mirror
/
openwrt
mirror of https://git.openwrt.org/openwrt/openwrt.git
1
0
Fork 0
Code Releases Activity
openwrt/openwrt/package/portmap/patches/debian-subset.patch

532 lines
14 KiB
Diff
Raw Blame History

--- portmap-5.orig/Makefile
+++ portmap-5/Makefile
@@ -8,7 +8,7 @@
# if you disagree. See `man 3 syslog' for examples. Some syslog versions
# do not provide this flexibility.
#
-FACILITY=LOG_MAIL
+FACILITY=LOG_DAEMON
# To disable tcp-wrapper style access control, comment out the following
# macro definitions. Access control can also be turned off by providing
@@ -16,7 +16,8 @@
# daemon, is always treated as an authorized host.
HOSTS_ACCESS= -DHOSTS_ACCESS
-WRAP_LIB = $(WRAP_DIR)/libwrap.a
+#WRAP_LIB = $(WRAP_DIR)/libwrap.a
+WRAP_LIB = -lwrap
# Comment out if your RPC library does not allocate privileged ports for
# requests from processes with root privilege, or the new portmap will
@@ -71,7 +72,7 @@
# With verbose logging on, HP-UX 9.x and AIX 4.1 leave zombies behind when
# SIGCHLD is not ignored. Enable next macro for a fix.
#
-# ZOMBIES = -DIGNORE_SIGCHLD # AIX 4.x, HP-UX 9.x
+ZOMBIES = -DIGNORE_SIGCHLD # AIX 4.x, HP-UX 9.x
# Uncomment the following macro if your system does not have u_long.
#
@@ -81,11 +82,14 @@
# libwrap.a object library. WRAP_DIR should specify the directory with
# that library.
-WRAP_DIR= ../tcp_wrappers
+WRAP_DIR= $(TCPD_DIR)
# Auxiliary object files that may be missing from your C library.
#
-AUX = daemon.o strerror.o
+#AUX = daemon.o strerror.o
+
+# glibc has strerror() (it's POSIX) and daemon() (when compiling -D_BSD_SOURCE)
+AUX =
# NEXTSTEP is a little different. The following seems to work with NS 3.2
#
@@ -99,22 +103,31 @@
# Comment out if your compiler talks ANSI and understands const
#
-CONST = -Dconst=
+#CONST = -Dconst=
### End of configurable stuff.
##############################
+GLIBC=$(shell grep -s -c __GLIBC__ /usr/include/features.h)
+
+ifeq ($(GLIBC),0)
+LIBS += # -lbsd
+else
+LIBS += -lnsl
+endif
+
+
SHELL = /bin/sh
-COPT = $(CONST) -Dperror=xperror $(HOSTS_ACCESS) $(CHECK_PORT) \
+COPT = $(CONST) $(HOSTS_ACCESS) $(CHECK_PORT) \
$(SYS) -DFACILITY=$(FACILITY) $(ULONG) $(ZOMBIES) $(SA_LEN) \
$(LOOPBACK) $(SETPGRP)
-CFLAGS = $(COPT) -O $(NSARCHS)
+CFLAGS = -Wall $(COPT) -O2 $(NSARCHS)
OBJECTS = portmap.o pmap_check.o from_local.o $(AUX)
all: portmap pmap_dump pmap_set
-portmap: $(OBJECTS) $(WRAP_DIR)/libwrap.a
+portmap: $(OBJECTS) # $(WRAP_DIR)/libwrap.a
$(CC) $(CFLAGS) -o $@ $(OBJECTS) $(WRAP_LIB) $(LIBS)
pmap_dump: pmap_dump.c
@@ -129,6 +142,17 @@
get_myaddress: get_myaddress.c
cc $(CFLAGS) -DTEST -o $@ get_myaddress.c $(LIBS)
+install: all
+ install -o root -g root -m 0755 -s portmap ${BASEDIR}/sbin
+ install -o root -g root -m 0755 -s pmap_dump ${BASEDIR}/sbin
+ install -o root -g root -m 0755 -s pmap_set ${BASEDIR}/sbin
+ install -o root -g root -m 0644 portmap.8 ${BASEDIR}/usr/share/man/man8
+ install -o root -g root -m 0644 pmap_dump.8 ${BASEDIR}/usr/share/man/man8
+ install -o root -g root -m 0644 pmap_set.8 ${BASEDIR}/usr/share/man/man8
+ cat BLURB >${BASEDIR}/usr/share/doc/portmap/portmapper.txt
+ gzip -9f ${BASEDIR}/usr/share/doc/portmap/portmapper.txt
+
+
lint:
lint $(COPT) $(OBJECTS:%.o=%.c)
--- portmap-5.orig/daemon.c
+++ portmap-5/daemon.c
@@ -36,11 +36,8 @@
#endif /* LIBC_SCCS and not lint */
#include <fcntl.h>
-
-/* From unistd.h */
-#define STDIN_FILENO 0
-#define STDOUT_FILENO 1
-#define STDERR_FILENO 2
+#include <unistd.h>
+#include <sys/types.h>
/* From paths.h */
#define _PATH_DEVNULL "/dev/null"
--- portmap-5.orig/pmap_check.c
+++ portmap-5/pmap_check.c
@@ -41,10 +41,14 @@
#include <syslog.h>
#include <netdb.h>
#include <sys/signal.h>
+#include <grp.h>
#ifdef SYSV40
#include <netinet/in.h>
#include <rpc/rpcent.h>
#endif
+#include <sys/types.h>
+#include <unistd.h>
+#include <tcpd.h>
extern char *inet_ntoa();
@@ -101,15 +105,25 @@
* Give up root privileges so that we can never allocate a privileged
* port when forwarding an rpc request.
