$$0 }' | $(DBLOAD) -i $(PASSWD) \ + -o $(YPMAPDIR)/$@ - $@ + -@$(NOPUSH) || $(YPPUSH) -d $(DOMAIN) $@ +@@ -303,7 +308,7 @@ passwd.byuid: $(PASSWD) $(SHADOW) $(YPDI + @echo "Updating $@..." + @$(UMASK); \ + $(MERGER) -p $(PASSWD) $(SHADOW) | \ +- $(AWK) -F: '!/^[-+#]/ { if ($$1 != "" && $$3 >= $(MINUID) ) \ ++ $(AWK) -F: '!/^[-+#]/ { if ($$1 != "" && $$3 >= $(MINUID) && $$3 != $(NFSNOBODYUID) ) \ + print $$3"\t"$$0 }' | $(DBLOAD) -i $(PASSWD) \ + -o $(YPMAPDIR)/$@ - $@ + -@$(NOPUSH) || $(YPPUSH) -d $(DOMAIN) $@ +@@ -317,7 +322,7 @@ else + passwd.byname: $(PASSWD) $(YPDIR)/Makefile + @echo "Updating $@..." + @$(UMASK); \ +- $(AWK) -F: '!/^[-+#]/ { if ($$1 != "" && $$3 >= $(MINUID) ) \ ++ $(AWK) -F: '!/^[-+#]/ { if ($$1 != "" && $$3 >= $(MINUID) && $$3 != $(NFSNOBODYUID) ) \ + print $$1"\t"$$0 }' $(PASSWD) | $(DBLOAD) -i $(PASSWD) \ + -o $(YPMAPDIR)/$@ - $@ + -@$(NOPUSH) || $(YPPUSH) -d $(DOMAIN) $@ +@@ -325,7 +330,7 @@ passwd.byname: $(PASSWD) $(YPDIR)/Makefi + passwd.byuid: $(PASSWD) $(YPDIR)/Makefile + @echo "Updating $@..." + @$(UMASK); \ +- $(AWK) -F: '!/^[-+#]/ { if ($$1 != "" && $$3 >= $(MINUID) ) \ ++ $(AWK) -F: '!/^[-+#]/ { if ($$1 != "" && $$3 >= $(MINUID) && $$3 != $(NFSNOBODYUID) ) \ + print $$3"\t"$$0 }' $(PASSWD) | $(DBLOAD) -i $(PASSWD) \ + -o $(YPMAPDIR)/$@ - $@ + -@$(NOPUSH) || $(YPPUSH) -d $(DOMAIN) $@ +@@ -334,7 +339,7 @@ shadow.byname: $(SHADOW) $(YPDIR)/Makefi + @echo "Updating $@..." + @$(UMASK); \ + $(AWK) -F: '{ if (FILENAME ~ /shadow$$/) { \ +- if (UID[$$1] >= $(MINUID) ) print $$1"\t"$$0; \ ++ if (UID[$$1] >= $(MINUID) && UID[$$1] != $(NFSNOBODYUID)) print $$1"\t"$$0; \ + } else UID[$$1] = $$3; }' $(PASSWD) $(SHADOW) \ + | $(DBLOAD) -s -i $(SHADOW) -o $(YPMAPDIR)/$@ - $@ + -@$(NOPUSH) || $(YPPUSH) -d $(DOMAIN) $@ +@@ -353,7 +358,7 @@ group.byname: $(GROUP) $(GSHADOW) $(YPDI + @echo "Updating $@..." + @$(UMASK); \ + $(MERGER) -g $(GROUP) $(GSHADOW) | \ +- $(AWK) -F: '!/^[-+#]/ { if ($$1 != "" && $$3 >= $(MINGID) ) \ ++ $(AWK) -F: '!/^[-+#]/ { if ($$1 != "" && $$3 >= $(MINGID) && $$3 != $(NFSNOBODYGID) ) \ + print $$1"\t"$$0 }' | $(DBLOAD) -i $(GROUP) -o $(YPMAPDIR)/$@ - $@ + -@$(NOPUSH) || $(YPPUSH) -d $(DOMAIN) $@ + +@@ -361,7 +366,7 @@ group.bygid: $(GROUP) $(GSHADOW) $(YPDIR + @echo "Updating $@..." + @$(UMASK); \ + $(MERGER) -g $(GROUP) $(GSHADOW) | \ +- $(AWK) -F: '!/^[-+#]/ { if ($$1 != "" && $$3 >= $(MINGID) ) \ ++ $(AWK) -F: '!/^[-+#]/ { if ($$1 != "" && $$3 >= $(MINGID) && $$3 != $(NFSNOBODYGID) ) \ + print $$3"\t"$$0 }' | $(DBLOAD) -i $(GROUP) -o $(YPMAPDIR)/$@ - $@ + -@$(NOPUSH) || $(YPPUSH) -d $(DOMAIN) $@ + +@@ -370,7 +375,7 @@ else + group.byname: $(GROUP) $(YPDIR)/Makefile + @echo "Updating $@..." + @$(UMASK); \ +- $(AWK) -F: '!/^[-+#]/ { if ($$1 != "" && $$3 >= $(MINGID) ) \ ++ $(AWK) -F: '!