From 83af1de259679fa88b2194d22861a31f22718fdf Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Aug 01 2017 03:20:07 +0000 Subject: import libnfsidmap-0.25-17.el7 --- diff --git a/SOURCES/libnfsidmap-0.25-dns-resolved.patch b/SOURCES/libnfsidmap-0.25-dns-resolved.patch new file mode 100644 index 0000000..36746eb --- /dev/null +++ b/SOURCES/libnfsidmap-0.25-dns-resolved.patch @@ -0,0 +1,149 @@ +diff --git a/configure.ac b/configure.ac +index 5179e96..db1cee2 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -13,6 +13,8 @@ AC_PROG_CC + + # Checks for libraries. + ++AC_CHECK_LIB([resolv], [__res_querydomain], , AC_MSG_ERROR(res_querydomain needed)) ++ + AC_ARG_ENABLE([ldap], + [AS_HELP_STRING([--disable-ldap],[Disable support for LDAP @<:@default=detect@:>@])]) + if test "x$enable_ldap" != "xno" ; then +diff --git a/libnfsidmap.c b/libnfsidmap.c +index b9c0db3..d484101 100644 +--- a/libnfsidmap.c ++++ b/libnfsidmap.c +@@ -53,6 +53,10 @@ + #include + #include + #include ++#include ++#include ++#include ++ + #include "nfsidmap.h" + #include "nfsidmap_internal.h" + #include "cfg.h" +@@ -81,6 +85,11 @@ gid_t nobody_gid = (gid_t)-1; + #define IDMAPD_DEFAULT_DOMAIN "localdomain" + #endif + ++#ifndef NFS4DNSTXTREC ++#define NFS4DNSTXTREC "_nfsv4idmapdomain" ++#endif ++ ++ + /* Default logging fuction */ + static void default_logger(const char *fmt, ...) + { +@@ -116,6 +125,93 @@ static int id_as_chars(char *name, uid_t *id) + return 1; + } + ++static int dns_txt_query(char *domain, char **nfs4domain) ++{ ++ char *txtname = NFS4DNSTXTREC; ++ char *msg, *answ, *eom, *mptr; ++ int len, status = -1; ++ HEADER *hdr; ++ ++ msg = calloc(1, NS_MAXMSG); ++ if (msg == NULL) ++ return -1; ++ ++ answ = calloc(1, NS_MAXMSG); ++ if (answ == NULL) { ++ free(msg); ++ return -1; ++ } ++ ++ if (res_init() < 0) { ++ IDMAP_LOG(2, ("libnfsidmap: res_init() failed for %s.%s: %s\n", ++ txtname, domain, hstrerror(h_errno))); ++ goto freemem; ++ } ++ len = res_querydomain(txtname, domain, C_IN, T_TXT, msg, NS_MAXMSG); ++ if (len < 0) { ++ IDMAP_LOG(2, ("libnfsidmap: res_querydomain() failed for %s.%s: %s\n", ++ txtname, domain, hstrerror(h_errno))); ++ goto freemem; ++ } ++ hdr = (HEADER *)msg; ++ ++ /* See if there is an answer */ ++ if (ntohs(hdr->ancount) < 1) { ++ IDMAP_LOG(2, ("libnfsidmap: No TXT record for %s.%s\n", ++ txtname, domain)); ++ goto freemem; ++ } ++ /* find the EndOfMessage */ ++ eom = msg + len; ++ ++ /* skip header */ ++ mptr = &msg[HFIXEDSZ]; ++ ++ /* skip name field in question section */ ++ mptr += dn_skipname(mptr, eom) + QFIXEDSZ; ++ ++ /* read in the question */ ++ len = dn_expand(msg, eom, mptr, answ, NS_MAXDNAME); ++ if (len < 0) { /* does this really matter?? */ ++ IDMAP_LOG(2, ("libnfsidmap: No question section for %s.%s: %s\n", ++ txtname, domain, hstrerror(h_errno))); ++ goto freemem; ++ } ++ ++ /* ++ * Now, dissect the answer section, Note: if there ++ * are more than one answer only the first ++ * one will be used. ++ */ ++ ++ /* skip passed the name field */ ++ mptr += dn_skipname(mptr, eom); ++ /* skip pass the type class and ttl fields */ ++ mptr += 2 + 2 + 4; ++ ++ /* make sure there is some data */ ++ GETSHORT(len, mptr); ++ if (len < 0) { ++ IDMAP_LOG(2, ("libnfsidmap: No data in answer for %s.