diff --git a/.gitignore b/.gitignore index 5a7546c..bee4bab 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ +INSTALL Makefile Makefile.in aclocal.m4 @@ -13,18 +14,14 @@ depcomp install-sh libtool ltmain.sh -man/Makefile -man/Makefile.in missing -src/.deps/ -src/Makefile -src/Makefile.in src/config.h src/stamp-h2 stamp-h1 # file generated during compilation +.deps *.o -src/rpcbind -src/rpcinfo +rpcbind +rpcinfo # cscope database files cscope.* diff --git a/INSTALL b/INSTALL index 98e5d87..7d1c323 100644 --- a/INSTALL +++ b/INSTALL @@ -1,32 +1,25 @@ -Copyright 1994, 1995, 1996, 1999, 2000, 2001, 2002 Free Software -Foundation, Inc. +Installation Instructions +************************* - This file is free documentation; the Free Software Foundation gives -unlimited permission to copy, distribute and modify it. - - -rpcbind Quick Installation -========================== - -$ ./configure -$ make -# make install - - The install phase will install the rpcbind and rpcinfo commands -under /usr/bin. If you wish they replace the basic portmap and -rpcinfo commands, you can run: - -# mv /sbin/portmap /sbin/portmap.sav -# ln -s /usr/bin/rpcbind /sbin/portmap - -# mv /usr/sbin/rpcinfo /usr/sbin/rpcinfo.sav -# ln -s /usr/bin/rpcinfo /usr/sbin/rpcinfo +Copyright (C) 1994, 1995, 1996, 1999, 2000, 2001, 2002, 2004, 2005, +2006, 2007, 2008, 2009 Free Software Foundation, Inc. + Copying and distribution of this file, with or without modification, +are permitted in any medium without royalty provided the copyright +notice and this notice are preserved. This file is offered as-is, +without warranty of any kind. Basic Installation ================== - These are generic installation instructions. + Briefly, the shell commands `./configure; make; make install' should +configure, build, and install this package. The following +more-detailed instructions are generic; see the `README' file for +instructions specific to this package. Some packages provide this +`INSTALL' file but do not implement all of the features documented +below. The lack of an optional feature in a given package is not +necessarily a bug. More recommendations for GNU packages can be found +in *note Makefile Conventions: (standards)Makefile Conventions. The `configure' shell script attempts to guess correct values for various system-dependent variables used during compilation. It uses @@ -39,9 +32,9 @@ debugging `configure'). It can also use an optional file (typically called `config.cache' and enabled with `--cache-file=config.cache' or simply `-C') that saves -the results of its tests to speed up reconfiguring. (Caching is +the results of its tests to speed up reconfiguring. Caching is disabled by default to prevent problems with accidental use of stale -cache files.) +cache files. If you need to do unusual things to compile the package, please try to figure out how `configure' could check whether to do them, and mail @@ -51,30 +44,37 @@ some point `config.cache' contains results you don't want to keep, you may remove or edit it. The file `configure.ac' (or `configure.in') is used to create -`configure' by a program called `autoconf'. You only need -`configure.ac' if you want to change it or regenerate `configure' using -a newer version of `autoconf'. +`configure' by a program called `autoconf'. You need `configure.ac' if +you want to change it or regenerate `configure' using a newer version +of `autoconf'. -The simplest way to compile this package is: + The simplest way to compile this package is: 1. `cd' to the directory containing the package's source code and type - `./configure' to configure the package for your system. If you're - using `csh' on an old version of System V, you might need to type - `sh ./configure' instead to prevent `csh' from trying to execute - `configure' itself. + `./configure' to configure the package for your system. - Running `configure' takes awhile. While running, it prints some - messages telling which features it is checking for. + Running `configure' might take a while. While running, it prints + some messages telling which features it is checking for. 2. Type `make' to compile the package. 3. Optionally, type `make check' to run any self-tests that come with - the package. + the package, generally using the just-built uninstalled binaries. 