On Monday May 12, [email protected] wrote:
> * Neil Brown <[email protected]> schrieb:
>
> Hi,
>
> > I've made a few little changes like removing spaces from the end of
> > the line and a little reformatting. I also moved the usage messages
> > into a separate function so that the lines didn't get so long.
>
> Doesnt seem to be in git yet :(
It is now (I wanted the man page updates to be in the same commit).
>
> > If you could make corresponding updates to the man page, I'll include
> > those and push it all into .git.
>
> Done. Here's a patch against your latest git.
Thanks.
>
> > > BTW: is there a maillist for portmap development ?
> >
> > No, there isn't really much development...
> >
> > Probably [email protected] would be best, as NFS is the main
> > user of SUNRPC and hence portmap.
>
> Okay, subscribed there. Maybe we could move this discussion there.
>
Done.
Thanks again,
NeilBrown
>
> cu
> --
> ---------------------------------------------------------------------
> Enrico Weigelt == metux IT service - http://www.metux.de/
> ---------------------------------------------------------------------
> Please visit the OpenSource QM Taskforce:
> http://wiki.metux.de/public/OpenSource_QM_Taskforce
> Patches / Fixes for a lot dozens of packages in dozens of versions:
> http://patches.metux.de/
> ---------------------------------------------------------------------
> Index: portmap.c
> ===================================================================
> --- portmap.c (.../git-200805102115) (revision 184)
> +++ portmap.c (.../metux-6.0.0.2) (revision 184)
> @@ -99,14 +99,8 @@
> #include <stdlib.h>
> #include <pwd.h>
>
> -#ifndef LOG_PERROR
> -#define LOG_PERROR 0
> -#endif
> +#include "config.h"
>
> -#ifndef LOG_DAEMON
> -#define LOG_DAEMON 0
> -#endif
> -
> /* Older SYSV. */
> #if !defined(SIGCHLD) && defined(SIGCLD)
> #define SIGCHLD SIGCLD
> @@ -149,13 +143,9 @@
> #endif
> #endif
>
> -#ifdef DAEMON_UID
> int daemon_uid = DAEMON_UID;
> int daemon_gid = DAEMON_GID;
> -#else
> -int daemon_uid = 1;
> -int daemon_gid = 1;
> -#endif
> +const char* mapping_file = PORTMAP_MAPPING_FILE;
>
> /*
> * We record with each registration a flag telling whether it was
> @@ -169,6 +159,18 @@
> int priv;
> };
>
> +static inline int __getuid(const char* username)
> +{
> + struct passwd* pw = getpwnam(username);
> +
> + if (!pw)
> + return 0;
> +
> + daemon_uid = pw->pw_uid;
> + daemon_gid = pw->pw_gid;
> + return 1;
> +}
> +
> int
> main(int argc, char **argv)
> {
> @@ -184,13 +186,26 @@
> int foreground = 0;
> int have_uid = 0;
>
> - while ((c = getopt(argc, argv, "Vdflt:vi:u:g:")) != EOF) {
> + while ((c = getopt(argc, argv, "hVdfFlt:vi:u:U:g:m:")) != EOF) {
> switch (c) {
>
> case 'V':
> - printf("portmap version 6.0 - 2007-May-11\n");
> + printf("portmap version 6.0.0.1 - 2008-05-10\n");
> exit(1);
>
> + case 'm':
> + mapping_file = strdup(optarg);
> + break;
> +
> + case 'U':
> + // try to fetch user-given uid/gid by name
> + if (!__getuid(optarg))
> + {
> + fprintf(stderr,"portmap: illegal username: \"%s\"\n", optarg);
> + exit(1);
> + }
> + have_uid = 1;
> + break;
> case 'u':
> daemon_uid = atoi(optarg);
> if (daemon_uid <= 0) {
> @@ -214,6 +229,10 @@
> case 'f':
> foreground = 1;
> break;
> + case 'F':
> + // run in foreground, but still log as usual
> + foreground = 2;
> + break;
>
> case 't':
> chroot_path = optarg;
> @@ -229,20 +248,22 @@
> case 'i':
> have_bindaddr = inet_aton(optarg, &bindaddr);
> break;
> + case 'h':
> default:
> fprintf(stderr,
> - "usage: %s [-dflv] [-t dir] [-i address] "