%s\n", ++ txtname, domain)); ++ goto freemem; ++ } ++ /* get the lenght field */ ++ len = (int)*mptr++; ++ /* copy the data */ ++ memcpy(answ, mptr, len); ++ answ[len] = '\0'; ++ ++ *nfs4domain = strdup(answ); ++ status = 0; ++ ++freemem: ++ free(msg); ++ free(answ); ++ ++ return (status); ++} ++ + static int domain_from_dns(char **domain) + { + struct hostent *he; +@@ -127,7 +223,13 @@ static int domain_from_dns(char **domain) + return -1; + if ((c = strchr(he->h_name, '.')) == NULL || *++c == '\0') + return -1; +- *domain = strdup(c); ++ /* ++ * Query DNS to see if the _nfsv4idmapdomain TXT record exists ++ * If so use it... ++ */ ++ if (dns_txt_query(c, domain) < 0) ++ *domain = strdup(c); ++ + return 0; + } + diff --git a/SOURCES/libnfsidmap-0.25-multidomain.patch b/SOURCES/libnfsidmap-0.25-multidomain.patch new file mode 100644 index 0000000..66d8165 --- /dev/null +++ b/SOURCES/libnfsidmap-0.25-multidomain.patch @@ -0,0 +1,409 @@ +diff -up libnfsidmap-0.25/idmapd.conf.5.orig libnfsidmap-0.25/idmapd.conf.5 +--- libnfsidmap-0.25/idmapd.conf.5.orig 2017-01-10 13:30:28.696901000 -0500 ++++ libnfsidmap-0.25/idmapd.conf.5 2017-01-10 13:32:44.241316000 -0500 +@@ -63,6 +63,30 @@ The local NFSv4 domain name. An NFSv4 d + a unique username<->UID and groupname<->GID mapping. + (Default: Host's fully-qualified DNS domain name) + .TP ++.B No-Strip ++In multi-domain environments, some NFS servers will append the identity ++management domain to the owner and owner_group in lieu of a true NFSv4 ++domain. This option can facilitate lookups in such environments. If ++set to a value other than "none", the nsswitch plugin will first pass ++the name to the password/group lookup function without stripping the ++domain off. If that mapping fails then the plugin will try again using ++the old method (comparing the domain in the string to the Domain value, ++stripping it if it matches, and passing the resulting short name to the ++lookup function). Valid values are "user", "group", "both", and ++"none". ++(Default: "none") ++.TP ++.B Reformat-Group ++Winbind has a quirk whereby doing a group lookup in UPN format ++(e.g. staff@americas.example.com) will cause the group to be ++displayed prefixed with the full domain in uppercase ++(e.g. AMERICAS.EXAMPLE.COM\\staff) instead of in the familiar netbios ++name format (e.g. AMERICAS\\staff). Setting this option to true ++causes the name to be reformatted before passing it to the group ++lookup function in order to work around this. This setting is ++ignored unless No-Strip is set to either "both" or "group". ++(Default: "false") ++.TP + .B Local-Realms + A comma-separated list of Kerberos realm names that may be considered equivalent to the + local realm name. For example, users juser@ORDER.EDU and juser@MAIL.ORDER.EDU +diff -up libnfsidmap-0.25/idmapd.conf.orig libnfsidmap-0.25/idmapd.conf +--- libnfsidmap-0.25/idmapd.conf.orig 2011-12-05 15:28:10.000000000 -0500 ++++ libnfsidmap-0.25/idmapd.conf 2017-01-10 13:32:44.235315000 -0500 +@@ -4,6 +4,29 @@ + # The default is the host's DNS domain name. + #Domain = local.domain.edu + ++# In multi-domain environments, some NFS servers will append the identity ++# management domain to the owner and owner_group in lieu of a true NFSv4 ++# domain. This option can facilitate lookups in such environments. If ++# set to a value other than "none", the nsswitch plugin will first pass ++# the name to the password/group lookup function without stripping the ++# domain off. If that mapping fails then the plugin will try again using ++# the old method (comparing the domain in the string to the Domain value, ++# stripping it if it matches, and passing the resulting short name to the ++# lookup function). Valid values are "user", "group", "both", and ++# "none". The default is "none". ++#No-Strip = none ++ ++# Winbind has a quirk whereby doing a group lookup in UPN format ++# (e.g. staff@americas.example.com) will cause the group to be ++# displayed prefixed with the full domain in uppercase ++# (e.g. AMERICAS.EXAMPLE.COM\staff) instead of in the familiar netbios ++# name format (e.g. AMERICAS\staff). Setting this option to true ++# causes the name to be reformatted before passing it to the group ++# lookup function in order to work around this. This setting is ++# ignored unless No-Strip is set to either "both" or "group". ++# The default is "false". ++#Reformat-Group = false ++ + # The following is a comma-separated list of Kerberos realm + # names that should be considered to be equivalent to the + # local realm, such that @REALM.A can be assumed to +diff -up libnfsidmap-0.25/libnfsidmap.c.orig libnfsidmap-0.25/libnfsidmap.c +--- libnfsidmap-0.25/libnfsidmap.c.orig 2017-01-10 13:30:28.837901000 -0500 ++++ libnfsidmap-0.25/libnfsidmap.c 2017-01-10 13:32:44.247315000 -0500 +@@ -60,6 +60,8 @@ + static char *default_domain; + static struct conf_list *local_realms; + int idmap_verbosity = 0; ++int no_strip = 0; ++int reformat_group = 0; + static struct mapping_plugin **nfs4_plugins = NULL; + static struct mapping_plugin **gss_plugins = NULL; + uid_t nobody_uid = (uid_t)-1; +@@ -234,6 +236,8 @@ int nfs4_init_name_mapping(char *conffil + int dflt = 0; + struct conf_list *nfs4_methods, *gss_methods; + char *nobody_user, *nobody_group; ++ char *nostrip; ++ char *reformatgroup; + + /* XXX: need to be able to reload configurations... */ + if (nfs4_plugins) /* already succesfully initialized */ +@@ -306,6 +310,26 @@ int nfs4_init_name_mapping(char *conffil + IDMAP_LOG(1, ("libnfsidmap: Realms list: ")); + } + ++ nostrip = conf_get_str_with_def("General", "No-Strip", "none"); ++ if (strcasecmp(nostrip, "both") == 0) ++ no_strip = IDTYPE_USER|IDTYPE_GROUP; ++ else if (strcasecmp(nostrip, "group") == 0) ++ no_strip = IDTYPE_GROUP; ++ else if (strcasecmp(nostrip, "user") == 0) ++ no_strip = IDTYPE_USER; ++ else ++ no_strip = 0; ++ ++ if (no_strip & IDTYPE_GROUP) { ++ reformatgroup = conf_get_str_with_def("General", "Reformat-Group", "false"); ++ if ((strcasecmp(reformatgroup, "true") == 0) || ++ (strcasecmp(reformatgroup, "on") == 0) || ++ (strcasecmp(reformatgroup, "yes") == 0)) ++ reformat_group = 1; ++ else ++ reformat_group = 0; ++ } ++ + nfs4_methods = conf_get_list("Translation", "Method"); + if (nfs4_methods) { + IDMAP_LOG(1, ("libnfsidmap: processing 'Method' list")); +diff -up libnfsidmap-0.25/nfsidmap_internal.h.orig libnfsidmap-0.25/nfsidmap_internal.h +--- libnfsidmap-0.25/nfsidmap_internal.h.orig 2011-12-05 15:28:10.000000000 -0500 ++++ libnfsidmap-0.25/nfsidmap_internal.h 2017-01-10 13:32:44.253315000 -0500 +@@ -63,6 +63,8 @@ typedef enum { + IDTYPE_GROUP = 2 + } idtypes; + ++extern int no_strip; ++extern int reformat_group; + extern int idmap_verbosity; + extern nfs4_idmap_log_function_t idmap_log_func; + /* Level zero always prints, others print depending on verbosity level */ +diff -up libnfsidmap-0.25/nss.c.orig libnfsidmap-0.25/nss.c +--- libnfsidmap-0.25/nss.c.orig 2017-01-10 13:30:28.892903000 -0500 ++++ libnfsidmap-0.25/nss.c 2017-01-10 13:32:44.259316000 -0500 +@@ -45,6 +45,7 @@ + #include + #include + #include ++#include + #include "nfsidmap.h" + #include "nfsidmap_internal.h" + #include "cfg.h" +@@ -58,14 +59,20 @@ + * and ignore the domain entirely when looking up a name. + */ + +-static int write_name(char *dest, char *localname, char *domain, size_t len) ++static int write_name(char *dest, char *localname, char *domain, size_t len, ++ int doappend) + { +- if (strlen(localname) + 1 + strlen(domain) + 1 > len) { +- return -ENOMEM; /* XXX: Is there an -ETOOLONG? */ ++ if (doappend || !strchr(localname,'@')) { ++ if (strlen(localname) + 1 + strlen(domain) + 1 > len) ++ return -ENOMEM; /* XXX: Is there an -ETOOLONG? */ ++ strcpy(dest, localname); ++ strcat(dest, "@"); ++ strcat(dest, domain); ++ } else { ++ if (strlen(localname) + 1 > len) ++ return -ENOMEM; ++ strcpy(dest, localname); + } +- strcpy(dest, localname); +- strcat(dest, "@"); +- strcat(dest, domain); + return 0; + } + +@@ -87,7 +94,10 @@ static int nss_uid_to_name(uid_t uid, ch + err = -ENOENT; + if (err) + goto out_buf; +- err = write_name(name, pw->pw_name, domain, len); ++ if (no_strip & IDTYPE_USER) ++ err = write_name(name, pw->pw_name, domain, len, 0); ++ else ++ err = write_name(name, pw->pw_name, domain, len, 1); + out_buf: + free(buf); + out: +@@ -121,7 +131,10 @@ static int nss_gid_to_name(gid_t gid, ch + + if (err) + goto out_buf; +- err = write_name(name, gr->gr_name, domain, len); ++ if (no_strip & IDTYPE_GROUP) ++ err = write_name(name, gr->gr_name, domain, len, 0); ++ else ++ err = write_name(name, gr->gr_name, domain, len, 1); + out_buf: + free(buf); + out: +@@ -164,7 +177,8 @@ struct pwbuf { + char buf[1]; + }; + +-static struct passwd *nss_getpwnam(const char *name, const char *domain, int *err_p) ++static struct passwd *nss_getpwnam(const char *name, const char *domain, ++ int *err_p, int dostrip) + { + struct passwd *pw; + struct pwbuf *buf; +@@ -180,22 +194,29 @@ static struct passwd *nss_getpwnam(const + goto err; + + err = EINVAL; +- localname = strip_domain(name, domain); +- IDMAP_LOG(4, ("nss_getpwnam: name '%s' domain '%s': " +- "resulting localname '%s'", name, domain, localname)); +- if (localname == NULL) { +- IDMAP_LOG(0, ("nss_getpwnam: name '%s' does not map " +- "into domain '%s'", name, +- domain ? domain : "")); +- goto err_free_buf; +- } ++ if (dostrip) { ++ localname = strip_domain(name, domain); ++ IDMAP_LOG(4, ("nss_getpwnam: name '%s' domain '%s': " ++ "resulting localname '%s'", name, domain, localname)); ++ if (localname == NULL) { ++ IDMAP_LOG(0, ("nss_getpwnam: name '%s' does not map " ++ "into domain '%s'", name, ++ domain ? domain : "")); ++ goto err_free_buf; ++ } + +- err = getpwnam_r(localname, &buf->pwbuf, buf->buf, buflen, &pw); +- if (pw == NULL && domain != NULL) +- IDMAP_LOG(0, +- ("nss_getpwnam: name '%s' not found in domain '%s'", +- localname, domain)); +- free(localname); ++ err = getpwnam_r(localname, &buf->pwbuf, buf->buf, buflen, &pw); ++ if (pw == NULL && domain != NULL) ++ IDMAP_LOG(1, ++ ("nss_getpwnam: name '%s' not found in domain '%s'", ++ localname, domain)); ++ free(localname); ++ } else { ++ err = getpwnam_r(name, &buf->pwbuf, buf->buf, buflen, &pw); ++ if (pw == NULL) ++ IDMAP_LOG(1, ++ ("nss_getpwnam: name '%s' not found (domain not stripped)", name)); ++ } + if (err == 0 && pw != NULL) { + *err_p = 0; + return pw; +@@ -217,28 +238,83 @@ static int nss_name_to_uid(char *name, u + int err = -ENOENT; + + domain = get_default_domain(); +- pw = nss_getpwnam(name, domain, &err); ++ if (no_strip & IDTYPE_USER) { ++ pw = nss_getpwnam(name, domain, &err, 0); ++ if (pw != NULL) ++ goto out_uid; ++ } ++ pw = nss_getpwnam(name, domain, &err, 1); + if (pw == NULL) + goto out; ++out_uid: + *uid = pw->pw_uid; ++ IDMAP_LOG(4, ("nss_name_to_uid: name '%s' uid %u", name, *uid)); + free(pw); + err = 0; + out: + return err; + } + +-static int nss_name_to_gid(char *name, gid_t *gid) ++static char *reformat_name(const char *name) ++{ ++ const char *domain; ++ const char *c; ++ const char *d; ++ char *l = NULL; ++ int len; ++ int dlen = 0; ++ int i; ++ ++ c = strchr(name, '@'); ++ if (c == NULL) ++ goto out; ++ len = c - name; ++ domain = ++c; ++ d = strchr(domain, '.'); ++ if (d == NULL) ++ goto out; ++ dlen = d - domain; ++ l = malloc(dlen + 1 + len + 1); ++ if (l == NULL) ++ goto out; ++ for (i = 0; i < dlen; i++) ++ l[i] = toupper(domain[i]); ++ l[dlen] = '\\'; ++ memcpy(l + dlen + 1, name, len); ++ l[dlen + 1 + len] = '\0'; ++out: ++ return l; ++} ++ ++static int _nss_name_to_gid(char *name, gid_t *gid, int dostrip) + { + struct group *gr = NULL; + struct group grbuf; +- char *buf, *localname, *domain; ++ char *buf, *domain; + size_t buflen = sysconf(_SC_GETGR_R_SIZE_MAX); + int err = -EINVAL; ++ char *localname = NULL; ++ char *ref_name = NULL; + + domain = get_default_domain(); +- localname = strip_domain(name, domain); +- if (!localname) +- goto out; ++ if (dostrip) { ++ localname = strip_domain(name, domain); ++ IDMAP_LOG(4, ("nss_name_to_gid: name '%s' domain '%s': " ++ "resulting