From c8f78a53b340a779e6e8e1aa30c3e9cb0228d87d Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Sat, 26 Jan 2013 17:18:09 +0000 Subject: [PATCH] rpcbind: New package. This package is needed by nfs-utils. --- rpcbind/patches/rpcbind-0_2_1-rc4.patch | 1093 +++++++++++++++++++++++ rpcbind/rpcbind.nm | 99 ++ rpcbind/systemd/rpcbind.service | 12 + rpcbind/systemd/rpcbind.socket | 8 + 4 files changed, 1212 insertions(+) create mode 100644 rpcbind/patches/rpcbind-0_2_1-rc4.patch create mode 100644 rpcbind/rpcbind.nm create mode 100644 rpcbind/systemd/rpcbind.service create mode 100644 rpcbind/systemd/rpcbind.socket diff --git a/rpcbind/patches/rpcbind-0_2_1-rc4.patch b/rpcbind/patches/rpcbind-0_2_1-rc4.patch new file mode 100644 index 000000000..44b8cb942 --- /dev/null +++ b/rpcbind/patches/rpcbind-0_2_1-rc4.patch @@ -0,0 +1,1093 @@ +diff --git a/.gitignore b/.gitignore +index 5a7546c..bee4bab 100644 +--- a/.gitignore ++++ b/.gitignore +@@ -1,3 +1,4 @@ ++INSTALL + Makefile + Makefile.in + aclocal.m4 +@@ -13,18 +14,14 @@ depcomp + install-sh + libtool + ltmain.sh +-man/Makefile +-man/Makefile.in + missing +-src/.deps/ +-src/Makefile +-src/Makefile.in + src/config.h + src/stamp-h2 + stamp-h1 + # file generated during compilation ++.deps + *.o +-src/rpcbind +-src/rpcinfo ++rpcbind ++rpcinfo + # cscope database files + cscope.* +diff --git a/INSTALL b/INSTALL +index 98e5d87..7d1c323 100644 +--- a/INSTALL ++++ b/INSTALL +@@ -1,32 +1,25 @@ +-Copyright 1994, 1995, 1996, 1999, 2000, 2001, 2002 Free Software +-Foundation, Inc. ++Installation Instructions ++************************* + +- This file is free documentation; the Free Software Foundation gives +-unlimited permission to copy, distribute and modify it. +- +- +-rpcbind Quick Installation +-========================== +- +-$ ./configure +-$ make +-# make install +- +- The install phase will install the rpcbind and rpcinfo commands +-under /usr/bin. If you wish they replace the basic portmap and +-rpcinfo commands, you can run: +- +-# mv /sbin/portmap /sbin/portmap.sav +-# ln -s /usr/bin/rpcbind /sbin/portmap +- +-# mv /usr/sbin/rpcinfo /usr/sbin/rpcinfo.sav +-# ln -s /usr/bin/rpcinfo /usr/sbin/rpcinfo ++Copyright (C) 1994, 1995, 1996, 1999, 2000, 2001, 2002, 2004, 2005, ++2006, 2007, 2008, 2009 Free Software Foundation, Inc. + ++ Copying and distribution of this file, with or without modification, ++are permitted in any medium without royalty provided the copyright ++notice and this notice are preserved. This file is offered as-is, ++without warranty of any kind. + + Basic Installation + ================== + +- These are generic installation instructions. ++ Briefly, the shell commands `./configure; make; make install' should ++configure, build, and install this package. The following ++more-detailed instructions are generic; see the `README' file for ++instructions specific to this package. Some packages provide this ++`INSTALL' file but do not implement all of the features documented ++below. The lack of an optional feature in a given package is not ++necessarily a bug. More recommendations for GNU packages can be found ++in *note Makefile Conventions: (standards)Makefile Conventions. + + The `configure' shell script attempts to guess correct values for + various system-dependent variables used during compilation. It uses +@@ -39,9 +32,9 @@ debugging `configure'). + + It can also use an optional file (typically called `config.cache' + and enabled with `--cache-file=config.cache' or simply `-C') that saves +-the results of its tests to speed up reconfiguring. (Caching is ++the results of its tests to speed up reconfiguring. Caching is + disabled by default to prevent problems with accidental use of stale +-cache files.) ++cache files. + + If you need to do unusual things to compile the package, please try + to figure out how `configure' could check whether to do them, and mail +@@ -51,30 +44,37 @@ some point `config.cache' contains results you don't want to keep, you + may remove or edit it. + + The file `configure.ac' (or `configure.in') is used to create +-`configure' by a program called `autoconf'. You only need +-`configure.ac' if you want to change it or regenerate `configure' using +-a newer version of `autoconf'. ++`configure' by a program called `autoconf'. You need `configure.ac' if ++you want to change it or regenerate `configure' using a newer version ++of `autoconf'. + +-The simplest way to compile this package is: ++ The simplest way to compile this package is: + + 1. `cd' to the directory containing the package's source code and type +- `./configure' to configure the package for your system. If you're +- using `csh' on an old version of System V, you might need to type +- `sh ./configure' instead to prevent `csh' from trying to execute +- `configure' itself. ++ `./configure' to configure the package for your system. + +- Running `configure' takes awhile. While running, it prints some +- messages telling which features it is checking for. ++ Running `configure' might