[PATCH] rpcbind: add option to fix port number

[PATCH] rpcbind: add option to fix port number

[Li Wang]

fix a random port to offer customer an option for select.

Signed-off-by: Li Wang <li.wang@windriver.com>
---
 .../rpcbind_add_option_to_fix_port_number.patch    |   80 ++++++++++++++++++++
 meta/recipes-extended/rpcbind/rpcbind_0.2.1.bb     |    1 +
 2 files changed, 81 insertions(+)
 create mode 100644 meta/recipes-extended/rpcbind/rpcbind/rpcbind_add_option_to_fix_port_number.patch

diff --git a/meta/recipes-extended/rpcbind/rpcbind/rpcbind_add_option_to_fix_port_number.patch b/meta/recipes-extended/rpcbind/rpcbind/rpcbind_add_option_to_fix_port_number.patch
new file mode 100644
index 0000000..e4d9906
--- /dev/null
+++ b/meta/recipes-extended/rpcbind/rpcbind/rpcbind_add_option_to_fix_port_number.patch
@@ -0,0 +1,80 @@
+diff --git a/src/rpcb_svc_com.c b/src/rpcb_svc_com.c
+index f6bd6bd..a2ef152 100644
+--- a/src/rpcb_svc_com.c
++++ b/src/rpcb_svc_com.c
+@@ -48,6 +48,7 @@
+ #include <rpc/rpc.h>
+ #include <rpc/rpcb_prot.h>
+ #include <rpc/svc_dg.h>
++#include <rpc/rpc_com.h>
+ #include <netconfig.h>
+ #include <errno.h>
+ #include <syslog.h>
+@@ -496,6 +497,7 @@ xdr_opaque_parms(XDR *xdrs, struct r_rmtcall_args *cap)
+ 
+ static struct rmtcallfd_list *rmthead;
+ static struct rmtcallfd_list *rmttail;
++extern unsigned short random_port;
+ 
+ int
+ create_rmtcall_fd(struct netconfig *nconf)
+@@ -503,6 +505,8 @@ create_rmtcall_fd(struct netconfig *nconf)
+ 	int fd;
+ 	struct rmtcallfd_list *rmt;
+ 	SVCXPRT *xprt;
++	struct __rpc_sockinfo si;
++	struct t_bind taddr;
+ 
+ 	if ((fd = __rpc_nconf2fd(nconf)) == -1) {
+ 		if (debugging)
+@@ -511,6 +515,19 @@ create_rmtcall_fd(struct netconfig *nconf)
+ 			nconf->nc_device, errno);
+ 		return (-1);
+ 	}
++
++	if (random_port) {
++		__rpc_fd2sockinfo(fd, &si);
++		memset(&taddr, 0, sizeof(taddr));
++		taddr.addr.maxlen = taddr.addr.len = si.si_alen;
++		taddr.addr.buf = malloc(si.si_alen);
++		if (taddr.addr.buf == NULL) {
++			return -1;
++		}
++		*(unsigned short *)(&(taddr.addr.buf[0])) = si.si_af;
++		*(unsigned short *)(&(taddr.addr.buf[2])) = htons(random_port);
++		xprt = svc_tli_create(fd, nconf, &taddr, RPC_MAXDATASIZE, RPC_MAXDATASIZE);
++	} else
+ 	xprt = svc_tli_create(fd, 0, (struct t_bind *) 0, 0, 0);
+ 	if (xprt == NULL) {
+ 		if (debugging)
+diff --git a/src/rpcbind.c b/src/rpcbind.c
+index 83dbe93..e82cf45 100644
+--- a/src/rpcbind.c
++++ b/src/rpcbind.c
+@@ -99,6 +99,7 @@ int runasdaemon = 0;
+ int insecure = 0;
+ int oldstyle_local = 0;
+ int verboselog = 0;
++unsigned short random_port = 0;
+ 
+ char **hosts = NULL;
+ int nhosts = 0;
+@@ -748,7 +749,7 @@ parseargs(int argc, char *argv[])
+ {
+ 	int c;
+ 	oldstyle_local = 1;
+-	while ((c = getopt(argc, argv, "adh:ilswf")) != -1) {
++	while ((c = getopt(argc, argv, "adh:p:ilswf")) != -1) {
+ 		switch (c) {
+ 		case 'a':
+ 			doabort = 1;	/* when debugging, do an abort on */
+@@ -766,6 +767,9 @@ parseargs(int argc, char *argv[])
+ 			if (hosts[nhosts - 1] == NULL)
+ 				errx(1, "Out of memory");
+ 			break;
++		case 'p':
++			random_port = atoi(optarg);
++			break;
+ 		case 'i':
+ 			insecure = 1;
+ 			break;
diff --git a/meta/recipes-extended/rpcbind/rpcbind_0.2.1.bb b/meta/recipes-extended/rpcbind/rpcbind_0.2.1.bb
index 89e567b..65351d0 100644
--- a/meta/recipes-extended/rpcbind/rpcbind_0.2.1.bb
+++ b/meta/recipes-extended/rpcbind/rpcbind_0.2.1.bb
@@ -12,6 +12,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=b46486e4c4a416602693a711bb5bfa39 \
 
