packages/ypserv
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Package init

Browse Source
This commit is contained in:
overweight 2019-09-30 11:20:38 -04:00
commit 6302ec380a
19 changed files with 713 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
rpc.yppasswdd.env Normal file
View File

@ -0,0 +1,30 @@
#!/bin/bash
#
# Author: Honza Horak <hhorak@redhat.com>
# Date: 2011/11/25
# Package: ypserv
#
# This script is part of ypserv package.
# We need to pass all environment variables set in /etc/sysconfig/yppasswdd
# to rpc.yppasswdd daemon, but only if they are not empty. However, this
# simple logic is not supported by systemd.
# This script wraps the main binary, prepares YPPASSWDD_ARGS variable
# to include all necessary variables (ETCDIR, PASSWDFILE and SHADOWFILE)
# and passes this variable to daemon.
# The script ensures, that the rpc.yppasswdd arguments are not used in case
# the appropriate environment variables are empty.
if [ "$ETCDIR" ]; then
YPPASSWDD_ARGS="$YPPASSWDD_ARGS -D $ETCDIR"
fi
if [ "$PASSWDFILE" ]; then
YPPASSWDD_ARGS="$YPPASSWDD_ARGS -p $PASSWDFILE"
fi
if [ "$SHADOWFILE" ]; then
YPPASSWDD_ARGS="$YPPASSWDD_ARGS -s $SHADOWFILE"
fi
exec /usr/sbin/rpc.yppasswdd -f $YPPASSWDD_ARGS

13
yppasswdd Normal file
View File

@ -0,0 +1,13 @@
# The specified directory path of the passwd and shadow files.
#ETCDIR=/etc
# The passwd file used by rpc.yppasswdd
# You can't mix usage of this with ETCDIR
#PASSWDFILE=/etc/passwd
# The shadow file used by rpc.yppasswdd
# You can't mix usage of this with ETCDIR
#SHADOWFILE=/etc/shadow
# Additional arguments passed to yppasswd
YPPASSWDD_ARGS=

21
yppasswdd-pre-setdomain Normal file
View File

@ -0,0 +1,21 @@
#!/bin/sh
#
# yppasswdd-pre-setdomain
#
# description: This is part of former ypserv init script, which is used
# to setup proper domainname before starting yppasswdd daemon
# itself. If $NISDOMAIN is not defined, it fails.
#
DOMAINNAME=`domainname`
if [ "$DOMAINNAME" = "(none)" -o "$DOMAINNAME" = "" ]; then
echo -n $"Setting NIS domain: "
if [ -n "$NISDOMAIN" ]; then
domainname $NISDOMAIN
echo $"'$NISDOMAIN' (environment variable)"
else # no domainname found
logger -t yppasswdd $"domain not found"
exit 1
fi
fi

16
yppasswdd.service Normal file
View File

@ -0,0 +1,16 @@
[Unit]
Description=NIS/YP (Network Information Service) Users Passwords Change Server
Requires=rpcbind.service
After=syslog.target network.target rpcbind.service
[Service]
Type=notify
NotifyAccess=all
EnvironmentFile=-/etc/sysconfig/network
EnvironmentFile=-/etc/sysconfig/yppasswdd
ExecStartPre=/usr/libexec/yppasswdd-pre-setdomain
ExecStart=/usr/libexec/rpc.yppasswdd.env
PrivateTmp=true
[Install]
WantedBy=multi-user.target

22
ypserv-2.13-nonedomain.patch Normal file
View File

@ -0,0 +1,22 @@
diff -up ./scripts/ypMakefile.in.nonedomain ./scripts/ypMakefile.in
--- ./scripts/ypMakefile.in.nonedomain 2013-05-06 18:30:46.772434725 +0200
+++ ./scripts/ypMakefile.in 2013-05-06 18:31:59.429495323 +0200
@@ -106,10 +106,18 @@ NETMASKS = $(YPSRCDIR)/netmasks
YPSERVERS = $(YPDIR)/ypservers # List of all NIS slave servers
target: Makefile
+ifeq ($(shell /bin/domainname), (none))
+ @echo "Domain name cannot be (none)"
+else
+ifeq ($(shell /bin/domainname), )
+ @echo "Domain name must be set"
+else
@test ! -d $(LOCALDOMAIN) && mkdir $(LOCALDOMAIN) ; \
cd $(LOCALDOMAIN) ; \
$(NOPUSH) || $(MAKE) -f ../Makefile ypservers; \
$(MAKE) -f ../Makefile all
+endif
+endif
# If you don't want some of these maps built, feel free to comment
# them out from this list.

