mirror of https://github.com/hak5/openwrt-owl.git
532 lines
14 KiB
Diff
532 lines
14 KiB
Diff
--- portmap-5.orig/Makefile
|
|
+++ portmap-5/Makefile
|
|
@@ -8,7 +8,7 @@
|
|
# if you disagree. See `man 3 syslog' for examples. Some syslog versions
|
|
# do not provide this flexibility.
|
|
#
|
|
-FACILITY=LOG_MAIL
|
|
+FACILITY=LOG_DAEMON
|
|
|
|
# To disable tcp-wrapper style access control, comment out the following
|
|
# macro definitions. Access control can also be turned off by providing
|
|
@@ -16,7 +16,8 @@
|
|
# daemon, is always treated as an authorized host.
|
|
|
|
HOSTS_ACCESS= -DHOSTS_ACCESS
|
|
-WRAP_LIB = $(WRAP_DIR)/libwrap.a
|
|
+#WRAP_LIB = $(WRAP_DIR)/libwrap.a
|
|
+WRAP_LIB = -lwrap
|
|
|
|
# Comment out if your RPC library does not allocate privileged ports for
|
|
# requests from processes with root privilege, or the new portmap will
|
|
@@ -71,7 +72,7 @@
|
|
# With verbose logging on, HP-UX 9.x and AIX 4.1 leave zombies behind when
|
|
# SIGCHLD is not ignored. Enable next macro for a fix.
|
|
#
|
|
-# ZOMBIES = -DIGNORE_SIGCHLD # AIX 4.x, HP-UX 9.x
|
|
+ZOMBIES = -DIGNORE_SIGCHLD # AIX 4.x, HP-UX 9.x
|
|
|
|
# Uncomment the following macro if your system does not have u_long.
|
|
#
|
|
@@ -81,11 +82,14 @@
|
|
# libwrap.a object library. WRAP_DIR should specify the directory with
|
|
# that library.
|
|
|
|
-WRAP_DIR= ../tcp_wrappers
|
|
+WRAP_DIR= $(TCPD_DIR)
|
|
|
|
# Auxiliary object files that may be missing from your C library.
|
|
#
|
|
-AUX = daemon.o strerror.o
|
|
+#AUX = daemon.o strerror.o
|
|
+
|
|
+# glibc has strerror() (it's POSIX) and daemon() (when compiling -D_BSD_SOURCE)
|
|
+AUX =
|
|
|
|
# NEXTSTEP is a little different. The following seems to work with NS 3.2
|
|
#
|
|
@@ -99,22 +103,31 @@
|
|
|
|
# Comment out if your compiler talks ANSI and understands const
|
|
#
|
|
-CONST = -Dconst=
|
|
+#CONST = -Dconst=
|
|
|
|
### End of configurable stuff.
|
|
##############################
|
|
|
|
+GLIBC=$(shell grep -s -c __GLIBC__ /usr/include/features.h)
|
|
+
|
|
+ifeq ($(GLIBC),0)
|
|
+LIBS += # -lbsd
|
|
+else
|
|
+LIBS += -lnsl
|
|
+endif
|
|
+
|
|
+
|
|
SHELL = /bin/sh
|
|
|
|
-COPT = $(CONST) -Dperror=xperror $(HOSTS_ACCESS) $(CHECK_PORT) \