take a while. While running, it prints ++ some messages telling which features it is checking for. + + 2. Type `make' to compile the package. + + 3. Optionally, type `make check' to run any self-tests that come with +- the package. ++ the package, generally using the just-built uninstalled binaries. + + 4. Type `make install' to install the programs and any data files and +- documentation. +- +- 5. You can remove the program binaries and object files from the ++ documentation. When installing into a prefix owned by root, it is ++ recommended that the package be configured and built as a regular ++ user, and only the `make install' phase executed with root ++ privileges. ++ ++ 5. Optionally, type `make installcheck' to repeat any self-tests, but ++ this time using the binaries in their final installed location. ++ This target does not install anything. Running this target as a ++ regular user, particularly if the prior `make install' required ++ root privileges, verifies that the installation completed ++ correctly. ++ ++ 6. You can remove the program binaries and object files from the + source code directory by typing `make clean'. To also remove the + files that `configure' created (so you can compile the package for + a different kind of computer), type `make distclean'. There is +@@ -83,6 +83,16 @@ The simplest way to compile this package is: + all sorts of other programs in order to regenerate files that came + with the distribution. + ++ 7. Often, you can also type `make uninstall' to remove the installed ++ files again. In practice, not all packages have tested that ++ uninstallation works correctly, even though it is required by the ++ GNU Coding Standards. ++ ++ 8. Some packages, particularly those that use Automake, provide `make ++ distcheck', which can by used by developers to test that all other ++ targets like `make install' and `make uninstall' work correctly. ++ This target is generally not run by end users. ++ + Compilers and Options + ===================== + +@@ -94,7 +104,7 @@ for details on some of the pertinent environment variables. + by setting variables in the command line or in the environment. Here + is an example: + +- ./configure CC=c89 CFLAGS=-O2 LIBS=-lposix ++ ./configure CC=c99 CFLAGS=-g LIBS=-lposix + + *Note Defining Variables::, for more details. + +@@ -103,44 +113,89 @@ Compiling For Multiple Architectures + + You can compile the package for more than one kind of computer at the + same time, by placing the object files for each architecture in their +-own directory. To do this, you must use a version of `make' that +-supports the `VPATH' variable, such as GNU `make'. `cd' to the ++own directory. To do this, you can use GNU `make'. `cd' to the + directory where you want the object files and executables to go and run + the `configure' script. `configure' automatically checks for the +-source code in the directory that `configure' is in and in `..'. ++source code in the directory that `configure' is in and in `..'. This ++is known as a "VPATH" build. + +- If you have to use a `make' that does not support the `VPATH' +-variable, you have to compile the package for one architecture at a +-time in the source code directory. After you have installed the +-package for one architecture, use `make distclean' before reconfiguring +-for another architecture. ++ With a non-GNU `make', it is safer to compile the package for one ++architecture at a time in the source code directory. After you have ++installed the package for one architecture, use `make distclean' before ++reconfiguring for another architecture. ++ ++ On MacOS X 10.5 and later systems, you can create libraries and ++executables that work on multiple system types--known as "fat" or ++"universal" binaries--by specifying multiple `-arch' options to the ++compiler but only a single `-arch' option to the preprocessor. Like ++this: ++ ++ ./configure CC="gcc -arch i386 -arch x86_64 -arch ppc -arch ppc64" \ ++ CXX="g++ -arch i386 -arch x86_64 -arch ppc -arch ppc64" \ ++ CPP="gcc -E" CXXCPP="g++ -E" ++ ++ This is not guaranteed to produce working output in all cases, you ++may have to build one architecture at a time and combine the results ++using the `lipo' tool if you have problems. + + Installation Names + ================== + +- By default, `make install' will install the package's files in +-`/usr/local/bin', `/usr/local/man', etc. You can specify an +-installation prefix other than `/usr/local' by giving `configure' the +-option `--prefix=PATH'. ++ By default, `make install' installs the package's commands under ++`/usr/local/bin', include files under `/usr/local/include', etc. You ++can specify an installation prefix other than `/usr/local' by giving ++`configure' the option `--prefix=PREFIX', where PREFIX must be an ++absolute file name. + + You can specify separate installation prefixes for + architecture-specific files and architecture-independent files. If you +-give `configure' the option `--exec-prefix=PATH', the package will use +-PATH as the prefix for installing programs and libraries. +-Documentation and other data files will still use the regular prefix. ++pass the option `--exec-prefix=PREFIX' to `configure', the package uses ++PREFIX as the prefix for installing programs and libraries. ++Documentation and other data files still use the regular prefix. + + In addition, if you use an unusual directory layout you can give +-options like `--bindir=PATH' to specify different values for particular ++options like `--bindir=DIR' to specify different values for particular + kinds of files. Run `configure --help' for a list of the directories +-you can set and what kinds of files go in them. ++you can set and what kinds of files go in them. In general, the ++default for these options is expressed in terms of `${prefix}', so that ++specifying just `--prefix' will affect all of the other directory ++specifications that were not explicitly provided. ++ ++ The most portable way to affect installation locations is to pass the ++correct locations to `configure'; however, many packages provide one or ++both of the following shortcuts of passing variable assignments to the ++`make install' command line to change installation locations without ++having to reconfigure or recompile. ++ ++ The first method involves providing an override variable for each ++affected directory. For example, `make install ++prefix=/alternate/directory' will choose an alternate location for all ++directory configuration variables that were expressed in terms of ++`${prefix}'. Any directories that were specified during `configure', ++but not in terms of `${prefix}', must each be overridden at install ++time for the entire installation to be relocated. The approach of ++makefile variable overrides for each directory variable is required by ++the GNU Coding Standards, and ideally causes no recompilation. ++However, some platforms have known limitations with the semantics of ++shared libraries that end up requiring recompilation when using this ++method, particularly noticeable in packages that use GNU Libtool. ++ ++ The second method involves providing the `DESTDIR' variable. For ++example, `make install DESTDIR=/alternate/directory' will prepend ++`/alternate/directory' before all installation names. The approach of ++`DESTDIR' overrides is not required by the GNU Coding Standards, and ++does not work on platforms that have drive letters. On the other hand, ++it does better at avoiding recompilation issues, and works well even ++when some directory options were not specified in terms of `${prefix}' ++at `configure' time. ++ ++Optional Features ++================= + + If the package supports it, you can cause programs to be installed + with an extra prefix or suffix on their names by giving `configure' the + option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'. + +-Optional Features +-================= +- + Some packages pay attention to `--enable-FEATURE' options to + `configure', where FEATURE indicates an optional part of the package. + They may also pay attention to `--with-PACKAGE' options, where PACKAGE +@@ -153,6 +208,45 @@ find the X include and library files automatically, but if it doesn't, + you can use the `configure' options `--x-includes=DIR' and + `--x-libraries=DIR' to specify their locations. + ++ Some packages offer the ability to configure how verbose the ++execution of `make' will be. For these packages, running `./configure ++--enable-silent-rules' sets the default to minimal output, which can be ++overridden with `make V=1'; while running `./configure ++--disable-silent-rules' sets the default to verbose, which can be ++overridden with `make V=0'. ++ ++Particular systems ++================== ++ ++ On HP-UX, the default C compiler is not ANSI C compatible. If GNU ++CC is not installed, it is recommended to use the following options in ++order to use an ANSI C compiler: ++ ++ ./configure CC="cc -Ae -D_XOPEN_SOURCE=500" ++ ++and if that doesn't work, install pre-built binaries of GCC for HP-UX. ++ ++ On OSF/1 a.k.a. Tru64, some versions of the default C compiler cannot ++parse its `' header file. The option `-nodtk' can be used as ++a workaround. If GNU CC is not installed, it is therefore recommended ++to try ++ ++ ./configure CC="cc" ++ ++and if that doesn't work, try ++ ++ ./configure CC="cc -nodtk" ++ ++ On Solaris, don't put `/usr/ucb' early in your `PATH'. This ++directory contains several dysfunctional programs; working variants of ++these programs are available in `/usr/bin'. So, if you need `/usr/ucb' ++in your `PATH', put it _after_ `/usr/bin'. ++ ++ On Haiku, software installed for all users goes in `/boot/common', ++not `/usr/local'. It is recommended to use the following options: ++ ++ ./configure --prefix=/boot/common ++ + Specifying the System Type + ========================== + +@@ -168,14 +262,15 @@ type, such as `sun4', or a canonical name which has the form: + + where SYSTEM can have one of these forms: + +- OS KERNEL-OS ++ OS ++ KERNEL-OS + + See the file `config.sub' for the possible values of each field. If + `config.sub' isn't included in this package, then this package doesn't + need to know the machine type. + + If you are _building_ compiler tools for cross-compiling, you should +-use the `--target=TYPE' option to select the type of system they will ++use the option `--target=TYPE' to select the type of system they will + produce code for. + + If you want to _use_ a cross compiler, that generates code for a +@@ -205,9 +300,14 @@ them in the `configure' command line, using `VAR=value'. For example: + + ./configure CC=/usr/local2/bin/gcc + +-will cause the specified gcc to be used as the C compiler (unless it is ++causes the specified `gcc' to be used as the C compiler (unless it is + overridden in the site shell script). + ++Unfortunately, this technique does not work for `CONFIG_SHELL' due to ++an Autoconf bug. Until the bug is fixed you can use this workaround: ++ ++ CONFIG_SHELL=/bin/bash /bin/bash ./configure CONFIG_SHELL=/bin/bash ++ + `configure' Invocation + ====================== + +@@ -216,7 +316,14 @@ operates. + + `--help' + `-h' +- Print a summary of the options to `configure', and exit. ++ Print a summary of all of the options to `configure', and exit. ++ ++`--help=short' ++`--help=recursive' ++ Print a summary of the options unique to this package's ++ `configure', and exit. The `short' variant lists options used ++ only in the top level, while the `recursive' variant lists options ++ also present in any nested packages. + + `--version' + `-V' +@@ -243,6 +350,16 @@ operates. + Look for the package's source code in directory DIR. Usually + `configure' can determine that directory automatically. + ++`--prefix=DIR' ++ Use DIR as the installation prefix. *note Installation Names:: ++ for more details, including other options available for fine-tuning ++ the installation locations. ++ ++`--no-create' ++`-n' ++ Run the configure checks, but stop before creating any output ++ files. ++ + `configure' also accepts some other, not widely useful, options. Run + `configure --help' for more details. + +diff --git a/Makefile.am b/Makefile.am +index cd56148..d10c906 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -1,2 +1,44 @@ +-SUBDIRS= src man ++AM_CPPFLAGS = \ ++ -DCHECK_LOCAL \ ++ -DPORTMAP \ ++ -DFACILITY=LOG_MAIL \ ++ -DSEVERITY=LOG_INFO \ ++ -DINET6 \ ++ -DRPCBIND_STATEDIR="\"$(statedir)\"" \ ++ -DRPCBIND_USER="\"$(rpcuser)\"" \ ++ -D_GNU_SOURCE \ ++ $(TIRPC_CFLAGS) + ++if DEBUG ++AM_CPPFLAGS += -DRPCBIND_DEBUG -DSVC_RUN_DEBUG -DDEBUG_RMTCALL ++AM_CPPFLAGS += -DND_DEBUG -DBIND_DEBUG ++endif ++ ++if WARMSTART ++AM_CPPFLAGS += -DWARMSTART ++endif ++ ++if LIBWRAP ++AM_CPPFLAGS += -DLIBWRAP ++endif ++ ++bin_PROGRAMS = rpcbind rpcinfo ++ ++rpcbind_SOURCES = \ ++ src/check_bound.c \ ++ src/pmap_svc.c \ ++ src/rpcb_stat.c \ ++ src/rpcb_svc.c \ ++ src/rpcb_svc_4.c \ ++ src/rpcb_svc_com.c \ ++ src/rpcbind.c \ ++ src/rpcbind.h \ ++ src/security.c \ ++ src/util.c \ ++ src/warmstart.c ++rpcbind_LDADD = $(TIRPC_LIBS) ++ ++rpcinfo_SOURCES = src/rpcinfo.c ++rpcinfo_LDADD = $(TIRPC_LIBS) ++ ++dist_man8_MANS = man/rpcbind.8 man/rpcinfo.8 +diff --git a/autogen.sh b/autogen.sh +index 1613b6d..761db90 100755 +--- a/autogen.sh ++++ b/autogen.sh +@@ -36,7 +36,7 @@ if test x"${1}" = x"clean"; then + fi + + aclocal +-libtoolize --force --copy +-autoheader ++#libtoolize --force --copy ++#autoheader + automake --add-missing --copy --gnu # -Wall + autoconf # -Wall +diff --git a/configure.in b/configure.in +index de1c730..2b67720 100644 +--- a/configure.in ++++ b/configure.in +@@ -1,66 +1,39 @@ +- AC_INIT(rpcbind, 0.2.0) ++AC_INIT(rpcbind, 0.2.0) + +- AM_INIT_AUTOMAKE +-# AM_MAINTAINER_MODE ++AM_INIT_AUTOMAKE + AC_CONFIG_SRCDIR([src/rpcbind.c]) +- AC_PROG_CC +- AM_CONFIG_HEADER(config.h) +- AC_HEADER_DIRENT +- AC_PREFIX_DEFAULT(/usr) +- +-AC_CONFIG_SRCDIR([src/config.h.in]) +-AC_CONFIG_HEADERS([src/config.h]) +- +-AC_PROG_LIBTOOL +- +-AC_ARG_ENABLE(debug,[ --enable-debug Turns on rpcbind debugging], +- [case "${enableval}" in +- yes) debug=true ;; +- no) debug=no ;; +- *) AC_MSG_ERROR(bad value ${enableval} for --enable-debug) ;; +- esac],[debug=false]) +-AM_CONDITIONAL(DEBUG, test x$debug = xtrue) +- +-AC_ARG_ENABLE(warmstarts,[ --enable-warmstarts Enables Warm Starts], +- [case "${enableval}" in +- yes) warmstarts=true ;; +- no) warmstarts=no ;; +- *) AC_MSG_ERROR(bad value ${enableval} for --enable-warmstarts) ;; +- esac],[warmstarts=false]) +-AM_CONDITIONAL(WARMSTART, test x$warmstarts = xtrue) +- +-if test "$warmstarts" = "true" ; then +- AC_ARG_WITH(statedir, +- [ --with-statedir=/foo use state dir /foo [/tmp]], +- statedir=$withval, +- statedir=/tmp) +- AC_SUBST(statedir) +- AC_DEFINE_UNQUOTED(RPCBIND_STATEDIR, "$statedir", [This defines the location where the state files will be kept for warm starts]) +-fi +-AC_ARG_WITH(rpcuser, +- [ --with-rpcuser=user uid to use [root]], +- rpcuser=$withval, +- rpcuser=root) +- AC_SUBST(rpcuser) +-AC_DEFINE_UNQUOTED(RPCBIND_USER, "$rpcuser", [This