11
ypserv-2.13-ypxfr-zeroresp.patch Normal file
View File

@ -0,0 +1,11 @@
diff -up ./ypxfr/ypxfr.c.ypxfr-zeroresp ./ypxfr/ypxfr.c
--- ./ypxfr/ypxfr.c.ypxfr-zeroresp 2013-04-10 16:43:21.000000000 +0200
+++ ./ypxfr/ypxfr.c 2013-05-06 18:31:36.875476520 +0200
@@ -415,6 +415,7 @@ ypxfr (char *map, char *source_host, cha
time_t masterOrderNum;
int result;
+ memset(&resp_val, '\0', sizeof(resp_val));
/* Name of the map file */
if (strlen (path_ypdb) + strlen (target_domain) + strlen (map) + 3 < MAXPATHLEN)
sprintf (dbName_orig, "%s/%s/%s", path_ypdb, target_domain, map);

15
ypserv-2.19-slp-warning.patch Normal file
View File

@ -0,0 +1,15 @@
diff -up ./etc/ypserv.conf.slp-warning ./etc/ypserv.conf
--- ./etc/ypserv.conf.slp-warning 2006-10-12 13:03:32.000000000 +0200
+++ ./etc/ypserv.conf 2013-05-06 18:32:16.581509617 +0200
@@ -13,9 +13,9 @@
# Should we register ypserv with SLP? Only available if SLP support
# is compiled in. Deprecated functionality.
-slp: no
+# slp: no
# After how many seconds we should re-register ypserv with SLP?
-slp_timeout: 3600
+# slp_timeout: 3600
# xfr requests are only allowed from ports < 1024
xfr_check_port: yes

34
ypserv-2.24-aliases.patch Normal file
View File

@ -0,0 +1,34 @@
diff -up ypserv-2.32/acinclude.m4.aliases ypserv-2.32/acinclude.m4
--- ypserv-2.32/acinclude.m4.aliases 2005-04-07 14:38:44.000000000 +0200
+++ ypserv-2.32/acinclude.m4 2013-11-18 09:57:05.082162773 +0100
@@ -92,3 +92,18 @@ AC_DEFUN([TYPE_SOCKLEN_T],
fi
AC_MSG_RESULT($ac_cv___attribute__)
])
+
+
+dnl
+dnl Find where aliases file is located
+dnl It can be in /etc/aliases or /etc/mail/aliases
+dnl If file path is specified in argument and file path exists, it is used.
+dnl
+AC_DEFUN([FIND_ALIASES_PATH], [
+AC_MSG_CHECKING(for aliases file path)
+tmp_aliases="$1"
+test -f /etc/mail/aliases && tmp_aliases="/etc/mail/aliases"
+test -f /etc/aliases && tmp_aliases="/etc/aliases"
+AC_MSG_RESULT($tmp_aliases)
+AC_SUBST(ALIASES, $tmp_aliases)
+])
diff -up ypserv-2.32/configure.ac.aliases ypserv-2.32/configure.ac
--- ypserv-2.32/configure.ac.aliases 2013-11-18 09:51:17.094758957 +0100
+++ ypserv-2.32/configure.ac 2013-11-18 09:52:07.859844276 +0100
@@ -151,7 +151,7 @@ fi
AC_SUBST(MAKE)
dnl Check for aliases path
-AC_PATH_PROG(ALIASES, aliases, /etc/mail/aliases, /etc/mail:/etc)
+FIND_ALIASES_PATH(/etc/aliases)
dnl Should we use a gethostbyname after gethostname to use FQDN ? default yes
AC_ARG_ENABLE(fqdn, AS_HELP_STRING([--disable-fqdn],

17
ypserv-2.27-confpost.patch Normal file
View File

@ -0,0 +1,17 @@
diff -up ./conf_post.h.confpost ./conf_post.h
--- ./conf_post.h.confpost 2012-04-17 15:47:28.000000000 +0200
+++ ./conf_post.h 2013-05-06 18:34:54.274640856 +0200
@@ -8,3 +8,13 @@
#define HAVE_COMPAT_LIBGDBM
#endif
+/* Define common preprocessor symbol for HAVE_LIBGDBM and HAVE_LIBQDBM, since
+ * libraries gdbm and qdbm have same symbol names. */
+#undef HAVE_COMPAT_LIBGDBM
+#ifdef HAVE_LIBGDBM
+#define HAVE_COMPAT_LIBGDBM
+#endif
+#ifdef HAVE_LIBQDBM
+#define HAVE_COMPAT_LIBGDBM
+#endif
+