|
|
+COPT = $(CONST) $(HOSTS_ACCESS) $(CHECK_PORT) \
|
|
$(SYS) -DFACILITY=$(FACILITY) $(ULONG) $(ZOMBIES) $(SA_LEN) \
|
|
$(LOOPBACK) $(SETPGRP)
|
|
-CFLAGS = $(COPT) -O $(NSARCHS)
|
|
+CFLAGS = -Wall $(COPT) -O2 $(NSARCHS)
|
|
OBJECTS = portmap.o pmap_check.o from_local.o $(AUX)
|
|
|
|
all: portmap pmap_dump pmap_set
|
|
|
|
-portmap: $(OBJECTS) $(WRAP_DIR)/libwrap.a
|
|
+portmap: $(OBJECTS) # $(WRAP_DIR)/libwrap.a
|
|
$(CC) $(CFLAGS) -o $@ $(OBJECTS) $(WRAP_LIB) $(LIBS)
|
|
|
|
pmap_dump: pmap_dump.c
|
|
@@ -129,6 +142,17 @@
|
|
get_myaddress: get_myaddress.c
|
|
cc $(CFLAGS) -DTEST -o $@ get_myaddress.c $(LIBS)
|
|
|
|
+install: all
|
|
+ install -o root -g root -m 0755 -s portmap ${BASEDIR}/sbin
|
|
+ install -o root -g root -m 0755 -s pmap_dump ${BASEDIR}/sbin
|
|
+ install -o root -g root -m 0755 -s pmap_set ${BASEDIR}/sbin
|
|
+ install -o root -g root -m 0644 portmap.8 ${BASEDIR}/usr/share/man/man8
|
|
+ install -o root -g root -m 0644 pmap_dump.8 ${BASEDIR}/usr/share/man/man8
|
|
+ install -o root -g root -m 0644 pmap_set.8 ${BASEDIR}/usr/share/man/man8
|
|
+ cat BLURB >${BASEDIR}/usr/share/doc/portmap/portmapper.txt
|
|
+ gzip -9f ${BASEDIR}/usr/share/doc/portmap/portmapper.txt
|
|
+
|
|
+
|
|
lint:
|
|
lint $(COPT) $(OBJECTS:%.o=%.c)
|
|
|
|
--- portmap-5.orig/daemon.c
|
|
+++ portmap-5/daemon.c
|
|
@@ -36,11 +36,8 @@
|
|
#endif /* LIBC_SCCS and not lint */
|
|
|
|
#include <fcntl.h>
|
|
-
|
|
-/* From unistd.h */
|
|
-#define STDIN_FILENO 0
|
|
-#define STDOUT_FILENO 1
|
|
-#define STDERR_FILENO 2
|
|
+#include <unistd.h>
|
|
+#include <sys/types.h>
|
|
|
|
/* From paths.h */
|
|
#define _PATH_DEVNULL "/dev/null"
|
|
--- portmap-5.orig/pmap_check.c
|
|
+++ portmap-5/pmap_check.c
|
|
@@ -41,10 +41,14 @@
|
|
#include <syslog.h>
|
|
#include <netdb.h>
|
|
#include <sys/signal.h>
|
|
+#include <grp.h>
|
|
#ifdef SYSV40
|
|
#include <netinet/in.h>
|
|
#include <rpc/rpcent.h>
|
|
#endif
|
|
+#include <sys/types.h>
|
|
+#include <unistd.h>
|
|
+#include <tcpd.h>
|
|
|
|
extern char *inet_ntoa();
|
|
|
|
@@ -101,15 +105,25 @@
|
|
* Give up root privileges so that we can never allocate a privileged
|
|
* port when forwarding an rpc request.