defines the uid to run as]) ++AC_PREFIX_DEFAULT(/usr) ++AC_PROG_CC ++ ++AC_ARG_ENABLE([libwrap], ++ AS_HELP_STRING([--enable-libwrap], [Enables host name checking through tcpd @<:@default=no@:>@])) ++AM_CONDITIONAL(LIBWRAP, test x$enable_libwrap = xyes) ++ ++AC_ARG_ENABLE([debug], ++ AS_HELP_STRING([--enable-debug], [Turns on rpcbind debugging @<:@default=no@:>@])) ++AM_CONDITIONAL(DEBUG, test x$enable_debug = xyes) ++ ++AC_ARG_ENABLE([warmstarts], ++ AS_HELP_STRING([--enable-warmstarts], [Enables Warm Starts @<:@default=no@:>@])) ++AM_CONDITIONAL(WARMSTART, test x$enable_warmstarts = xyes) ++ ++AC_ARG_WITH([statedir], ++ AS_HELP_STRING([--with-statedir=ARG], [use ARG as state dir @<:@default=/tmp@:>@]) ++ ,, [with_statedir=/tmp]) ++AC_SUBST([statedir], [$with_statedir]) ++ ++AC_ARG_WITH([rpcuser], ++ AS_HELP_STRING([--with-rpcuser=ARG], [use ARG for RPC @<:@default=root@:>@]), ++ ,, [with_rpcuser=root]) ++AC_SUBST([rpcuser], [$with_rpcuser]) ++ ++PKG_CHECK_MODULES([TIRPC], [libtirpc]) + +-AC_CHECK_HEADERS([arpa/inet.h fcntl.h netdb.h \ +- netinet/in.h stdlib.h string.h \ +- sys/param.h sys/socket.h \ +- sys/time.h syslog.h \ +- unistd.h nss.h]) ++AS_IF([test x$enable_libwrap = xyes], [ ++ AC_CHECK_LIB([wrap], [hosts_access], , ++ AC_MSG_ERROR([libwrap support requested but unable to find libwrap])) ++]) + +-AC_CHECK_LIB([pthread], [pthread_create]) +-AC_CHECK_LIB([tirpc], [clnt_create]) +-AC_ARG_ENABLE(libwrap,[ --enable-libwrap Enables host name checking], +- [case "${enableval}" in +- yes) libwarp=true +- AC_CHECK_LIB([wrap], [hosts_access]) ;; +- no) libwarp=no ;; +- *) AC_MSG_ERROR(bad value ${enableval} for --enable-libwrap) ;; +- esac],[libwarp=false]) +-AM_CONDITIONAL(LIBWRAP, test x$libwarp = xtrue) ++AC_SEARCH_LIBS([pthread_create], [pthread]) + +-AC_CONFIG_FILES([Makefile src/Makefile man/Makefile]) +-AC_OUTPUT() +- ++AC_OUTPUT([Makefile]) +diff --git a/man/Makefile.am b/man/Makefile.am +deleted file mode 100644 +index 84818e9..0000000 +--- a/man/Makefile.am ++++ /dev/null +@@ -1,2 +0,0 @@ +-man8_MANS = rpcbind.8 +-EXTRA_DIST = $(man8_MANS) +diff --git a/man/rpcbind.8 b/man/rpcbind.8 +index 32806d4..da32701 100644 +--- a/man/rpcbind.8 ++++ b/man/rpcbind.8 +@@ -82,6 +82,8 @@ during operation, and will abort on certain errors if + is also specified. + With this option, the name-to-address translation consistency + checks are shown in detail. ++.It Fl f ++Do not fork and become a background process. + .It Fl h + Specify specific IP addresses to bind to for UDP requests. + This option +@@ -141,7 +143,6 @@ All RPC servers must be restarted if + .Nm + is restarted. + .Sh SEE ALSO +-.Xr rpcbind 3 , + .Xr rpcinfo 8 + .Sh LINUX PORT + .Bl Aurelien Charbon +diff --git a/src/Makefile.am b/src/Makefile.am +deleted file mode 100644 +index cc0a85b..0000000 +--- a/src/Makefile.am ++++ /dev/null +@@ -1,34 +0,0 @@ +-INCLUDES = -I$(srcdir)/tirpc -DPORTMAP -DINET6 -DVERSION="\"$(VERSION)\"" \ +- -D_GNU_SOURCE -Wall -pipe +-if DEBUG +-INCLUDES += -DRPCBIND_DEBUG -DSVC_RUN_DEBUG -DDEBUG_RMTCALL +-INCLUDES += -DND_DEBUG -DBIND_DEBUG +-endif +- +-if WARMSTART +-INCLUDES += -DWARMSTART +-endif +- +-if LIBWRAP +-INCLUDES += -DLIBWRAP +-endif +- +- +-bin_PROGRAMS = rpcbind rpcinfo +- +-rpcbind_SOURCES = check_bound.c rpcbind.c \ +- rpcb_svc_4.c rpcb_svc_com.c \ +- util.c pmap_svc.c rpcb_stat.c \ +- rpcb_svc.c security.c warmstart.c \ +- rpcbind.h +- +-rpcinfo_SOURCES = rpcinfo.c +-rpcinfo_LDFLAGS = -lpthread -ltirpc +-rpcinfo_LDADD = $(LIB_TIRPC) +- +- +-rpcbind_LDFLAGS = -lpthread -ltirpc +-rpcbind_LDADD = $(LIB_TIRPC) +-AM_CPPFLAGS = -I/usr/include/tirpc -DCHECK_LOCAL -DPORTMAP \ +- -DFACILITY=LOG_MAIL -DSEVERITY=LOG_INFO +- +diff --git a/src/config.h.in b/src/config.h.in +deleted file mode 100644 +index 67a0e39..0000000 +--- a/src/config.h.in ++++ /dev/null +@@ -1,105 +0,0 @@ +-/* config.h.in. Generated from configure.in by autoheader. */ +- +-/* Define to 1 if you have the header file. */ +-#undef HAVE_ARPA_INET_H +- +-/* Define to 1 if you have the header file, and it defines `DIR'. +- */ +-#undef HAVE_DIRENT_H +- +-/* Define to 1 if you have the header file. */ +-#undef HAVE_FCNTL_H +- +-/* Define to 1 if you have the header file. */ +-#undef HAVE_INTTYPES_H +- +-/* Define to 1 if you have the `pthread' library (-lpthread). */ +-#undef HAVE_LIBPTHREAD +- +-/* Define to 1 if you have the `tirpc' library (-ltirpc). */ +-#undef HAVE_LIBTIRPC +- +-/* Define to 1 if you have the header file. */ +-#undef HAVE_MEMORY_H +- +-/* Define to 1 if you have the header file, and it defines `DIR'. */ +-#undef HAVE_NDIR_H +- +-/* Define to 1 if you have the header file. */ +-#undef HAVE_NETDB_H +- +-/* Define to 1 if you have the header file. */ +-#undef HAVE_NETINET_IN_H +- +-/* Define to 1 if you have the header file. */ +-#undef HAVE_STDINT_H +- +-/* Define to 1 if you have the header file. */ +-#undef HAVE_STDLIB_H +- +-/* Define to 1 if you have the header file. */ +-#undef HAVE_STRINGS_H +- +-/* Define to 1 if you have