/^[-+#]/ { if ($$1 != "" && $$3 >= $(MINGID) && $$3 != $(NFSNOBODYGID) ) \ + print $$1"\t"$$0 }' $(GROUP) \ + | $(DBLOAD) -i $(GROUP) -o $(YPMAPDIR)/$@ - $@ + -@$(NOPUSH) || $(YPPUSH) -d $(DOMAIN) $@ +@@ -378,7 +383,7 @@ group.byname: $(GROUP) $(YPDIR)/Makefile + group.bygid: $(GROUP) $(YPDIR)/Makefile + @echo "Updating $@..." + @$(UMASK); \ +- $(AWK) -F: '!/^[-+#]/ { if ($$1 != "" && $$3 >= $(MINGID) ) \ ++ $(AWK) -F: '!/^[-+#]/ { if ($$1 != "" && $$3 >= $(MINGID) && $$3 != $(NFSNOBODYGID) ) \ + print $$3"\t"$$0 }' $(GROUP) \ + | $(DBLOAD) -i $(GROUP) -o $(YPMAPDIR)/$@ - $@ + -@$(NOPUSH) || $(YPPUSH) -d $(DOMAIN) $@ diff --git a/ypserv-2.5-redhat.patch b/ypserv-2.5-redhat.patch new file mode 100644 index 0000000..78d7d55 --- /dev/null +++ b/ypserv-2.5-redhat.patch @@ -0,0 +1,13 @@ +--- ./scripts/ypMakefile.in.redhat 2017-03-31 16:43:23.318556329 +0200 ++++ ./scripts/ypMakefile.in 2017-03-31 16:49:27.917561370 +0200 +@@ -107,8 +107,8 @@ target: Makefile + # If you don't want some of these maps built, feel free to comment + # them out from this list. + +-all: passwd group hosts rpc services netid protocols netgrp mail \ +- shadow publickey # networks ethers bootparams printcap \ ++all: passwd group hosts rpc services netid protocols mail \ ++ # netgrp shadow publickey networks ethers bootparams printcap \ + # amd.home autofs passwd.adjunct \ + # timezone locale netmasks + diff --git a/ypserv-4.0-headers.patch b/ypserv-4.0-headers.patch new file mode 100644 index 0000000..94eef1c --- /dev/null +++ b/ypserv-4.0-headers.patch @@ -0,0 +1,10 @@ +--- a/makedbm/makedbm.c.headers 2017-02-21 13:57:23.933293831 +0100 ++++ b/makedbm/makedbm.c 2017-02-21 13:57:48.141286207 +0100 +@@ -30,6 +30,7 @@ + #include + #include + #include ++#include "yp.h" + + #if defined (__NetBSD__) || (defined(__GLIBC__) && (__GLIBC__ == 2 && __GLIBC_MINOR__ == 0)) + /* is missing the prototype */ diff --git a/ypserv-4.0-manfix.patch b/ypserv-4.0-manfix.patch new file mode 100644 index 0000000..0c60ab5 --- /dev/null +++ b/ypserv-4.0-manfix.patch @@ -0,0 +1,65 @@ +diff -up ypserv-5bfba760283060087aefeb417342bcc66d349b2e/rpc.ypxfrd/rpc.ypxfrd.8.xml.manfix ypserv-5bfba760283060087aefeb417342bcc66d349b2e/rpc.ypxfrd/rpc.ypxfrd.8.xml +--- ypserv-5bfba760283060087aefeb417342bcc66d349b2e/rpc.ypxfrd/rpc.ypxfrd.8.xml.manfix 2018-06-11 14:52:20.441724121 +0200 ++++ ypserv-5bfba760283060087aefeb417342bcc66d349b2e/rpc.ypxfrd/rpc.ypxfrd.8.xml 2018-06-11 15:07:10.266529912 +0200 +@@ -58,6 +58,12 @@ + since it starts very slowly, it should be started after + ypserv from /etc/init.d/ypxfrd. + ++ ++ It is possible to pass OPTIONS to ++ rpc.ypxfrd using the environment variable ++ YPXFRD_ARGS and this variable can be set in ++ /etc/sysconfig/network. ++ + + + +@@ -155,6 +161,14 @@ + Configuration file for access rights + + ++ ++ /etc/sysconfig/network ++ ++ ++ Setting additional arguments to rpc.ypxfrd ++ ++ ++ + + + +diff -up ypserv-5bfba760283060087aefeb417342bcc66d349b2e/ypserv/ypserv.8.xml.manfix ypserv-5bfba760283060087aefeb417342bcc66d349b2e/ypserv/ypserv.8.xml +--- ypserv-5bfba760283060087aefeb417342bcc66d349b2e/ypserv/ypserv.8.xml.manfix 2018-06-11 15:08:05.639332959 +0200 ++++ ypserv-5bfba760283060087aefeb417342bcc66d349b2e/ypserv/ypserv.8.xml 2018-06-11 15:12:38.261286488 +0200 +@@ -61,7 +61,16 @@ but must be running somewhere + on the network. On startup + ypserv + parses the file +-/etc/ypserv.conf. ++/etc/ypserv.conf. ++It is also possible to pass ++OPTIONS ++to ++ypserv ++using the environment variable ++YPSERV_ARGS ++and this variable can be set in ++/etc/sysconfig/network. ++ + + + +@@ -184,6 +193,12 @@ for a map. + which hosts are allowed to contact ypserv. + + ++ ++ /etc/sysconfig/network ++ ++setting additional arguments to ypserv. ++ ++ + + + diff --git a/ypserv-4.0-selinux-context.patch b/ypserv-4.0-selinux-context.patch new file mode 100644 index 0000000..2591d4e --- /dev/null +++ b/ypserv-4.0-selinux-context.patch @@ -0,0 +1,144 @@ +diff -up ypserv-5bfba760283060087aefeb417342bcc66d349b2e/configure.ac.selinux-context ypserv-5bfba760283060087aefeb417342bcc66d349b2e/configure.ac +--- ypserv-5bfba760283060087aefeb417342bcc66d349b2e/configure.ac.selinux-context 2018-06-13 15:08:56.011432773 +0200 ++++ ypserv-5bfba760283060087aefeb417342bcc66d349b2e/configure.ac 2018-06-13 15:08:56.017432861 +0200 +@@ -240,6 +240,26 @@ then + exit + fi + ++AC_ARG_WITH(selinux, ++ [AC_HELP_STRING([--with-selinux@<:@=yes|no@:>@],[Enables SELinux support [no]])], ++ ++ [ if test "$withval" = "yes"; then ++ AC_CHECK_HEADERS([selinux/selinux.h], [], ++ [AC_MSG_ERROR([Missing SELinux header files])]) ++ AC_CHECK_LIB(selinux, setfilecon_raw, [], ++ [AC_MSG_ERROR([Missing or incorrect SELinux library])]) ++ AC_CHECK_LIB(selinux, getfilecon_raw, [], ++ [AC_MSG_ERROR([Missing or incorrect SELinux library])]) ++ AC_CHECK_LIB(selinux, freecon, [], ++ [AC_MSG_ERROR([Missing or incorrect SELinux library])]) ++ fi ++ ],[]) ++ ++AC_SUBST(with_selinux) ++if test "$with_selinux" = "yes"; then ++ AC_DEFINE(WITH_SELINUX, 1, [Define to 1 if SELinux support is enabled]) ++fi ++ + AC_CHECK_LIB(crypt,crypt,LIBCRYPT="-lcrypt",LIBCRYPT="") + AC_CHECK_HEADERS(crypt.h) + AC_SUBST(LIBCRYPT) +diff -up ypserv-5bfba760283060087aefeb417342bcc66d349b2e/rpc.yppasswdd/Makefile.am.selinux-context ypserv-5bfba760283060087aefeb417342bcc66d349b2e/rpc.yppasswdd/Makefile.am +--- ypserv-5bfba760283060087aefeb417342bcc66d349b2e/rpc.yppasswdd/Makefile.am.selinux-context 