| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
| |
Taken from Fedora.
|
| | |
|
| |
|
|
|
|
|
| |
If xp_auth is NULL, the transport routines will not send
the reply. This patch fixes that problem.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
| |
Commit 8d7a0708 introduce a regression that cause rpcbind
to run as root instead of the user define by RPCBIND_USER
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
| |
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
Drop out of the 'root' group to ensure the process does
not have any access to writable or readable files
to that group.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch relaxes the is_loopback() check to its original meaning;
i.e. verify that the caller is local. We no longer check whether
the source port is privileged, for a number of reasons.
1) The existing check did not allow *any* non-root program to register
a services via UDP or TCP transport. It did however allow
*any* registration when using the AF_LOCAL transport.
2) Unregistration of services is only possible if the caller has
the same "user name", i.e.
"superuser"
for root (when connecting through AF_LOCAL sockets,
or when using pmap_set with a privileged port)
numeric uid
for non-root users when connecting through AF_LOCAL
sockets
"unknown"
for all other users
This seems safe enough to allow the removal of the privileged port
check in is_localhost.
Signed-off-by: Olaf Kirch <okir@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Registers from the kernel do not come in on AF_LOCAL
sockets so the exact owners of the service can not be determined.
But given the fact the loopback address is used and a privilege
port used, it can be assumed the owner of the service should
be the superuser.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Previously, check_access() would take a void pointer argument, which
could be either a struct pmap, or a struct rpcb. The only bit of
information which is really needed is the RPC program number,
so we pass that instead.
Signed-off-by: Olaf Kirch <okir@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
| |
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
| |
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Don't use libtool as we're not building any shared library.
Make sure that arguments are properly indented and documented in
./configure --help, avoid abusing conditional expansions.
Check for pthread using AC_SEARCH_LIBS so that it can be easily
extended.
Drop header checks (likely coming from autoscan) given that the code
never tests for HAVE_*_H.
Delete the config.h.in template that is part of the autogenerated files,
and INSTALL that is auto-added by automake (it's not customized).
Define RPCBIND_STATEDIR and RPCUSER directly in Makefile.am as it's done
for the other defines. Drop the config.h support since it's not really
useful at this point. Avoid defining VERSION twice.
Signed-off-by: Diego Elio Pettenò <flameeyes@gmail.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
By using non-recursive make we cut down the time needed to build
rpcbind,
without losing any feature at all.
Beside making it non-recursive, also clean the makefile up a bit.
Signed-off-by: Diego Elio Pettenò <flameeyes@gmail.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
This allows to properly cross-compile rpcbind, as /usr/include/tirpc is
no longer a valid path in that case.
Signed-off-by: Diego Elio Pettenò <flameeyes@gmail.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
| |
Signed-off-by: Lennart Poettering <lennart@poettering.net>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
I previously sent this patch to the libtirpc-devel list but got no
response. Resending with wider distribution...
If we don't set SO_REUSEADDR, then if there are any sockets on this port
in TIME_WAIT state when rpcbind is restarted then that will prevent the
bind() call from succeeding.
Details of the problem are here:
https://bugzilla.redhat.com/show_bug.cgi?id=597356
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
| |
page says.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
| |
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
| |
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
| |
the explicit permission of Sun Microsystems
Signed-off-by: Tom "spot" Callaway <tcallawa@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
fails on a PPC64 because CLNT_CONTROL expects the version number
to be a 32 bit quantity. u_long probably works fine on
little endian machines, but won't work on big endian
machines.
Signed-off-by: Frank Filz <ffilzlnx@us.ibm.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
to u_int32_t from u_long
This fixes a problem where "rpcinfo -T transport host prognum"
fails on a PPC64 because CLNT_CONTROL expects the version
number to be a 32 bit quantity. u_long probably works fine
on little endian machines, but won't work on big endian machines.
Signed-off-by: Frank Filz <ffilzlnx@us.ibm.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
| |
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
| |
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Change order of AC_PROG_LIBTOOL macro invocation in configure.in to
eliminate autotool warning:
Remember to add `AC_PROG_LIBTOOL' to `configure.in'.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Eliminate make warnings when building rpcbind and rpcinfo:
make[3]: Circular security.o <- security.o dependency dropped.
make[3]: Circular util.o <- security.o dependency dropped.
make[3]: Circular util.o <- util.o dependency dropped.
make[3]: Circular util.o <- check_bound.o dependency dropped.
make[3]: Circular pmap_svc.o <- security.o dependency dropped.
make[3]: Circular pmap_svc.o <- util.o dependency dropped.
make[3]: Circular pmap_svc.o <- check_bound.o dependency dropped.
make[3]: Circular pmap_svc.o <- pmap_svc.o dependency dropped.
and so on.