68
ypserv-2.31-netgrprecur.patch Normal file
View File

@ -0,0 +1,68 @@
Upstream didn't accepted this patch and only replied that user should fix
the configuration. Since we believe that even if configuration is wrong,
program (especially daemon) shouldn't crash with segfault, we rather fix
this on our own to print a nice error when level of recursion exceeds 128.
diff -up ypserv-2.31/revnetgroup/getnetgrent.c.recursive ypserv-2.31/revnetgroup/getnetgrent.c
--- ypserv-2.31/revnetgroup/getnetgrent.c.recursive 2013-05-17 12:37:08.143675080 +0200
+++ ypserv-2.31/revnetgroup/getnetgrent.c 2013-05-17 14:20:49.376566354 +0200
@@ -31,6 +31,8 @@
#include "hash.h"
+#define NETGROUPENTRY_RECURSION_LIMIT 128
+
extern hash_t *input;
void rev_setnetgrent (const char *);
@@ -53,7 +55,7 @@ struct netgrlist
};
-static void rev_expand_netgroupentry (const char *, struct netgrlist *);
+static void rev_expand_netgroupentry (const char *, struct netgrlist *, int level);
static void rev_parse_entry (char *, char *, struct netgrlist *);
static void rev_netgr_free (struct netgrlist *);
static struct netgrlist list = {0, 0, NULL};
@@ -83,7 +85,7 @@ rev_setnetgrent (const char *netgr)
{
rev_endnetgrent ();
netgroup = strdup (netgr);
- rev_expand_netgroupentry (netgr, &list);
+ rev_expand_netgroupentry (netgr, &list, 0);
}
first = 1;
}
@@ -141,7 +143,7 @@ rev_netgr_free (struct netgrlist *list)
}
static void
-rev_expand_netgroupentry (const char *netgr, struct netgrlist *list)
+rev_expand_netgroupentry (const char *netgr, struct netgrlist *list, int level)
{
char *outval = NULL;
char *outptr = NULL;
@@ -156,6 +158,14 @@ rev_expand_netgroupentry (const char *ne
if (outptr == NULL)
return;
+ /* check the recursion - return if we exceed the recursion limit */
+ if (level >= NETGROUPENTRY_RECURSION_LIMIT)
+ {
+ fprintf (stderr, "WARNING: level of recursion in netgroup %s reached"
+ "%d, entry ignored\n", netgr, NETGROUPENTRY_RECURSION_LIMIT);
+ return;
+ }
+
/* make a copy to work with */
outval = strdup (outptr);
if (outval == NULL)
@@ -198,7 +208,7 @@ rev_expand_netgroupentry (const char *ne
*end = '\0';
/* recursion */
- rev_expand_netgroupentry (start, list);
+ rev_expand_netgroupentry (start, list, level+1);
}
/* skip to the next entry */

