diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..4ed69c8 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/rpcbind-0.2.0.tar.bz2 diff --git a/.rpcbind.metadata b/.rpcbind.metadata new file mode 100644 index 0000000..c41f61b --- /dev/null +++ b/.rpcbind.metadata @@ -0,0 +1 @@ +02f077372a76a8f9adfa696004aa437212c28617 SOURCES/rpcbind-0.2.0.tar.bz2 diff --git a/README.md b/README.md deleted file mode 100644 index 0e7897f..0000000 --- a/README.md +++ /dev/null @@ -1,5 +0,0 @@ -The master branch has no content - -Look at the c7 branch if you are working with CentOS-7, or the c4/c5/c6 branch for CentOS-4, 5 or 6 - -If you find this file in a distro specific branch, it means that no content has been checked in yet diff --git a/SOURCES/0001-nfs-Add-with-nss-modules-configure-option-to-specify.patch b/SOURCES/0001-nfs-Add-with-nss-modules-configure-option-to-specify.patch new file mode 100644 index 0000000..b63ed33 --- /dev/null +++ b/SOURCES/0001-nfs-Add-with-nss-modules-configure-option-to-specify.patch @@ -0,0 +1,109 @@ +From d30515b11bea3171b2ba0373f0eda132992538b7 Mon Sep 17 00:00:00 2001 +From: Sami Wagiaalla +Date: Mon, 10 Nov 2014 12:24:05 -0500 +Subject: [PATCH] nfs: Add '--with-nss-modules' configure option to specify nss + modules + +From: Sami Wagiaalla + +I was having trouble setting up NFS on Atomic Host. It turns out +there is an issue when rpcbind is trying to find the uid of the +rpc user. OSTree based operating systems store user information +for system users such as the rpc user in /usr/lib/passwd and +leaves /etc/passwd for humans users. This is enabled by the use +of the nss module nss-altfiles which allows one to specify +additional files to be added the the passwd database. rpcbind +however overrides the rule added to /etc/nsswitch.conf and removes +"altfiles" from the list of modules by doing the following: + + __nss_configure_lookup("passwd", "files"); + +This was added in commit 77f7556878d1fe03dc ("[...]use +__nss_configure_lookup() to restrict the [rpc user] lookup") to +remove "nis" form the list of modules and prevent rpcbind from +having a circular dependency on itself. In an OSTree based +operating system however this prevents rpcbind from finding the rpc +user and the service cannot start. + +This patch adds an option --with-nss-modules which allows one +to specify the nss modules which should be searched for user +information. The default setting is "files" which preserves the +current behavior, but this enables one to add other modules to +the search path. + +Signed-off-by: Sami Wagiaalla +Signed-off-by: Steve Dickson +--- + Makefile.am | 1 + + configure.ac | 7 +++++++ + src/rpcbind.c | 10 ++++++++-- + 3 files changed, 16 insertions(+), 2 deletions(-) + +diff --git a/Makefile.am b/Makefile.am +index b732555..8715082 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -8,6 +8,7 @@ AM_CPPFLAGS = \ + -DINET6 \ + -DRPCBIND_STATEDIR="\"$(statedir)\"" \ + -DRPCBIND_USER="\"$(rpcuser)\"" \ ++ -DNSS_MODULES="\"$(nss_modules)\"" \ + -D_GNU_SOURCE \ + $(TIRPC_CFLAGS) + +diff --git a/configure.ac b/configure.ac +index 39181f0..5a88cc7 100644 +--- a/configure.in ++++ b/configure.in +@@ -27,6 +27,13 @@ AC_ARG_WITH([rpcuser], + ,, [with_rpcuser=root]) + AC_SUBST([rpcuser], [$with_rpcuser]) + ++AC_ARG_WITH([nss_modules], ++ AS_HELP_STRING([--with-nss-modules=NSS_MODULES] ++ , [Sets the nss module search list to the given space-delimited string. ++ For example --with-nss-modules="files altfiles" @<:@default=files@:>@]) ++ ,, [with_nss_modules=files]) ++AC_SUBST([nss_modules], [$with_nss_modules]) ++ + PKG_CHECK_MODULES([TIRPC], [libtirpc]) + + AS_IF([test x$enable_libwrap = xyes], [ +diff --git a/src/rpcbind.c b/src/rpcbind.c +index 924aca1..e3462e3 100644 +--- a/src/rpcbind.c ++++ b/src/rpcbind.c +@@ -91,6 +91,12 @@ char *rpcbinduser = RPCBIND_USER; + char *rpcbinduser = NULL; + #endif + ++#ifdef NSS_MODULES ++char *nss_modules = NSS_MODULES; ++#else ++char *nss_modules = "files"; ++#endif ++ + /* who to suid to if -s is given */ + #define RUN_AS "daemon" + +@@ -165,7 +171,7 @@ main(int argc, char *argv[]) + * Make sure we use the local service file + * for service lookkups + */ +- __nss_configure_lookup("services", "files"); ++ __nss_configure_lookup("services", nss_modules); + + nc_handle = setnetconfig(); /* open netconfig file */ + if (nc_handle == NULL) { +@@ -231,7 +237,7 @@ main(int argc, char *argv[]) + * Make sure we use the local password file + * for these lookups. + */ +- __nss_configure_lookup("passwd", "files"); ++ __nss_configure_lookup("passwd", nss_modules); + + if((p = getpwnam(id)) == NULL) { + syslog(LOG_ERR, "cannot get uid of '%s': %m", id); +-- +1.8.3.1 + diff --git a/SOURCES/rpcbind-0.2.0-rpcinfo-mantypo.patch b/SOURCES/rpcbind-0.2.0-rpcinfo-mantypo.patch new file mode 100644 index 0000000..2f85edf --- /dev/null +++ b/SOURCES/rpcbind-0.2.0-rpcinfo-mantypo.patch @@ -0,0 +1,22 @@ +commit 6e67b1e5e3a36649ad05829f8bae9d2a9e703594 +Author: Steve Dickson +Date: Mon Sep 22 08:49:08 2014 -0400 + + rpcinfo: Fixed typo in rpcinfo man page + + Signed-off-by: Steve Dickson + +diff --git a/man/rpcinfo.8 b/man/rpcinfo.8 +index 5ece18f..750ffce 100644 +--- a/man/rpcinfo.8 ++++ b/man/rpcinfo.8 +@@ -20,8 +20,7 @@ + .Nm "rpcinfo" + .Fl l + .Op Fl T Ar transport +-.Ar host Ar prognum +-.Op Ar versnum ++.Ar host Ar prognum Ar versnum + .Nm "rpcinfo" + .Op Fl n Ar portnum + .Fl u diff --git a/SOURCES/rpcbind-0.2.0-warnings.patch b/SOURCES/rpcbind-0.2.0-warnings.patch new file mode 100644 index 0000000..f586406 --- /dev/null +++ b/SOURCES/rpcbind-0.2.0-warnings.patch @@ -0,0 +1,39 @@ +commit d62f79d7905149719715f74c188b47d7911c928c +Author: Steve Dickson +Date: Mon Aug 18 11:44:19 2014 -0400 + + rpcbind: Remove a strict-aliasing warning + + src/util.c: In function ?in6_fillscopeid?: + src/util.c:106:3: warning: dereferencing type-punned pointer will break + strict-aliasing rules [-Wstrict-aliasing] + ifindex = ntohs(*(u_int16_t *)&sin6->sin6_addr.s6_addr[2]); + ^ + + src/util.c:109:4: warning: dereferencing type-punned pointer will break + strict-aliasing rules [-Wstrict-aliasing] + *(u_int16_t *)&sin6->sin6_addr.s6_addr[2] = 0; + + Signed-off-by: Steve Dickson + +diff --git a/src/util.c b/src/util.c +index 9a5fb69..7d56479 100644 +--- a/src/util.c ++++ b/src/util.c +@@ -101,12 +101,14 @@ static void + in6_fillscopeid(struct sockaddr_in6 *sin6) + { + u_int16_t ifindex; ++ u_int16_t *addr; + + if (IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) { +- ifindex = ntohs(*(u_int16_t *)&sin6->sin6_addr.s6_addr[2]); ++ addr = (u_int16_t *)&sin6->sin6_addr.s6_addr[2]; ++ ifindex = ntohs(*addr); + if (sin6->sin6_scope_id == 0 && ifindex != 0) { + sin6->sin6_scope_id = ifindex; +- *(u_int16_t *)&sin6->sin6_addr.s6_addr[2] = 0; ++ *addr = 0; + } + } + } diff --git a/SOURCES/rpcbind-0_2_1-rc4.patch b/SOURCES/rpcbind-0_2_1-rc4.patch new file mode 100644 index 0000000..44b8cb9 --- /dev/null +++ b/SOURCES/rpcbind-0_2_1-rc4.patch @@ -0,0 +1,1093 @@ +diff --git a/.gitignore b/.gitignore +index 5a7546c..bee4bab 100644 +--- a/.gitignore ++++ b/.gitignore +@@ -1,3 +1,4 @@ ++INSTALL + Makefile + Makefile.in + aclocal.m4 +@@ -13,18 +14,14 @@ depcomp + install-sh + libtool + ltmain.sh +-man/Makefile +-man/Makefile.in + missing +-src/.deps/ +-src/Makefile +-src/Makefile.in + src/config.h + src/stamp-h2 + stamp-h1 + # file generated during compilation ++.deps + *.o +-src/rpcbind +-src/rpcinfo ++rpcbind ++rpcinfo + # cscope database files + cscope.