|
|
*/
|
|
+ if (setgid(1) == -1) {
|
|
+ syslog(LOG_ERR, "setgid(1) failed: %m");
|
|
+ exit(1);
|
|
+ }
|
|
+ if (setgroups(0, 0) == -1) {
|
|
+ syslog(LOG_ERR, "setgroups(0, 0) failed: %m");
|
|
+ exit(1);
|
|
+ }
|
|
if (setuid(1) == -1) {
|
|
syslog(LOG_ERR, "setuid(1) failed: %m");
|
|
exit(1);
|
|
}
|
|
+
|
|
(void) signal(SIGINT, toggle_verboselog);
|
|
}
|
|
|
|
/* check_default - additional checks for NULL, DUMP, GETPORT and unknown */
|
|
|
|
+int
|
|
check_default(addr, proc, prog)
|
|
struct sockaddr_in *addr;
|
|
u_long proc;
|
|
@@ -128,6 +142,7 @@
|
|
|
|
/* check_privileged_port - additional checks for privileged-port updates */
|
|
|
|
+int
|
|
check_privileged_port(addr, proc, prog, port)
|
|
struct sockaddr_in *addr;
|
|
u_long proc;
|
|
@@ -173,6 +188,7 @@
|
|
|
|
#else
|
|
|
|
+int
|
|
check_setunset(addr, proc, prog, port)
|
|
struct sockaddr_in *addr;
|
|
u_long proc;
|
|
@@ -197,6 +213,7 @@
|
|
|
|
/* check_callit - additional checks for forwarded requests */
|
|
|
|
+int
|
|
check_callit(addr, proc, prog, aproc)
|
|
struct sockaddr_in *addr;
|
|
u_long proc;
|
|
@@ -249,13 +266,13 @@
|
|
};
|
|
struct proc_map *procp;
|
|
static struct proc_map procmap[] = {
|
|
- PMAPPROC_CALLIT, "callit",
|
|
- PMAPPROC_DUMP, "dump",
|
|
- PMAPPROC_GETPORT, "getport",
|
|
- PMAPPROC_NULL, "null",
|
|
- PMAPPROC_SET, "set",
|
|
- PMAPPROC_UNSET, "unset",
|
|
- 0, 0,
|
|
+ {PMAPPROC_CALLIT, "callit"},
|
|
+ {PMAPPROC_DUMP, "dump"},
|
|
+ {PMAPPROC_GETPORT, "getport"},
|
|
+ {PMAPPROC_NULL, "null"},
|
|
+ {PMAPPROC_SET, "set"},
|
|
+ {PMAPPROC_UNSET, "unset"},
|
|
+ {0, 0},
|
|
};
|
|
|
|
/*
|
|
@@ -269,7 +286,7 @@
|
|
|
|
if (prognum == 0) {
|
|
progname = "";
|
|
- } else if (rpc = getrpcbynumber((int) prognum)) {
|
|
+ } else if ((rpc = getrpcbynumber((int) prognum))) {
|
|
progname = rpc->r_name;
|
|
} else {
|
|
sprintf(progname = progbuf, "%lu", prognum);
|
|
--- portmap-5.orig/from_local.c
|
|
+++ portmap-5/from_local.c
|
|
@@ -51,6 +51,9 @@
|
|
#include <net/if.h>
|
|
#include <sys/ioctl.h>
|
|
#include <syslog.h>
|
|
+#include <stdlib.h>
|
|
+#include <string.h>
|
|
+#include <unistd.h>
|
|
|
|
#ifndef TRUE
|
|
#define TRUE 1
|
|
@@ -96,6 +99,7 @@
|
|
|
|
/* find_local - find all IP addresses for this host */
|
|
|
|
+int
|
|
find_local()
|
|
{
|
|
struct ifconf ifc;
|
|
@@ -154,6 +158,7 @@
|
|
|
|
/* from_local - determine whether request comes from the local system */
|
|
|
|
+int
|
|
from_local(addr)
|
|
struct sockaddr_in *addr;
|
|
{
|
|
--- portmap-5.orig/pmap_dump.c
|
|
+++ portmap-5/pmap_dump.c
|
|
@@ -23,6 +23,20 @@
|
|
|
|
static char *protoname();
|
|
|
|
+#ifndef INADDR_LOOPBACK
|
|
+#define INADDR_LOOPBACK ntohl(inet_addr("127.0.0.1"))
|
|
+#endif
|
|
+
|
|