96
ypserv-2.5-nfsnobody2.patch Normal file
View File

@ -0,0 +1,96 @@
diff -up ypserv-2.32/scripts/ypMakefile.in.nfsnobody ypserv-2.32/scripts/ypMakefile.in
--- ypserv-2.32/scripts/ypMakefile.in.nfsnobody 2013-11-18 09:19:58.092797179 +0100
+++ ypserv-2.32/scripts/ypMakefile.in 2013-11-18 09:20:39.885790669 +0100
@@ -40,6 +40,11 @@ YPPUSH_ARGS =
MINUID=$(shell TMP=`egrep '^UID_MIN\s+[0-9]+' /etc/login.defs|sed -e 's/^UID_MIN//'` ; [ -n "$$TMP" ] && echo "$$TMP" || echo 1000)
MINGID=$(shell TMP=`egrep '^GID_MIN\s+[0-9]+' /etc/login.defs|sed -e 's/^GID_MIN//'` ; [ -n "$$TMP" ] && echo "$$TMP" || echo 1000)
+# Don't export this uid/guid (nfsnobody).
+# Set to 0 if you want to
+NFSNOBODYUID=65534
+NFSNOBODYGID=65534
+
# Should we merge the passwd file with the shadow file ?
# MERGE_PASSWD=true|false
MERGE_PASSWD=true
@@ -294,7 +299,7 @@ passwd.byname: $(PASSWD) $(SHADOW) $(YPD
@echo "Updating $@..."
@$(UMASK); \
$(MERGER) -p $(PASSWD) $(SHADOW) | \
- $(AWK) -F: '!/^[-+#]/ { if ($$1 != "" && $$3 >= $(MINUID) ) \
+ $(AWK) -F: '!/^[-+#]/ { if ($$1 != "" && $$3 >= $(MINUID) && $$3 != $(NFSNOBODYUID) ) \
print $$1"\t"$$0 }' | $(DBLOAD) -i $(PASSWD) \
-o $(YPMAPDIR)/$@ - $@
-@$(NOPUSH) || $(YPPUSH) -d $(DOMAIN) $@
@@ -303,7 +308,7 @@ passwd.byuid: $(PASSWD) $(SHADOW) $(YPDI
@echo "Updating $@..."
@$(UMASK); \
$(MERGER) -p $(PASSWD) $(SHADOW) | \
- $(AWK) -F: '!/^[-+#]/ { if ($$1 != "" && $$3 >= $(MINUID) ) \
+ $(AWK) -F: '!/^[-+#]/ { if ($$1 != "" && $$3 >= $(MINUID) && $$3 != $(NFSNOBODYUID) ) \
print $$3"\t"$$0 }' | $(DBLOAD) -i $(PASSWD) \
-o $(YPMAPDIR)/$@ - $@
-@$(NOPUSH) || $(YPPUSH) -d $(DOMAIN) $@
@@ -317,7 +322,7 @@ else
passwd.byname: $(PASSWD) $(YPDIR)/Makefile
@echo "Updating $@..."
@$(UMASK); \
- $(AWK) -F: '!/^[-+#]/ { if ($$1 != "" && $$3 >= $(MINUID) ) \
+ $(AWK) -F: '!/^[-+#]/ { if ($$1 != "" && $$3 >= $(MINUID) && $$3 != $(NFSNOBODYUID) ) \
print $$1"\t"$$0 }' $(PASSWD) | $(DBLOAD) -i $(PASSWD) \
-o $(YPMAPDIR)/$@ - $@
-@$(NOPUSH) || $(YPPUSH) -d $(DOMAIN) $@
@@ -325,7 +330,7 @@ passwd.byname: $(PASSWD) $(YPDIR)/Makefi
passwd.byuid: $(PASSWD) $(YPDIR)/Makefile
@echo "Updating $@..."
@$(UMASK); \
- $(AWK) -F: '!/^[-+#]/ { if ($$1 != "" && $$3 >= $(MINUID) ) \
+ $(AWK) -F: '!/^[-+#]/ { if ($$1 != "" && $$3 >= $(MINUID) && $$3 != $(NFSNOBODYUID) ) \
print $$3"\t"$$0 }' $(PASSWD) | $(DBLOAD) -i $(PASSWD) \
-o $(YPMAPDIR)/$@ - $@
-@$(NOPUSH) || $(YPPUSH) -d $(DOMAIN) $@
@@ -334,7 +339,7 @@ shadow.byname: $(SHADOW) $(YPDIR)/Makefi
@echo "Updating $@..."
@$(UMASK); \
$(AWK) -F: '{ if (FILENAME ~ /shadow$$/) { \
- if (UID[$$1] >= $(MINUID) ) print $$1"\t"$$0; \
+ if (UID[$$1] >= $(MINUID) && UID[$$1] != $(NFSNOBODYUID)) print $$1"\t"$$0; \
} else UID[$$1] = $$3; }' $(PASSWD) $(SHADOW) \
| $(DBLOAD) -s -i $(SHADOW) -o $(YPMAPDIR)/$@ - $@
-@$(NOPUSH) || $(YPPUSH) -d $(DOMAIN) $@
@@ -353,7 +358,7 @@ group.byname: $(GROUP) $(GSHADOW) $(YPDI
@echo "Updating $@..."
@$(UMASK); \
$(MERGER) -g $(GROUP) $(GSHADOW) | \
- $(AWK) -F: '!/^[-+#]/ { if ($$1 != "" && $$3 >= $(MINGID) ) \
+ $(AWK) -F: '!/^[-+#]/ { if ($$1 != "" && $$3 >= $(MINGID) && $$3 != $(NFSNOBODYGID) ) \
print $$1"\t"$$0 }' | $(DBLOAD) -i $(GROUP) -o $(YPMAPDIR)/$@ - $@
-@$(NOPUSH) || $(YPPUSH) -d $(DOMAIN) $@
@@ -361,7 +366,7 @@ group.bygid: $(GROUP) $(GSHADOW) $(YPDIR
@echo "Updating $@..."
@$(UMASK); \
$(MERGER) -g $(GROUP) $(GSHADOW) | \
- $(AWK) -F: '!/^[-+#]/ { if ($$1 != "" && $$3 >= $(MINGID) ) \
+ $(AWK) -F: '!/^[-+#]/ { if ($$1 != "" && $$3 >= $(MINGID) && $$3 != $(NFSNOBODYGID) ) \
print $$3"\t"$$0 }' | $(DBLOAD) -i $(GROUP) -o $(YPMAPDIR)/$@ - $@
-@$(NOPUSH) || $(YPPUSH) -d $(DOMAIN) $@
@@ -370,7 +375,7 @@ else
group.byname: $(GROUP) $(YPDIR)/Makefile
@echo "Updating $@..."
@$(UMASK); \
- $(AWK) -F: '!/^[-+#]/ { if ($$1 != "" && $$3 >= $(MINGID) ) \
+ $(AWK) -F: '!/^[-+#]/ { if ($$1 != "" && $$3 >= $(MINGID) && $$3 != $(NFSNOBODYGID) ) \
print $$1"\t"$$0 }' $(GROUP) \
| $(DBLOAD) -i $(GROUP) -o $(YPMAPDIR)/$@ - $@
-@$(NOPUSH) || $(YPPUSH) -d $(DOMAIN) $@
@@ -378,7 +383,7 @@ group.byname: $(GROUP) $(YPDIR)/Makefile
group.bygid: $(GROUP) $(YPDIR)/Makefile
@echo "Updating $@..."
@$(UMASK); \
- $(AWK) -F: '!/^[-+#]/ { if ($$1 != "" && $$3 >= $(MINGID) ) \
+ $(AWK) -F: '!/^[-+#]/ { if ($$1 != "" && $$3 >= $(MINGID) && $$3 != $(NFSNOBODYGID) ) \
print $$3"\t"$$0 }' $(GROUP) \
| $(DBLOAD) -i $(GROUP) -o $(YPMAPDIR)/$@ - $@
-@$(NOPUSH) || $(YPPUSH) -d $(DOMAIN) $@