* +diff --git a/INSTALL b/INSTALL +index 98e5d87..7d1c323 100644 +--- a/INSTALL ++++ b/INSTALL +@@ -1,32 +1,25 @@ +-Copyright 1994, 1995, 1996, 1999, 2000, 2001, 2002 Free Software +-Foundation, Inc. ++Installation Instructions ++************************* + +- This file is free documentation; the Free Software Foundation gives +-unlimited permission to copy, distribute and modify it. +- +- +-rpcbind Quick Installation +-========================== +- +-$ ./configure +-$ make +-# make install +- +- The install phase will install the rpcbind and rpcinfo commands +-under /usr/bin. If you wish they replace the basic portmap and +-rpcinfo commands, you can run: +- +-# mv /sbin/portmap /sbin/portmap.sav +-# ln -s /usr/bin/rpcbind /sbin/portmap +- +-# mv /usr/sbin/rpcinfo /usr/sbin/rpcinfo.sav +-# ln -s /usr/bin/rpcinfo /usr/sbin/rpcinfo ++Copyright (C) 1994, 1995, 1996, 1999, 2000, 2001, 2002, 2004, 2005, ++2006, 2007, 2008, 2009 Free Software Foundation, Inc. + ++ Copying and distribution of this file, with or without modification, ++are permitted in any medium without royalty provided the copyright ++notice and this notice are preserved. This file is offered as-is, ++without warranty of any kind. + + Basic Installation + ================== + +- These are generic installation instructions. ++ Briefly, the shell commands `./configure; make; make install' should ++configure, build, and install this package. The following ++more-detailed instructions are generic; see the `README' file for ++instructions specific to this package. Some packages provide this ++`INSTALL' file but do not implement all of the features documented ++below. The lack of an optional feature in a given package is not ++necessarily a bug. More recommendations for GNU packages can be found ++in *note Makefile Conventions: (standards)Makefile Conventions. + + The `configure' shell script attempts to guess correct values for + various system-dependent variables used during compilation. It uses +@@ -39,9 +32,9 @@ debugging `configure'). + + It can also use an optional file (typically called `config.cache' + and enabled with `--cache-file=config.cache' or simply `-C') that saves +-the results of its tests to speed up reconfiguring. (Caching is ++the results of its tests to speed up reconfiguring. Caching is + disabled by default to prevent problems with accidental use of stale +-cache files.) ++cache files. + + If you need to do unusual things to compile the package, please try + to figure out how `configure' could check whether to do them, and mail +@@ -51,30 +44,37 @@ some point `config.cache' contains results you don't want to keep, you + may remove or edit it. + + The file `configure.ac' (or `configure.in') is used to create +-`configure' by a program called `autoconf'. You only need +-`configure.ac' if you want to change it or regenerate `configure' using +-a newer version of `autoconf'. ++`configure' by a program called `autoconf'. You need `configure.ac' if ++you want to change it or regenerate `configure' using a newer version ++of `autoconf'. + +-The simplest way to compile this package is: ++ The simplest way to compile this package is: + + 1. `cd' to the directory containing the package's source code and type +- `./configure' to configure the package for your system. If you're +- using `csh' on an old version of System V, you might need to type +- `sh ./configure' instead to prevent `csh' from trying to execute +- `configure' itself. ++ `./configure' to configure the package for your system. + +- Running `configure' takes awhile. While running, it prints some +- messages telling which features it is checking for. ++ Running `configure' might take a while. While running, it prints ++ some messages telling which features it is checking for. + + 2. Type `make' to compile the package. + + 3. Optionally, type `make check' to run any self-tests that come with +- the package. ++ the package, generally using the just-built uninstalled binaries. + + 4. Type `make install' to install the programs and any data files and +- documentation. +- +- 5. You can remove the program binaries and object files from the ++ documentation. When installing into a prefix owned by root, it is ++ recommended that the package be configured and built as a regular ++ user, and only the `make install' phase executed with root ++ privileges. ++ ++ 5. Optionally, type `make installcheck' to repeat any self-tests, but ++ this time using the binaries in their final installed location. ++ This target does not install anything. Running this target as a ++ regular user, particularly if the prior `make install' required ++ root privileges, verifies that the installation completed ++ correctly. ++ ++ 6. You can remove the program binaries and object files from the + source code directory by typing `make clean'. To also remove the + files that `configure' created (so you can compile the package for + a different kind of computer), type `make distclean'. There is +@@ -83,6 +83,16 @@ The simplest way to compile this package is: + all sorts of other programs in order to regenerate files that came + with the distribution. + ++ 7. Often, you can also type `make uninstall' to remove the installed ++ files again. In practice, not all packages have tested that ++ uninstallation works correctly, even though it is required by the ++ GNU Coding Standards. ++ ++ 8. Some packages, particularly those that use Automake, provide `make ++ distcheck', which can by used by developers to test that all other ++ targets like `make install' and `make uninstall' work correctly. ++ This target is generally not run by end users. ++ + Compilers and Options + ===================== + +@@ -94,7 +104,7 @@ for details on some of the pertinent environment variables. + by setting variables in the command line or in the environment. Here + is an example: + +- ./configure CC=c89 CFLAGS=-O2 LIBS=-lposix ++ ./configure CC=c99 CFLAGS=-g LIBS=-lposix + + *Note Defining Variables::, for more details. + +@@ -103,44 +113,89 @@ Compiling For Multiple Architectures + + You can compile the package for more than one kind of computer at the + same time, by placing the object files for each architecture in their +-own directory. To do this, you must use a version of `make' that +-supports the `VPATH' variable, such as GNU `make'. `cd' to the ++own directory. To do this, you can use GNU `make'. `cd' to the + directory where you want the object files and executables to go and run + the `configure' script. `configure' automatically checks for the +-source code in the directory that `configure' is in and in `..'