 SRC_URI = "${SOURCEFORGE_MIRROR}/rpcbind/rpcbind-${PV}.tar.bz2 \
            file://0001-rpcbind-rpcuser-not-being-set-in-Makefile.am.patch \
+           file://rpcbind_add_option_to_fix_port_number.patch \
            file://init.d \
            ${UCLIBCPATCHES} \
            file://rpcbind.conf \
-- 
1.7.9.5

[PATCH] rpcbind: add option to fix port number

[Li Wang]

fix a random port to offer customer an option for select.

Signed-off-by: Li Wang <li.wang@windriver.com>
---
 .../rpcbind_add_option_to_fix_port_number.patch    |   82 ++++++++++++++++++++
 meta/recipes-extended/rpcbind/rpcbind_0.2.1.bb     |    1 +
 2 files changed, 83 insertions(+)
 create mode 100644 meta/recipes-extended/rpcbind/rpcbind/rpcbind_add_option_to_fix_port_number.patch

diff --git a/meta/recipes-extended/rpcbind/rpcbind/rpcbind_add_option_to_fix_port_number.patch b/meta/recipes-extended/rpcbind/rpcbind/rpcbind_add_option_to_fix_port_number.patch
new file mode 100644
index 0000000..112b713
--- /dev/null
+++ b/meta/recipes-extended/rpcbind/rpcbind/rpcbind_add_option_to_fix_port_number.patch
@@ -0,0 +1,82 @@
+Upstream-Status: Pending
+
+diff --git a/src/rpcb_svc_com.c b/src/rpcb_svc_com.c
+index f6bd6bd..a2ef152 100644
+--- a/src/rpcb_svc_com.c
++++ b/src/rpcb_svc_com.c
+@@ -48,6 +48,7 @@
+ #include <rpc/rpc.h>
+ #include <rpc/rpcb_prot.h>
+ #include <rpc/svc_dg.h>
++#include <rpc/rpc_com.h>
+ #include <netconfig.h>
+ #include <errno.h>
+ #include <syslog.h>
+@@ -496,6 +497,7 @@ xdr_opaque_parms(XDR *xdrs, struct r_rmtcall_args *cap)
+ 
+ static struct rmtcallfd_list *rmthead;
+ static struct rmtcallfd_list *rmttail;
++extern unsigned short random_port;
+ 
+ int
+ create_rmtcall_fd(struct netconfig *nconf)
+@@ -503,6 +505,8 @@ create_rmtcall_fd(struct netconfig *nconf)
+ 	int fd;
+ 	struct rmtcallfd_list *rmt;
+ 	SVCXPRT *xprt;
++	struct __rpc_sockinfo si;
++	struct t_bind taddr;
+ 
+ 	if ((fd = __rpc_nconf2fd(nconf)) == -1) {
+ 		if (debugging)
+@@ -511,6 +515,19 @@ create_rmtcall_fd(struct netconfig *nconf)
+ 			nconf->nc_device, errno);
+ 		return (-1);
+ 	}
++
++	if (random_port) {
++		__rpc_fd2sockinfo(fd, &si);
++		memset(&taddr, 0, sizeof(taddr));
++		taddr.addr.maxlen = taddr.addr.len = si.si_alen;