4. Type `make install' to install the programs and any data files and - documentation. - - 5. You can remove the program binaries and object files from the + documentation. When installing into a prefix owned by root, it is + recommended that the package be configured and built as a regular + user, and only the `make install' phase executed with root + privileges. + + 5. Optionally, type `make installcheck' to repeat any self-tests, but + this time using the binaries in their final installed location. + This target does not install anything. Running this target as a + regular user, particularly if the prior `make install' required + root privileges, verifies that the installation completed + correctly. + + 6. You can remove the program binaries and object files from the source code directory by typing `make clean'. To also remove the files that `configure' created (so you can compile the package for a different kind of computer), type `make distclean'. There is @@ -83,6 +83,16 @@ The simplest way to compile this package is: all sorts of other programs in order to regenerate files that came with the distribution. + 7. Often, you can also type `make uninstall' to remove the installed + files again. In practice, not all packages have tested that + uninstallation works correctly, even though it is required by the + GNU Coding Standards. + + 8. Some packages, particularly those that use Automake, provide `make + distcheck', which can by used by developers to test that all other + targets like `make install' and `make uninstall' work correctly. + This target is generally not run by end users. + Compilers and Options ===================== @@ -94,7 +104,7 @@ for details on some of the pertinent environment variables. by setting variables in the command line or in the environment. Here is an example: - ./configure CC=c89 CFLAGS=-O2 LIBS=-lposix + ./configure CC=c99 CFLAGS=-g LIBS=-lposix *Note Defining Variables::, for more details. @@ -103,44 +113,89 @@ Compiling For Multiple Architectures You can compile the package for more than one kind of computer at the same time, by placing the object files for each architecture in their -own directory. To do this, you must use a version of `make' that -supports the `VPATH' variable, such as GNU `make'. `cd' to the +own directory. To do this, you can use GNU `make'. `cd' to the directory where you want the object files and executables to go and run the `configure' script. `configure' automatically checks for the -source code in the directory that `configure' is in and in `..'. +source code in the directory that `configure' is in and in `..'. This +is known as a "VPATH" build. - If you have to use a `make' that does not support the `VPATH' -variable, you have to compile the package for one architecture at a -time in the source code directory. After you have installed the -package for one architecture, use `make distclean' before reconfiguring -for another architecture. + With a non-GNU `make', it is safer to compile the package for one +architecture at a time in the source code directory. After you have +installed the package for one architecture, use `make distclean' before +reconfiguring for another architecture. + + On MacOS X 10.5 and later systems, you can create libraries and +executables that work on multiple system types--known as "fat" or +"universal" binaries--by specifying multiple `-arch' options to the +compiler but only a single `-arch' option to the preprocessor. Like +this: + + ./configure CC="gcc -arch i386 -arch x86_64 -arch ppc -arch ppc64" \ + CXX="g++ -arch i386 -arch x86_64 -arch ppc -arch ppc64" \ + CPP="gcc -E" CXXCPP="g++ -E" + + This is not guaranteed to produce working output in all cases, you +may have to build one architecture at a time and combine the results +using the `lipo' tool if you have problems. Installation Names ================== - By default, `make install' will install the package's files in -`/usr/local/bin', `/usr/local/man', etc. You can specify an -installation prefix other than `/usr/local' by giving `configure' the -option `--prefix=PATH'. + By default, `make install' installs the package's commands under +`/usr/local/bin', include files under `/usr/local/include', etc. You +can specify an installation prefix other than `/usr/local' by giving +`configure' the option `--prefix=PREFIX', where