. ++source code in the directory that `configure' is in and in `..'. This ++is known as a "VPATH" build. + +- If you have to use a `make' that does not support the `VPATH' +-variable, you have to compile the package for one architecture at a +-time in the source code directory. After you have installed the +-package for one architecture, use `make distclean' before reconfiguring +-for another architecture. ++ With a non-GNU `make', it is safer to compile the package for one ++architecture at a time in the source code directory. After you have ++installed the package for one architecture, use `make distclean' before ++reconfiguring for another architecture. ++ ++ On MacOS X 10.5 and later systems, you can create libraries and ++executables that work on multiple system types--known as "fat" or ++"universal" binaries--by specifying multiple `-arch' options to the ++compiler but only a single `-arch' option to the preprocessor. Like ++this: ++ ++ ./configure CC="gcc -arch i386 -arch x86_64 -arch ppc -arch ppc64" \ ++ CXX="g++ -arch i386 -arch x86_64 -arch ppc -arch ppc64" \ ++ CPP="gcc -E" CXXCPP="g++ -E" ++ ++ This is not guaranteed to produce working output in all cases, you ++may have to build one architecture at a time and combine the results ++using the `lipo' tool if you have problems. + + Installation Names + ================== + +- By default, `make install' will install the package's files in +-`/usr/local/bin', `/usr/local/man', etc. You can specify an +-installation prefix other than `/usr/local' by giving `configure' the +-option `--prefix=PATH'. ++ By default, `make install' installs the package's commands under ++`/usr/local/bin', include files under `/usr/local/include', etc. You ++can specify an installation prefix other than `/usr/local' by giving ++`configure' the option `--prefix=PREFIX', where PREFIX must be an ++absolute file name. + + You can specify separate installation prefixes for + architecture-specific files and architecture-independent files. If you +-give `configure' the option `--exec-prefix=PATH', the package will use +-PATH as the prefix for installing programs and libraries. +-Documentation and other data files will still use the regular prefix. ++pass the option `--exec-prefix=PREFIX' to `configure', the package uses ++PREFIX as the prefix for installing programs and libraries. ++Documentation and other data files still use the regular prefix. + + In addition, if you use an unusual directory layout you can give +-options like `--bindir=PATH' to specify different values for particular ++options like `--bindir=DIR' to specify different values for particular + kinds of files. Run `configure --help' for a list of the directories +-you can set and what kinds of files go in them. ++you can set and what kinds of files go in them. In general, the ++default for these options is expressed in terms of `${prefix}', so that ++specifying just `--prefix' will affect all of the other directory ++specifications that were not explicitly provided. ++ ++ The most portable way to affect installation locations is to pass the ++correct locations to `configure'; however, many packages provide one or ++both of the following shortcuts of passing variable assignments to the ++`make install' command line to change installation locations without ++having to reconfigure or recompile. ++ ++ The first method involves providing an override variable for each ++affected directory. For example, `make install ++prefix=/alternate/directory' will choose an alternate location for all ++directory configuration variables that were expressed in terms of ++`${prefix}'. Any directories that were specified during `configure', ++but not in terms of `${prefix}', must each be overridden at install ++time for the entire installation to be relocated. The approach of ++makefile variable overrides for each directory variable is required by ++the GNU Coding Standards, and ideally causes no recompilation. ++However, some platforms have known limitations with the semantics of ++shared libraries that end up requiring recompilation when using this ++method, particularly noticeable in packages that use GNU Libtool. ++ ++ The second method involves providing the `DESTDIR' variable. For ++example, `make install DESTDIR=/alternate/directory' will prepend ++`/alternate/directory' before all installation names. The approach of ++`DESTDIR' overrides is not required by the GNU Coding Standards, and ++does not work on platforms that have drive letters. On the other hand, ++it does better at avoiding recompilation issues, and works well even ++when some directory options were not specified in terms of `${prefix}' ++at `configure' time. ++ ++Optional Features ++================= + + If the package supports it, you can cause programs to be installed + with an extra prefix or suffix on their names by giving `configure' the + option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'. + +-Optional Features +-================= +- + Some packages pay attention to `--enable-FEATURE' options to + `configure', where FEATURE indicates an optional part of the package. + They may also pay attention to `--with-PACKAGE' options, where PACKAGE +@@ -153,6 +208,45 @@ find the X include and library files automatically, but if it doesn't, + you can use the `configure' options `--x-includes=DIR' and + `--x-libraries=DIR' to specify their locations. + ++ Some packages offer the ability to configure how verbose the ++execution of `make' will be. For these packages, running `./configure ++--enable-silent-rules' sets the default to minimal output, which can be ++overridden with `make V=1'; while running `./configure ++--disable-silent-rules' sets the default to verbose, which can be ++overridden with `make V=0'. ++ ++Particular systems ++================== ++ ++ On HP-UX, the default C compiler is not ANSI C compatible. If GNU ++CC is not installed, it is recommended to use the following options in ++order to use an ANSI C compiler: ++ ++ ./configure CC="cc -Ae -D_XOPEN_SOURCE=500" ++ ++and if that doesn't work, install pre-built binaries of GCC for HP-UX. ++ ++ On OSF/1 a.k.a. Tru64, some versions of the default C compiler cannot ++parse its `' header file. The option `-nodtk' can be used as ++a workaround. If GNU CC is not installed, it is therefore recommended ++to try ++ ++ ./configure CC="cc" ++ ++and if that doesn't work, try ++ ++ ./configure CC="cc -nodtk" ++ ++ On Solaris, don't put `/usr/ucb' early in your `PATH'. This ++directory contains several dysfunctional programs; working variants of ++these programs are available in `/usr/bin'. So, if you need `/usr/ucb' ++in your `PATH', put it _after_ `/usr/bin'. ++ ++ On Haiku, software installed for all users goes in `/boot/common', ++not `/usr/local'. It is recommended to use the following options: ++ ++ ./configure --prefix=/boot/common ++ + Specifying the System Type + ========================== + +@@ -168,14 +262,15 @@ type, such as `sun4', or a canonical name which has the form: + + where SYSTEM can have one of these forms: + +- OS KERNEL-OS ++ OS ++ KERNEL-OS + + See the file `config.sub' for the possible values of each field. If + `config.sub' isn't included in this package, then this package doesn't + need to know the machine type. + + If you are _building_ compiler tools for cross-compiling, you should +-use the `--target=TYPE' option to select the type of system they will ++use the option `--target=TYPE' to select the type of system they will + produce code for. + + If you want to _use_ a cross compiler, that generates code for a +@@ -205,9 +300,14 @@ them in the `configure' command line, using `VAR=value'. For example: + + ./configure CC=/usr/local2/bin/gcc + +-will cause the specified gcc to be used as the C compiler (unless it is ++causes the specified `gcc' to be used as the C compiler (unless it is + overridden in the site shell script). + ++Unfortunately, this technique does not work for `CONFIG_SHELL' due to ++an Autoconf bug. Until the bug is fixed you can use this workaround: ++ ++ CONFIG_SHELL=/bin/bash /bin/bash ./configure CONFIG_SHELL=/bin/bash ++ + `configure' Invocation + ====================== + +@@ -216,7 +316,14 @@ operates. + + `--help' + `-h' +- Print a summary of the options to `configure', and exit. ++ Print a summary of all of the options to `configure', and exit. ++ ++`--help=short' ++`--help=recursive' ++ Print a summary of the options unique to this package's ++ `configure', and exit. The `short' variant lists options used ++ only in the top level, while the `recursive' variant lists options ++ also present in any nested packages. + + `--version' + `-V' +@@ -243,6 +350,16 @@ operates. + Look for the package's source code in directory DIR. Usually + `configure' can determine that directory automatically. + ++`--prefix=DIR' ++ Use DIR as the installation prefix. *note Installation Names:: ++ for more details, including other options available for fine-tuning ++ the installation locations. ++ ++`--no-create' ++`-n' ++ Run the configure checks, but stop before creating any output ++ files. ++ + `configure' also accepts some other, not widely useful, options. Run + `configure --help' for more details. + +diff --git a/Makefile.am b/Makefile.am +index cd56148..d10c906 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -1,2 +1,44 @@ +-SUBDIRS= src man ++AM_CPPFLAGS = \ ++ -DCHECK_LOCAL \ ++ -DPORTMAP \ ++ -DFACILITY=LOG_MAIL \ ++ -DSEVERITY=LOG_INFO \ ++ -DINET6 \ ++ -DRPCBIND_STATEDIR="\"$(statedir)\"" \ ++ -DRPCBIND_USER="\"$(rpcuser)\"" \ ++ -D_GNU_SOURCE \ ++ $(TIRPC_CFLAGS) + ++if DEBUG ++AM_CPPFLAGS += -DRPCBIND_DEBUG -DSVC_RUN_DEBUG -DDEBUG_RMTCALL ++AM_CPPFLAGS += -DND_DEBUG -DBIND_DEBUG ++endif ++ ++if WARMSTART ++AM_CPPFLAGS += -DWARMSTART ++endif ++ ++if LIBWRAP ++AM_CPPFLAGS += -DLIBWRAP ++endif ++ ++bin_PROGRAMS = rpcbind rpcinfo ++ ++rpcbind_SOURCES = \ ++ src/check_bound.c \ ++ src/pmap_svc.c \ ++ src/rpcb_stat.c \ ++ src/rpcb_svc.c \ ++ src/rpcb_svc_4.c \ ++ src/rpcb_svc_com.c \ ++ src/rpcbind.c \ ++ src/rpcbind.h \ ++ src/security.c \ ++ src/util.c \ ++ src/warmstart.c ++rpcbind_LDADD = $(TIRPC_LIBS) ++ ++rpcinfo_SOURCES = src/rpcinfo.c ++rpcinfo_LDADD = $(TIRPC_LIBS) ++ ++dist_man8_MANS = man/rpcbind.8 man/rpcinfo.8 +diff --git a/autogen.sh b/autogen.sh +index 1613b6d..761db90 100755 +--- a/autogen.sh ++++ b/autogen.sh +@@ -36,7 +36,7 @@ if test x"${1}" = x"clean"; then + fi + + aclocal +-libtoolize --force --copy +-autoheader ++#libtoolize --force --copy ++#autoheader + automake --add-missing --copy --gnu # -Wall + autoconf # -Wall +diff --git a/configure.in b/configure.in +index de1c730..2b67720 100644 +--- a/configure.in ++++ b/configure.in +@@ -1,66 +1,39 @@ +- AC_INIT(rpcbind, 0.2.0) ++AC_INIT(rpcbind, 0.2.0) + +- AM_INIT_AUTOMAKE +-# AM_MAINTAINER_MODE ++AM_INIT_AUTOMAKE + AC_CONFIG_SRCDIR([src/rpcbind.c]) +- AC_PROG_CC +- AM_CONFIG_HEADER(config.h) +- AC_HEADER_DIRENT +- AC_PREFIX_DEFAULT(/usr) +- +-AC_CONFIG_SRCDIR([src/config.h.in]) +-AC_CONFIG_HEADERS([src/config.h]) +- +-AC_PROG_LIBTOOL +- +-AC_ARG_ENABLE(debug,[ --enable-debug Turns on rpcbind debugging], +- [case "${enableval}" in +- yes) debug=true ;; +- no) debug=no ;; +- *) AC_MSG_ERROR(bad value ${enableval} for --enable-debug) ;; +- esac],[debug=false]) +-AM_CONDITIONAL(DEBUG, test x$debug = xtrue) +- +-AC_ARG_ENABLE(warmstarts,[ --enable-warmstarts Enables Warm Starts], +- [case "${enableval}" in +- yes) warmstarts=true ;; +- no) warmstarts=no ;; +- *) AC_MSG_ERROR(bad value ${enableval} for --enable-warmstarts) ;; +- esac],[warmstarts=false]) +-AM_CONDITIONAL(WARMSTART, test x$warmstarts = xtrue) +- +-if test "$warmstarts" = "true" ; then +- AC_ARG_WITH(statedir, +- [ --with-statedir=/foo use state dir /foo [/tmp]], +- statedir=$withval, +- statedir=/tmp) +- AC_SUBST(statedir) +- AC_DEFINE_UNQUOTED(RPCBIND_STATEDIR, "$statedir", [This defines the location where the state files will be kept for warm starts]) +-fi +-AC_ARG_WITH(rpcuser, +- [ --with-rpcuser=user uid to use [root]], +- rpcuser=$withval, +- rpcuser=root) +- AC_SUBST(rpcuser) +-AC_DEFINE_UNQUOTED(RPCBIND_USER, "$rpcuser", [This defines the uid to run as]) ++AC_PREFIX_DEFAULT(/usr) ++AC_PROG_CC ++ ++AC_ARG_ENABLE([libwrap], ++ AS_HELP_STRING([--enable-libwrap], [Enables host name checking through tcpd @<:@default=no@:>@])) ++AM_CONDITIONAL(LIBWRAP, test x$enable_libwrap = xyes) ++ ++AC_ARG_ENABLE([debug], ++ AS_HELP_STRING([--enable-debug], [Turns on rpcbind debugging @<:@default=no@:>@])) ++AM_CONDITIONAL(DEBUG, test x$enable_debug = xyes) ++ ++AC_ARG_ENABLE([warmstarts], ++ AS_HELP_STRING([--enable-warmstarts], [Enables Warm Starts @<:@default=no@:>@])) ++AM_CONDITIONAL(WARMSTART, test x$enable_warmstarts = xyes) ++ ++AC_ARG_WITH([statedir], ++ AS_HELP_STRING([--with-statedir=ARG], [use ARG as state dir @<:@default=/tmp@:>@]) ++ ,, [with_statedir=/tmp]) ++AC_SUBST([statedir], [$with_statedir]) ++ ++AC_ARG_WITH([rpcuser], ++ AS_HELP_STRING([--with-rpcuser=ARG], [use ARG for RPC @<:@default=root@:>@]), ++ ,, [with_rpcuser=root]) ++AC_SUBST([rpcuser], [$with_rpcuser]) ++ ++PKG_CHECK_MODULES([TIRPC], [libtirpc]) + +-AC_CHECK_HEADERS([arpa/inet.h fcntl.h netdb.h \ +- netinet/in.h stdlib.h string.h \ +- sys/param.h sys/socket.h \ +- sys/time.h syslog.h \ +- unistd.h nss.h]) ++AS_IF([test x$enable_libwrap = xyes], [ ++ AC_CHECK_LIB([wrap], [hosts_access], , ++ AC_MSG_ERROR([libwrap support requested but unable to find libwrap])) ++]) + +-AC_CHECK_LIB([pthread], [pthread_create]) +-AC_CHECK_LIB([tirpc], [clnt_create]) +-AC_ARG_ENABLE(libwrap,[ --enable-libwrap Enables host name