++		taddr.addr.buf = malloc(si.si_alen);
++		if (taddr.addr.buf == NULL) {
++			return -1;
++		}
++		*(unsigned short *)(&(taddr.addr.buf[0])) = si.si_af;
++		*(unsigned short *)(&(taddr.addr.buf[2])) = htons(random_port);
++		xprt = svc_tli_create(fd, nconf, &taddr, RPC_MAXDATASIZE, RPC_MAXDATASIZE);
++	} else
+ 	xprt = svc_tli_create(fd, 0, (struct t_bind *) 0, 0, 0);
+ 	if (xprt == NULL) {
+ 		if (debugging)
+diff --git a/src/rpcbind.c b/src/rpcbind.c
+index 83dbe93..e82cf45 100644
+--- a/src/rpcbind.c
++++ b/src/rpcbind.c
+@@ -99,6 +99,7 @@ int runasdaemon = 0;
+ int insecure = 0;
+ int oldstyle_local = 0;
+ int verboselog = 0;
++unsigned short random_port = 0;
+ 
+ char **hosts = NULL;
+ int nhosts = 0;
+@@ -748,7 +749,7 @@ parseargs(int argc, char *argv[])
+ {
+ 	int c;
+ 	oldstyle_local = 1;
+-	while ((c = getopt(argc, argv, "adh:ilswf")) != -1) {
++	while ((c = getopt(argc, argv, "adh:p:ilswf")) != -1) {
+ 		switch (c) {
+ 		case 'a':
+ 			doabort = 1;	/* when debugging, do an abort on */
+@@ -766,6 +767,9 @@ parseargs(int argc, char *argv[])
+ 			if (hosts[nhosts - 1] == NULL)
+ 				errx(1, "Out of memory");
+ 			break;
++		case 'p':
++			random_port = atoi(optarg);
++			break;
+ 		case 'i':
+ 			insecure = 1;
+ 			break;
diff --git a/meta/recipes-extended/rpcbind/rpcbind_0.2.1.bb b/meta/recipes-extended/rpcbind/rpcbind_0.2.1.bb
index 89e567b..65351d0 100644
--- a/meta/recipes-extended/rpcbind/rpcbind_0.2.1.bb
+++ b/meta/recipes-extended/rpcbind/rpcbind_0.2.1.bb
@@ -12,6 +12,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=b46486e4c4a416602693a711bb5bfa39 \
 
 SRC_URI = "${SOURCEFORGE_MIRROR}/rpcbind/rpcbind-${PV}.tar.bz2 \
            file://0001-rpcbind-rpcuser-not-being-set-in-Makefile.am.patch \
+           file://rpcbind_add_option_to_fix_port_number.patch \
            file://init.d \
            ${UCLIBCPATCHES} \
            file://rpcbind.conf \
-- 
1.7.9.5

Re: [PATCH] rpcbind: add option to fix port number

[Li.Wang]

Hi,

I will add the follow header to the new patch:
=====
rpcbind: add option to fix port number

fix a random port to offer customer an option for select.

Signed-off-by: Li Wang <li.wang@windriver.com>
=====

Thanks,
LiWang.

