| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Due to a miscommunication,
Commit: 0cc39c519278 ("Provide systemd unit files for rpcbind")
used sbindir as the location of rpcbind to put in the systemd unit
file instead of bindir, which is where rpcbind gets installed.
So change those few instances of sbindir to bindir so that the unit
file will have the correct path.
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
rpcbind can save state in a file to allow restart without forgetting
about running services.
The default location is currently "/tmp" which is
not ideal for system files. It is particularly unpleasant
to put simple files there rather than creating a directory
to contain them.
On a modern Linux system it is preferable to use /run, and there it is
even more consistent with practice to use a subdirectory.
This directory needs to be create one each boot, and while there are
tools (e.g. systemd-tmpfiles) which can do that it is cleaner to keep
rpcbind self-contained and have it create the directory.
So change the default location to /var/run/rpcbind, and create that
directory. If a different user-id is used, we need to create
and chown the directory before dropping privileges. We do this
with care so avoid chowning the wrong thing by mistake.
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
To encourage uniformity across distributions, provide
systemd unit files.
If extra arguments are wanted for rpcbind, a drop-in should be used
to set the Environment= or read and EnvironmentFile=
Even though libtirpc and the kernel contact rpcbind via
/var/run/rcpbind.sock, tell systemd to place the socket
in /run/rpcbind.sock as systems using systemd always
use /run, and often symlink /var/run to /run.
rpcbind.service pulls in rpcbind.socket so that the listening sockets
chosen there will always be used.
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The __P() macro is a legacy compatibility macro aimed making pre-ANSI
(i.e. K&R) compilers that do not support function prototypes happy,
while still allowing such prototypes for ANSI-compliant compilers.
Since virtually all compilers have been ANSI-compliant for a few decades
now, use of __P() is totally useless.
Furthermore, __P() is defined in the non-standard sys/cdefs.h header.
This header is present in glibc and uClibc, and both have it included
from many of their headers. So, sys/cdefs.h is automagically included in
most cases and its macros are available.
However, the musl C library does not provide this sys/cdefs.h header.
Thus, the build breaks on musl.
For all the above reasons, get rid of __P() wherever it is used; just
always declare real function prototypes.
Reviewed-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Steve Dickson <steved@redhat.com>
Cc: Chuck Lever <chuck.lever@oracle.com>
Cc: Steve Dickson <SteveD@redhat.com>
Cc: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
|
|
|
|
|
| |
rpcbind and libtirpc are both using poll in svc_run(),
but rpcbind used the old svc_fdset interface for this.
This limits the possible connections to 1024, while both
could handle much more. rpcbind is now accessing directly
the svc_pollfd data of libtirpc.
Signed-off-by: Thorsten Kukuk <kukuk@thkukuk.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
From: Laurent Bigonville <bigon@bigon.be>
If systemd has created the unix socket on our behalf, we shouldn't try
to delete it.
https://bugzilla.redhat.com/show_bug.cgi?id=1279076
Signed-off-by: Laurent Bigonville <bigon@bigon.be
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
| |
In the latest libtirpc version to access the xp_auth
one must use the SVC_XP_AUTH macro. To be backwards
compatible a couple ifdefs were added to use the
macro when it exists.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- A PMAP_CALLIT call comes in on IPv4 UDP
- rpcbind duplicates the caller's address to a netbuf and stores it in
FINFO[0].caller_addr. caller_addr->buf now points to a memory region A
with a size of 16 bytes
- rpcbind forwards the call to the local service, receives a reply
- when processing the reply, it does this in xprt_set_caller:
xprt->xp_rtaddr = *FINFO[0].caller_addr
It sends out the reply, and then frees the netbuf caller_addr and
caller_addr.buf.
However, it does not clear xp_rtaddr, so xp_rtaddr.buf now refers
to memory region A, which is free.
- When the next call comes in on the UDP/IPv4 socket, svc_dg_recv will
be called, which will set xp_rtaddr to the client's address.