2016-11-22 16:40:13.000000000 +0100 ++++ ypserv-5bfba760283060087aefeb417342bcc66d349b2e/rpc.yppasswdd/Makefile.am 2018-06-13 15:08:56.017432861 +0200 +@@ -24,7 +24,7 @@ sbin_PROGRAMS = rpc.yppasswdd + + rpc_yppasswdd_SOURCES = update.c yppasswd_xdr.c yppasswdd.c + +-rpc_yppasswdd_LDADD = @PIE_LDFLAGS@ $(top_builddir)/lib/libyp.a $(LIBDBM) $(LIBCRYPT) @SYSTEMD_LIBS@ @NSL_LIBS@ @TIRPC_LIBS@ ++rpc_yppasswdd_LDADD = @PIE_LDFLAGS@ $(top_builddir)/lib/libyp.a $(LIBDBM) $(LIBCRYPT) @SYSTEMD_LIBS@ @NSL_LIBS@ @TIRPC_LIBS@ $(LIBSELINUX) + rpc_yppasswdd_CFLAGS = @PIE_CFLAGS@ @SYSTEMD_CFLAGS@ @NSL_CFLAGS@ @TIRPC_CFLAGS@ + + if ENABLE_REGENERATE_MAN +diff -up ypserv-5bfba760283060087aefeb417342bcc66d349b2e/rpc.yppasswdd/update.c.selinux-context ypserv-5bfba760283060087aefeb417342bcc66d349b2e/rpc.yppasswdd/update.c +--- ypserv-5bfba760283060087aefeb417342bcc66d349b2e/rpc.yppasswdd/update.c.selinux-context 2016-11-22 16:40:13.000000000 +0100 ++++ ypserv-5bfba760283060087aefeb417342bcc66d349b2e/rpc.yppasswdd/update.c 2018-07-20 12:01:14.874866767 +0200 +@@ -41,6 +41,10 @@ + #include "yppwd_local.h" + #include "log_msg.h" + ++#ifdef WITH_SELINUX ++#include ++#endif /* WITH_SELINUX */ ++ + #ifndef CHECKROOT + /* Set to 0 if you don't want to check against the root password + of the NIS master server. */ +@@ -460,6 +464,9 @@ update_files (yppasswd *yppw, int *shado + FILE *oldpf = NULL, *newpf = NULL, *oldsf = NULL, *newsf = NULL; + struct stat passwd_stat, shadow_stat; + char *rootpass = "x"; ++#ifdef WITH_SELINUX ++ char *pSelCon = NULL; ++#endif /* WITH_SELINUX */ + + #if CHECKROOT + if ((pw = getpwnam ("root")) != NULL) +@@ -520,6 +527,39 @@ update_files (yppasswd *yppw, int *shado + return 1; + } + ++#ifdef WITH_SELINUX ++ if (is_selinux_enabled() == 1) ++ { ++ /* Get selinux context of the original file */ ++ if (getfilecon_raw(path_passwd, &pSelCon) < 0) ++ { ++ log_msg ("update %.12s (uid=%d) failed", ++ yppw->newpw.pw_name, yppw->newpw.pw_uid); ++ log_msg ("Can't get selinux context %s: %m", path_passwd); ++ freecon(pSelCon); ++ fclose (oldpf); ++ fclose (newpf); ++ unlink (path_passwd_tmp); ++ return 1; ++ } ++ ++ /* Set selinux context for tmp file */ ++ if (setfilecon_raw(path_passwd_tmp, pSelCon)) ++ { ++ log_msg ("update %.12s (uid=%d) failed", ++ yppw->newpw.pw_name, yppw->newpw.pw_uid); ++ log_msg ("Can't set selinux context %s: %m", path_passwd_tmp); ++ freecon(pSelCon); ++ fclose (oldpf); ++ fclose (newpf); ++ unlink (path_passwd_tmp); ++ return 1; ++ } ++ freecon(pSelCon); ++ pSelCon=NULL; ++ } ++# endif /* WITH_SELINUX */ ++ + /* Open the shadow file for reading. */ + if ((oldsf = fopen (path_shadow, "r")) != NULL) + { +@@ -558,6 +598,37 @@ update_files (yppasswd *yppw, int *shado + fclose (oldpf); + return 