*/
+ if (setgid(1) == -1) {
+ syslog(LOG_ERR, "setgid(1) failed: %m");
+ exit(1);
+ }
+ if (setgroups(0, 0) == -1) {
+ syslog(LOG_ERR, "setgroups(0, 0) failed: %m");
+ exit(1);
+ }
if (setuid(1) == -1) {
syslog(LOG_ERR, "setuid(1) failed: %m");
exit(1);
}
+
(void) signal(SIGINT, toggle_verboselog);
}
/* check_default - additional checks for NULL, DUMP, GETPORT and unknown */
+int
check_default(addr, proc, prog)
struct sockaddr_in *addr;
u_long proc;
@@ -128,6 +142,7 @@
/* check_privileged_port - additional checks for privileged-port updates */
+int
check_privileged_port(addr, proc, prog, port)
struct sockaddr_in *addr;
u_long proc;
@@ -173,6 +188,7 @@
#else
+int
check_setunset(addr, proc, prog, port)
struct sockaddr_in *addr;
u_long proc;
@@ -197,6 +213,7 @@
/* check_callit - additional checks for forwarded requests */
+int
check_callit(addr, proc, prog, aproc)
struct sockaddr_in *addr;
u_long proc;
@@ -249,13 +266,13 @@
};
struct proc_map *procp;
static struct proc_map procmap[] = {
- PMAPPROC_CALLIT, "callit",
- PMAPPROC_DUMP, "dump",
- PMAPPROC_GETPORT, "getport",
- PMAPPROC_NULL, "null",
- PMAPPROC_SET, "set",
- PMAPPROC_UNSET, "unset",
- 0, 0,
+ {PMAPPROC_CALLIT, "callit"},
+ {PMAPPROC_DUMP, "dump"},
+ {PMAPPROC_GETPORT, "getport"},
+ {PMAPPROC_NULL, "null"},
+ {PMAPPROC_SET, "set"},
+ {PMAPPROC_UNSET, "unset"},
+ {0, 0},
};
/*
@@ -269,7 +286,7 @@
if (prognum == 0) {
progname = "";
- } else if (rpc = getrpcbynumber((int) prognum)) {
+ } else if ((rpc = getrpcbynumber((int) prognum))) {
progname = rpc->r_name;
} else {
sprintf(progname = progbuf, "%lu", prognum);
--- portmap-5.orig/from_local.c
+++ portmap-5/from_local.c
@@ -51,6 +51,9 @@
#include <net/if.h>
#include <sys/ioctl.h>
#include <syslog.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
#ifndef TRUE
#define TRUE 1
@@ -96,6 +99,7 @@
/* find_local - find all IP addresses for this host */
+int
find_local()
{
struct ifconf ifc;
@@ -154,6 +158,7 @@
/* from_local - determine whether request comes from the local system */
+int
from_local(addr)
struct sockaddr_in *addr;
{
--- portmap-5.orig/pmap_dump.c
+++ portmap-5/pmap_dump.c
@@ -23,6 +23,20 @@
static char *protoname();
+#ifndef INADDR_LOOPBACK
+#define INADDR_LOOPBACK ntohl(inet_addr("127.0.0.1"))
+#endif
+
+static void get_myloopaddress(addrp)
+struct sockaddr_in *addrp;
+{
+ memset((char *) addrp, 0, sizeof(*addrp));
+ addrp->sin_family = AF_INET;
+ addrp->sin_port = htons(PMAPPORT);
+ addrp->sin_addr.s_addr = htonl(INADDR_LOOPBACK);
+}
+
+int
main(argc, argv)
int argc;
char **argv;
@@ -31,7 +45,7 @@
register struct pmaplist *list;
register struct rpcent *rpc;
- get_myaddress(&addr);
+ get_myloopaddress(&addr);
for (list = pmap_getmaps(&addr); list; list = list->pml_next) {
rpc = getrpcbynumber((int) list->pml_map.pm_prog);
--- portmap-5.orig/pmap_set.c
+++ portmap-5/pmap_set.c
@@ -17,6 +17,10 @@
#include <rpc/rpc.h>
#include <rpc/pmap_clnt.h>
+int parse_line(char *buf, u_long *prog, u_long *vers, int *prot,
+ unsigned *port);
+
+int
main(argc, argv)
int argc;
char **argv;
@@ -40,6 +44,7 @@
/* parse_line - convert line to numbers */
+int
parse_line(buf, prog, vers, prot, port)
char *buf;
u_long *prog;
@@ -47,9 +52,9 @@
int *prot;
unsigned *port;
{
- char proto_name[BUFSIZ];
+ char proto_name[256];
- if (sscanf(buf, "%lu %lu %s %u", prog, vers, proto_name, port) != 4) {
+ if (sscanf(buf, "%lu %lu %255s %u", prog, vers, proto_name, port) != 4) {
return (0);
}
if (strcmp(proto_name, "tcp") == 0) {
@@ -65,3 +70,4 @@
