diff options
Diffstat (limited to 'package/portmap')
-rw-r--r-- | package/portmap/Config.in | 5 | ||||
-rw-r--r-- | package/portmap/Makefile | 49 | ||||
-rw-r--r-- | package/portmap/patches/debian-subset.patch | 531 | ||||
-rw-r--r-- | package/portmap/portmap.control | 11 |
4 files changed, 596 insertions, 0 deletions
diff --git a/package/portmap/Config.in b/package/portmap/Config.in new file mode 100644 index 0000000000..3427e082c3 --- /dev/null +++ b/package/portmap/Config.in @@ -0,0 +1,5 @@ +config BR2_PACKAGE_PORTMAP + tristate "RPC Portmapper" + default m + help + The RPC Portmapper (used by the NFS Server) diff --git a/package/portmap/Makefile b/package/portmap/Makefile new file mode 100644 index 0000000000..0cdaa340f3 --- /dev/null +++ b/package/portmap/Makefile @@ -0,0 +1,49 @@ +# $Id$ + +include $(TOPDIR)/rules.mk + +PKG_NAME:=portmap +PKG_VERSION:=5beta +PKG_RELEASE:=1 +PKG_MD5SUM:=781e16ed4487c4caa082c6fef09ead4f + +# space separated list or special @SF for sourceforge projects +PKG_SOURCE_URL:=ftp://ftp.porcupine.org/pub/security +PKG_SOURCE:=$(PKG_NAME)_$(PKG_VERSION).tar.gz +PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)_$(PKG_VERSION) +PKG_CAT:=zcat +PKG_IPK:=$(PACKAGE_DIR)/$(PKG_NAME)_$(PKG_VERSION)-$(PKG_RELEASE)_$(ARCH).ipk +PKG_IPK_DIR:=$(PKG_BUILD_DIR)/ipkg + +$(DL_DIR)/$(PKG_SOURCE): + $(SCRIPT_DIR)/download.pl $(DL_DIR) $(PKG_SOURCE) $(PKG_MD5SUM) $(PKG_SOURCE_URL) + +$(PKG_BUILD_DIR)/.patched: $(DL_DIR)/$(PKG_SOURCE) + $(PKG_CAT) $(DL_DIR)/$(PKG_SOURCE) | tar -C $(BUILD_DIR) $(TAR_OPTIONS) - + $(PATCH) $(PKG_BUILD_DIR) ./patches + touch $(PKG_BUILD_DIR)/.patched + +$(PKG_BUILD_DIR)/portmap: $(PKG_BUILD_DIR)/.patched + $(MAKE) -C $(PKG_BUILD_DIR) \ + $(TARGET_CONFIGURE_OPTS) \ + CFLAGS="$(TARGET_CFLAGS) -DHOSTS_ACCESS -DFACILITY=LOG_DAEMON -DIGNORE_SIGCHLD" all + +$(PKG_IPK): $(PKG_BUILD_DIR)/portmap + mkdir -p $(PKG_IPK_DIR)/usr/sbin + $(SCRIPT_DIR)/make-ipkg-dir.sh $(PKG_IPK_DIR) $(PKG_NAME).control $(PKG_VERSION)-$(PKG_RELEASE) $(ARCH) + cp $(PKG_BUILD_DIR)/portmap $(PKG_IPK_DIR)/usr/sbin/ + $(STRIP) $(PKG_IPK_DIR)/usr/sbin/* + mkdir -p $(PACKAGE_DIR) + $(IPKG_BUILD) $(PKG_IPK_DIR) $(PACKAGE_DIR) + +$(IPKG_STATE_DIR)/info/$(PKG_NAME).list: $(PKG_IPK) + $(IPKG) install $(PKG_IPK) + +source: $(DL_DIR)/$(PKG_SOURCE) +prepare: $(PKG_BUILD_DIR)/.patched +compile: $(PKG_IPK) +install: $(IPKG_STATE_DIR)/info/$(PKG_NAME).list + +clean: + rm -rf $(PKG_BUILD_DIR) + rm -f $(PKG_IPK) diff --git a/package/portmap/patches/debian-subset.patch b/package/portmap/patches/debian-subset.patch new file mode 100644 index 0000000000..c5fecf7c4c --- /dev/null +++ b/package/portmap/patches/debian-subset.patch @@ -0,0 +1,531 @@ +--- portmap-5.orig/Makefile ++++ portmap-5/Makefile +@@ -8,7 +8,7 @@ + # if you disagree. See `man 3 syslog' for examples. Some syslog versions + # do not