Apparently src/Makefile.am needs either a list of source files or a
list of object files, but not both.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Remove a needless pointer-to-integer conversion. getnameinfo(3) wants
a size value greater than or equal to offsetof(struct sockaddr_un,
sun_path). Since pointers can be different sizes depending on the
hardware platform, let's make this a simple constant instead.
This eliminates the compiler warning:
rpcinfo.c: In function sa_len
rpcinfo.c:666: warning: cast from pointer to integer of different size
when building on x86-64.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Include <nss.h> to get a forward declaration of __nss_configure_lookup().
This eliminates the compiler warning:
rpcbind.c: In function main
rpcbind.c:163: warning: implicit declaration of function
_nss_configure_lookup
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Remove unused variable in read_struct(). This eliminates
the compiler warning:
warmstart.c: In function read_struct
warmstart.c:106: warning: unused variable sbuf
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When an application registers a service through an inet transport,
rpcbind will always treat the owner as "unknown". This allows random
users to unregister such services, and replace them with their own -
man-in-the-middle attacks for services like ypserv are trivial.
This patch changes pmapproc_change to check whether the call originated
from a priviliged local port, and if that is the case, it identifies the
caller as "superuser".
This mimics the way the current Linux portmap behaves.
Signed-off-by: Olaf Kirch <okir@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
The security check in is_loopback wants to print the source
port number, assuming that the remote address is always a
sockaddr_in - which is silly. Move the printf into the
address family specific switch statement.
Signed-off-by: Olaf Kirch <okir@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
The debugging code in pmapproc_change prints the contents of
the "struct pmap" argument before decoding it, which results
in random garbage being displayed.
Signed-off-by: Olaf Kirch <okir@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If you use rpcbind with the warm start functionality, it will load *all*
registrations from the warm start files, including those for rpcbind
and portmap. This is wrong, as that information may be stale - a user
may specifically edit the netconfig file and restart rpcbind to change
the transports it supports. In this case we want the registrations
to match the status quo, rather than the status before the restart.
This patch changes read_warmstart() to merge the existing rpcb/pmap
lists, which contain only the rpcbind/portmap entries, with the saved
start lists, but ignoring any rpcbind/portmap entries present in the
warm start files.
Signed-off-by: Olaf Kirch <okir@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
This patch makes sure we support portmap (aka rpcbind v2) on ipv4 _and_
af_local. That allows rpcbind to identify the owner of a socket much
better than by relying on privileged ports to tell root from non-root
users.
Signed-off-by: Olaf Kirch <okir@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There's some hack in pmap_getport that will cause a service
to be unregistered from the portmap list if we find the port
is no longer in use. Apart from being a gross hack, it is
also a rather inefficient hack. Since we now restrict pmap
emulation to IPv4, we know the address is always 0.0.0.0,
so no need to mess with uaddr strings.
(The bind_check code is a huge messy no-op anyway, since
all ports are added with bind_check = FALSE).
Signed-off-by: okir@suse.de
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The current code will try to use either udp or udp6, and either tcp or
tcp6 for its portmap emulation code. Enabling eg both tcp6 and tcp in
the netconfig file will cause error messages, and cause rpcbind to not
register itself on the second transport (tcp).
This is not what we want.
I believe portmap emulation should only be enabled over IPv4.
There's no point in enabling it over IPv6.
Signed-off-by: okir@suse.de
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
There's a couple of places in the portmap emulation code
where we translate between ip protocol numbers and netids.
Encapsulate these in two helper functions:
extern char *pmap_ipprot2netid(int);
extern int pmap_netid2ipprot(const char *);
Signed-off-by: okir@suse.de
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
| |
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
| |
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
| |
Signed-off-by: Aurelien Charbon <aurelien.charbon@ext.bull.net>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
| |
the rpinfo man page
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
| |
Signed-off-by: Ulrich Drepper <drepper@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
file which didn't have a rpc entry. This meant that during startup the
getpwnam() call to determine the details for user rpc caused the normal process
for passwd lookups to be followed. For me this meant after looking at
/etc/passwd the lookup tried to use NIS. This of course deadlocked since as
part of the NIS lookup rpcbind has to be contacted.
The workaround is quite simple: use __nss_configure_lookup() to restrict
the lookup.
Signed-off-by: Ulrich Drepper <drepper@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
| |
Signed-off-by: Andreas Hasenack <andreas@mandriva.com>
Signed-off-by: Guillaume Rousse <Guillaume.Rousse@inria.fr>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
| |
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
| |
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
| |
so they are defined correctly from the ./configure script.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
| |
Cleaned up read_struct().
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
| |
Signed-off-by: Steve Dickson <steved@redhat.com>
|