PREFIX must be an +absolute file name. You can specify separate installation prefixes for architecture-specific files and architecture-independent files. If you -give `configure' the option `--exec-prefix=PATH', the package will use -PATH as the prefix for installing programs and libraries. -Documentation and other data files will still use the regular prefix. +pass the option `--exec-prefix=PREFIX' to `configure', the package uses +PREFIX as the prefix for installing programs and libraries. +Documentation and other data files still use the regular prefix. In addition, if you use an unusual directory layout you can give -options like `--bindir=PATH' to specify different values for particular +options like `--bindir=DIR' to specify different values for particular kinds of files. Run `configure --help' for a list of the directories -you can set and what kinds of files go in them. +you can set and what kinds of files go in them. In general, the +default for these options is expressed in terms of `${prefix}', so that +specifying just `--prefix' will affect all of the other directory +specifications that were not explicitly provided. + + The most portable way to affect installation locations is to pass the +correct locations to `configure'; however, many packages provide one or +both of the following shortcuts of passing variable assignments to the +`make install' command line to change installation locations without +having to reconfigure or recompile. + + The first method involves providing an override variable for each +affected directory. For example, `make install +prefix=/alternate/directory' will choose an alternate location for all +directory configuration variables that were expressed in terms of +`${prefix}'. Any directories that were specified during `configure', +but not in terms of `${prefix}', must each be overridden at install +time for the entire installation to be relocated. The approach of +makefile variable overrides for each directory variable is required by +the GNU Coding Standards, and ideally causes no recompilation. +However, some platforms have known limitations with the semantics of +shared libraries that end up requiring recompilation when using this +method, particularly noticeable in packages that use GNU Libtool. + + The second method involves providing the `DESTDIR' variable. For +example, `make install DESTDIR=/alternate/directory' will prepend +`/alternate/directory' before all installation names. The approach of +`DESTDIR' overrides is not required by the GNU Coding Standards, and +does not work on platforms that have drive letters. On the other hand, +it does better at avoiding recompilation issues, and works well even +when some directory options were not specified in terms of `${prefix}' +at `configure' time. + +Optional Features +================= If the package supports it, you can cause programs to be installed with an extra prefix or suffix on their names by giving `configure' the option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'. -Optional Features -================= - Some packages pay attention to `--enable-FEATURE' options to `configure', where FEATURE indicates an optional part of the package. They may also pay attention to `--with-PACKAGE' options, where PACKAGE @@ -153,6 +208,45 @@ find the X include and library files automatically, but if it doesn't, you can use the `configure' options `--x-includes=DIR' and `--x-libraries=DIR' to specify their locations. + Some packages offer the ability to configure how verbose the +execution of `make' will be. For these packages, running `./configure +--enable-silent-rules' sets the default to minimal output, which can be +overridden with `make V=1'; while running `./configure +--disable-silent-rules' sets the default to verbose, which can be +overridden with `make V=0'. + +Particular systems +================== + + On HP-UX, the default C compiler is not ANSI C compatible. If GNU +CC is not installed, it is recommended to use the following options in +order to use an ANSI C compiler: + + ./configure CC="cc -Ae -D_XOPEN_SOURCE=500" + +and if that doesn't work, install pre-built binaries of GCC for HP-UX. + + On OSF/1 a.k.a. Tru64, some versions of the default C compiler cannot +parse its `' header file. The option `-nodtk' can be used as +a workaround. If