}
return (0);
}
+
--- portmap-5.orig/portmap.c
+++ portmap-5/portmap.c
@@ -80,6 +80,10 @@
* Mountain View, California 94043
*/
+#if defined(__GLIBC__)
+#define _BSD_SOURCE 1 /* for daemon(3) */
+#include <rpc/xdr.h>
+#endif /* __GLIBC__ */
#include <rpc/rpc.h>
#include <rpc/pmap_prot.h>
#include <stdio.h>
@@ -91,11 +95,13 @@
#include <sys/signal.h>
#include <sys/time.h>
#include <sys/resource.h>
-#ifdef SYSV40
#include <netinet/in.h>
-#endif
+#include <sys/types.h>
+#include <unistd.h>
+#include <string.h>
+#include <errno.h>
+#include <arpa/inet.h>
-extern char *strerror();
#include <stdlib.h>
#ifndef LOG_PERROR
@@ -124,7 +130,6 @@
static void callit();
struct pmaplist *pmaplist;
int debugging = 0;
-extern int errno;
#include "pmap_check.h"
@@ -148,6 +153,7 @@
#endif
#endif
+int
main(argc, argv)
int argc;
char **argv;
@@ -157,22 +163,31 @@
struct sockaddr_in addr;
int len = sizeof(struct sockaddr_in);
register struct pmaplist *pml;
+ char *chroot_path = NULL;
+ struct in_addr bindaddr;
+ int have_bindaddr = 0;
- while ((c = getopt(argc, argv, "dv")) != EOF) {
+ while ((c = getopt(argc, argv, "dt:vi:")) != EOF) {
switch (c) {
case 'd':
debugging = 1;
break;
-
+ case 't':
+ chroot_path = optarg;
+ break;
case 'v':
verboselog = 1;
break;
-
+ case 'i':
+ have_bindaddr = inet_aton(optarg, &bindaddr);
+ break;
default:
- (void) fprintf(stderr, "usage: %s [-dv]\n", argv[0]);
+ (void) fprintf(stderr, "usage: %s [-dv] [-t path] [-i address]\n", argv[0]);
(void) fprintf(stderr, "-d: debugging mode\n");
+ (void) fprintf(stderr, "-t path: chroot into path\n");
(void) fprintf(stderr, "-v: verbose logging\n");
+ (void) fprintf(stderr, "-i address: bind to address\n");
exit(1);
}
}
@@ -201,6 +216,9 @@
addr.sin_addr.s_addr = 0;
addr.sin_family = AF_INET;
addr.sin_port = htons(PMAPPORT);
+ if (have_bindaddr)
+ memcpy(&addr.sin_addr, &bindaddr, sizeof(bindaddr));
+
if (bind(sock, (struct sockaddr *)&addr, len) != 0) {
syslog(LOG_ERR, "cannot bind udp: %m");
exit(1);
@@ -227,7 +245,7 @@
setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, &on, sizeof on);
#endif
if (bind(sock, (struct sockaddr *)&addr, len) != 0) {
- syslog(LOG_ERR, "cannot bind udp: %m");
+ syslog(LOG_ERR, "cannot bind tcp: %m");
exit(1);
}
if ((xprt = svctcp_create(sock, RPCSMALLMSGSIZE, RPCSMALLMSGSIZE))
@@ -280,6 +298,14 @@
(void)svc_register(xprt, PMAPPROG, PMAPVERS, reg_service, FALSE);
/* additional initializations */
+ if (chroot_path)
+ {
+ if (-1 == chroot(chroot_path))
+ {
+ syslog(LOG_ERR, "couldn't do chroot");
+ exit(1);
+ }
+ }
check_startup();
#ifdef IGNORE_SIGCHLD /* Lionel Cons <cons@dxcern.cern.ch> */
(void)signal(SIGCHLD, SIG_IGN);
@@ -350,7 +376,7 @@
*/
/* remote host authorization check */
check_default(svc_getcaller(xprt), rqstp->rq_proc, (u_long) 0);
- if (!svc_sendreply(xprt, xdr_void, (caddr_t)0) && debugging) {
+ if (!svc_sendreply(xprt, (xdrproc_t) xdr_void, (caddr_t)0) && debugging) {
abort();
}
break;
@@ -359,7 +385,7 @@
/*
* Set a program,version to port mapping
*/
- if (!svc_getargs(xprt, xdr_pmap, &reg))
+ if (!svc_getargs(xprt, (xdrproc_t) xdr_pmap, (caddr_t) &reg))
svcerr_decode(xprt);
else {
/* reject non-local requests, protect priv. ports */
@@ -401,7 +427,7 @@
ans = 1;
}
done:
- if ((!svc_sendreply(xprt, xdr_int, (caddr_t)&ans)) &&
+ if ((!svc_sendreply(xprt, (xdrproc_t) xdr_int, (caddr_t)&ans)) &&
debugging) {
(void) fprintf(stderr, "svc_sendreply\n");
abort();
@@ -413,7 +439,7 @@
/*
* Remove a program,version to port mapping.