the header file. */ +-#undef HAVE_STRING_H +- +-/* Define to 1 if you have the header file. */ +-#undef HAVE_SYSLOG_H +- +-/* Define to 1 if you have the header file, and it defines `DIR'. +- */ +-#undef HAVE_SYS_DIR_H +- +-/* Define to 1 if you have the header file, and it defines `DIR'. +- */ +-#undef HAVE_SYS_NDIR_H +- +-/* Define to 1 if you have the header file. */ +-#undef HAVE_SYS_PARAM_H +- +-/* Define to 1 if you have the header file. */ +-#undef HAVE_SYS_SOCKET_H +- +-/* Define to 1 if you have the header file. */ +-#undef HAVE_SYS_STAT_H +- +-/* Define to 1 if you have the header file. */ +-#undef HAVE_SYS_TIME_H +- +-/* Define to 1 if you have the header file. */ +-#undef HAVE_SYS_TYPES_H +- +-/* Define to 1 if you have the header file. */ +-#undef HAVE_UNISTD_H +- +-/* Name of package */ +-#undef PACKAGE +- +-/* Define to the address where bug reports for this package should be sent. */ +-#undef PACKAGE_BUGREPORT +- +-/* Define to the full name of this package. */ +-#undef PACKAGE_NAME +- +-/* Define to the full name and version of this package. */ +-#undef PACKAGE_STRING +- +-/* Define to the one symbol short name of this package. */ +-#undef PACKAGE_TARNAME +- +-/* Define to the version of this package. */ +-#undef PACKAGE_VERSION +- +-/* Define to 1 if you have the ANSI C header files. */ +-#undef STDC_HEADERS +- +-/* Version number of package */ +-#undef VERSION +- +-/* This defines the location where the state files will be kept for warm +- starts */ +-#undef RPCBIND_STATEDIR +- +-/* This defines the uid to run as */ +-#undef RPCBIND_USER +- +diff --git a/src/pmap_svc.c b/src/pmap_svc.c +index 4736700..337e64d 100644 +--- a/src/pmap_svc.c ++++ b/src/pmap_svc.c +@@ -80,7 +80,7 @@ pmap_service(struct svc_req *rqstp, SVCXPRT *xprt) + if (debugging) + fprintf(stderr, "PMAPPROC_NULL\n"); + #endif +- check_access(xprt, rqstp->rq_proc, NULL, PMAPVERS); ++ check_access(xprt, rqstp->rq_proc, 0, PMAPVERS); + if ((!svc_sendreply(xprt, (xdrproc_t) xdr_void, NULL)) && + debugging) { + if (doabort) { +@@ -201,11 +201,11 @@ pmapproc_change(struct svc_req *rqstp /*__unused*/, SVCXPRT *xprt, unsigned long + reg.pm_prog, reg.pm_vers); + #endif + +- if (!check_access(xprt, op, ®, PMAPVERS)) { ++ if (!check_access(xprt, op, reg.pm_prog, PMAPVERS)) { + svcerr_weakauth(xprt); + return (FALSE); + } +- ++ + rpcbreg.r_prog = reg.pm_prog; + rpcbreg.r_vers = reg.pm_vers; + +@@ -276,7 +276,7 @@ pmapproc_getport(struct svc_req *rqstp /*__unused*/, SVCXPRT *xprt) + return (FALSE); + } + +- if (!check_access(xprt, PMAPPROC_GETPORT, ®, PMAPVERS)) { ++ if (!check_access(xprt, PMAPPROC_GETPORT, reg.pm_prog, PMAPVERS)) { + svcerr_weakauth(xprt); + return FALSE; + } +@@ -340,7 +340,7 @@ pmapproc_dump(struct svc_req *rqstp /*__unused*/, SVCXPRT *xprt) + return (FALSE); + } + +- if (!check_access(xprt, PMAPPROC_DUMP, NULL, PMAPVERS)) { ++ if (!check_access(xprt, PMAPPROC_DUMP, 0, PMAPVERS)) { + svcerr_weakauth(xprt); + return FALSE; + } +diff --git a/src/rpcb_svc.c b/src/rpcb_svc.c +index 0514ba5..e350f85 100644 +--- a/src/rpcb_svc.c ++++ b/src/rpcb_svc.c +@@ -75,6 +75,7 @@ rpcb_service_3(struct svc_req *rqstp, SVCXPRT *transp) + char *result; + xdrproc_t xdr_argument, xdr_result; + void *(*local) __P((void *, struct svc_req *, SVCXPRT *, rpcvers_t)); ++ rpcprog_t setprog = 0; + + rpcbs_procinfo(RPCBVERS_3_STAT, rqstp->rq_proc); + +@@ -88,7 +89,7 @@ rpcb_service_3(struct svc_req *rqstp, SVCXPRT *transp) + fprintf(stderr, "RPCBPROC_NULL\n"); + #endif + /* This call just logs, no actual checks */ +- check_access(transp, rqstp->rq_proc, NULL, RPCBVERS); ++ check_access(transp, rqstp->rq_proc, 0, RPCBVERS); + (void) svc_sendreply(transp, (xdrproc_t)xdr_void, (char *)NULL); + return; + +@@ -166,7 +167,13 @@ rpcb_service_3(struct svc_req *rqstp, SVCXPRT *transp) + (void) fprintf(stderr, "rpcbind: could not decode\n"); + return; + } +- if (!check_access(transp, rqstp->rq_proc, &argument, RPCBVERS)) { ++ ++ if (rqstp->rq_proc == RPCBPROC_SET ++ || rqstp->rq_proc == RPCBPROC_UNSET ++ || rqstp->rq_proc == RPCBPROC_GETADDR) ++ setprog = argument.rpcbproc_set_3_arg.r_prog; ++ ++ if (!check_access(transp, rqstp->rq_proc, setprog, RPCBVERS)) { + svcerr_weakauth(transp); + goto done; + } +diff --git a/src/rpcb_svc_4.c b/src/rpcb_svc_4.c +index 9fd5bef..313e6d1 100644 +--- a/src/rpcb_svc_4.c ++++ b/src/rpcb_svc_4.c +@@ -78,6 +78,7 @@ rpcb_service_4(struct svc_req *rqstp, SVCXPRT *transp) + char *result; + xdrproc_t xdr_argument, xdr_result; + void *(*local) __P((void *, struct svc_req *, SVCXPRT *, rpcvers_t)); ++ rpcprog_t setprog = 0; + + rpcbs_procinfo(RPCBVERS_4_STAT, rqstp->rq_proc); + +@@ -90,7 +91,7 @@ rpcb_service_4(struct svc_req *rqstp, SVCXPRT *transp) + if (debugging) + fprintf(stderr, "RPCBPROC_NULL\n"); + #endif +- check_access(transp, rqstp->rq_proc, NULL, RPCBVERS4); ++ check_access(transp, rqstp->rq_proc, 0, RPCBVERS4); + (void) svc_sendreply(transp, (xdrproc_t) xdr_void, + (char *)NULL); + return; +@@ -220,7 +221,13 @@ rpcb_service_4(struct