GNU CC is not installed, it is therefore recommended +to try + + ./configure CC="cc" + +and if that doesn't work, try + + ./configure CC="cc -nodtk" + + On Solaris, don't put `/usr/ucb' early in your `PATH'. This +directory contains several dysfunctional programs; working variants of +these programs are available in `/usr/bin'. So, if you need `/usr/ucb' +in your `PATH', put it _after_ `/usr/bin'. + + On Haiku, software installed for all users goes in `/boot/common', +not `/usr/local'. It is recommended to use the following options: + + ./configure --prefix=/boot/common + Specifying the System Type ========================== @@ -168,14 +262,15 @@ type, such as `sun4', or a canonical name which has the form: where SYSTEM can have one of these forms: - OS KERNEL-OS + OS + KERNEL-OS See the file `config.sub' for the possible values of each field. If `config.sub' isn't included in this package, then this package doesn't need to know the machine type. If you are _building_ compiler tools for cross-compiling, you should -use the `--target=TYPE' option to select the type of system they will +use the option `--target=TYPE' to select the type of system they will produce code for. If you want to _use_ a cross compiler, that generates code for a @@ -205,9 +300,14 @@ them in the `configure' command line, using `VAR=value'. For example: ./configure CC=/usr/local2/bin/gcc -will cause the specified gcc to be used as the C compiler (unless it is +causes the specified `gcc' to be used as the C compiler (unless it is overridden in the site shell script). +Unfortunately, this technique does not work for `CONFIG_SHELL' due to +an Autoconf bug. Until the bug is fixed you can use this workaround: + + CONFIG_SHELL=/bin/bash /bin/bash ./configure CONFIG_SHELL=/bin/bash + `configure' Invocation ====================== @@ -216,7 +316,14 @@ operates. `--help' `-h' - Print a summary of the options to `configure', and exit. + Print a summary of all of the options to `configure', and exit. + +`--help=short' +`--help=recursive' + Print a summary of the options unique to this package's + `configure', and exit. The `short' variant lists options used + only in the top level, while the `recursive' variant lists options + also present in any nested packages. `--version' `-V' @@ -243,6 +350,16 @@ operates. Look for the package's source code in directory DIR. Usually `configure' can determine that directory automatically. +`--prefix=DIR' + Use DIR as the installation prefix. *note Installation Names:: + for more details, including other options available for fine-tuning + the installation locations. + +`--no-create' +`-n' + Run the configure checks, but stop before creating any output + files. + `configure' also accepts some other, not widely useful, options. Run `configure --help' for more details. diff --git a/Makefile.am b/Makefile.am index cd56148..d10c906 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1,2 +1,44 @@ -SUBDIRS= src man +AM_CPPFLAGS = \ + -DCHECK_LOCAL \ + -DPORTMAP \ + -DFACILITY=LOG_MAIL \ + -DSEVERITY=LOG_INFO \ + -DINET6 \ + -DRPCBIND_STATEDIR="\"$(statedir)\"" \ + -DRPCBIND_USER="\"$(rpcuser)\"" \ + -D_GNU_SOURCE \ + $(TIRPC_CFLAGS) +if DEBUG +AM_CPPFLAGS += -DRPCBIND_DEBUG -DSVC_RUN_DEBUG -DDEBUG_RMTCALL +AM_CPPFLAGS += -DND_DEBUG -DBIND_DEBUG +endif + +if WARMSTART +AM_CPPFLAGS += -DWARMSTART +endif + +if LIBWRAP +AM_CPPFLAGS += -DLIBWRAP +endif + +bin_PROGRAMS = rpcbind rpcinfo + +rpcbind_SOURCES = \ + src/check_bound.c \ + src/pmap_svc.c \ + src/rpcb_stat.c \ + src/rpcb_svc.c \ + src/rpcb_svc_4.c \ + src/rpcb_svc_com.c \ + src/rpcbind.c \ + src/rpcbind.h \ + src/security.c \ + src/util.c \ + src/warmstart.c +rpcbind_LDADD = $(TIRPC_LIBS) + +rpcinfo_SOURCES = src/rpcinfo.c +rpcinfo_LDADD = $(TIRPC_LIBS) + +dist_man8_MANS = man/rpcbind.8 man/rpcinfo.8 diff --git a/autogen.sh b/autogen.sh index 1613b6d..761db90 100755 --- a/autogen.sh +++ b/autogen.sh @@ -36,7 +36,7 @@ if test x"${1}" = x"clean"; then fi aclocal -libtoolize --force --copy -autoheader +#libtoolize --force --copy +#autoheader automake --add-missing --copy --gnu # -Wall autoconf # -Wall diff --git a/configure.in b/configure.in index de1c730..2b67720 100644 --- a/configure.in +++ b/configure.in @@ -1,66 +1,39 @@ - AC_INIT(rpcbind, 0.2.0) +AC_INIT(rpcbind, 0.2.0) - AM_INIT_AUTOMAKE -# AM_MAINTAINER_MODE +AM_INIT_AUTOMAKE AC_CONFIG_SRCDIR([src/rpcbind.c]) - AC_PROG_CC - AM_CONFIG_HEADER(config.h) - AC_HEADER_DIRENT - AC_PREFIX_DEFAULT(/usr) - -AC_CONFIG_SRCDIR([src/config.h.in]) -AC_CONFIG_HEADERS([src/config.h]) - -AC_PROG_LIBTOOL - -AC_ARG_ENABLE(debug,[ --enable-debug Turns on rpcbind debugging], - [case "${enableval}" in - yes) debug=true ;; - no) debug=no ;; - *) AC_MSG_ERROR(bad value ${enableval} for --enable-debug) ;; - esac],[debug=false]) -AM_CONDITIONAL(DEBUG, test x$debug = xtrue) - -AC_ARG_ENABLE(warmstarts,[ --enable-warmstarts Enables Warm Starts], - [case "${enableval}" in - yes) warmstarts=true ;; - no) warmstarts=no ;; - *) AC_MSG_ERROR(bad value ${enableval} for --enable-warmstarts) ;; - esac],[warmstarts=false]) -AM_CONDITIONAL(WARMSTART, test x$warmstarts = xtrue) - -if test "$warmstarts" = "true" ; then - AC_ARG_WITH(statedir, - [ --with-statedir=/foo use state dir /foo [/tmp]], - statedir=$withval, - statedir=/tmp) - AC_SUBST(statedir) - AC_DEFINE_UNQUOTED(RPCBIND_STATEDIR, "$statedir", [This defines the location where the state files will be kept for warm starts]) -fi -AC_ARG_WITH(rpcuser, - [ --with-rpcuser=user uid to use [root]], - rpcuser=$withval, - rpcuser=root) - AC_SUBST(rpcuser) -AC_DEFINE_UNQUOTED(RPCBIND_USER, "$rpcuser", [This defines the uid to run as]) +AC_PREFIX_DEFAULT(/usr) +AC_PROG_CC + +AC_ARG_ENABLE([libwrap], + AS_HELP_STRING([--enable-libwrap], [Enables host name checking through tcpd @<:@default=no@:>@])) +AM_CONDITIONAL(LIBWRAP, test x$enable_libwrap = xyes) + +AC_ARG_ENABLE([debug], + AS_HELP_STRING([--enable-debug], [Turns on rpcbind debugging @<:@default=no@:>@])) +AM_CONDITIONAL(DEBUG, test x$enable_debug = xyes) + +AC_ARG_ENABLE([warmstarts], + AS_HELP_STRING([--enable-warmstarts], [Enables Warm Starts @<:@default=no@:>@])) +AM_CONDITIONAL(WARMSTART, test x$enable_warmstarts = xyes) + +AC_ARG_WITH([statedir], + AS_HELP_STRING([--with-statedir=ARG], [use ARG as state dir @<:@default=/tmp@:>@]) + ,, [with_statedir=/tmp]) +AC_SUBST([statedir], [$with_statedir]) + +AC_ARG_WITH([rpcuser], + AS_HELP_STRING([--with-rpcuser=ARG], [use ARG for RPC @<:@default=root@:>@]), + ,, [with_rpcuser=root]) +AC_SUBST([rpcuser], [$with_rpcuser]) + +PKG_CHECK_MODULES([TIRPC], [libtirpc]) -AC_CHECK_HEADERS([arpa/inet.h fcntl.h netdb.h \ - netinet/in.h stdlib.h string.h \ - sys/param.h sys/socket.h \ - sys/time.h syslog.h \ - unistd.h nss.h]) +AS_IF([test x$enable_libwrap = xyes], [ + AC_CHECK_LIB([wrap], [hosts_access], , + AC_MSG_ERROR([libwrap support requested but unable to find libwrap])) +]) -AC_CHECK_LIB([pthread], [pthread_create]) -AC_CHECK_LIB([tirpc], [clnt_create]) -AC_ARG_ENABLE(libwrap,[ --enable-libwrap Enables host name checking], - [case "${enableval}" in - yes) libwarp=true - AC_CHECK_LIB([wrap], [hosts_access]) ;; - no) libwarp=no ;; - *) AC_MSG_ERROR(bad value ${enableval} for --enable-libwrap) ;; - esac],[libwarp=false]) -AM_CONDITIONAL(LIBWRAP, test x$libwarp = xtrue) +AC_SEARCH_LIBS([pthread_create], [pthread]) -AC_CONFIG_FILES([Makefile src/Makefile man/Makefile]) -AC_OUTPUT() - +AC_OUTPUT([Makefile]) diff --git a/man/Makefile.am b/man/Makefile.am deleted file mode 100644 index 84818e9..0000000 --- a/man/Makefile.am +++ /dev/null @@ -1,2 +0,0 @@ -man8_MANS = rpcbind.8 -EXTRA_DIST = $(man8_MANS) diff --git a/man/rpcbind.8 b/man/rpcbind.8 index 32806d4..da32701 100644 --- a/man/rpcbind.8 +++ b/man/rpcbind.8 @@ -82,6 +82,8 @@ during operation, and will abort on certain errors if is also specified. With this option, the name-to-address translation consistency checks are shown in detail. +.It Fl f +Do not fork and become a background process. .It Fl h Specify specific IP addresses to bind to for UDP requests. This option @@ -141,7 +143,6 @@ All RPC servers must be restarted if .Nm is restarted. .Sh SEE ALSO -.Xr rpcbind 3 , .Xr rpcinfo 8 .Sh LINUX PORT .Bl Aurelien Charbon diff --git a/src/Makefile.am b/src/Makefile.am deleted file mode 100644 index cc0a85b..0000000 --- a/src/Makefile.am +++ /dev/null @@ -1,34 +0,0 @@ -INCLUDES = -I$(srcdir)/tirpc -DPORTMAP -DINET6 -DVERSION="\"$(VERSION)\"" \ - -D_GNU_SOURCE -Wall -pipe -if DEBUG -INCLUDES += -DRPCBIND_DEBUG -DSVC_RUN_DEBUG -DDEBUG_RMTCALL -INCLUDES += -DND_DEBUG -DBIND_DEBUG -endif - -if WARMSTART -INCLUDES += -DWARMSTART -endif - -if LIBWRAP -INCLUDES += -DLIBWRAP -endif - - -bin_PROGRAMS = rpcbind rpcinfo - -rpcbind_SOURCES = check_bound.c rpcbind.c \ - rpcb_svc_4.c rpcb_svc_com.c \ - util.c pmap_svc.c rpcb_stat.c \ - rpcb_svc.c security.c warmstart.c \ - rpcbind.h - -rpcinfo_SOURCES = rpcinfo.c -rpcinfo_LDFLAGS = -lpthread -ltirpc -rpcinfo_LDADD = $(LIB_TIRPC) - - -rpcbind_LDFLAGS = -lpthread -ltirpc -rpcbind_LDADD = $(LIB_TIRPC) -AM_CPPFLAGS = -I/usr/include/tirpc -DCHECK_LOCAL -DPORTMAP \ - -DFACILITY=LOG_MAIL -DSEVERITY=LOG_INFO - diff --git a/src/config.h.in b/src/config.h.in deleted file mode 100644 index 67a0e39..0000000 --- a/src/config.h.in +++ /dev/null @@ -1,105 +0,0 @@ -/* config.h.in. Generated from configure.in by autoheader. */ - -/* Define to 1 if you have the header file. */ -#undef HAVE_ARPA_INET_H - -/* Define to 1 if you have the header file, and it defines `DIR'. - */ -#undef HAVE_DIRENT_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_FCNTL_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_INTTYPES_H - -/* Define to 1 if you have the `pthread' library (-lpthread). */ -#undef HAVE_LIBPTHREAD - -/* Define to 1 if you have the `tirpc' library (-ltirpc). */ -#undef HAVE_LIBTIRPC - -/* Define to 1 if you have the header file. */ -#undef HAVE_MEMORY_H - -/* Define to 1 if you have the header file, and it defines `DIR'. */ -#undef HAVE_NDIR_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_NETDB_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_NETINET_IN_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_STDINT_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_STDLIB_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_STRINGS_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_STRING_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_SYSLOG_H - -/* Define to 1 if you have the header file, and it defines `DIR'. - */ -#undef HAVE_SYS_DIR_H - -/* Define to 1 if you have the header file, and it defines `DIR'. - */ -#undef HAVE_SYS_NDIR_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_SYS_PARAM_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_SYS_SOCKET_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_SYS_STAT_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_SYS_TIME_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_SYS_TYPES_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_UNISTD_H - -/* Name of package */ -#undef PACKAGE - -/* Define to the address where bug reports for this package should be sent. */ -#undef PACKAGE_BUGREPORT - -/* Define to the full name of this package. */ -#undef PACKAGE_NAME - -/* Define to the full name and version of this package. */ -#undef PACKAGE_STRING - -/* Define to the one symbol short name of this package. */ -#undef PACKAGE_TARNAME - -/* Define to the version of this package. */ -#undef PACKAGE_VERSION - -/* Define to 1 if you have the ANSI C header files. */ -#undef STDC_HEADERS - -/* Version number of package */ -#undef VERSION - -/* This defines the location where the state files will be kept for warm - starts */ -#undef RPCBIND_STATEDIR - -/* This defines the uid to run as */ -#undef RPCBIND_USER - diff --git a/src/pmap_svc.c b/src/pmap_svc.c index 4736700..337e64d 100644 --- a/src/pmap_svc.c +++ b/src/pmap_svc.c @@ -80,7 +80,7 @@ pmap_service(struct svc_req *rqstp, SVCXPRT *xprt) if (debugging) fprintf(stderr, "PMAPPROC_NULL\n"); #endif - check_access(xprt, rqstp->rq_proc, NULL, PMAPVERS); + check_access(xprt, rqstp->rq_proc, 0, PMAPVERS); if ((!svc_sendreply(xprt, (xdrproc_t) xdr_void, NULL)) && debugging) { if (doabort) { @@ -201,11 +201,11 @@ pmapproc_change(struct svc_req *rqstp /*__unused*/, SVCXPRT *xprt, unsigned long reg.pm_prog, reg.pm_vers); #endif - if (!check_access(xprt, op, ®, PMAPVERS)) { + if (!check_access(xprt, op, reg.pm_prog, PMAPVERS)) { svcerr_weakauth(xprt); return (FALSE); } - + rpcbreg.r_prog = reg.pm_prog; rpcbreg.r_vers = reg.pm_vers; @@ -276,7 +276,7 @@ pmapproc_getport(struct svc_req *rqstp /*__unused*/, SVCXPRT *xprt) return (FALSE); } - if (!check_access(xprt, PMAPPROC_GETPORT, ®, PMAPVERS)) { + if (!check_access(xprt, PMAPPROC_GETPORT, reg.pm_prog, PMAPVERS)) { svcerr_weakauth(xprt); return FALSE; } @@ -340,7 +340,7 @@ pmapproc_dump(struct svc_req *rqstp /*__unused*/, SVCXPRT *xprt) return (FALSE); } - if (!check_access(xprt, PMAPPROC_DUMP, NULL, PMAPVERS)) { + if (!check_access(xprt, PMAPPROC_DUMP, 0, PMAPVERS)) { svcerr_weakauth(xprt); return FALSE; } diff --git a/src/rpcb_svc.c b/src/rpcb_svc.c index 0514ba5..e350f85 100644 --- a/src/rpcb_svc.c +++ b/src/rpcb_svc.c @@ -75,6 +75,7 @@ rpcb_service_3(struct svc_req *rqstp, SVCXPRT *transp) char *result; xdrproc_t xdr_argument, xdr_result; void *(*local) __P((void *, struct svc_req *, SVCXPRT *, rpcvers_t)); + rpcprog_t setprog = 0; rpcbs_procinfo(RPCBVERS_3_STAT, rqstp->rq_proc); @@ -88,7 +89,7 @@ rpcb_service_3(struct svc_req *rqstp, SVCXPRT *transp) fprintf(stderr, "RPCBPROC_NULL\n"); #endif /* This call just logs, no actual checks */ - check_access(transp, rqstp->rq_proc, NULL, RPCBVERS); + check_access(transp, rqstp->rq_proc, 0, RPCBVERS); (void) svc_sendreply(transp, (xdrproc_t)xdr_void, (char *)NULL); return; @@ -166,7 +167,13 @@ rpcb_service_3(struct svc_req *rqstp, SVCXPRT *transp) (void) fprintf(stderr, "rpcbind: could not decode\n"); return; } - if (!check_access(transp, rqstp->rq_proc, &argument, RPCBVERS)) { + + if (rqstp->rq_proc == RPCBPROC_SET + || rqstp->rq_proc == RPCBPROC_UNSET + || rqstp->rq_proc == RPCBPROC_GETADDR) + setprog = argument.rpcbproc_set_3_arg.r_prog; + + if (!check_access(transp, rqstp->rq_proc, setprog, RPCBVERS)) { svcerr_weakauth(transp); goto done; } diff --git a/src/rpcb_svc_4.c b/src/rpcb_svc_4.c index 9fd5bef..313e6d1 100644 --- a/src/rpcb_svc_4.c +++ b/src/rpcb_svc_4.c @@ -78,6 +78,7 @@ rpcb_service_4(struct svc_req *rqstp, SVCXPRT *transp) char *result; xdrproc_t xdr_argument, xdr_result; void *(*local) __P((void *, struct svc_req *, SVCXPRT *, rpcvers_t)); + rpcprog_t setprog = 0; rpcbs_procinfo(RPCBVERS_4_STAT, rqstp->rq_proc); @@ -90,7 +91,7 @@ rpcb_service_4(struct svc_req *rqstp, SVCXPRT *transp) if (debugging) fprintf(stderr, "RPCBPROC_NULL\n"); #endif - check_access(transp, rqstp->rq_proc, NULL, RPCBVERS4); + check_access(transp, rqstp->rq_proc, 0, RPCBVERS4); (void) svc_sendreply(transp, (xdrproc_t) xdr_void, (char *)NULL); return; @@ -220,7 +221,13 @@ rpcb_service_4(struct svc_req *rqstp, SVCXPRT *transp) (void) fprintf(stderr, "rpcbind: could not decode\n"); return; } - if (!check_access(transp, rqstp->rq_proc, &argument, RPCBVERS4)) { + + if (rqstp->rq_proc == RPCBPROC_SET + || rqstp->rq_proc == RPCBPROC_UNSET + || rqstp->rq_proc == RPCBPROC_GETADDR) + setprog = argument.rpcbproc_set_4_arg.r_prog; + + if (!check_access(transp, rqstp->rq_proc, setprog, RPCBVERS4)) { svcerr_weakauth(transp); goto done; } diff --git a/src/rpcb_svc_com.c b/src/rpcb_svc_com.c index 291421f..f6bd6bd 100644 --- a/src/rpcb_svc_com.c +++ b/src/rpcb_svc_com.c @@ -1227,6 +1227,8 @@ send_svcsyserr(SVCXPRT *xprt, struct finfo *fi) return; } +extern SVCAUTH svc_auth_none; + static void handle_reply(int fd, SVCXPRT *xprt) { @@ -1293,7 +1295,10 @@ handle_reply(int fd, SVCXPRT *xprt) a.rmt_localvers = fi->versnum; xprt_set_caller(xprt, fi); + xprt->xp_auth = &svc_auth_none; svc_sendreply(xprt, (xdrproc_t) xdr_rmtcall_result, (char *) &a); + SVCAUTH_DESTROY(xprt->xp_auth); + xprt->xp_auth = NULL; done: if (buffer) free(buffer); @@ -1372,10 +1377,13 @@ static char * getowner(SVCXPRT *transp, char *owner, size_t ownersize) { uid_t uid; - - if (__rpc_get_local_uid(transp, &uid) < 0) - snprintf(owner, ownersize, "unknown"); - else if (uid == 0) + + if (__rpc_get_local_uid(transp, &uid) < 0) { + if (is_localroot(svc_getrpccaller(transp))) + snprintf(owner, ownersize, "superuser"); + else + snprintf(owner, ownersize, "unknown"); + } else if (uid == 0) snprintf(owner, ownersize, "superuser"); else snprintf(owner, ownersize, "%d", uid); diff --git a/src/rpcbind.c b/src/rpcbind.c index 525ffba..9a0504d 100644 --- a/src/rpcbind.c +++ b/src/rpcbind.c @@ -68,7 +68,6 @@ #include #include #include -#include "config.h" #include "rpcbind.h" /*#define RPCBIND_DEBUG*/ @@ -77,6 +76,7 @@ int debugging = 0; /* Tell me what's going on */ int doabort = 0; /* When debugging, do an abort on errors */ +int dofork = 1; /* fork? */ rpcblist_ptr list_rbl; /* A list of version 3/4 rpcbind services */ @@ -213,8 +213,8 @@ main(int argc, char *argv[]) printf("\n"); } #endif - } else { - if (daemon(0, 0)) + } else if (dofork) { + if (daemon(0, 0)) err(1, "fork failed"); } @@ -236,6 +236,10 @@ main(int argc, char *argv[]) syslog(LOG_ERR, "setgid