provide this flexibility. + # +-FACILITY=LOG_MAIL ++FACILITY=LOG_DAEMON + + # To disable tcp-wrapper style access control, comment out the following + # macro definitions. Access control can also be turned off by providing +@@ -16,7 +16,8 @@ + # daemon, is always treated as an authorized host. + + HOSTS_ACCESS= -DHOSTS_ACCESS +-WRAP_LIB = $(WRAP_DIR)/libwrap.a ++#WRAP_LIB = $(WRAP_DIR)/libwrap.a ++WRAP_LIB = -lwrap + + # Comment out if your RPC library does not allocate privileged ports for + # requests from processes with root privilege, or the new portmap will +@@ -71,7 +72,7 @@ + # With verbose logging on, HP-UX 9.x and AIX 4.1 leave zombies behind when + # SIGCHLD is not ignored. Enable next macro for a fix. + # +-# ZOMBIES = -DIGNORE_SIGCHLD # AIX 4.x, HP-UX 9.x ++ZOMBIES = -DIGNORE_SIGCHLD # AIX 4.x, HP-UX 9.x + + # Uncomment the following macro if your system does not have u_long. + # +@@ -81,11 +82,14 @@ + # libwrap.a object library. WRAP_DIR should specify the directory with + # that library. + +-WRAP_DIR= ../tcp_wrappers ++WRAP_DIR= $(TCPD_DIR) + + # Auxiliary object files that may be missing from your C library. + # +-AUX = daemon.o strerror.o ++#AUX = daemon.o strerror.o ++ ++# glibc has strerror() (it's POSIX) and daemon() (when compiling -D_BSD_SOURCE) ++AUX = + + # NEXTSTEP is a little different. The following seems to work with NS 3.2 + # +@@ -99,22 +103,31 @@ + + # Comment out if your compiler talks ANSI and understands const + # +-CONST = -Dconst= ++#CONST = -Dconst= + + ### End of configurable stuff. + ############################## + ++GLIBC=$(shell grep -s -c __GLIBC__ /usr/include/features.h) ++ ++ifeq ($(GLIBC),0) ++LIBS += # -lbsd ++else ++LIBS += -lnsl ++endif ++ ++ + SHELL = /bin/sh + +-COPT = $(CONST) -Dperror=xperror $(HOSTS_ACCESS) $(CHECK_PORT) \ ++COPT = $(CONST) $(HOSTS_ACCESS) $(CHECK_PORT) \ + $(SYS) -DFACILITY=$(FACILITY) $(ULONG) $(ZOMBIES) $(SA_LEN) \ + $(LOOPBACK) $(SETPGRP) +-CFLAGS = $(COPT) -O $(NSARCHS) ++CFLAGS = -Wall $(COPT) -O2 $(NSARCHS) + OBJECTS = portmap.o pmap_check.o from_local.o $(AUX) + + all: portmap pmap_dump pmap_set + +-portmap: $(OBJECTS) $(WRAP_DIR)/libwrap.a ++portmap: $(OBJECTS) # $(WRAP_DIR)/libwrap.a + $(CC) $(CFLAGS) -o $@ $(OBJECTS) $(WRAP_LIB) $(LIBS) + + pmap_dump: pmap_dump.c +@@ -129,6 +142,17 @@ + get_myaddress: get_myaddress.c + cc $(CFLAGS) -DTEST -o $@ get_myaddress.c $(LIBS) + ++install: all ++ install -o root -g root -m 0755 -s portmap ${BASEDIR}/sbin ++ install -o root -g root -m 0755 -s pmap_dump ${BASEDIR}/sbin ++ install -o root -g root -m 0755 -s pmap_set ${BASEDIR}/sbin ++ install -o root -g root -m 0644 portmap.8 ${BASEDIR}/usr/share/man/man8 ++ install -o root -g root -m 0644 pmap_dump.8 ${BASEDIR}/usr/share/man/man8 ++ install -o root -g root -m 0644 pmap_set.8 ${BASEDIR}/usr/share/man/man8 ++ cat BLURB >${BASEDIR}/usr/share/doc/portmap/portmapper.txt ++ gzip -9f ${BASEDIR}/usr/share/doc/portmap/portmapper.txt ++ ++ + lint: + lint $(COPT) $(OBJECTS:%.o=%.c) + +--- portmap-5.orig/daemon.c ++++ portmap-5/daemon.c +@@ -36,11 +36,8 @@ + #endif /* LIBC_SCCS and not lint */ + + #include <fcntl.h> +- +-/* From unistd.h */ +-#define STDIN_FILENO 0 +-#define STDOUT_FILENO 1 +-#define STDERR_FILENO 2 ++#include <unistd.h> ++#include <sys/types.h> + + /* From paths.h */ + #define _PATH_DEVNULL "/dev/null" +--- portmap-5.orig/pmap_check.c ++++ portmap-5/pmap_check.c +@@ -41,10 +41,14 @@ + #include <syslog.h> + #include <netdb.h> + #include <sys/signal.h> ++#include <grp.h> + #ifdef SYSV40 + #include <netinet/in.h> + #include <rpc/rpcent.h> + #endif ++#include <sys/types.h> ++#include <unistd.h> ++#include <tcpd.h> + + extern char *inet_ntoa(); + +@@ -101,15 +105,25 @@ + * Give up root privileges so that we can never allocate a privileged + * port when forwarding an rpc request. + */ ++ if (setgid(1) == -1) { ++ syslog(LOG_ERR, "setgid(1) failed: %m"); ++ exit(1); ++ } ++ if (setgroups(0, 0) == -1) { ++ syslog(LOG_ERR, "setgroups(0, 0) failed: %m"); ++ exit(1); ++ } + if (setuid(1) == -1) { + syslog(LOG_ERR, "setuid(1) failed: %m"); + exit(1); + } ++ + (void) signal(SIGINT, toggle_verboselog); + } + + /* check_default - additional checks for NULL, DUMP, GETPORT and unknown */ + ++int + check_default(addr, proc, prog) + struct sockaddr_in *addr; + u_long proc; +@@ -128,6 +142,7 @@ + + /* check_privileged_port - additional checks for privileged-port updates */ + ++int + check_privileged_port(addr, proc, prog, port) + struct sockaddr_in *addr; + u_long proc; +@@ -173,6 +188,7 @@ + + #else + ++int + check_setunset(addr, proc, prog, port) + struct sockaddr_in *addr; + u_long proc; +@@ -197,6 +213,7 @@ + + /* check_callit - additional checks for forwarded requests */ + ++int + check_callit(addr, proc, prog, aproc) + struct sockaddr_in *addr; + u_long proc; +@@ -249,13 +266,13 @@ + }; + struct proc_map *procp; + static struct proc_map procmap[] = { +- PMAPPROC_CALLIT, "callit", +- PMAPPROC_DUMP, "dump", +- PMAPPROC_GETPORT, "getport", +- PMAPPROC_NULL, "null", +- PMAPPROC_SET, "set", +- PMAPPROC_UNSET, "unset", +- 0, 0, ++ {PMAPPROC_CALLIT, "callit"}, ++ {PMAPPROC_DUMP, "dump"}, ++ {PMAPPROC_GETPORT, "getport"}, ++ {PMAPPROC_NULL, "null"}, ++ {PMAPPROC_SET, "set"}, ++ {PMAPPROC_UNSET, "unset"}, ++ {0, 0}, + }; + + /* +@@ -269,7 +286,7 @@ + + if (prognum == 0) { + progname = ""; +- } else if (rpc = getrpcbynumber((int) prognum)) { ++ } else if ((rpc = getrpcbynumber((int) prognum))) { + progname = rpc->r_name; + } else { + sprintf(progname = progbuf, "%lu", prognum); +--- portmap-5.orig/from_local.c ++++ portmap-5/from_local.c +@@ -51,6 +51,9 @@ + #include <net/if.h> + #include <sys/ioctl.h> + #include <syslog.h> ++#include <stdlib.h> ++#include <string.h> ++#include <unistd.h> + + #ifndef TRUE + #define TRUE 1 +@@ -96,6 +99,7 @@ + + /* find_local - find all IP addresses for this host */ + ++int + find_local() + { + struct ifconf ifc; +@@ -154,6 +158,7 @@ + + /* from_local - determine whether request comes from the local system */ + ++int + from_local(addr) + struct sockaddr_in *addr; + { +--- portmap-5.orig/pmap_dump.c ++++ portmap-5/pmap_dump.c +@@ -23,6 +23,20 @@ + + static char *protoname(); + ++#ifndef INADDR_LOOPBACK ++#define INADDR_LOOPBACK ntohl(inet_addr("127.0.0.1")) ++#endif ++ ++static void get_myloopaddress(addrp) ++struct sockaddr_in *addrp; ++{ ++ memset((char *) addrp, 0, sizeof(*addrp)); ++ addrp->sin_family = AF_INET; ++ addrp->sin_port = htons(PMAPPORT); ++ addrp->sin_addr.s_addr = htonl(INADDR_LOOPBACK); ++} ++ ++int + main(argc, argv) + int argc; + char **argv; +@@ -31,7 +45,7 @@ + register struct pmaplist *list; + register struct rpcent *rpc; + +- get_myaddress(&addr); ++ get_myloopaddress(&addr); + + for (list = pmap_getmaps(&addr); list; list = list->pml_next) { + rpc = getrpcbynumber((int) list->pml_map.pm_prog); +--- portmap-5.orig/pmap_set.c ++++ portmap-5/pmap_set.c +@@ -17,6 +17,10 @@ + #include <rpc/rpc.h> + #include <rpc/pmap_clnt.h> + ++int parse_line(char *buf, u_long *prog, u_long *vers, int *prot, ++ unsigned *port); ++ ++int + main(argc, argv) + int argc; + char **argv; +@@ -40,6 +44,7 @@ + + /* parse_line - convert line to numbers */ + ++int + parse_line(buf, prog, vers, prot, port) + char *buf; + u_long *prog; +@@ -47,9 +52,9 @@ + int *prot; + unsigned *port; + { +- char proto_name[BUFSIZ]; ++ char proto_name[256]; + +- if (sscanf(buf, "%lu %lu %s %u", prog, vers, proto_name, port) != 4) { ++ if (sscanf(buf, "%lu %lu %255s %u", prog, vers, proto_name, port) != 4) { + return (0); + } + if (strcmp(proto_name, "tcp") == 0) { +@@ -65,3 +70,4 @@ + } + return (0); + } ++ +--- portmap-5.orig/portmap.c ++++ portmap-5/portmap.c +@@ -80,6 +80,10 @@ + * Mountain View, California 94043 + */ + ++#if defined(__GLIBC__) ++#define _BSD_SOURCE 1 /* for daemon(3) */ ++#include <rpc/xdr.h> ++#endif /* __GLIBC__ */ + #include <rpc/rpc.h> + #include <rpc/pmap_prot.h> + #include <stdio.h> +@@ -91,11 +95,13 @@ + #include <sys/signal.h> + #include <sys/time.h> + #include <sys/resource.h> +-#ifdef SYSV40 + #include <netinet/in.h> +-#endif ++#include <sys/types.h> ++#include <unistd.h> ++#include <string.h> ++#include <errno.h> ++#include <arpa/inet.h> + +-extern char *strerror(); + #include <stdlib.h> + + #ifndef LOG_PERROR +@@ -124,7 +130,6 @@ + static void callit(); + struct pmaplist *pmaplist; + int debugging = 0; +-extern int errno; + + #include "pmap_check.h" + +@@ -148,6 +153,7 @@ + #endif + #endif + ++int + main(argc, argv) + int argc; + char **argv; +@@ -157,22 +163,31 @@ + struct sockaddr_in addr; + int len = sizeof(struct sockaddr_in); + register struct pmaplist *pml; ++ char *chroot_path = NULL; ++ struct in_addr bindaddr; ++ int have_bindaddr = 0; + +- while ((c = getopt(argc, argv, "dv")) != EOF) { ++ while ((c = getopt(argc, argv, "dt:vi:")) != EOF) { + switch (c) { + + case 'd': + debugging = 1; + break; +- ++ case 't': ++ chroot_path = optarg; ++ break; + case 'v': + verboselog = 1; + break; +- ++ case 'i': ++ have_bindaddr = inet_aton(optarg, &bindaddr); ++ break; + default: +- (void) fprintf(stderr, "usage: %s [-dv]\n", argv[0]); ++ (void) fprintf(stderr, "usage: %s [-dv] [-t path] [-i address]\n", argv[0]); + (void) fprintf(stderr, "-d: debugging mode\n"); ++ (void) fprintf(stderr, "-t path: chroot into path\n"); + (void) fprintf(stderr, "-v: verbose logging\n"); ++ (void) fprintf(stderr, "-i address: bind to address\n"); + exit(1); + } + } +@@ -201,6 +216,9 @@ + addr.sin_addr.s_addr = 0; + addr.sin_family = AF_INET; + addr.sin_port = htons(PMAPPORT); ++ if (have_bindaddr) ++ memcpy(&addr.sin_addr, &bindaddr, sizeof(bindaddr)); ++ + if (bind(sock, (struct sockaddr *)&addr, len) != 0) { + syslog(LOG_ERR, "cannot bind udp: %m"); + exit(1); +@@ -227,7 +245,7 @@ + setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, &on, sizeof on); + #endif + if (bind(sock, (struct sockaddr *)&addr, len) != 0) { +- syslog(LOG_ERR, "cannot bind udp: %m"); ++ syslog(LOG_ERR, "cannot bind tcp: %m"); + exit(1); + } + if ((xprt = svctcp_create(sock, RPCSMALLMSGSIZE, RPCSMALLMSGSIZE)) +@@ -280,6 +298,14 @@ + (void)svc_register(xprt, PMAPPROG, PMAPVERS, reg_service, FALSE); + + /* additional initializations */ ++ if (chroot_path) ++ { ++ if (-1 == chroot(chroot_path)) ++ { ++ syslog(LOG_ERR, "couldn't do chroot"); ++ exit(1); ++ } ++ } + check_startup(); + #ifdef IGNORE_SIGCHLD /* Lionel Cons <cons@dxcern.cern.ch> */ + (void)signal(SIGCHLD, SIG_IGN); +@@ -350,7 +376,7 @@ + */ + /* remote host authorization check */ + check_default(svc_getcaller(xprt), rqstp->rq_proc, (u_long) 0); +- if (!svc_sendreply(xprt, xdr_void, (caddr_t)0) && debugging) { ++ if (!svc_sendreply(xprt, (xdrproc_t) xdr_void, (caddr_t)0) && debugging) { + abort(); + } + break; +@@ -359,7 +385,7 @@ + /* + * Set a program,version to port mapping + */ +- if (!svc_getargs(xprt, xdr_pmap, ®)) ++ if (!svc_getargs(xprt, (xdrproc_t) xdr_pmap, (caddr_t) ®)) + svcerr_decode(xprt); + else { + /* reject non-local requests, protect priv. ports */ +@@ -401,7 +427,7 @@ + ans = 1; + } + done: +- if ((!svc_sendreply(xprt, xdr_int, (caddr_t)&ans)) && ++ if ((!svc_sendreply(xprt, (xdrproc_t) xdr_int, (caddr_t)&ans)) && + debugging) { + (void) fprintf(stderr, "svc_sendreply\n"); + abort(); +@@ -413,7 +439,7 @@ + /* + * Remove a program,version to port mapping. + */ +- if (!svc_getargs(xprt, xdr_pmap, ®)) ++ if (!svc_getargs(xprt, (xdrproc_t) xdr_pmap, (caddr_t) ®)) + svcerr_decode(xprt); + else { + ans = 0; +@@ -447,7 +473,7 @@ + prevpml->pml_next = pml; + free(t); + } +- if ((!svc_sendreply(xprt, xdr_int, (caddr_t)&ans)) && ++ if ((!svc_sendreply(xprt, (xdrproc_t) xdr_int, (caddr_t)&ans)) && + debugging) { + (void) fprintf(stderr, "svc_sendreply\n"); + abort(); +@@ -459,7 +485,7 @@ + /* + * Lookup the mapping for a program,version and return its port + */ +- if (!svc_getargs(xprt, xdr_pmap, ®)) ++ if (!svc_getargs(xprt, (xdrproc_t) xdr_pmap, (caddr_t) ®)) + svcerr_decode(xprt); + else { + /* remote host authorization check */ +@@ -474,7 +500,7 @@ + port = fnd->pml_map.pm_port; + else + port = 0; +- if ((!svc_sendreply(xprt, xdr_int, (caddr_t)&port)) && ++ if ((!svc_sendreply(xprt, (xdrproc_t) xdr_int, (caddr_t)&port)) && + debugging) { + (void) fprintf(stderr, "svc_sendreply\n"); + abort(); +@@ -486,7 +512,7 @@ + /* + * Return the current set of mapped program,version + */ +- if (!svc_getargs(xprt, xdr_void, NULL)) ++ if (!svc_getargs(xprt, (xdrproc_t) xdr_void, (caddr_t) NULL)) + svcerr_decode(xprt); + else { + /* remote host authorization check */ +@@ -497,7 +523,7 @@ + } else { + p = pmaplist; + } +- if ((!svc_sendreply(xprt, xdr_pmaplist, ++ if ((!svc_sendreply(xprt, (xdrproc_t) xdr_pmaplist, + (caddr_t)&p)) && debugging) { + (void) fprintf(stderr, "svc_sendreply\n"); + abort(); +@@ -645,7 +671,7 @@ + timeout.tv_sec = 5; + timeout.tv_usec = 0; + a.rmt_args.args = buf; +- if (!svc_getargs(xprt, xdr_rmtcall_args, &a)) ++ if (!svc_getargs(xprt, (xdrproc_t) xdr_rmtcall_args, (caddr_t) &a)) + return; + /* host and service access control */ + if (!check_callit(svc_getcaller(xprt), +@@ -674,9 +700,9 @@ + au->aup_uid, au->aup_gid, au->aup_len, au->aup_gids); + } + a.rmt_port = (u_long)port; +- if (clnt_call(client, a.rmt_proc, xdr_opaque_parms, &a, +- xdr_len_opaque_parms, &a, timeout) == RPC_SUCCESS) { +- svc_sendreply(xprt, xdr_rmtcall_result, (caddr_t)&a); ++ if (clnt_call(client, a.rmt_proc, (xdrproc_t) xdr_opaque_parms, (char*) &a, ++ (xdrproc_t) xdr_len_opaque_parms, (char*) &a, timeout) == RPC_SUCCESS) { ++ svc_sendreply(xprt, (xdrproc_t) xdr_rmtcall_result, (caddr_t)&a); + } + AUTH_DESTROY(client->cl_auth); + clnt_destroy(client); diff --git a/package/portmap/portmap.control b/package/portmap/portmap.control new file mode 100644 index 0000000000..55fa61d33c --- /dev/null +++ b/package/portmap/portmap.control @@ -0,0 +1,11 @@ +Package: portmap +Priority: optional +Section: net +Maintainer: Felix Fietkau <nbd@vd-s.ath.cx> +Source: buildroot internal +Description: The RPC Portmapper + Portmap is a server that converts RPC (Remote Procedure Call) program + numbers into DARPA protocol port numbers. It must be running in order + to make RPC calls. + . + Services that use RPC include NFS and NIS. |