It will reuse the buffer inside xp_rtaddr, ie it will write a
sockaddr_in to region A
Some time down the road, an incoming TCP connection is accepted,
allocating a fresh SVCXPRT. The memory region A is inside the
new SVCXPRT
- While processing the TCP call, another UDP call comes in, again
overwriting region A with the client's address
- TCP client closes connection. In svc_destroy, we now trip over
the garbage left in region A
We ran into the case where a commercial scanner was triggering
occasional rpcbind segfaults. The core file that was captured showed
a corrupted xprt->xp_netid pointer that was really a sockaddr_in.
Signed-off-by: Olaf Kirch <okir@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
| |
src/security.c:100:8: warning: implicit declaration of function 'xlog'
[-Wimplicit-function-declaration]
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
| |
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Recently a libtirpc_set_debug() command was
added to libtirpc that enables debugging in
the library.
Now when debug is enabled with rpcbind, this
new library debugging will be enabled as well,
when the interface exists.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
| |
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
| |
implicit declaration of function ?xlog?
Signed-off-by: Bernhard Reutner-Fischer <rep.dot.nop@gmail.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
The function check_callit() attempts to reference a number of defines
from files that might not be available for everything but glibc.
For simplicity assume that if there is no rpcsvc/mount.h all the other
includes do not exist either.
Signed-off-by: Bernhard Reutner-Fischer <rep.dot.nop@gmail.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
| |
Signed-off-by: Bernhard Reutner-Fischer <rep.dot.nop@gmail.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
| |
To make it possible for debugging to happen in
background, separate the -d flag from the -f flag
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
| |
Enable the logging depending on background or foreground
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
| |
Convert all the fprint() to xlog()s calls
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
| |
To improve rpcbind's debugging the xlog code
from the nfs-utils package has been ported.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
| |
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
| |
Signed-off-by: Olaf Kirch <okir@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
| |
Signed-off-by: Olaf Kirch <okir@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
While this is not strictly necessary (you can use "rpcinfo <hostname>"
instead), some older scripts may rely on rpcinfo to work with
just about any hostname. Let's be gentle with them. It doesn't
cost us much.
Signed-off-by: Olaf Kirch <okir@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, rpcinfo supports two ways to test whether a given
service is alive.
For IPv4 hosts, you can use -u and -t. But for IPv6, you need
to use "rpcinfo -a" and specify the host through a universal
address, which is fairly inconvenient.
This patch modifies ip_ping to allow using -u and -t for IPv6
addresses and hosts as well.
Signed-off-by: Olaf Kirch <okir@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The code doing the actual RPC NULL calls and the handling of
VERSMISMATCH was a bit convoluted. We would destroy and re-create
the client handle, and sometimes the associated file descriptor
would be closed and sometimes not.
Clean this up by introducing a new function ip_ping_one, which
does the actual NULL call to the indicated program version without
destroying the client handle, ever.
Signed-off-by: Olaf Kirch <okir@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
| |
In init_transport, move creation of COTS sockets
closer to where they are used
Signed-off-by: Olaf Kirch <okir@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
This seems to be an old remnant from the very early days of IPv6
when the kernel would include the ifindex in the link-local
addresses returned by getifaddrs(). This is no longer the case on
Linux, so the code is a no-op.
A no-op that makes gcc throw warnings about illegal type-punning.
Signed-off-by: Olaf Kirch <okir@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
| |
Don't print an error message on warmstart if the
startup files don't exist (take two)
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
| |
Always notify systemd that rpcbind is ready and running.
Signed-off-by: Thorsten Kukuk <kukuk@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
Systemd will, by default, pass a socket that provides both IPv4 and
IPv6 services. RPC netconfig requires that sockets be either IPv4
or IPv6. Adjust the rpcbind.socket unit file and add a warning
to rpcbind should the user encounter an issue.