+static void get_myloopaddress(addrp)
|
|
+struct sockaddr_in *addrp;
|
|
+{
|
|
+ memset((char *) addrp, 0, sizeof(*addrp));
|
|
+ addrp->sin_family = AF_INET;
|
|
+ addrp->sin_port = htons(PMAPPORT);
|
|
+ addrp->sin_addr.s_addr = htonl(INADDR_LOOPBACK);
|
|
+}
|
|
+
|
|
+int
|
|
main(argc, argv)
|
|
int argc;
|
|
char **argv;
|
|
@@ -31,7 +45,7 @@
|
|
register struct pmaplist *list;
|
|
register struct rpcent *rpc;
|
|
|
|
- get_myaddress(&addr);
|
|
+ get_myloopaddress(&addr);
|
|
|
|
for (list = pmap_getmaps(&addr); list; list = list->pml_next) {
|
|
rpc = getrpcbynumber((int) list->pml_map.pm_prog);
|
|
--- portmap-5.orig/pmap_set.c
|
|
+++ portmap-5/pmap_set.c
|
|
@@ -17,6 +17,10 @@
|
|
#include <rpc/rpc.h>
|
|
#include <rpc/pmap_clnt.h>
|
|
|
|
+int parse_line(char *buf, u_long *prog, u_long *vers, int *prot,
|
|
+ unsigned *port);
|
|
+
|
|
+int
|
|
main(argc, argv)
|
|
int argc;
|
|
char **argv;
|
|
@@ -40,6 +44,7 @@
|
|
|
|
/* parse_line - convert line to numbers */
|
|
|
|
+int
|
|
parse_line(buf, prog, vers, prot, port)
|
|
char *buf;
|
|
u_long *prog;
|
|
@@ -47,9 +52,9 @@
|
|
int *prot;
|
|
unsigned *port;
|
|
{
|
|
- char proto_name[BUFSIZ];
|
|
+ char proto_name[256];
|
|
|
|
- if (sscanf(buf, "%lu %lu %s %u", prog, vers, proto_name, port) != 4) {
|
|
+ if (sscanf(buf, "%lu %lu %255s %u", prog, vers, proto_name, port) != 4) {
|
|
return (0);
|
|
}
|
|
if (strcmp(proto_name, "tcp") == 0) {
|
|
@@ -65,3 +70,4 @@
|
|
}
|
|
return (0);
|
|
}
|
|
+
|
|
--- portmap-5.orig/portmap.c
|
|
+++ portmap-5/portmap.c
|
|
@@ -80,6 +80,10 @@
|
|
* Mountain View, California 94043
|
|
*/
|
|
|
|
+#if defined(__GLIBC__)
|
|
+#define _BSD_SOURCE 1 /* for daemon(3) */
|
|
+#include <rpc/xdr.h>
|
|
+#endif /* __GLIBC__ */
|
|
#include <rpc/rpc.h>
|
|
#include <rpc/pmap_prot.h>
|
|
#include <stdio.h>
|
|
@@ -91,11 +95,13 @@
|
|
#include <sys/signal.h>
|
|
#include <sys/time.h>
|
|
#include <sys/resource.h>
|
|
-#ifdef SYSV40
|
|
#include <netinet/in.h>
|
|
-#endif
|
|
+#include <sys/types.h>
|
|
+#include <unistd.h>
|
|
+#include <string.h>
|
|
+#include <errno.h>
|
|
+#include <arpa/inet.h>
|
|
|
|
-extern char *strerror();
|
|
#include <stdlib.h>
|
|
|
|
#ifndef LOG_PERROR
|
|
@@ -124,7 +130,6 @@
|
|
static void callit();
|
|
struct pmaplist *pmaplist;
|
|
int debugging = 0;
|
|
-extern int errno;
|
|
|
|
#include "pmap_check.h"
|
|
|
|
@@ -148,6 +153,7 @@
|
|
#endif
|
|
#endif
|
|
|
|
+int
|
|
main(argc, argv)
|
|
int argc;
|
|
char **argv;
|
|
@@ -157,22 +163,31 @@
|
|
struct sockaddr_in addr;
|
|
int len = sizeof(struct sockaddr_in);
|
|
register struct pmaplist *pml;
|
|
+ char *chroot_path = NULL;
|
|
+ struct in_addr bindaddr;
|
|
+ int have_bindaddr = 0;
|
|
|
|
- while ((c = getopt(argc, argv, "dv")) != EOF) {
|
|