svc_req *rqstp, SVCXPRT *transp) + (void) fprintf(stderr, "rpcbind: could not decode\n"); + return; + } +- if (!check_access(transp, rqstp->rq_proc, &argument, RPCBVERS4)) { ++ ++ if (rqstp->rq_proc == RPCBPROC_SET ++ || rqstp->rq_proc == RPCBPROC_UNSET ++ || rqstp->rq_proc == RPCBPROC_GETADDR) ++ setprog = argument.rpcbproc_set_4_arg.r_prog; ++ ++ if (!check_access(transp, rqstp->rq_proc, setprog, RPCBVERS4)) { + svcerr_weakauth(transp); + goto done; + } +diff --git a/src/rpcb_svc_com.c b/src/rpcb_svc_com.c +index 291421f..f6bd6bd 100644 +--- a/src/rpcb_svc_com.c ++++ b/src/rpcb_svc_com.c +@@ -1227,6 +1227,8 @@ send_svcsyserr(SVCXPRT *xprt, struct finfo *fi) + return; + } + ++extern SVCAUTH svc_auth_none; ++ + static void + handle_reply(int fd, SVCXPRT *xprt) + { +@@ -1293,7 +1295,10 @@ handle_reply(int fd, SVCXPRT *xprt) + a.rmt_localvers = fi->versnum; + + xprt_set_caller(xprt, fi); ++ xprt->xp_auth = &svc_auth_none; + svc_sendreply(xprt, (xdrproc_t) xdr_rmtcall_result, (char *) &a); ++ SVCAUTH_DESTROY(xprt->xp_auth); ++ xprt->xp_auth = NULL; + done: + if (buffer) + free(buffer); +@@ -1372,10 +1377,13 @@ static char * + getowner(SVCXPRT *transp, char *owner, size_t ownersize) + { + uid_t uid; +- +- if (__rpc_get_local_uid(transp, &uid) < 0) +- snprintf(owner, ownersize, "unknown"); +- else if (uid == 0) ++ ++ if (__rpc_get_local_uid(transp, &uid) < 0) { ++ if (is_localroot(svc_getrpccaller(transp))) ++ snprintf(owner, ownersize, "superuser"); ++ else ++ snprintf(owner, ownersize, "unknown"); ++ } else if (uid == 0) + snprintf(owner, ownersize, "superuser"); + else + snprintf(owner, ownersize, "%d", uid); +diff --git a/src/rpcbind.c b/src/rpcbind.c +index 525ffba..9a0504d 100644 +--- a/src/rpcbind.c ++++ b/src/rpcbind.c +@@ -68,7 +68,6 @@ + #include + #include + #include +-#include "config.h" + #include "rpcbind.h" + + /*#define RPCBIND_DEBUG*/ +@@ -77,6 +76,7 @@ + + int debugging = 0; /* Tell me what's going on */ + int doabort = 0; /* When debugging, do an abort on errors */ ++int dofork = 1; /* fork? */ + + rpcblist_ptr list_rbl; /* A list of version 3/4 rpcbind services */ + +@@ -213,8 +213,8 @@ main(int argc, char *argv[]) + printf("\n"); + } + #endif +- } else { +- if (daemon(0, 0)) ++ } else if (dofork) { ++ if (daemon(0, 0)) + err(1, "fork failed"); + } + +@@ -236,6 +236,10 @@ main(int argc, char *argv[]) + syslog(LOG_ERR, "setgid to '%s' (%d) failed: %m", id, p->pw_gid); + exit(1); + } ++ if (setgroups(0, NULL) == -1) { ++ syslog(LOG_ERR, "dropping supplemental groups failed: %m"); ++ exit(1); ++ } + if (setuid(p->pw_uid) == -1) { + syslog(LOG_ERR, "setuid to '%s' (%d) failed: %m", id, p->pw_uid); + exit(1); +@@ -276,6 +280,7 @@ init_transport(struct netconfig *nconf) + int addrlen = 0; + int nhostsbak; + int checkbind; ++ int on = 1; + struct sockaddr *sa = NULL; + u_int32_t host_addr[4]; /* IPv4 or IPv6 */ + struct sockaddr_un sun; +@@ -493,6 +498,14 @@ init_transport(struct netconfig *nconf) + } + oldmask = umask(S_IXUSR|S_IXGRP|S_IXOTH); + __rpc_fd2sockinfo(fd, &si); ++ if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &on, ++ sizeof(on)) != 0) { ++ syslog(LOG_ERR, "cannot set SO_REUSEADDR on %s", ++ nconf->nc_netid); ++ if (res != NULL) ++ freeaddrinfo(res); ++ return 1; ++ } + if (bind(fd, sa, addrlen) < 0) { + syslog(LOG_ERR, "cannot bind %s: %m", nconf->nc_netid); + if (res != NULL) +@@ -731,7 +744,7 @@ parseargs(int argc, char *argv[]) + { + int c; + oldstyle_local = 1; +- while ((c = getopt(argc, argv, "dwah:ils")) != -1) { ++ while ((c = getopt(argc, argv, "adh:ilswf")) != -1) { + switch (c) { + case 'a': + doabort = 1; /* when debugging, do an abort on */ +@@ -758,13 +771,16 @@ parseargs(int argc, char *argv[]) + case 's': + runasdaemon = 1; + break; ++ case 'f': ++ dofork = 0; ++ break; + #ifdef WARMSTART + case 'w': + warmstart = 1; + break; + #endif + default: /* error */ +- fprintf(stderr, "usage: rpcbind [-Idwils]\n"); ++ fprintf(stderr, "usage: rpcbind [-adhilswf]\n"); + exit (1); + } + } +diff --git a/src/rpcbind.h b/src/rpcbind.h +index c800577..74f9591 100644 +--- a/src/rpcbind.h ++++ b/src/rpcbind.h +@@ -119,7 +119,7 @@ void rpcbind_abort(void); + void reap(int); + void toggle_verboselog(int); + +-int check_access(SVCXPRT *, rpcproc_t, void *, unsigned int); ++int check_access(SVCXPRT *, rpcproc_t, rpcprog_t, unsigned int); + int check_callit(SVCXPRT *, struct r_rmtcall_args *, int); + void logit(int, struct sockaddr *, rpcproc_t, rpcprog_t, const char *); + int is_loopback(struct netbuf *); +diff --git a/src/security.c b/src/security.c +index 0edeac6..d272f74 100644 +--- a/src/security.c ++++ b/src/security.c +@@ -62,34 +62,21 @@ int log_severity = PORTMAP_LOG_FACILITY|PORTMAP_LOG_SEVERITY; + extern int verboselog; + + int +-check_access(SVCXPRT *xprt, rpcproc_t proc, void *args, unsigned int rpcbvers) ++check_access(SVCXPRT *xprt, rpcproc_t proc, rpcprog_t prog, unsigned int rpcbvers) + { + struct netbuf *caller = svc_getrpccaller(xprt); + struct sockaddr *addr = (struct sockaddr *)caller->buf; + #ifdef LIBWRAP + struct request_info req; + #endif +- rpcprog_t prog = 0; +- rpcb *rpcbp; +- struct pmap *pmap; + + /* + * The older PMAP_* equivalents have the same numbers, so + * they are accounted for here as well. + */ + switch (proc) { +- case RPCBPROC_GETADDR: + case RPCBPROC_SET: + case RPCBPROC_UNSET: +- if (rpcbvers > PMAPVERS) { +- rpcbp = (rpcb *)args; +- prog = rpcbp->r_prog; +- } else { +- pmap = (struct pmap *)args; +- prog = pmap->pm_prog; +- } +- if (proc == RPCBPROC_GETADDR) +- break; + if (!insecure && !is_loopback(caller)) { + #ifdef RPCBIND_DEBUG + if (debugging) +@@ -101,6 +88,7 @@ check_access(SVCXPRT *xprt, rpcproc_t proc, void *args, unsigned int rpcbvers) + return 0; + } + break; ++ case RPCBPROC_GETADDR: + case RPCBPROC_CALLIT: + case RPCBPROC_INDIRECT: + case RPCBPROC_DUMP: +@@ -150,8 +138,7 @@ is_loopback(struct netbuf *nbuf) + "Checking caller's adress (port = %d)\n", + ntohs(sin->sin_port)); + #endif +- return ((sin->sin_addr.s_addr == htonl(INADDR_LOOPBACK)) && +- (ntohs(sin->sin_port) < IPPORT_RESERVED)); ++ return (sin->sin_addr.s_addr == htonl(INADDR_LOOPBACK)); + #ifdef INET6 + case AF_INET6: + if (!oldstyle_local) +@@ -163,10 +150,9 @@ is_loopback(struct netbuf *nbuf) + "Checking caller's adress (port = %d)\n", + ntohs(sin6->sin6_port)); + #endif +- return ((IN6_IS_ADDR_LOOPBACK(&sin6->sin6_addr) || ++ return (IN6_IS_ADDR_LOOPBACK(&sin6->sin6_addr) || + (IN6_IS_ADDR_V4MAPPED(&sin6->sin6_addr) && +- sin6->sin6_addr.s6_addr32[3] == htonl(INADDR_LOOPBACK))) && +- (ntohs(sin6->sin6_port) < IPV6PORT_RESERVED)); ++ sin6->sin6_addr.s6_addr32[3] == htonl(INADDR_LOOPBACK))); + #endif + case AF_LOCAL: + return 1; +diff --git a/src/warmstart.c b/src/warmstart.c +index 25e5d89..d1bb971 100644 +--- a/src/warmstart.c ++++ b/src/warmstart.c +@@ -46,7 +46,6 @@ + #include + #include + +-#include "config.h" + #include "rpcbind.h" + + #ifndef RPCBIND_STATEDIR diff --git a/rpcbind/rpcbind.nm b/rpcbind/rpcbind.nm new file mode 100644 index 000000000..4f2cbcb86 --- /dev/null +++ b/rpcbind/rpcbind.nm @@ -0,0 +1,99 @@ +############################################################################### +# IPFire.org - An Open Source Firewall Solution # +# Copyright (C) - IPFire Development Team # +############################################################################### + +name = rpcbind +version = 0.2.0 +release = 1 + +groups = System/Daemons +url = http://nfsv4.bullopensource.org +license = BSD +summary = Universal Addresses to RPC Program Number Mapper + +description + The rpcbind utility is a server that converts RPC program numbers into + universal addresses. It must be running on the host to be able to make + RPC calls on a server on that machine. +end + +source_dl = http://downloads.sourceforge.net/rpcbind/ +sources = %{thisapp}.tar.bz2 + +build + requires + autoconf + automake + libtirpc-devel + libtool + systemd-units + end + + prepare_cmds + autoreconf -fisv + + %{create_user} + end + + configure_options += \ + --enable-warmstarts \ + --with-statedir=/var/lib/rpcbind \ + --with-rpcuser=rpc \ + --enable-debug + + install_cmds + mkdir -pv %{BUILDROOT}%{sbindir} + + mv -v %{BUILDROOT}{%{bindir},%{sbindir}}/rpcbind + mv -v %{BUILDROOT}{%{bindir},%{sbindir}}/rpcinfo + + mkdir -pv -m 700 %{BUILDROOT}/var/lib/rpcbind + chown rpc:rpc %{BUILDROOT}/var/lib/rpcbind + end +end + +create_user + getent group rpc >/dev/null || groupadd -r -g 32 rpc + getent passwd rpc >/dev/null || useradd -r -g 32 \ + -c "Rpcbind Daemon" -d /var/lib/rpcbind -s /sbin/nologin rpc +end + +packages + package %{name} + provides + portmap = %{thisver} + end + + requires + setup >= 3.0-7 + end + + script prein + %{create_user} + end + + script postin + systemctl daemon-reload >/dev/null 2>&1 || : + systemctl --no-reload enable rpcbind.service >/dev/null 2>&1 || : + end + + script postup + systemctl daemon-reload >/dev/null 2>&1 || : + systemctl try-restart rpcbind.service >/dev/null 2>&1 || : + end + + script preun + systemctl --no-reload disable rpcbind.service >/dev/null 2>&1 || : + systemctl stop rpcbind.service >/dev/null 2>&1 || : + end + + script postun + systemctl daemon-reload >/dev/null 2>&1 || : + end + end + + package %{name}-debuginfo + template DEBUGINFO + end +end diff --git a/rpcbind/systemd/rpcbind.service b/rpcbind/systemd/rpcbind.service new file mode 100644 index 000000000..84184a9ac --- /dev/null +++ b/rpcbind/systemd/rpcbind.service @@ -0,0 +1,12 @@ +[Unit] +Description=RPC bind service +Requires=rpcbind.socket +After=syslog.target network.target + +[Service] +Type=forking +ExecStart=/sbin/rpcbind -w + +[Install] +WantedBy=multi-user.target +Also=rpcbind.socket diff --git a/rpcbind/systemd/rpcbind.socket b/rpcbind/systemd/rpcbind.socket new file mode 100644 index 000000000..d63c1d972 --- /dev/null +++ b/rpcbind/systemd/rpcbind.socket @@ -0,0 +1,8 @@ +[Unit] +Description=RPCbind Server Activation Socket + +[Socket] +ListenStream=/var/run/rpcbind.sock + +[Install] +WantedBy=sockets.target -- 2.39.2