*/
- if (!svc_getargs(xprt, xdr_pmap, &reg))
+ if (!svc_getargs(xprt, (xdrproc_t) xdr_pmap, (caddr_t) &reg))
svcerr_decode(xprt);
else {
ans = 0;
@@ -447,7 +473,7 @@
prevpml->pml_next = pml;
free(t);
}
- if ((!svc_sendreply(xprt, xdr_int, (caddr_t)&ans)) &&
+ if ((!svc_sendreply(xprt, (xdrproc_t) xdr_int, (caddr_t)&ans)) &&
debugging) {
(void) fprintf(stderr, "svc_sendreply\n");
abort();
@@ -459,7 +485,7 @@
/*
* Lookup the mapping for a program,version and return its port
*/
- if (!svc_getargs(xprt, xdr_pmap, &reg))
+ if (!svc_getargs(xprt, (xdrproc_t) xdr_pmap, (caddr_t) &reg))
svcerr_decode(xprt);
else {
/* remote host authorization check */
@@ -474,7 +500,7 @@
port = fnd->pml_map.pm_port;
else
port = 0;
- if ((!svc_sendreply(xprt, xdr_int, (caddr_t)&port)) &&
+ if ((!svc_sendreply(xprt, (xdrproc_t) xdr_int, (caddr_t)&port)) &&
debugging) {
(void) fprintf(stderr, "svc_sendreply\n");
abort();
@@ -486,7 +512,7 @@
/*
* Return the current set of mapped program,version
*/
- if (!svc_getargs(xprt, xdr_void, NULL))
+ if (!svc_getargs(xprt, (xdrproc_t) xdr_void, (caddr_t) NULL))
svcerr_decode(xprt);
else {
/* remote host authorization check */
@@ -497,7 +523,7 @@
} else {
p = pmaplist;
}
- if ((!svc_sendreply(xprt, xdr_pmaplist,
+ if ((!svc_sendreply(xprt, (xdrproc_t) xdr_pmaplist,
(caddr_t)&p)) && debugging) {
(void) fprintf(stderr, "svc_sendreply\n");
abort();
@@ -645,7 +671,7 @@
timeout.tv_sec = 5;
timeout.tv_usec = 0;
a.rmt_args.args = buf;
- if (!svc_getargs(xprt, xdr_rmtcall_args, &a))
+ if (!svc_getargs(xprt, (xdrproc_t) xdr_rmtcall_args, (caddr_t) &a))
return;
/* host and service access control */
if (!check_callit(svc_getcaller(xprt),
@@ -674,9 +700,9 @@
au->aup_uid, au->aup_gid, au->aup_len, au->aup_gids);
}
a.rmt_port = (u_long)port;
- if (clnt_call(client, a.rmt_proc, xdr_opaque_parms, &a,
- xdr_len_opaque_parms, &a, timeout) == RPC_SUCCESS) {
- svc_sendreply(xprt, xdr_rmtcall_result, (caddr_t)&a);
+ if (clnt_call(client, a.rmt_proc, (xdrproc_t) xdr_opaque_parms, (char*) &a,
+ (xdrproc_t) xdr_len_opaque_parms, (char*) &a, timeout) == RPC_SUCCESS) {
+ svc_sendreply(xprt, (xdrproc_t) xdr_rmtcall_result, (caddr_t)&a);
}
AUTH_DESTROY(client->cl_auth);
clnt_destroy(client);
View Git Blame Copy Permalink