13
ypserv-2.5-redhat.patch Normal file
View File

@ -0,0 +1,13 @@
--- ./scripts/ypMakefile.in.redhat 2017-03-31 16:43:23.318556329 +0200
+++ ./scripts/ypMakefile.in 2017-03-31 16:49:27.917561370 +0200
@@ -107,8 +107,8 @@ target: Makefile
# If you don't want some of these maps built, feel free to comment
# them out from this list.
-all: passwd group hosts rpc services netid protocols netgrp mail \
- shadow publickey # networks ethers bootparams printcap \
+all: passwd group hosts rpc services netid protocols mail \
+ # netgrp shadow publickey networks ethers bootparams printcap \
# amd.home autofs passwd.adjunct \
# timezone locale netmasks

10
ypserv-4.0-headers.patch Normal file
View File

@ -0,0 +1,10 @@
--- a/makedbm/makedbm.c.headers 2017-02-21 13:57:23.933293831 +0100
+++ b/makedbm/makedbm.c 2017-02-21 13:57:48.141286207 +0100
@@ -30,6 +30,7 @@
#include <netdb.h>
#include <rpc/rpc.h>
#include <rpcsvc/yp_prot.h>
+#include "yp.h"
#if defined (__NetBSD__) || (defined(__GLIBC__) && (__GLIBC__ == 2 && __GLIBC_MINOR__ == 0))
/* <rpc/rpc.h> is missing the prototype */

65
ypserv-4.0-manfix.patch Normal file
View File

@ -0,0 +1,65 @@
diff -up ypserv-5bfba760283060087aefeb417342bcc66d349b2e/rpc.ypxfrd/rpc.ypxfrd.8.xml.manfix ypserv-5bfba760283060087aefeb417342bcc66d349b2e/rpc.ypxfrd/rpc.ypxfrd.8.xml
--- ypserv-5bfba760283060087aefeb417342bcc66d349b2e/rpc.ypxfrd/rpc.ypxfrd.8.xml.manfix 2018-06-11 14:52:20.441724121 +0200
+++ ypserv-5bfba760283060087aefeb417342bcc66d349b2e/rpc.ypxfrd/rpc.ypxfrd.8.xml 2018-06-11 15:07:10.266529912 +0200
@@ -58,6 +58,12 @@
since it starts very slowly, it should be started after
<command>ypserv</command> from <command>/etc/init.d/ypxfrd</command>.
</para>
+ <para>
+ It is possible to pass <emphasis remap='B'>OPTIONS</emphasis> to
+ <command>rpc.ypxfrd</command> using the environment variable
+ YPXFRD_ARGS and this variable can be set in
+ <filename>/etc/sysconfig/network</filename>.
+ </para>
</refsect1>
<refsect1 id='options'>
@@ -155,6 +161,14 @@
<para>Configuration file for access rights</para>
</listitem>
</varlistentry>
+ <varlistentry>
+ <term><filename>/etc/sysconfig/network</filename></term>
+ <listitem>
+ <para>
+ Setting additional arguments to <command>rpc.ypxfrd</command>
+ </para>
+ </listitem>
+ </varlistentry>
</variablelist>
</refsect1>
diff -up ypserv-5bfba760283060087aefeb417342bcc66d349b2e/ypserv/ypserv.8.xml.manfix ypserv-5bfba760283060087aefeb417342bcc66d349b2e/ypserv/ypserv.8.xml
--- ypserv-5bfba760283060087aefeb417342bcc66d349b2e/ypserv/ypserv.8.xml.manfix 2018-06-11 15:08:05.639332959 +0200
+++ ypserv-5bfba760283060087aefeb417342bcc66d349b2e/ypserv/ypserv.8.xml 2018-06-11 15:12:38.261286488 +0200
@@ -61,7 +61,16 @@ but must be running somewhere
on the network. On startup
<emphasis remap='B'>ypserv</emphasis>
parses the file
-<filename>/etc/ypserv.conf.</filename></para>
+<filename>/etc/ypserv.conf.</filename>
+It is also possible to pass
+<emphasis remap='B'>OPTIONS</emphasis>
+to
+<command>ypserv</command>
+using the environment variable
+YPSERV_ARGS
+and this variable can be set in
+<filename>/etc/sysconfig/network</filename>.
+</para>
</refsect1>
@@ -184,6 +193,12 @@ for a map.</para>
<para>which hosts are allowed to contact <command>ypserv</command>.</para>
</listitem>
</varlistentry>
+ <varlistentry>
+ <term><filename>/etc/sysconfig/network</filename></term>
+ <listitem>
+<para>setting additional arguments to <command>ypserv</command>.</para>
+ </listitem>
+ </varlistentry>
</variablelist>
</refsect1>