localname '%s'", name, domain, localname)); ++ if (!localname) { ++ IDMAP_LOG(0, ("nss_name_to_gid: name '%s' does not map " ++ "into domain '%s'", name, domain)); ++ goto out; ++ } ++ } else if (reformat_group) { ++ ref_name = reformat_name(name); ++ if (ref_name == NULL) { ++ IDMAP_LOG(1, ("nss_name_to_gid: failed to reformat name '%s'", ++ name)); ++ err = -ENOENT; ++ goto out; ++ } ++ } + + err = -ENOMEM; + if (buflen > UINT_MAX) +@@ -248,9 +324,24 @@ static int nss_name_to_gid(char *name, g + buf = malloc(buflen); + if (!buf) + goto out_name; +- err = -getgrnam_r(localname, &grbuf, buf, buflen, &gr); +- if (gr == NULL && !err) ++ if (dostrip) ++ err = -getgrnam_r(localname, &grbuf, buf, buflen, &gr); ++ else if (reformat_group) ++ err = -getgrnam_r(ref_name, &grbuf, buf, buflen, &gr); ++ else ++ err = -getgrnam_r(name, &grbuf, buf, buflen, &gr); ++ if (gr == NULL && !err) { ++ if (dostrip) ++ IDMAP_LOG(1, ("nss_name_to_gid: name '%s' not found " ++ "in domain '%s'", localname, domain)); ++ else if (reformat_group) ++ IDMAP_LOG(1, ("nss_name_to_gid: name '%s' not found " ++ "(reformatted)", ref_name)); ++ else ++ IDMAP_LOG(1, ("nss_name_to_gid: name '%s' not found " ++ "(domain not stripped)", name)); + err = -ENOENT; ++ } + if (err == -ERANGE) { + buflen *= 2; + free(buf); +@@ -260,10 +351,28 @@ static int nss_name_to_gid(char *name, g + if (err) + goto out_buf; + *gid = gr->gr_gid; ++ IDMAP_LOG(4, ("nss_name_to_gid: name '%s' gid %u", name, *gid)); + out_buf: + free(buf); + out_name: +- free(localname); ++ if (dostrip) ++ free(localname); ++ if (reformat_group) ++ free(ref_name); ++out: ++ return err; ++} ++ ++static int nss_name_to_gid(char *name, gid_t *gid) ++{ ++ int err = 0; ++ ++ if (no_strip & IDTYPE_GROUP) { ++ err = _nss_name_to_gid(name, gid, 0); ++ if (!err) ++ goto out; ++ } ++ err = _nss_name_to_gid(name, gid, 1); + out: + return err; + } +@@ -306,7 +415,7 @@ static int nss_gss_princ_to_ids(char *se + return -ENOENT; + } + /* XXX: this should call something like getgssauthnam instead? */ +- pw = nss_getpwnam(princ, NULL, &err); ++ pw = nss_getpwnam(princ, NULL, &err, 0); + if (pw == NULL) { + err = -ENOENT; + goto out; +@@ -329,7 +438,7 @@ int nss_gss_princ_to_grouplist(char *sec + goto out; + /* XXX: not quite right? Need to know default realm? */ + /* XXX: this should call something like getgssauthnam instead? */ +- pw = nss_getpwnam(princ, NULL, &ret); ++ pw = nss_getpwnam(princ, NULL, &ret, 0); + if (pw == NULL) { + ret = -ENOENT; + goto out; diff --git a/SOURCES/libnfsidmap-0.25-nssgssprinc.patch b/SOURCES/libnfsidmap-0.25-nssgssprinc.patch new file mode 100644 index 0000000..e4c2c1c --- /dev/null +++ b/SOURCES/libnfsidmap-0.25-nssgssprinc.patch @@ -0,0 +1,40 @@ +nss_gss_princ_to_ids() and nss_gss_princ_to_grouplist() must strip the realm + +nss_gss_princ_to_ids() and nss_gss_princ_to_grouplist() were hard-coded +to call nss_getpwnam with the 'dostrip' arg set to 0, which is the +opposite of what they should have had. Note: there's no point making +the decision to strip or not to strip configurable in these two +functions. Ideally both of these functions should be taking a +gss_name_t instead of a char * for the principal, calling +gss_localname() on that, and passing the result to nss_getpwnam... but +that would require changes in both rpc.svcgssd and libgssglue (both of +which have been deprecated for a while). + +Fixes: 4db1bb1 (libnfsidmap: add options to aid id mapping in multi domain environments) +Signed-off-by: Scott Mayhew +--- + nss.