checking], +- [case "${enableval}" in +- yes) libwarp=true +- AC_CHECK_LIB([wrap], [hosts_access]) ;; +- no) libwarp=no ;; +- *) AC_MSG_ERROR(bad value ${enableval} for --enable-libwrap) ;; +- esac],[libwarp=false]) +-AM_CONDITIONAL(LIBWRAP, test x$libwarp = xtrue) ++AC_SEARCH_LIBS([pthread_create], [pthread]) + +-AC_CONFIG_FILES([Makefile src/Makefile man/Makefile]) +-AC_OUTPUT() +- ++AC_OUTPUT([Makefile]) +diff --git a/man/Makefile.am b/man/Makefile.am +deleted file mode 100644 +index 84818e9..0000000 +--- a/man/Makefile.am ++++ /dev/null +@@ -1,2 +0,0 @@ +-man8_MANS = rpcbind.8 +-EXTRA_DIST = $(man8_MANS) +diff --git a/man/rpcbind.8 b/man/rpcbind.8 +index 32806d4..da32701 100644 +--- a/man/rpcbind.8 ++++ b/man/rpcbind.8 +@@ -82,6 +82,8 @@ during operation, and will abort on certain errors if + is also specified. + With this option, the name-to-address translation consistency + checks are shown in detail. ++.It Fl f ++Do not fork and become a background process. + .It Fl h + Specify specific IP addresses to bind to for UDP requests. + This option +@@ -141,7 +143,6 @@ All RPC servers must be restarted if + .Nm + is restarted. + .Sh SEE ALSO +-.Xr rpcbind 3 , + .Xr rpcinfo 8 + .Sh LINUX PORT + .Bl Aurelien Charbon +diff --git a/src/Makefile.am b/src/Makefile.am +deleted file mode 100644 +index cc0a85b..0000000 +--- a/src/Makefile.am ++++ /dev/null +@@ -1,34 +0,0 @@ +-INCLUDES = -I$(srcdir)/tirpc -DPORTMAP -DINET6 -DVERSION="\"$(VERSION)\"" \ +- -D_GNU_SOURCE -Wall -pipe +-if DEBUG +-INCLUDES += -DRPCBIND_DEBUG -DSVC_RUN_DEBUG -DDEBUG_RMTCALL +-INCLUDES += -DND_DEBUG -DBIND_DEBUG +-endif +- +-if WARMSTART +-INCLUDES += -DWARMSTART +-endif +- +-if LIBWRAP +-INCLUDES += -DLIBWRAP +-endif +- +- +-bin_PROGRAMS = rpcbind rpcinfo +- +-rpcbind_SOURCES = check_bound.c rpcbind.c \ +- rpcb_svc_4.c rpcb_svc_com.c \ +- util.c pmap_svc.c rpcb_stat.c \ +- rpcb_svc.c security.c warmstart.c \ +- rpcbind.h +- +-rpcinfo_SOURCES = rpcinfo.c +-rpcinfo_LDFLAGS = -lpthread -ltirpc +-rpcinfo_LDADD = $(LIB_TIRPC) +- +- +-rpcbind_LDFLAGS = -lpthread -ltirpc +-rpcbind_LDADD = $(LIB_TIRPC) +-AM_CPPFLAGS = -I/usr/include/tirpc -DCHECK_LOCAL -DPORTMAP \ +- -DFACILITY=LOG_MAIL -DSEVERITY=LOG_INFO +- +diff --git a/src/config.h.in b/src/config.h.in +deleted file mode 100644 +index 67a0e39..0000000 +--- a/src/config.h.in ++++ /dev/null +@@ -1,105 +0,0 @@ +-/* config.h.in. Generated from configure.in by autoheader. */ +- +-/* Define to 1 if you have the header file. */ +-#undef HAVE_ARPA_INET_H +- +-/* Define to 1 if you have the header file, and it defines `DIR'. +- */ +-#undef HAVE_DIRENT_H +- +-/* Define to 1 if you have the header file. */ +-#undef HAVE_FCNTL_H +- +-/* Define to 1 if you have the header file. */ +-#undef HAVE_INTTYPES_H +- +-/* Define to 1 if you have the `pthread' library (-lpthread). */ +-#undef HAVE_LIBPTHREAD +- +-/* Define to 1 if you have the `tirpc' library (-ltirpc). */ +-#undef HAVE_LIBTIRPC +- +-/* Define to 1 if you have the header file. */ +-#undef HAVE_MEMORY_H +- +-/* Define to 1 if you have the header file, and it defines `DIR'. */ +-#undef HAVE_NDIR_H +- +-/* Define to 1 if you have the header file. */ +-#undef HAVE_NETDB_H +- +-/* Define to 1 if you have the header file. */ +-#undef HAVE_NETINET_IN_H +- +-/* Define to 1 if you have the header file. */ +-#undef HAVE_STDINT_H +- +-/* Define to 1 if you have the header file. */ +-#undef HAVE_STDLIB_H +- +-/* Define to 1 if you have the header file. */ +-#undef HAVE_STRINGS_H +- +-/* Define to 1 if you have the header file. */ +-#undef HAVE_STRING_H +- +-/* Define to 1 if you have the header file. */ +-#undef HAVE_SYSLOG_H +- +-/* Define to 1 if you have the header file, and it defines `DIR'. +- */ +-#undef HAVE_SYS_DIR_H +- +-/* Define to 1 if you have the header file, and it defines `DIR'. +- */ +-#undef HAVE_SYS_NDIR_H +- +-/* Define to 1 if you have the header file. */ +-#undef HAVE_SYS_PARAM_H +- +-/* Define to 1 if you have the header file. */ +-#undef HAVE_SYS_SOCKET_H +- +-/* Define to 1 if you have the header file. */ +-#undef HAVE_SYS_STAT_H +- +-/* Define to 1 if you have the header file. */ +-#undef HAVE_SYS_TIME_H +- +-/* Define to 1 if you have the header file. */ +-#undef HAVE_SYS_TYPES_H +- +-/* Define to 1 if you have the header file. */ +-#undef HAVE_UNISTD_H +- +-/* Name of package */ +-#undef PACKAGE +- +-/* Define to the address where bug reports for this package should be sent. */ +-#undef PACKAGE_BUGREPORT +- +-/* Define to the full name of this package. */ +-#undef PACKAGE_NAME +- +-/* Define to the full name and version of this package. */ +-#undef PACKAGE_STRING +- +-/* Define to the one symbol short name of this package. */ +-#undef PACKAGE_TARNAME +- +-/* Define to the version of this package. */ +-#undef PACKAGE_VERSION +- +-/* Define to 1 if you have the ANSI C header files. */ +-#undef STDC_HEADERS +- +-/* Version number of package */ +-#undef VERSION +- +-/* This defines the location where the state files will be kept for warm +- starts */ +-#undef RPCBIND_STATEDIR +- +-/* This defines the uid to run as */ +-#undef RPCBIND_USER +- +diff --git a/src/pmap_svc.c b/src/pmap_svc.c +index 4736700..337e64d 100644 +--- a/src/pmap_svc.c ++++ b/src/pmap_svc.c +@@ -80,7 +80,7 @@ pmap_service(struct svc_req *rqstp, SVCXPRT *xprt) + if (debugging) + fprintf(stderr, "PMAPPROC_NULL\n"); + #endif +- check_access(xprt, rqstp->rq_proc, NULL, PMAPVERS); ++ check_access(xprt, rqstp->rq_proc, 0, PMAPVERS); + if ((!svc_sendreply(xprt, (xdrproc_t) xdr_void, NULL)) && + debugging) { + if (doabort) { +@@ -201,11 +201,11 @@ pmapproc_change(struct svc_req *rqstp /*__unused*/, SVCXPRT *xprt, unsigned long + reg.pm_prog, reg.pm_vers); + #endif + +- if (!check_access(xprt, op, ®, PMAPVERS)) { ++ if (!check_access(xprt, op, reg.pm_prog, PMAPVERS)) { + svcerr_weakauth(xprt); + return (FALSE); + } +- ++ + rpcbreg.r_prog = reg.pm_prog; + rpcbreg.r_vers = reg.pm_vers; + +@@ -276,7 +276,7 @@ pmapproc_getport(struct svc_req *rqstp /*__unused*/, SVCXPRT *xprt) + return (FALSE); + } + +- if (!check_access(xprt, PMAPPROC_GETPORT, ®, PMAPVERS)) { ++ if (!check_access(xprt, PMAPPROC_GETPORT, reg.pm_prog, PMAPVERS)) { + svcerr_weakauth(xprt); + return FALSE; + } +@@ -340,7 +340,7 @@ pmapproc_dump(struct svc_req *rqstp /*__unused*/, SVCXPRT *xprt) + return (FALSE); + } + +- if (!check_access(xprt, PMAPPROC_DUMP, NULL, PMAPVERS)) { ++ if (!check_access(xprt, PMAPPROC_DUMP, 0, PMAPVERS)) { + svcerr_weakauth(xprt); + return FALSE; + } +diff --git a/src/rpcb_svc.c b/src/rpcb_svc.c +index 0514ba5..e350f85 100644 +--- a/src/rpcb_svc.c ++++ b/src/rpcb_svc.c +@@ -75,6 +75,7 @@ rpcb_service_3(struct svc_req *rqstp, SVCXPRT *transp) + char *result; + xdrproc_t xdr_argument, xdr_result; + void *(*local) __P((void *, struct svc_req *, SVCXPRT *, rpcvers_t)); ++ rpcprog_t setprog = 0; + + rpcbs_procinfo(RPCBVERS_3_STAT, rqstp->rq_proc); + +@@ -88,7 +89,7 @@ rpcb_service_3(struct