1; + } ++#ifdef WITH_SELINUX ++ if (is_selinux_enabled() == 1) ++ { ++ if (getfilecon_raw(path_shadow, &pSelCon) < 0) ++ { ++ log_msg ("update %.12s (uid=%d) failed", ++ yppw->newpw.pw_name, yppw->newpw.pw_uid); ++ log_msg ("Can't get selinux context %s: %m", path_shadow); ++ freecon(pSelCon); ++ fclose (newsf); ++ fclose (oldsf); ++ fclose (newpf); ++ fclose (oldpf); ++ return 1; ++ } ++ if (setfilecon_raw(path_shadow_tmp, pSelCon)) ++ { ++ log_msg ("update %.12s (uid=%d) failed", ++ yppw->newpw.pw_name, yppw->newpw.pw_uid); ++ log_msg ("Can't set selinux context %s: %m", path_shadow_tmp); ++ freecon(pSelCon); ++ fclose (newsf); ++ fclose (oldsf); ++ fclose (newpf); ++ fclose (oldpf); ++ return 1; ++ } ++ freecon(pSelCon); ++ pSelCon=NULL; ++ } ++#endif /* WITH_SELINUX */ + } + + /* Loop over all passwd entries */ diff --git a/ypserv-4.1.tar.gz b/ypserv-4.1.tar.gz new file mode 100644 index 0000000..39de858 Binary files /dev/null and b/ypserv-4.1.tar.gz differ diff --git a/ypserv.service b/ypserv.service new file mode 100644 index 0000000..916d8e5 --- /dev/null +++ b/ypserv.service @@ -0,0 +1,14 @@ +[Unit] +Description=NIS/YP (Network Information Service) Server +Requires=rpcbind.service +After=syslog.target network.target rpcbind.service + +[Service] +Type=notify +NotifyAccess=all +EnvironmentFile=-/etc/sysconfig/network +ExecStart=/usr/sbin/ypserv -f $YPSERV_ARGS +PrivateTmp=true + +[Install] +WantedBy=multi-user.target diff --git a/ypserv.spec b/ypserv.spec new file mode 100644 index 0000000..b125499 --- /dev/null +++ b/ypserv.spec @@ -0,0 +1,110 @@ +Name: ypserv +Version: 4.1 +Release: 1 +Summary: The NIS server +License: GPLv2 +URL: http://www.linux-nis.org/nis/ypserv/index.html +Source0: https://github.com/thkukuk/%{name}/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz +Source1: ypserv.service +Source2: yppasswdd.service +Source3: ypxfrd.service +Source4: rpc.yppasswdd.env +Source5: yppasswdd-pre-setdomain +Source6: yppasswdd +Patch0: ypserv-2.5-redhat.patch +Patch1: ypserv-2.5-nfsnobody2.patch +Patch2: ypserv-2.13-ypxfr-zeroresp.patch +Patch3: ypserv-2.13-nonedomain.patch +Patch4: ypserv-2.19-slp-warning.patch +Patch5: ypserv-4.0-manfix.patch +Patch6: ypserv-2.24-aliases.patch +Patch7: ypserv-2.27-confpost.patch +Patch8: ypserv-2.31-netgrprecur.patch +Patch9: ypserv-4.0-headers.patch +Patch10: ypserv-4.0-selinux-context.patch + +BuildRequires: gcc git systemd libxslt autoconf automake +BuildRequires: docbook-style-xsl tokyocabinet-devel libnsl2-devel +BuildRequires: libtirpc-devel systemd-devel libselinux-devel +Requires: tokyocabinet gawk make portmap bash >= 2.0 +Requires(pre): hostname +Requires(post): systemd +Requires(preun): systemd +Requires(postun): systemd + +%description +The ypserv distributes NIS databases to client systems.The client +must run ypbind.The databases are stored in /var/yp/[domainname]. +The domainname is the name of the domain being served. + +%package help +Summary: Doc files for ypserv +BuildArch: noarch + +%description help +The help package contains doc files for ypserv. + +%prep +%autosetup -n %{name}-%{version} -p1 -S git +rm -f etc/netgroup.5 etc/ypserv.conf.5 makedbm/makedbm.8 mknetid/mknetid.8 +autoreconf -i + +%build +cp etc/README etc/README.etc +export CFLAGS="$RPM_OPT_FLAGS -fpic" + +%configure --enable-checkroot --enable-fqdn --libexecdir=%{_libdir}/yp \ + --with-dbmliborder=tokyocabinet --localstatedir=%{_localstatedir} --with-selinux +%make_build + +%install +%make_install +mkdir -p %{buildroot}/%{_libexecdir} +mkdir -p %{buildroot}/%{_sysconfdir} +mkdir -p %{buildroot}/%{_unitdir} +mkdir -p %{buildroot}/etc/sysconfig +install -m 644 %{SOURCE1} %{buildroot}/%{_unitdir}/ypserv.service +install -m 644 %{SOURCE2} %{buildroot}/%{_unitdir}/yppasswdd.service +install -m 644 %{SOURCE3} %{buildroot}/%{_unitdir}/ypxfrd.service +install -m 755 %{SOURCE4} %{buildroot}/%{_libexecdir}/rpc.yppasswdd.env +install -m 755 %{SOURCE5} %{buildroot}/%{_libexecdir}/yppasswdd-pre-setdomain +install -m 644 %{SOURCE6} %{buildroot}/etc/sysconfig/yppasswdd +install -m 644 etc/ypserv.conf %{buildroot}/%{_sysconfdir} + +%pre + +%preun +%systemd_preun ypserv.service +%systemd_preun ypxfrd.service +%systemd_preun yppasswdd.service + +%post +%systemd_post ypserv.service +%systemd_post ypxfrd.service +%systemd_post yppasswdd.service + +%postun +%systemd_postun_with_restart ypserv.service +%systemd_postun_with_restart ypxfrd.service +%systemd_postun_with_restart yppasswdd.service + +%files +%doc COPYING AUTHORS +%doc etc/ypserv.conf etc/README.etc etc/securenets +%doc etc/netgroup etc/timezone etc/locale etc/netmasks +%config(noreplace) %{_sysconfdir}/ypserv.conf +%config(noreplace) %{_sysconfdir}/sysconfig/yppasswdd +%{_unitdir}/*.service +%{_includedir}/rpcsvc/ypxfrd.x +%{_libdir}/yp/* +%{_sbindir}/* +%{_libexecdir}/* +%config(noreplace) /var/yp/* + +%files help +%doc README INSTALL TODO NEWS ChangeLog +%{_mandir}/*/* + +%changelog +* Mon Sep 9 2019 luhuaxin - 4.1-1 +- Package init diff --git a/ypxfrd.service b/ypxfrd.service new file mode 100644 index 0000000..cc408f2 --- /dev/null +++ b/ypxfrd.service @@ -0,0 +1,14 @@ +[Unit] +Description=NIS/YP (Network Information Service) Maps Transferring Accelerator +Requires=rpcbind.service +After=syslog.target network.target rpcbind.service + +[Service] +Type=notify +NotifyAccess=all +EnvironmentFile=-/etc/sysconfig/network +ExecStart=/usr/sbin/rpc.ypxfrd -f $YPXFRD_ARGS +PrivateTmp=true + +[Install] +WantedBy=multi-user.target