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/nss.c b/nss.c +index 67e657a..82799ce 100644 +--- a/nss.c ++++ b/nss.c +@@ -415,7 +415,7 @@ static int nss_gss_princ_to_ids(char *secname, char *princ, + return -ENOENT; + } + /* XXX: this should call something like getgssauthnam instead? */ +- pw = nss_getpwnam(princ, NULL, &err, 0); ++ pw = nss_getpwnam(princ, NULL, &err, 1); + if (pw == NULL) { + err = -ENOENT; + goto out; +@@ -438,7 +438,7 @@ int nss_gss_princ_to_grouplist(char *secname, char *princ, + goto out; + /* XXX: not quite right? Need to know default realm? */ + /* XXX: this should call something like getgssauthnam instead? */ +- pw = nss_getpwnam(princ, NULL, &ret, 0); ++ pw = nss_getpwnam(princ, NULL, &ret, 1); + if (pw == NULL) { + ret = -ENOENT; + goto out; diff --git a/SPECS/libnfsidmap.spec b/SPECS/libnfsidmap.spec index 22e4af1..9e3f047 100644 --- a/SPECS/libnfsidmap.spec +++ b/SPECS/libnfsidmap.spec @@ -3,7 +3,7 @@ Summary: NFSv4 User and Group ID Mapping Library Name: libnfsidmap Version: 0.25 -Release: 15%{?dist} +Release: 17%{?dist} Provides: libnfsidmap Obsoletes: nfs-utils-lib URL: http://www.citi.umich.edu/projects/nfsv4/linux/ @@ -26,6 +26,12 @@ Patch006: libnfsidmap-0.25-nullnames.patch Patch007: libnfsidmap-0.2-stripnewlines.patch Patch008: libnfsidmap-0.2-negativerets.patch Patch009: libnfsidmap-0.2-memleak.patch +# +# RHEL7.4 +# +Patch010: libnfsidmap-0.25-multidomain.patch +Patch011: libnfsidmap-0.25-dns-resolved.patch +Patch012: libnfsidmap-0.25-nssgssprinc.patch Group: System Environment/Libraries BuildRoot: %{_tmppath}/%{name}-%{version}-root @@ -71,6 +77,12 @@ developing programs which use the libnfsidmap library. # 1271449 - "Covscan test" failures in errata RHBA-2015:20444-05.... %patch008 -p1 %patch009 -p1 +# 1378557 - NFSv4 id mapping issues in multi-domain environments +%patch010 -p1 +# 980925 - rpc.idmapd should support getting the NFSv4 ID Domains from DNS +%patch011 -p1 +# 1420352 - Cannot create file in it's directory using kerberos.... +%patch012 -p1 rm -f configure.in @@ -115,7 +127,14 @@ rm -rf %{buildroot} %{_root_libdir}/*.so %changelog -* Wed Aug 17 2016 Steve Dickson 0.25-14 +* Fri Feb 17 2017 Steve Dickson 0.25-17 +- Fixed stripping realm problem in nss_gss_princ routines (bz 1420352) + +* Tue Jan 10 2017 Steve Dickson 0.25-16 +- Add options to aid id mapping in multi domain environments (bz 1378557) +- Query DNS for the the NFSv4 domain (bz 980925) + +* Wed Aug 17 2016 Steve Dickson 0.25-15 - nss_getpwnam: correctly check for negative values (bz 1271449) - Fixed a memory leak in nss_name_to_gid() (bz 1271449)