Signed-off-by: Jeff Mahoney <jeffm@suse.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
| |
Don't print an error message on warmstart if the
startup files don't exist.
Signed-off-by: Thorsten Kukuk <kukuk@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
There's code in rpcbind that tries to configure nss lookups so that it
avoids NIS when resolving user names or service names. Unfortunately,
this code is turned into a no-op unless HAVE_NSS_H is defined. Which
it is not unless the configure script actually checks for it.
Signed-off-by: Olaf Kirch <okir@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
| |
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
| |
Those debug messages were not useful at all.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Making rpcbind sockect activated will greatly simplify
its integration in systemd systems. In essence, other services
may now assume that rpcbind is always available, even during very
early boot. This means that we no longer need to worry about any
ordering dependencies.
Original-patch-by: Lennart Poettering <lennart@poettering.net>
Cc: systemd-devel@lists.freedesktop.org
Acked-by: Cristian RodrÃguez<crrodriguez@opensuse.org>
Signed-off-by: Tom Gundersen <teg@jklm.no>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
From: Sami Wagiaalla <swagiaal@redhat.com>
I was having trouble setting up NFS on Atomic Host. It turns out
there is an issue when rpcbind is trying to find the uid of the
rpc user. OSTree based operating systems store user information
for system users such as the rpc user in /usr/lib/passwd and
leaves /etc/passwd for humans users. This is enabled by the use
of the nss module nss-altfiles which allows one to specify
additional files to be added the the passwd database. rpcbind
however overrides the rule added to /etc/nsswitch.conf and removes
"altfiles" from the list of modules by doing the following:
__nss_configure_lookup("passwd", "files");
This was added in commit 77f7556878d1fe03dc ("[...]use
__nss_configure_lookup() to restrict the [rpc user] lookup") to
remove "nis" form the list of modules and prevent rpcbind from
having a circular dependency on itself. In an OSTree based
operating system however this prevents rpcbind from finding the rpc
user and the service cannot start.
This patch adds an option --with-nss-modules which allows one
to specify the nss modules which should be searched for user
information. The default setting is "files" which preserves the
current behavior, but this enables one to add other modules to
the search path.
Signed-off-by: Sami Wagiaalla <swagiaal@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
| |
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
| |
src/rpcbind.c:243:3: warning: implicit declaration of function 'setgroups'
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
| |
When systemd bring rpcbind down, via an expect signal,
exit gracefully with a zero status and don't log a
meaningless message.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
| |
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
src/util.c: In function ?in6_fillscopeid?:
src/util.c:106:3: warning: dereferencing type-punned pointer will break
strict-aliasing rules [-Wstrict-aliasing]
ifindex = ntohs(*(u_int16_t *)&sin6->sin6_addr.s6_addr[2]);
^
src/util.c:109:4: warning: dereferencing type-punned pointer will break
strict-aliasing rules [-Wstrict-aliasing]
*(u_int16_t *)&sin6->sin6_addr.s6_addr[2] = 0;
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Commit 8d7a0708 cause a regression where the rpcuser id was not
being set, which in turn cause rpcbind to immediately exit.
This patch removes the extra ',' that was in the AC_ARG_WITH
statement in the configure.ac file.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
| |
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
| |
Newer autotools wants this to end in .ac.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
The nss.h header is glibc-specific, so use the existing HAVE_NSS_H define
to avoid including/using it when it is not available.
URL: http://bugs.gentoo.org/458024
Reported-by: Mark Reiche <porphyr@gmx.de>
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
| |
If xp_auth is NULL, the transport routines will not send
the reply. This patch fixes that problem.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
| |
Commit 8d7a0708 introduce a regression that cause rpcbind
to run as root instead of the user define by RPCBIND_USER
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
| |
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
| |
Drop out of the 'root' group to ensure the process does
not have any access to writable or readable files
to that group.
Signed-off-by: Steve Dickson <steved@redhat.com>
|