+ while ((c = getopt(argc, argv, "dt:vi:")) != EOF) {
|
|
switch (c) {
|
|
|
|
case 'd':
|
|
debugging = 1;
|
|
break;
|
|
-
|
|
+ case 't':
|
|
+ chroot_path = optarg;
|
|
+ break;
|
|
case 'v':
|
|
verboselog = 1;
|
|
break;
|
|
-
|
|
+ case 'i':
|
|
+ have_bindaddr = inet_aton(optarg, &bindaddr);
|
|
+ break;
|
|
default:
|
|
- (void) fprintf(stderr, "usage: %s [-dv]\n", argv[0]);
|
|
+ (void) fprintf(stderr, "usage: %s [-dv] [-t path] [-i address]\n", argv[0]);
|
|
(void) fprintf(stderr, "-d: debugging mode\n");
|
|
+ (void) fprintf(stderr, "-t path: chroot into path\n");
|
|
(void) fprintf(stderr, "-v: verbose logging\n");
|
|
+ (void) fprintf(stderr, "-i address: bind to address\n");
|
|
exit(1);
|
|
}
|
|
}
|
|
@@ -201,6 +216,9 @@
|
|
addr.sin_addr.s_addr = 0;
|
|
addr.sin_family = AF_INET;
|
|
addr.sin_port = htons(PMAPPORT);
|
|
+ if (have_bindaddr)
|
|
+ memcpy(&addr.sin_addr, &bindaddr, sizeof(bindaddr));
|
|
+
|
|
if (bind(sock, (struct sockaddr *)&addr, len) != 0) {
|
|
syslog(LOG_ERR, "cannot bind udp: %m");
|
|
exit(1);
|
|
@@ -227,7 +245,7 @@
|
|
setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, &on, sizeof on);
|
|
#endif
|
|
if (bind(sock, (struct sockaddr *)&addr, len) != 0) {
|
|
- syslog(LOG_ERR, "cannot bind udp: %m");
|
|
+ syslog(LOG_ERR, "cannot bind tcp: %m");
|
|
exit(1);
|
|
}
|
|
if ((xprt = svctcp_create(sock, RPCSMALLMSGSIZE, RPCSMALLMSGSIZE))
|
|
@@ -280,6 +298,14 @@
|
|
(void)svc_register(xprt, PMAPPROG, PMAPVERS, reg_service, FALSE);
|
|
|
|
/* additional initializations */
|
|
+ if (chroot_path)
|
|
+ {
|
|
+ if (-1 == chroot(chroot_path))
|
|
+ {
|
|
+ syslog(LOG_ERR, "couldn't do chroot");
|
|
+ exit(1);
|
|
+ }
|
|
+ }
|
|
check_startup();
|
|
#ifdef IGNORE_SIGCHLD /* Lionel Cons <cons@dxcern.cern.ch> */
|
|
(void)signal(SIGCHLD, SIG_IGN);
|
|
@@ -350,7 +376,7 @@
|
|
*/
|
|
/* remote host authorization check */
|
|
check_default(svc_getcaller(xprt), rqstp->rq_proc, (u_long) 0);
|
|
- if (!svc_sendreply(xprt, xdr_void, (caddr_t)0) && debugging) {
|
|
+ if (!svc_sendreply(xprt, (xdrproc_t) xdr_void, (caddr_t)0) && debugging) {
|
|
abort();
|
|
}
|
|
break;
|
|
@@ -359,7 +385,7 @@
|
|
/*
|
|
* Set a program,version to port mapping
|
|
*/
|
|
- if (!svc_getargs(xprt, xdr_pmap, ®))
|
|
+ if (!svc_getargs(xprt, (xdrproc_t) xdr_pmap, (caddr_t) ®))
|
|
svcerr_decode(xprt);
|
|
else {
|
|
/* reject non-local requests, protect priv. ports */
|
|
@@ -401,7 +427,7 @@
|
|
ans = 1;
|
|
}
|
|
done:
|
|
- if ((!svc_sendreply(xprt, xdr_int, (caddr_t)&ans)) &&
|
|
+ if ((!svc_sendreply(xprt, (xdrproc_t) xdr_int, (caddr_t)&ans)) &&
|
|
debugging) {
|
|
(void) fprintf(stderr, "svc_sendreply\n");
|
|
abort();
|
|
@@ -413,7 +439,7 @@
|
|
/*
|
|
* Remove a program,version to port mapping.