> - "[-u uid] [-g gid]\n",
> + "usage: %s [-dfFlv] [-t dir] [-i address] [-u uid] [-g gid] [-U username] \n",
> argv[0]);
> - fprintf(stderr, "-d: debugging mode\n");
> - fprintf(stderr,
> - "-f: don't daemonize, log to standard error\n");
> - fprintf(stderr, "-t dir: chroot into dir\n");
> - fprintf(stderr, "-v: verbose logging\n");
> - fprintf(stderr, "-i address: bind to address\n");
> - fprintf(stderr, "-l: same as -i 127.0.0.1\n");
> - fprintf(stderr, "-u uid : setuid to this uid\n");
> - fprintf(stderr, "-g uid : setgid to this gid\n");
> + fprintf(stderr, "-v verbose logging\n");
> + fprintf(stderr, "-d debugging mode\n");
> + fprintf(stderr, "-f don't daemonize, log to standard error\n");
> + fprintf(stderr, "-F don't daemonize, log as usual\n");
> + fprintf(stderr, "-t <dir> chroot into dir\n");
> + fprintf(stderr, "-i <address> bind to address\n");
> + fprintf(stderr, "-l same as -i 127.0.0.1\n");
> + fprintf(stderr, "-u <uid> run as this uid (default: %d)\n", DAEMON_UID);
> + fprintf(stderr, "-g <uid> run as this gid (default: %d)\n", DAEMON_GID);
> + fprintf(stderr, "-U <username> suid/sgid to this user\n");
> + fprintf(stderr, "-m <mapfile> specify the mapping file name (default: " PORTMAP_MAPPING_FILE ")\n");
> exit(1);
> }
> }
> @@ -253,20 +274,15 @@
> }
>
> #ifdef LOG_DAEMON
> - openlog("portmap", LOG_PID|LOG_NDELAY | ( foreground ? LOG_PERROR : 0),
> + openlog("portmap", LOG_PID|LOG_NDELAY | ( (foreground==1) ? LOG_PERROR : 0),
> FACILITY);
> #else
> - openlog("portmap", LOG_PID|LOG_NDELAY | ( foreground ? LOG_PERROR : 0));
> + openlog("portmap", LOG_PID|LOG_NDELAY | ( (foreground==1) ? LOG_PERROR : 0));
> #endif
>
> #ifdef RPCUSER
> if (!have_uid) {
> - struct passwd *pwent;
> - pwent = getpwnam(RPCUSER);
> - if (pwent) {
> - daemon_uid = pwent->pw_uid;
> - daemon_gid = pwent->pw_gid;
> - } else
> + if (!__getuid(RPCUSER))
> syslog(LOG_WARNING, "user '" RPCUSER
> "' not found, reverting to default uid");
> }
> @@ -369,7 +385,7 @@
>
> (void)svc_register(xprt, PMAPPROG, PMAPVERS, reg_service, FALSE);
>
> - store_fd = open("/var/run/portmap_mapping", O_RDWR|O_CREAT, 0600);
> + store_fd = open(mapping_file, O_RDWR|O_CREAT, PORTMAP_MAPPING_FMODE);
> load_table();
>
> /* additional initializations */
> Index: portmap.8
> ===================================================================
> --- portmap.8 (.../git-200805102115) (revision 184)
> +++ portmap.8 (.../metux-6.0.0.2) (revision 184)
> @@ -33,7 +33,7 @@
> .\" from: @(#)portmap.8 5.3 (Berkeley) 3/16/91
> .\" $Id: portmap.8,v 1.2 2004/04/03 09:30:21 herbert Exp $
> .\"
> -.Dd Apr 20, 2007
> +.Dd May 12, 2008
> .Dt PORTMAP 8
> .Os BSD 4.3
> .Sh NAME
> @@ -47,6 +47,7 @@
> .Nm portmap
> .Op Fl d
> .Op Fl f
> +.Op Fl F
> .Op Fl t Ar dir
> .Op Fl v
> .Op Fl V
> @@ -117,6 +118,8 @@
> from running as a daemon,
> and causes log messages
> to be printed to the standard error output.
> +.It Fl F
> +(foreground) same as -f, but logging as usual
> .It Fl t Ar dir
> (chroot) tell
> .Nm portmap
> @@ -127,6 +130,9 @@
> .Ar dir
> should be empty, not writeable by the daemon user, and preferably on a
> filesystem mounted read-only, noexec, nodev, and nosuid.
> +.It Fl m Ar file
> +(mapfile) speficy an alternative mapping
> +.Ar file
> .It Fl u Ar uid
> .It Fl g Ar gid
> Set the user-id and group-id of the running process to those given,
> @@ -138,6 +144,10 @@
> .Nm RPCUSER
> and use the uid and gid of that user.
> ..
> +.It Fl U Ar username
> +Lets
> +.Nm portmap
> +run under this user (uid/gid) rather than compiled-in defaults of DEAMON_UID/DAEMON_GID.