On 08/12/2014 03:20 PM, Li Wang wrote:
> fix a random port to offer customer an option for select.
>
> Signed-off-by: Li Wang <li.wang@windriver.com>
> ---
>   .../rpcbind_add_option_to_fix_port_number.patch    |   82 ++++++++++++++++++++
>   meta/recipes-extended/rpcbind/rpcbind_0.2.1.bb     |    1 +
>   2 files changed, 83 insertions(+)
>   create mode 100644 meta/recipes-extended/rpcbind/rpcbind/rpcbind_add_option_to_fix_port_number.patch
>
> diff --git a/meta/recipes-extended/rpcbind/rpcbind/rpcbind_add_option_to_fix_port_number.patch b/meta/recipes-extended/rpcbind/rpcbind/rpcbind_add_option_to_fix_port_number.patch
> new file mode 100644
> index 0000000..112b713
> --- /dev/null
> +++ b/meta/recipes-extended/rpcbind/rpcbind/rpcbind_add_option_to_fix_port_number.patch
> @@ -0,0 +1,82 @@
> +Upstream-Status: Pending
> +
> +diff --git a/src/rpcb_svc_com.c b/src/rpcb_svc_com.c
> +index f6bd6bd..a2ef152 100644
> +--- a/src/rpcb_svc_com.c
> ++++ b/src/rpcb_svc_com.c
> +@@ -48,6 +48,7 @@
> + #include <rpc/rpc.h>
> + #include <rpc/rpcb_prot.h>
> + #include <rpc/svc_dg.h>
> ++#include <rpc/rpc_com.h>
> + #include <netconfig.h>
> + #include <errno.h>
> + #include <syslog.h>
> +@@ -496,6 +497,7 @@ xdr_opaque_parms(XDR *xdrs, struct r_rmtcall_args *cap)
> +
> + static struct rmtcallfd_list *rmthead;
> + static struct rmtcallfd_list *rmttail;
> ++extern unsigned short random_port;
> +
> + int
> + create_rmtcall_fd(struct netconfig *nconf)
> +@@ -503,6 +505,8 @@ create_rmtcall_fd(struct netconfig *nconf)
> + 	int fd;
> + 	struct rmtcallfd_list *rmt;
> + 	SVCXPRT *xprt;
> ++	struct __rpc_sockinfo si;
> ++	struct t_bind taddr;
> +
> + 	if ((fd = __rpc_nconf2fd(nconf)) == -1) {
> + 		if (debugging)
> +@@ -511,6 +515,19 @@ create_rmtcall_fd(struct netconfig *nconf)
> + 			nconf->nc_device, errno);
> + 		return (-1);
> + 	}
> ++
> ++	if (random_port) {
> ++		__rpc_fd2sockinfo(fd, &si);
> ++		memset(&taddr, 0, sizeof(taddr));
> ++		taddr.addr.maxlen = taddr.addr.len = si.si_alen;
> ++		taddr.addr.buf = malloc(si.si_alen);
> ++		if (taddr.addr.buf == NULL) {
> ++			return -1;
> ++		}
> ++		*(unsigned short *)(&(taddr.addr.buf[0])) = si.si_af;
> ++		*(unsigned short *)(&(taddr.addr.buf[2])) = htons(random_port);
> ++		xprt = svc_tli_create(fd, nconf, &taddr, RPC_MAXDATASIZE, RPC_MAXDATASIZE);
> ++	} else
> + 	xprt = svc_tli_create(fd, 0, (struct t_bind *) 0, 0, 0);
> + 	if (xprt == NULL) {
> + 		if (debugging)
> +diff --git a/src/rpcbind.c b/src/rpcbind.c
> +index 83dbe93..e82cf45 100644
> +--- a/src/rpcbind.c
> ++++ b/src/rpcbind.c
> +@@ -99,6 +99,7 @@ int runasdaemon = 0;
> + int insecure = 0;
> + int oldstyle_local = 0;
> + int verboselog = 0;
> ++unsigned short random_port = 0;
> +
> + char **hosts = NULL;
> + int nhosts = 0;
> +@@ -748,7 +749,7 @@ parseargs(int argc, char *argv[])
> + {
> + 	int c;
> + 	oldstyle_local = 1;
> +-	while ((c = getopt(argc, argv, "adh:ilswf")) != -1) {
> ++	while ((c = getopt(argc, argv, "adh:p:ilswf")) != -1) {
> + 		switch (c) {
> + 		case 'a':
> + 			doabort = 1;	/* when debugging, do an abort on */
> +@@ -766,6 +767,9 @@ parseargs(int argc, char *argv[])
> + 			if (hosts[nhosts - 1] == NULL)
> + 				errx(1, "Out of memory");
> + 			break;
> ++		case 'p':
> ++			random_port = atoi(optarg);
> ++			break;
> + 		case 'i':
> + 			insecure = 1;
> + 			break;
> diff --git a/meta/recipes-extended/rpcbind/rpcbind_0.2.1.bb b/meta/recipes-extended/rpcbind/rpcbind_0.2.1.bb
> index 89e567b..65351d0 100644
> --- a/meta/recipes-extended/rpcbind/rpcbind_0.2.1.bb
> +++ b/meta/recipes-extended/rpcbind/rpcbind_0.2.1.bb
> @@ -12,6 +12,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=b46486e4c4a416602693a711bb5bfa39 \
>   
>   SRC_URI = "${SOURCEFORGE_MIRROR}/rpcbind/rpcbind-${PV}.tar.bz2 \
>              file://0001-rpcbind-rpcuser-not-being-set-in-Makefile.am.patch \
> +           file://rpcbind_add_option_to_fix_port_number.patch \
>              file://init.d \
>              ${UCLIBCPATCHES} \
>              file://rpcbind.conf \