svc_req *rqstp, SVCXPRT *transp) + fprintf(stderr, "RPCBPROC_NULL\n"); + #endif + /* This call just logs, no actual checks */ +- check_access(transp, rqstp->rq_proc, NULL, RPCBVERS); ++ check_access(transp, rqstp->rq_proc, 0, RPCBVERS); + (void) svc_sendreply(transp, (xdrproc_t)xdr_void, (char *)NULL); + return; + +@@ -166,7 +167,13 @@ rpcb_service_3(struct svc_req *rqstp, SVCXPRT *transp) + (void) fprintf(stderr, "rpcbind: could not decode\n"); + return; + } +- if (!check_access(transp, rqstp->rq_proc, &argument, RPCBVERS)) { ++ ++ if (rqstp->rq_proc == RPCBPROC_SET ++ || rqstp->rq_proc == RPCBPROC_UNSET ++ || rqstp->rq_proc == RPCBPROC_GETADDR) ++ setprog = argument.rpcbproc_set_3_arg.r_prog; ++ ++ if (!check_access(transp, rqstp->rq_proc, setprog, RPCBVERS)) { + svcerr_weakauth(transp); + goto done; + } +diff --git a/src/rpcb_svc_4.c b/src/rpcb_svc_4.c +index 9fd5bef..313e6d1 100644 +--- a/src/rpcb_svc_4.c ++++ b/src/rpcb_svc_4.c +@@ -78,6 +78,7 @@ rpcb_service_4(struct svc_req *rqstp, SVCXPRT *transp) + char *result; + xdrproc_t xdr_argument, xdr_result; + void *(*local) __P((void *, struct svc_req *, SVCXPRT *, rpcvers_t)); ++ rpcprog_t setprog = 0; + + rpcbs_procinfo(RPCBVERS_4_STAT, rqstp->rq_proc); + +@@ -90,7 +91,7 @@ rpcb_service_4(struct svc_req *rqstp, SVCXPRT *transp) + if (debugging) + fprintf(stderr, "RPCBPROC_NULL\n"); + #endif +- check_access(transp, rqstp->rq_proc, NULL, RPCBVERS4); ++ check_access(transp, rqstp->rq_proc, 0, RPCBVERS4); + (void) svc_sendreply(transp, (xdrproc_t) xdr_void, + (char *)NULL); + return; +@@ -220,7 +221,13 @@ rpcb_service_4(struct svc_req *rqstp, SVCXPRT *transp) + (void) fprintf(stderr, "rpcbind: could not decode\n"); + return; + } +- if (!check_access(transp, rqstp->rq_proc, &argument, RPCBVERS4)) { ++ ++ if (rqstp->rq_proc == RPCBPROC_SET ++ || rqstp->rq_proc == RPCBPROC_UNSET ++ || rqstp->rq_proc == RPCBPROC_GETADDR) ++ setprog = argument.rpcbproc_set_4_arg.r_prog; ++ ++ if (!check_access(transp, rqstp->rq_proc, setprog, RPCBVERS4)) { + svcerr_weakauth(transp); + goto done; + } +diff --git a/src/rpcb_svc_com.c b/src/rpcb_svc_com.c +index 291421f..f6bd6bd 100644 +--- a/src/rpcb_svc_com.c ++++ b/src/rpcb_svc_com.c +@@ -1227,6 +1227,8 @@ send_svcsyserr(SVCXPRT *xprt, struct finfo *fi) + return; + } + ++extern SVCAUTH svc_auth_none; ++ + static void + handle_reply(int fd, SVCXPRT *xprt) + { +@@ -1293,7 +1295,10 @@ handle_reply(int fd, SVCXPRT *xprt) + a.rmt_localvers = fi->versnum; + + xprt_set_caller(xprt, fi); ++ xprt->xp_auth = &svc_auth_none; + svc_sendreply(xprt, (xdrproc_t) xdr_rmtcall_result, (char *) &a); ++ SVCAUTH_DESTROY(xprt->xp_auth); ++ xprt->xp_auth = NULL; + done: + if (buffer) + free(buffer); +@@ -1372,10 +1377,13 @@ static char * + getowner(SVCXPRT *transp, char *owner, size_t ownersize) + { + uid_t uid; +- +- if (__rpc_get_local_uid(transp, &uid) < 0) +- snprintf(owner, ownersize, "unknown"); +- else if (uid == 0) ++ ++ if (__rpc_get_local_uid(transp, &uid) < 0) { ++ if (is_localroot(svc_getrpccaller(transp))) ++ snprintf(owner, ownersize, "superuser"); ++ else ++ snprintf(owner, ownersize, "unknown"); ++ } else if (uid == 0) + snprintf(owner, ownersize, "superuser"); + else + snprintf(owner, ownersize, "%d", uid); +diff --git a/src/rpcbind.c b/src/rpcbind.c +index 525ffba..9a0504d 100644 +--- a/src/rpcbind.c ++++ b/src/rpcbind.c +@@ -68,7 +68,6 @@ + #include + #include + #include +-#include "config.h" + #include "rpcbind.h" + + /*#define RPCBIND_DEBUG*/ +@@ -77,6 +76,7 @@ + + int debugging = 0; /* Tell me what's going on */ + int doabort = 0; /* When debugging, do an abort on errors */ ++int dofork = 1; /* fork? */ + + rpcblist_ptr list_rbl; /* A list of version 3/4 rpcbind services */ + +@@ -213,8 +213,8 @@ main(int argc, char *argv[]) + printf("\n"); + } + #endif +- } else { +- if (daemon(0, 0)) ++ } else if (dofork) { ++ if (daemon(0, 0)) + err(1, "fork failed"); + } + +@@ -236,6 +236,10 @@ main(int argc, char *argv[]) + syslog(LOG_ERR, "setgid to '%s' (%d) failed: %m", id, p->pw_gid); + exit(1); + } ++ if (setgroups(0, NULL) == -1) { ++ syslog(LOG_ERR, "dropping supplemental groups failed: %m"); ++ exit(1); ++ } + if (setuid(p->pw_uid) == -1) { + syslog(LOG_ERR, "setuid to '%s' (%d) failed: %m", id, p->pw_uid); + exit(1); +@@ -276,6 +280,7 @@ init_transport(struct netconfig *nconf) + int addrlen = 0; + int nhostsbak; + int checkbind; ++ int on = 1; + struct sockaddr *sa = NULL; + u_int32_t host_addr[4]; /* IPv4 or IPv6 */ + struct sockaddr_un sun; +@@ -493,6 +498,14 @@ init_transport(struct netconfig *nconf) + } + oldmask = umask(S_IXUSR|S_IXGRP|S_IXOTH); + __rpc_fd2sockinfo(fd, &si); ++ if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &on, ++ sizeof(on)) != 0) { ++ syslog(LOG_ERR, "cannot set SO_REUSEADDR on %s", ++ nconf->nc_netid); ++ if (res != NULL) ++ freeaddrinfo(res); ++ return 1; ++ } + if (bind(fd, sa, addrlen) < 0) { + syslog(LOG_ERR, "cannot bind %s: %m", nconf->nc_netid); + if (res != NULL) +@@ -731,7 +744,7 @@ parseargs(int argc, char *argv[]) + { + int c; + oldstyle_local = 1; +- while ((c = getopt(argc, argv, "dwah:ils")) != -1) { ++ while ((c = getopt(argc, argv, "adh:ilswf")) != -1) { + switch (c) { + case 'a': + doabort = 1; /* when debugging, do an abort on */ +@@ -758,13 +771,16 @@ parseargs(int argc, char *argv[]) + case 's': + runasdaemon = 1; + break; ++ case 'f': ++ dofork = 0; ++ break; + #ifdef WARMSTART + case 'w': + warmstart = 1; + break; + #endif + default: /* error */ +- fprintf(stderr, "usage: rpcbind [-Idwils]\n"); ++ fprintf(stderr, "usage: rpcbind [-adhilswf]\n"); + exit (1); + } + } +diff --git a/src/rpcbind.h b/src/rpcbind.h +index c800577..74f9591 100644 +--- a/src/rpcbind.h ++++ b/src/rpcbind.h +@@ -119,7 +119,7 @@ void rpcbind_abort(void); + void reap(int); + void toggle_verboselog(int); + +-int check_access(SVCXPRT *, rpcproc_t, void *, unsigned int); ++int check_access(SVCXPRT *, rpcproc_t, rpcprog_t, unsigned int); + int check_callit(SVCXPRT *, struct r_rmtcall_args *, int); + void logit(int, struct sockaddr *, rpcproc_t, rpcprog_t, const char *); + int is_loopback(struct netbuf *); +diff --git a/src/security.c b/src/security.c +index 0edeac6..d272f74 100644 +--- a/src/security.c ++++ b/src/security.c +@@ -62,34 +62,21 @@ int log_severity = PORTMAP_LOG_FACILITY|PORTMAP_LOG_SEVERITY; + extern int verboselog; + + int +-check_access(SVCXPRT *xprt, rpcproc_t proc, void *args, unsigned int rpcbvers) ++check_access(SVCXPRT *xprt, rpcproc_t proc, rpcprog_t prog, unsigned int rpcbvers) + { + struct netbuf *caller = svc_getrpccaller(xprt); + struct sockaddr *addr = (struct sockaddr *)caller->buf; + #ifdef LIBWRAP + struct request_info req; + #endif +- rpcprog_t prog = 0; +- rpcb *rpcbp; +- struct pmap *pmap; + + /* + * The older PMAP_* equivalents have the same numbers, so + * they are accounted for here as well. + */ + switch (proc) { +- case RPCBPROC_GETADDR: + case RPCBPROC_SET: + case RPCBPROC_UNSET: +- if (rpcbvers > PMAPVERS) { +- rpcbp = (rpcb *)args; +- prog = rpcbp->r_prog; +- } else { +- pmap = (struct pmap *)args; +- prog = pmap->pm_prog; +- } +- if (proc == RPCBPROC_GETADDR) +- break; + if (!insecure && !is_loopback(caller)) { + #ifdef RPCBIND_DEBUG + if (debugging) +@@ -101,6 +88,7 @@ check_access(SVCXPRT *xprt, rpcproc_t proc, void *args, unsigned int rpcbvers) + return 0; + } + break; ++ case RPCBPROC_GETADDR: + case RPCBPROC_CALLIT: + case RPCBPROC_INDIRECT: + case RPCBPROC_DUMP: +@@ -150,8 +138,7 @@ is_loopback(struct netbuf *nbuf) + "Checking caller's adress (port = %d)\n", + ntohs(sin->sin_port)); + #endif +- return ((sin->sin_addr.s_addr == htonl(INADDR_LOOPBACK)) && +- (ntohs(sin->sin_port) < IPPORT_RESERVED)); ++ return (sin->sin_addr.s_addr == htonl(INADDR_LOOPBACK)); + #ifdef INET6 + case AF_INET6: + if (!oldstyle_local) +@@ -163,10 +150,9 @@ is_loopback(struct netbuf *nbuf) + "Checking caller's adress (port = %d)\n", + ntohs(sin6->sin6_port)); + #endif +- return ((IN6_IS_ADDR_LOOPBACK(&sin6->sin6_addr) || ++ return (IN6_IS_ADDR_LOOPBACK(&sin6->sin6_addr) || + (IN6_IS_ADDR_V4MAPPED(&sin6->sin6_addr) && +- sin6->sin6_addr.s6_addr32[3] == htonl(INADDR_LOOPBACK))) && +- (ntohs(sin6->sin6_port) < IPV6PORT_RESERVED)); ++ sin6->sin6_addr.s6_addr32[3] == htonl(INADDR_LOOPBACK))); + #endif + case AF_LOCAL: + return 1; +diff --git a/src/warmstart.c b/src/warmstart.c +index 25e5d89..d1bb971 100644 +--- a/src/warmstart.c ++++ b/src/warmstart.c +@@ -46,7 +46,6 @@ + #include + #include + +-#include "config.h" + #include "rpcbind.h" + + #ifndef RPCBIND_STATEDIR diff --git a/SOURCES/rpcbind.service b/SOURCES/rpcbind.service new file mode 100644 index 0000000..265c677 --- /dev/null +++ b/SOURCES/rpcbind.service @@ -0,0 +1,11 @@ +[Unit] +Description=RPC bind service +Requires=rpcbind.socket + +[Service] +Type=forking +EnvironmentFile=/etc/sysconfig/rpcbind +ExecStart=/sbin/rpcbind -w ${RPCBIND_ARGS} + +[Install] +Also=rpcbind.socket diff --git a/SOURCES/rpcbind.socket b/SOURCES/rpcbind.socket new file mode 100644 index 0000000..d63c1d9 --- /dev/null +++ b/SOURCES/rpcbind.socket @@ -0,0 +1,8 @@ +[Unit] +Description=RPCbind Server Activation Socket + +[Socket] +ListenStream=/var/run/rpcbind.sock + +[Install] +WantedBy=sockets.target diff --git a/SOURCES/rpcbind.sysconfig b/SOURCES/rpcbind.sysconfig new file mode 100644 index 0000000..4b35e37 --- /dev/null +++ b/SOURCES/rpcbind.sysconfig @@ -0,0 +1,3 @@ +# +# Optional arguments passed to rpcbind. See rpcbind(8) +RPCBIND_ARGS="" diff --git a/SPECS/rpcbind.spec b/SPECS/rpcbind.spec new file mode 100644 index 0000000..1c652f5 --- /dev/null +++ b/SPECS/rpcbind.spec @@ -0,0 +1,340 @@ +Name: rpcbind +Version: 0.2.0 +Release: 27.atomic.0%{?dist} +Summary: Universal Addresses to RPC Program Number Mapper +Group: System Environment/Daemons +License: BSD +URL: http://nfsv4.bullopensource.org + +BuildRoot: %{_tmppath}/%{name}-%{version}-root-%(%{__id_u} -n) +Source0: http://downloads.sourceforge.net/rpcbind/%{name}-%{version}.tar.bz2 +Source1: rpcbind.service +Source2: rpcbind.socket +Source3: rpcbind.sysconfig + +Patch001: rpcbind-0_2_1-rc4.patch +Patch002: rpcbind-0.2.0-warnings.patch +Patch003: rpcbind-0.2.0-rpcinfo-mantypo.patch +Patch004: 0001-nfs-Add-with-nss-modules-configure-option-to-specify.patch + +Requires: glibc-common setup +Conflicts: man-pages < 2.43-12 +BuildRequires: automake, autoconf, libtool, systemd-units +BuildRequires: libtirpc-devel, quota-devel, tcp_wrappers-devel +Requires(pre): coreutils shadow-utils +Requires(post): chkconfig systemd-units systemd-sysv +Requires(preun): systemd-units +Requires(postun): systemd-units coreutils + +Provides: portmap = %{version}-%{release} +Obsoletes: portmap <= 4.0-65.3 + +%description +The rpcbind utility is a server that converts RPC program numbers into +universal addresses. It must be running on the host to be able to make +RPC calls on a server on that machine. + +%prep +%setup -q +%patch001 -p1 +# 884165 - Package rpcbind-0.2.0-16.el7 failed RHEL7 RPMdiff testing +%patch002 -p1 +# 963512 - Cmd rpcinfo usage info is not correct +%patch003 -p1 +%patch004 -p1 + + +%build +%ifarch s390 s390x +PIE="-fPIE" +%else +PIE="-fpie" +%endif +export PIE + +RELRO="-Wl,-z,relro,-z,now" + +RPCBUSR=rpc +RPCBDIR=/var/lib/rpcbind +CFLAGS="`echo $RPM_OPT_FLAGS $ARCH_OPT_FLAGS $PIE $RELRO`" + +autoreconf -fisv +%configure CFLAGS="$CFLAGS" LDFLAGS="-pie" \ + --enable-warmstarts \ + --with-statedir="$RPCBDIR" \ + --with-rpcuser="$RPCBUSR" \ + --with-nss-modules="files altfiles" \ + --enable-libwrap \ + --enable-debug + +make all + +%install +rm -rf %{buildroot} +mkdir -p %{buildroot}{/sbin,/usr/sbin,/etc/sysconfig} +mkdir -p %{buildroot}%{_unitdir} +mkdir -p %{buildroot}%{_mandir}/man8 +mkdir -p %{buildroot}/var/lib/rpcbind +make DESTDIR=$RPM_BUILD_ROOT install + +mv -f ${RPM_BUILD_ROOT}%{_bindir}/rpcbind ${RPM_BUILD_ROOT}%{_sbindir} +mv -f ${RPM_BUILD_ROOT}%{_bindir}/rpcinfo ${RPM_BUILD_ROOT}%{_sbindir} +install -m644 %{SOURCE1} %{buildroot}%{_unitdir} +install -m644 %{SOURCE2} %{buildroot}%{_unitdir} +install -m644 %{SOURCE3} %{buildroot}/etc/sysconfig/rpcbind + +%clean +rm -rf %{buildroot} + +%pre + +# Check the validity of the rpc uid and gid. +# If they don't exist, create them +# If they exist but are the wrong value, remove them +# and recreate them with the correct value +# If they exist and are the correct value do nothing +rpcid=`getent passwd rpc | cut -d: -f 3` +if [ -n "$rpcid" -a "$rpcid" != "32" ]; then + /usr/sbin/userdel rpc 2> /dev/null || : + /usr/sbin/groupdel rpc 2> /dev/null || : +fi +if [ -z "$rpcid" -o "$rpcid" != "32" ]; then + /usr/sbin/groupadd -o -g 32 rpc > /dev/null 2>&1 + /usr/sbin/useradd -o -l -c "Rpcbind Daemon" -d /var/lib/rpcbind -g 32 \ + -M -s /sbin/nologin -u 32 rpc > /dev/null 2>&1 +fi +%post +if [ $1 -eq 1 ] ; then + # Initial installation + /bin/systemctl enable rpcbind.service >/dev/null 2>&1 || : +fi + +%preun +if [ $1 -eq 0 ]; then + # Package removal, not upgrade + /bin/systemctl --no-reload disable rpcbind.service >/dev/null 2>&1 || : + /bin/systemctl stop rpcbind.service >/dev/null 2>&1 || : + /usr/sbin/userdel rpc 2>/dev/null || : + /usr/sbin/groupdel rpc 2>/dev/null || : + rm -rf /var/lib/rpcbind +fi + +%postun +/bin/systemctl daemon-reload >/dev/null 2>&1 || : +if [ $1 -ge 1 ]; then + # Package upgrade, not uninstall + /bin/systemctl try-restart rpcbind.service >/dev/null 2>&1 || : +fi + +%triggerun -- rpcbind < 0.2.0-15 +%{_bindir}/systemd-sysv-convert --save rpcbind >/dev/null 2>&1 ||: +/bin/systemctl --no-reload enable rpcbind.service >/dev/null 2>&1 +/sbin/chkconfig --del rpcbind >/dev/null 2>&1 || : +/bin/systemctl try-restart rpcbind.service >/dev/null 2>&1 || : + +%files +%defattr(-,root,root) +%config(noreplace) /etc/sysconfig/rpcbind +%doc AUTHORS ChangeLog README +%{_sbindir}/rpcbind +%{_sbindir}/rpcinfo +%{_mandir}/man8/* +%{_unitdir}/rpcbind.service +%{_unitdir}/rpcbind.socket + +%dir %attr(700,rpc,rpc) /var/lib/rpcbind + +%changelog +* Fri Dec 05 2014 Colin Walters - 0.2.0-27.atomic.0 +- Backport fix for altfiles (bz 1171291) + +* Sat Nov 15 2014 Steve Dickson - 0.2.0-26 +- Moved rpcbind from /sbin to /usr/sbin (bz 1159683) + +* Mon Sep 22 2014 Steve Dickson - 0.2.0-25 +- Fixed some warnings in in6_fillscopeid() (bz 884165) +- Fixed typo in rpcinfo manpage (bz 963512) +- Removed unnecessary targets from rpcbind.service (bz 1036791) + +* Fri Sep 19 2014 Steve Dickson - 0.2.0-24 +- Added the RELRO CFLAGS (bz 1092513) + +* Fri Jan 24 2014 Daniel Mach - 0.2.0-23 +- Mass rebuild 2014-01-24 + +* Fri Dec 27 2013 Daniel Mach - 0.2.0-22 +- Mass rebuild 2013-12-27 + +* Thu Feb 14 2013 Fedora Release Engineering - 0.2.0-21 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Tue Oct 23 2012 Steve Dickson - 0.2.0-20 +- Update to the latest upstream release: rpcbind-0_2_1-rc4 (bz 869365) + +* Tue Oct 16 2012 Steve Dickson - 0.2.0-19 +- Renamed RPCBINDOPTS to RPCBIND_ARGS for backward compatibility (bz 861025) + +* Sun Oct 14 2012 Steve Dickson - 0.2.0-18 +- Fixed typo causing rpcbind to run as root (bz 734598) +- Added /etc/sysconfig/rpcbind config file (bz 861025) + +* Sat Jul 21 2012 Fedora Release Engineering - 0.2.0-17 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Sat Jan 14 2012 Fedora Release Engineering - 0.2.0-16 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Mon Sep 12 2011 Steve Dickson - 0.2.0-15 +- Bumped up the tigger version to this version, 0.2.0-15 (bz 713574) + +* Fri Sep 9 2011 Tom Callaway - 0.2.0-14 +- fix scriptlets to enable service by default + +* Fri Jul 8 2011 Steve Dickson - 0.2.0-13 +- Spec file clean up + +* Thu Jul 7 2011 Steve Dickson - 0.2.0-12 +- Migrated SysV initscripts to systemd (bz 713574) + +* Thu Mar 17 2011 Steve Dickson - 0.2.0-11 +- Updated to the latest upstream release: rpcbind-0_2_1-rc3 + +* Wed Feb 09 2011 Fedora Release Engineering - 0.2.0-10 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Mon Dec 13 2010 Steve Dickson - 0.2.0-9 +- Fixed an incorrect exit code for service rpcbind status (bz 662411) + +* Tue Nov 30 2010 Steve Dickson - 0.2.0-8 +- Updated to the latest upstream release: rpcbind-0.2.1-rc2 + +* Fri Jul 16 2010 Tom "spot" Callaway - 0.2.0-7 +- correct license tag to BSD + +* Tue Jul 13 2010 Steve Dickson - 0.2.0-6 +- Made initscript LSB compliant (bz 614193) +- Added no fork patch + +* Tue Jul 6 2010 Steve Dickson - 0.2.0-5 +- Set SO_REUSEADDR on listening sockets (bz 597356) + +* Sun Jul 26 2009 Fedora Release Engineering - 0.2.0-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Mon Jul 06 2009 Adam Jackson 0.2.0-3 +- Requires(pre): coreutils for cut(1). + +* Thu Jun 25 2009 Steve Dickson - 0.2.0-2 +- Fixed pre scriptle failure during upgrades (bz 507364) +- Corrected the usage info to match what the rpcbind man + page says. (bz 466332) +- Correct package issues (bz 503508) + +* Fri May 29 2009 Steve Dickson - 0.2.0-1 +- Updated to latest upstream release: 0.2.0 + +* Tue May 19 2009 Tom "spot" Callaway - 0.1.7-3 +- Replace the Sun RPC license with the BSD license, with the explicit permission of Sun Microsystems + +* Wed Feb 25 2009 Fedora Release Engineering - 0.1.7-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Wed Nov 19 2008 Steve Dickson 0.1.7-1 +- Update to latest upstream release: 0.1.7 + +* Tue Sep 30 2008 Steve Dickson 0.1.6-3 +- Fixed a typo in the rpcbind.init script that stop warm starts + from happening with conrestarts +- Fixed scriptlet failure (bz 462533) + +* Tue Sep 16 2008 Steve Dickson 0.1.6-2 +- Added usptream patches 01 thru 03 that do: + * Introduce helpers for ipprot/netid mapping + * Change how we decide on the netids to use for portmap + * Simplify port live check in pmap_svc.c + +* Wed Jul 9 2008 Steve Dickson 0.1.6-1 +- Updated to latest upstream release 0.1.6 + +* Wed Jul 2 2008 Steve Dickson 0.1.5-5 +- Fixed SYNOPSIS section in the rpcinfo man page (bz 453729) + +* Fri Jun 27 2008 Steve Dickson 0.1.5-4 +- Removed the documentation about the non-existent + '-L' flag (bz 446915) + +* Fri Jun 27 2008 Steve Dickson 0.1.5-3 +- Set password and service lookups to be local (bz 447092) + +* Mon Jun 23 2008 Steve Dickson 0.1.5-2 +- rpcbind needs to downgrade to non-priviledgied group. + +* Mon Jun 23 2008 Steve Dickson 0.1.5-1 +- Updated to latest upstream release 0.1.5 + +* Mon Feb 11 2008 Steve Dickson 0.1.4-14 +- Fixed a warning in pmap_svc.c +- Cleaned up warmstarts so uid are longer needed, also + changed condrestarts to use warmstarts. (bz 428496) + +* Thu Jan 24 2008 Steve Dickson 0.1.4-13 +- Fixed connectivity with Mac OS clients by making sure handle_reply() + sets the correct fromlen in its recvfrom() call (bz 244492) + +* Mon Dec 17 2007 Steve Dickson 0.1.4-12 +- Changed is_loopback() and check_access() see if the calling + address is an address on a local interface, just not a loopback + address (bz 358621). + +* Wed Oct 17 2007 Steve Dickson 0.1.4-11 +- Reworked logic in initscript so the correct exit is + used when networking does not exist or is set up + incorrectly. + +* Tue Oct 16 2007 Steve Dickson 0.1.4-10 +- Corrected a typo in the initscript from previous + commit. + +* Mon Oct 15 2007 Steve Dickson 0.1.4-9 +- Fixed typo in Summary (bz 331811) +- Corrected init script (bz 247046) + +* Sat Sep 15 2007 Steve Dickson 0.1.4-8 +- Fixed typo in init script (bz 248285) +- Added autoconf rules to turn on secure host checking + via libwrap. Also turned on host check by default (bz 248284) +- Changed init script to start service in runlevel 2 (bz 251568) +- Added a couple missing Requires(pre) (bz 247134) + +* Fri May 25 2007 Steve Dickson 0.1.4-7 +- Fixed condrestarts (bz 241332) + +* Tue May 22 2007 Steve Dickson 0.1.4-6 +- Fixed an ipv6 related segfault on startup (bz 240873) + +* Wed Apr 18 2007 Steve Dickson 0.1.4-5 +- Added dependency on setup which contains the correct + rpcbind /etc/service entry which in turns stops + rpcbind from haning when NIS is enabled. (bz 236865) + +* Wed Apr 11 2007 Jeremy Katz - 0.1.4-4 +- change man-pages requires into a conflicts as we don't have to have + man-pages installed, but if we do, we need the newer version + +* Fri Apr 6 2007 Steve Dickson 0.1.4-3 +- Fixed the Provides and Obsoletes statments to correctly + obsolete the portmap package. +* Tue Apr 3 2007 Steve Dickson 0.1.4-2 +- Added dependency on glibc-common which allows the + rpcinfo command to be installed in the correct place. +- Added dependency on man-pages so the rpcinfo man + pages don't conflict. +- Added the creation of /var/lib/rpcbind which will be + used to store state files. +- Make rpcbind run with the 'rpc' uid/gid when it exists. + +* Wed Feb 21 2007 Steve Dickson 0.1.4-1 +- Initial commit +- Spec reviewed (bz 228894) +- Added the Provides/Obsoletes which should + cause rpcbind to replace portmapper