> .It Fl v
> (verbose) run
> .Nm portmap
> Index: config.h
> ===================================================================
> --- config.h (.../git-200805102115) (revision 0)
> +++ config.h (.../metux-6.0.0.2) (revision 184)
> @@ -0,0 +1,33 @@
> +
> +#ifndef __PORTMAP_CONFIG_H
> +#define __PORTMAP_CONFIG_H
> +
> +#ifndef PORTMAP_MAPPING_FILE
> +#define PORTMAP_MAPPING_FILE "/var/run/portmap_mapping"
> +#endif
> +
> +#ifndef PORTMAP_MAPPING_FMODE
> +#define PORTMAP_MAPPING_FMODE 0600
> +#endif
> +
> +#ifndef LOG_PERROR
> +#define LOG_PERROR 0
> +#endif
> +
> +#ifndef RPCUSER
> +#define RPCUSER "bin"
> +#endif
> +
> +#ifndef LOG_DAEMON
> +#define LOG_DAEMON 0
> +#endif
> +
> +#ifndef DAEMON_UID
> +#define DAEMON_UID 1
> +#endif
> +
> +#ifndef DAEMON_GID
> +#define DAEMON_GID 1
> +#endif
> +
> +#endif
> Index: Makefile
> ===================================================================
> --- Makefile (.../git-200805102115) (revision 184)
> +++ Makefile (.../metux-6.0.0.2) (revision 184)
> @@ -27,6 +27,38 @@
> endif
> endif
>
> +ifeq ($(PREFIX),)
> +PREFIX = /usr
> +endif
> +ifeq ($(SBINDIR),)
> +SBINDIR = $(PREFIX)/sbin
> +endif
> +ifeq ($(DATADIR),)
> +DATADIR = $(PREFIX)/share
> +endif
> +ifeq ($(MANDIR),)
> +MANDIR = $(DATADIR)/man
> +endif
> +ifeq ($(MAN8DIR),)
> +MAN8DIR = $(MANDIR)/man8
> +endif
> +
> +## backwards compatibility to older distro builders
> +ifeq ($(DESTDIR),)
> +DESTDIR = $(BASEDIR)
> +endif
> +
> +ifeq ($(INSTALL),)
> +INSTALL = install
> +endif
> +ifeq ($(INSTALL_MAN),)
> +INSTALL_MAN = $(INSTALL) -o root -g root -m 0644
> +endif
> +ifeq ($(INSTALL_BIN),)
> +INSTALL_BIN = $(INSTALL) -s -o root -g root -m 0755
> +endif
> +
> +
> # Comment out if your RPC library does not allocate privileged ports for
> # requests from processes with root privilege, or the new portmap will
> # always reject requests to register/unregister services on privileged
> @@ -135,15 +167,28 @@
> portmap.man : portmap.8
> sed $(MAN_SED) < portmap.8 > portmap.man
>
> -DESTDIR = $(BASEDIR)
> -install: all
> - install -o root -g root -m 0755 portmap $(DESTDIR)/sbin
> - install -o root -g root -m 0755 pmap_dump $(DESTDIR)/sbin
> - install -o root -g root -m 0755 pmap_set $(DESTDIR)/sbin
> - install -o root -g root -m 0644 portmap.man $(DESTDIR)/usr/share/man/man8/portmap.8
> - install -o root -g root -m 0644 pmap_dump.8 $(DESTDIR)/usr/share/man/man8
> - install -o root -g root -m 0644 pmap_set.8 $(DESTDIR)/usr/share/man/man8
> +install: all install-portmap install-pmap_dump install-pmap_set install-man
>
> +install-dirs-sbin:
> + mkdir -p $(DESTDIR)$(SBINDIR)
> +
> +install-dirs-man:
> + mkdir -p $(DESTDIR)$(MAN8DIR)
> +
> +install-man: install-dirs-man
> + $(INSTALL_MAN) portmap.man $(DESTDIR)$(MAN8DIR)/portmap.8
> + $(INSTALL_MAN) pmap_dump.8 $(DESTDIR)$(MAN8DIR)/pmap_dump.8
> + $(INSTALL_MAN) pmap_set.8 $(DESTDIR)$(MAN8DIR)/map_set.8
> +
> +install-pmap_dump: pmap_dump install-dirs-sbin
> + $(INSTALL_BIN) pmap_dump $(DESTDIR)$(SBINDIR)
> +
> +install-pmap_set: pmap_set install-dirs-sbin
> + $(INSTALL_BIN) pmap_set $(DESTDIR)$(SBINDIR)
> +
> +install-portmap: portmap install-dirs-sbin
> + $(INSTALL_BIN) portmap $(DESTDIR)$(SBINDIR)
> +
> clean:
> rm -f *.o portmap pmap_dump pmap_set from_local \
> core portmap.man