to '%s' (%d) failed: %m", id, p->pw_gid); exit(1); } + if (setgroups(0, NULL) == -1) { + syslog(LOG_ERR, "dropping supplemental groups failed: %m"); + exit(1); + } if (setuid(p->pw_uid) == -1) { syslog(LOG_ERR, "setuid to '%s' (%d) failed: %m", id, p->pw_uid); exit(1); @@ -276,6 +280,7 @@ init_transport(struct netconfig *nconf) int addrlen = 0; int nhostsbak; int checkbind; + int on = 1; struct sockaddr *sa = NULL; u_int32_t host_addr[4]; /* IPv4 or IPv6 */ struct sockaddr_un sun; @@ -493,6 +498,14 @@ init_transport(struct netconfig *nconf) } oldmask = umask(S_IXUSR|S_IXGRP|S_IXOTH); __rpc_fd2sockinfo(fd, &si); + if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &on, + sizeof(on)) != 0) { + syslog(LOG_ERR, "cannot set SO_REUSEADDR on %s", + nconf->nc_netid); + if (res != NULL) + freeaddrinfo(res); + return 1; + } if (bind(fd, sa, addrlen) < 0) { syslog(LOG_ERR, "cannot bind %s: %m", nconf->nc_netid); if (res != NULL) @@ -731,7 +744,7 @@ parseargs(int argc, char *argv[]) { int c; oldstyle_local = 1; - while ((c = getopt(argc, argv, "dwah:ils")) != -1) { + while ((c = getopt(argc, argv, "adh:ilswf")) != -1) { switch (c) { case 'a': doabort = 1; /* when debugging, do an abort on */ @@ -758,13 +771,16 @@ parseargs(int argc, char *argv[]) case 's': runasdaemon = 1; break; + case 'f': + dofork = 0; + break; #ifdef WARMSTART case 'w': warmstart = 1; break; #endif default: /* error */ - fprintf(stderr, "usage: rpcbind [-Idwils]\n"); + fprintf(stderr, "usage: rpcbind [-adhilswf]\n"); exit (1); } } diff --git a/src/rpcbind.h b/src/rpcbind.h index c800577..74f9591 100644 --- a/src/rpcbind.h +++ b/src/rpcbind.h @@ -119,7 +119,7 @@ void rpcbind_abort(void); void reap(int); void toggle_verboselog(int); -int check_access(SVCXPRT *, rpcproc_t, void *, unsigned int); +int check_access(SVCXPRT *, rpcproc_t, rpcprog_t, unsigned int); int check_callit(SVCXPRT *, struct r_rmtcall_args *, int); void logit(int, struct sockaddr *, rpcproc_t, rpcprog_t, const char *); int is_loopback(struct netbuf *); diff --git a/src/security.c b/src/security.c index 0edeac6..d272f74 100644 --- a/src/security.c +++ b/src/security.c @@ -62,34 +62,21 @@ int log_severity = PORTMAP_LOG_FACILITY|PORTMAP_LOG_SEVERITY; extern int verboselog; int -check_access(SVCXPRT *xprt, rpcproc_t proc, void *args, unsigned int rpcbvers) +check_access(SVCXPRT *xprt, rpcproc_t proc, rpcprog_t prog, unsigned int rpcbvers) { struct netbuf *caller = svc_getrpccaller(xprt); struct sockaddr *addr = (struct sockaddr *)caller->buf; #ifdef LIBWRAP struct request_info req; #endif - rpcprog_t prog = 0; - rpcb *rpcbp; - struct pmap *pmap; /* * The older PMAP_* equivalents have the same numbers, so * they are accounted for here as well. */ switch (proc) { - case RPCBPROC_GETADDR: case RPCBPROC_SET: case RPCBPROC_UNSET: - if (rpcbvers > PMAPVERS) { - rpcbp = (rpcb *)args; - prog = rpcbp->r_prog; - } else { - pmap = (struct pmap *)args; - prog = pmap->pm_prog; - } - if (proc == RPCBPROC_GETADDR) - break; if (!insecure && !is_loopback(caller)) { #ifdef RPCBIND_DEBUG if (debugging) @@ -101,6 +88,7 @@ check_access(SVCXPRT *xprt, rpcproc_t proc, void *args, unsigned int rpcbvers) return 0; } break; + case RPCBPROC_GETADDR: case RPCBPROC_CALLIT: case RPCBPROC_INDIRECT: case RPCBPROC_DUMP: @@ -150,8 +138,7 @@ is_loopback(struct netbuf *nbuf) "Checking caller's adress (port = %d)\n", ntohs(sin->sin_port)); #endif - return ((sin->sin_addr.s_addr == htonl(INADDR_LOOPBACK)) && - (ntohs(sin->sin_port) < IPPORT_RESERVED)); + return (sin->sin_addr.s_addr == htonl(INADDR_LOOPBACK)); #ifdef INET6 case AF_INET6: if (!oldstyle_local) @@ -163,10 +150,9 @@ is_loopback(struct netbuf *nbuf) "Checking caller's adress (port = %d)\n", ntohs(sin6->sin6_port)); #endif - return ((IN6_IS_ADDR_LOOPBACK(&sin6->sin6_addr) || + return (IN6_IS_ADDR_LOOPBACK(&sin6->sin6_addr) || (IN6_IS_ADDR_V4MAPPED(&sin6->sin6_addr) && - sin6->sin6_addr.s6_addr32[3] == htonl(INADDR_LOOPBACK))) && - (ntohs(sin6->sin6_port) < IPV6PORT_RESERVED)); + sin6->sin6_addr.s6_addr32[3] == htonl(INADDR_LOOPBACK))); #endif case AF_LOCAL: return 1; diff --git a/src/warmstart.c b/src/warmstart.c index 25e5d89..d1bb971 100644 --- a/src/warmstart.c +++ b/src/warmstart.c @@ -46,7 +46,6 @@ #include #include -#include "config.h" #include "rpcbind.h" #ifndef RPCBIND_STATEDIR