144
ypserv-4.0-selinux-context.patch Normal file
View File

@ -0,0 +1,144 @@
diff -up ypserv-5bfba760283060087aefeb417342bcc66d349b2e/configure.ac.selinux-context ypserv-5bfba760283060087aefeb417342bcc66d349b2e/configure.ac
--- ypserv-5bfba760283060087aefeb417342bcc66d349b2e/configure.ac.selinux-context 2018-06-13 15:08:56.011432773 +0200
+++ ypserv-5bfba760283060087aefeb417342bcc66d349b2e/configure.ac 2018-06-13 15:08:56.017432861 +0200
@@ -240,6 +240,26 @@ then
exit
fi
+AC_ARG_WITH(selinux,
+ [AC_HELP_STRING([--with-selinux@<:@=yes|no@:>@],[Enables SELinux support [no]])],
+
+ [ if test "$withval" = "yes"; then
+ AC_CHECK_HEADERS([selinux/selinux.h], [],
+ [AC_MSG_ERROR([Missing SELinux header files])])
+ AC_CHECK_LIB(selinux, setfilecon_raw, [],
+ [AC_MSG_ERROR([Missing or incorrect SELinux library])])
+ AC_CHECK_LIB(selinux, getfilecon_raw, [],
+ [AC_MSG_ERROR([Missing or incorrect SELinux library])])
+ AC_CHECK_LIB(selinux, freecon, [],
+ [AC_MSG_ERROR([Missing or incorrect SELinux library])])
+ fi
+ ],[])
+
+AC_SUBST(with_selinux)
+if test "$with_selinux" = "yes"; then
+ AC_DEFINE(WITH_SELINUX, 1, [Define to 1 if SELinux support is enabled])
+fi
+
AC_CHECK_LIB(crypt,crypt,LIBCRYPT="-lcrypt",LIBCRYPT="")
AC_CHECK_HEADERS(crypt.h)
AC_SUBST(LIBCRYPT)
diff -up ypserv-5bfba760283060087aefeb417342bcc66d349b2e/rpc.yppasswdd/Makefile.am.selinux-context ypserv-5bfba760283060087aefeb417342bcc66d349b2e/rpc.yppasswdd/Makefile.am
--- ypserv-5bfba760283060087aefeb417342bcc66d349b2e/rpc.yppasswdd/Makefile.am.selinux-context 2016-11-22 16:40:13.000000000 +0100
+++ ypserv-5bfba760283060087aefeb417342bcc66d349b2e/rpc.yppasswdd/Makefile.am 2018-06-13 15:08:56.017432861 +0200
@@ -24,7 +24,7 @@ sbin_PROGRAMS = rpc.yppasswdd
rpc_yppasswdd_SOURCES = update.c yppasswd_xdr.c yppasswdd.c
-rpc_yppasswdd_LDADD = @PIE_LDFLAGS@ $(top_builddir)/lib/libyp.a $(LIBDBM) $(LIBCRYPT) @SYSTEMD_LIBS@ @NSL_LIBS@ @TIRPC_LIBS@
+rpc_yppasswdd_LDADD = @PIE_LDFLAGS@ $(top_builddir)/lib/libyp.a $(LIBDBM) $(LIBCRYPT) @SYSTEMD_LIBS@ @NSL_LIBS@ @TIRPC_LIBS@ $(LIBSELINUX)
rpc_yppasswdd_CFLAGS = @PIE_CFLAGS@ @SYSTEMD_CFLAGS@ @NSL_CFLAGS@ @TIRPC_CFLAGS@
if ENABLE_REGENERATE_MAN
diff -up ypserv-5bfba760283060087aefeb417342bcc66d349b2e/rpc.yppasswdd/update.c.selinux-context ypserv-5bfba760283060087aefeb417342bcc66d349b2e/rpc.yppasswdd/update.c
--- ypserv-5bfba760283060087aefeb417342bcc66d349b2e/rpc.yppasswdd/update.c.selinux-context 2016-11-22 16:40:13.000000000 +0100
+++ ypserv-5bfba760283060087aefeb417342bcc66d349b2e/rpc.yppasswdd/update.c 2018-07-20 12:01:14.874866767 +0200
@@ -41,6 +41,10 @@
#include "yppwd_local.h"
#include "log_msg.h"
+#ifdef WITH_SELINUX
+#include <selinux/selinux.h>
+#endif /* WITH_SELINUX */
+