|
|
*/
|
|
- if (!svc_getargs(xprt, xdr_pmap, ®))
|
|
+ if (!svc_getargs(xprt, (xdrproc_t) xdr_pmap, (caddr_t) ®))
|
|
svcerr_decode(xprt);
|
|
else {
|
|
ans = 0;
|
|
@@ -447,7 +473,7 @@
|
|
prevpml->pml_next = pml;
|
|
free(t);
|
|
}
|
|
- if ((!svc_sendreply(xprt, xdr_int, (caddr_t)&ans)) &&
|
|
+ if ((!svc_sendreply(xprt, (xdrproc_t) xdr_int, (caddr_t)&ans)) &&
|
|
debugging) {
|
|
(void) fprintf(stderr, "svc_sendreply\n");
|
|
abort();
|
|
@@ -459,7 +485,7 @@
|
|
/*
|
|
* Lookup the mapping for a program,version and return its port
|
|
*/
|
|
- if (!svc_getargs(xprt, xdr_pmap, ®))
|
|
+ if (!svc_getargs(xprt, (xdrproc_t) xdr_pmap, (caddr_t) ®))
|
|
svcerr_decode(xprt);
|
|
else {
|
|
/* remote host authorization check */
|
|
@@ -474,7 +500,7 @@
|
|
port = fnd->pml_map.pm_port;
|
|
else
|
|
port = 0;
|
|
- if ((!svc_sendreply(xprt, xdr_int, (caddr_t)&port)) &&
|
|
+ if ((!svc_sendreply(xprt, (xdrproc_t) xdr_int, (caddr_t)&port)) &&
|
|
debugging) {
|
|
(void) fprintf(stderr, "svc_sendreply\n");
|
|
abort();
|
|
@@ -486,7 +512,7 @@
|
|
/*
|
|
* Return the current set of mapped program,version
|
|
*/
|
|
- if (!svc_getargs(xprt, xdr_void, NULL))
|
|
+ if (!svc_getargs(xprt, (xdrproc_t) xdr_void, (caddr_t) NULL))
|
|
svcerr_decode(xprt);
|
|
else {
|
|
/* remote host authorization check */
|
|
@@ -497,7 +523,7 @@
|
|
} else {
|
|
p = pmaplist;
|
|
}
|
|
- if ((!svc_sendreply(xprt, xdr_pmaplist,
|
|
+ if ((!svc_sendreply(xprt, (xdrproc_t) xdr_pmaplist,
|
|
(caddr_t)&p)) && debugging) {
|
|
(void) fprintf(stderr, "svc_sendreply\n");
|
|
abort();
|
|
@@ -645,7 +671,7 @@
|
|
timeout.tv_sec = 5;
|
|
timeout.tv_usec = 0;
|
|
a.rmt_args.args = buf;
|
|
- if (!svc_getargs(xprt, xdr_rmtcall_args, &a))
|
|
+ if (!svc_getargs(xprt, (xdrproc_t) xdr_rmtcall_args, (caddr_t) &a))
|
|
return;
|
|
/* host and service access control */
|
|
if (!check_callit(svc_getcaller(xprt),
|
|
@@ -674,9 +700,9 @@
|
|
au->aup_uid, au->aup_gid, au->aup_len, au->aup_gids);
|
|
}
|
|
a.rmt_port = (u_long)port;
|
|
- if (clnt_call(client, a.rmt_proc, xdr_opaque_parms, &a,
|
|
- xdr_len_opaque_parms, &a, timeout) == RPC_SUCCESS) {
|
|
- svc_sendreply(xprt, xdr_rmtcall_result, (caddr_t)&a);
|
|
+ if (clnt_call(client, a.rmt_proc, (xdrproc_t) xdr_opaque_parms, (char*) &a,
|
|
+ (xdrproc_t) xdr_len_opaque_parms, (char*) &a, timeout) == RPC_SUCCESS) {
|
|
+ svc_sendreply(xprt, (xdrproc_t) xdr_rmtcall_result, (caddr_t)&a);
|
|
}
|
|
AUTH_DESTROY(client->cl_auth);
|
|
clnt_destroy(client);
|