#ifndef CHECKROOT
/* Set to 0 if you don't want to check against the root password
of the NIS master server. */
@@ -460,6 +464,9 @@ update_files (yppasswd *yppw, int *shado
FILE *oldpf = NULL, *newpf = NULL, *oldsf = NULL, *newsf = NULL;
struct stat passwd_stat, shadow_stat;
char *rootpass = "x";
+#ifdef WITH_SELINUX
+ char *pSelCon = NULL;
+#endif /* WITH_SELINUX */
#if CHECKROOT
if ((pw = getpwnam ("root")) != NULL)
@@ -520,6 +527,39 @@ update_files (yppasswd *yppw, int *shado
return 1;
}
+#ifdef WITH_SELINUX
+ if (is_selinux_enabled() == 1)
+ {
+ /* Get selinux context of the original file */
+ if (getfilecon_raw(path_passwd, &pSelCon) < 0)
+ {
+ log_msg ("update %.12s (uid=%d) failed",
+ yppw->newpw.pw_name, yppw->newpw.pw_uid);
+ log_msg ("Can't get selinux context %s: %m", path_passwd);
+ freecon(pSelCon);
+ fclose (oldpf);
+ fclose (newpf);
+ unlink (path_passwd_tmp);
+ return 1;
+ }
+
+ /* Set selinux context for tmp file */
+ if (setfilecon_raw(path_passwd_tmp, pSelCon))
+ {
+ log_msg ("update %.12s (uid=%d) failed",
+ yppw->newpw.pw_name, yppw->newpw.pw_uid);
+ log_msg ("Can't set selinux context %s: %m", path_passwd_tmp);
+ freecon(pSelCon);
+ fclose (oldpf);
+ fclose (newpf);
+ unlink (path_passwd_tmp);
+ return 1;
+ }
+ freecon(pSelCon);
+ pSelCon=NULL;
+ }
+# endif /* WITH_SELINUX */
+
/* Open the shadow file for reading. */
if ((oldsf = fopen (path_shadow, "r")) != NULL)
{
@@ -558,6 +598,37 @@ update_files (yppasswd *yppw, int *shado
fclose (oldpf);
return 1;
}
+#ifdef WITH_SELINUX
+ if (is_selinux_enabled() == 1)
+ {
+ if (getfilecon_raw(path_shadow, &pSelCon) < 0)
+ {
+ log_msg ("update %.12s (uid=%d) failed",
+ yppw->newpw.pw_name, yppw->newpw.pw_uid);
+ log_msg ("Can't get selinux context %s: %m", path_shadow);
+ freecon(pSelCon);
+ fclose (newsf);
+ fclose (oldsf);
+ fclose (newpf);
+ fclose (oldpf);
+ return 1;
+ }
+ if (setfilecon_raw(path_shadow_tmp, pSelCon))
+ {
+ log_msg ("update %.12s (uid=%d) failed",
+ yppw->newpw.pw_name, yppw->newpw.pw_uid);
+ log_msg ("Can't set selinux context %s: %m", path_shadow_tmp);
+ freecon(pSelCon);
+ fclose (newsf);
+ fclose (oldsf);
+ fclose (newpf);
+ fclose (oldpf);
+ return 1;
+ }
+ freecon(pSelCon);
+ pSelCon=NULL;
+ }
+#endif /* WITH_SELINUX */
}
/* Loop over all passwd entries */

BIN
ypserv-4.1.tar.gz Normal file
View File

Binary file not shown.

14
ypserv.service Normal file
View File

@ -0,0 +1,14 @@
[Unit]
Description=NIS/YP (Network Information Service) Server
Requires=rpcbind.service
After=syslog.target network.target rpcbind.service
[Service]
Type=notify
NotifyAccess=all
EnvironmentFile=-/etc/sysconfig/network
ExecStart=/usr/sbin/ypserv -f $YPSERV_ARGS
PrivateTmp=true
[Install]
WantedBy=multi-user.target

110
ypserv.spec Normal file
View File

@ -0,0 +1,110 @@
Name: ypserv
Version: 4.1
Release: 1
Summary: The NIS server
License: GPLv2
URL: http://www.linux-nis.org/nis/ypserv/index.html
Source0: https://github.com/thkukuk/%{name}/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
Source1: ypserv.service
Source2: yppasswdd.service
Source3: ypxfrd.service
Source4: rpc.yppasswdd.env
Source5: yppasswdd-pre-setdomain
Source6: yppasswdd
Patch0: ypserv-2.5-redhat.patch
Patch1: ypserv-2.5-nfsnobody2.patch
Patch2: ypserv-2.13-ypxfr-zeroresp.patch
Patch3: ypserv-2.13-nonedomain.patch
Patch4: ypserv-2.19-slp-warning.patch
Patch5: ypserv-4.0-manfix.patch
Patch6: ypserv-2.24-aliases.patch
Patch7: ypserv-2.27-confpost.patch
Patch8: ypserv-2.31-netgrprecur.patch
Patch9: ypserv-4.0-headers.patch
Patch10: ypserv-4.0-selinux-context.patch
BuildRequires: gcc git systemd libxslt autoconf automake
BuildRequires: docbook-style-xsl tokyocabinet-devel libnsl2-devel
BuildRequires: libtirpc-devel systemd-devel libselinux-devel
Requires: tokyocabinet gawk make portmap bash >= 2.0
Requires(pre): hostname
Requires(post): systemd
Requires(preun): systemd
Requires(postun): systemd
%description
The ypserv distributes NIS databases to client systems.The client
must run ypbind.The databases are stored in /var/yp/[domainname].
The domainname is the name of the domain being served.
%package help
Summary: Doc files for ypserv
BuildArch: noarch
%description help
The help package contains doc files for ypserv.
%prep
%autosetup -n %{name}-%{version} -p1 -S git
rm -f etc/netgroup.5 etc/ypserv.conf.5 makedbm/makedbm.8 mknetid/mknetid.8
autoreconf -i
%build
cp etc/README etc/README.etc
export CFLAGS="$RPM_OPT_FLAGS -fpic"
%configure --enable-checkroot --enable-fqdn --libexecdir=%{_libdir}/yp \
--with-dbmliborder=tokyocabinet --localstatedir=%{_localstatedir} --with-selinux
%make_build
%install
%make_install
mkdir -p %{buildroot}/%{_libexecdir}
mkdir -p %{buildroot}/%{_sysconfdir}
mkdir -p %{buildroot}/%{_unitdir}
mkdir -p %{buildroot}/etc/sysconfig
install -m 644 %{SOURCE1} %{buildroot}/%{_unitdir}/ypserv.service
install -m 644 %{SOURCE2} %{buildroot}/%{_unitdir}/yppasswdd.service
install -m 644 %{SOURCE3} %{buildroot}/%{_unitdir}/ypxfrd.service
install -m 755 %{SOURCE4} %{buildroot}/%{_libexecdir}/rpc.yppasswdd.env
install -m 755 %{SOURCE5} %{buildroot}/%{_libexecdir}/yppasswdd-pre-setdomain
install -m 644 %{SOURCE6} %{buildroot}/etc/sysconfig/yppasswdd
install -m 644 etc/ypserv.conf %{buildroot}/%{_sysconfdir}
%pre
%preun
%systemd_preun ypserv.service
%systemd_preun ypxfrd.service
%systemd_preun yppasswdd.service
%post
%systemd_post ypserv.service
%systemd_post ypxfrd.service
%systemd_post yppasswdd.service
%postun
%systemd_postun_with_restart ypserv.service
%systemd_postun_with_restart ypxfrd.service
%systemd_postun_with_restart yppasswdd.service
%files
%doc COPYING AUTHORS
%doc etc/ypserv.conf etc/README.etc etc/securenets
%doc etc/netgroup etc/timezone etc/locale etc/netmasks
%config(noreplace) %{_sysconfdir}/ypserv.conf
%config(noreplace) %{_sysconfdir}/sysconfig/yppasswdd
%{_unitdir}/*.service
%{_includedir}/rpcsvc/ypxfrd.x
%{_libdir}/yp/*
%{_sbindir}/*
%{_libexecdir}/*
%config(noreplace) /var/yp/*
%files help
%doc README INSTALL TODO NEWS ChangeLog
%{_mandir}/*/*
%changelog
* Mon Sep 9 2019 luhuaxin <luhuaxin@huawei.com> - 4.1-1
- Package init

14
ypxfrd.service Normal file
View File

@ -0,0 +1,14 @@
[Unit]
Description=NIS/YP (Network Information Service) Maps Transferring Accelerator
Requires=rpcbind.service
After=syslog.target network.target rpcbind.service
[Service]
Type=notify
NotifyAccess=all
EnvironmentFile=-/etc/sysconfig/network
ExecStart=/usr/sbin/rpc.ypxfrd -f $YPXFRD_ARGS
PrivateTmp=true
[Install]
WantedBy=multi-user.target