[PATCH] rpcbind: add option to fix port number

[Li Wang]

fix a random port to offer customer an option for select.

Signed-off-by: Li Wang <li.wang@windriver.com>
---
 .../rpcbind_add_option_to_fix_port_number.patch    |   94 ++++++++++++++++++++
 meta/recipes-extended/rpcbind/rpcbind_0.2.1.bb     |    1 +
 2 files changed, 95 insertions(+)
 create mode 100644 meta/recipes-extended/rpcbind/rpcbind/rpcbind_add_option_to_fix_port_number.patch

diff --git a/meta/recipes-extended/rpcbind/rpcbind/rpcbind_add_option_to_fix_port_number.patch b/meta/recipes-extended/rpcbind/rpcbind/rpcbind_add_option_to_fix_port_number.patch
new file mode 100644
index 0000000..e627d77
--- /dev/null
+++ b/meta/recipes-extended/rpcbind/rpcbind/rpcbind_add_option_to_fix_port_number.patch
@@ -0,0 +1,94 @@
+rpcbind: add option to fix port number
+
+fix a random port to offer customer an option for select.
+
+Upstream-Status: Pending
+Signed-off-by: Li Wang <li.wang@windriver.com>
+---
+ src/rpcb_svc_com.c |   17 +++++++++++++++++
+ src/rpcbind.c      |    6 +++++-
+ 2 files changed, 22 insertions(+), 1 deletion(-)
+
+diff --git a/src/rpcb_svc_com.c b/src/rpcb_svc_com.c
+index f6bd6bd..a2ef152 100644
+--- a/src/rpcb_svc_com.c
++++ b/src/rpcb_svc_com.c
+@@ -48,6 +48,7 @@
+ #include <rpc/rpc.h>
+ #include <rpc/rpcb_prot.h>
+ #include <rpc/svc_dg.h>
++#include <rpc/rpc_com.h>
+ #include <netconfig.h>
+ #include <errno.h>
+ #include <syslog.h>
+@@ -496,6 +497,7 @@ xdr_opaque_parms(XDR *xdrs, struct r_rmtcall_args *cap)
+ 
+ static struct rmtcallfd_list *rmthead;
+ static struct rmtcallfd_list *rmttail;
++extern unsigned short random_port;
+ 
+ int
+ create_rmtcall_fd(struct netconfig *nconf)
+@@ -503,6 +505,8 @@ create_rmtcall_fd(struct netconfig *nconf)
+ 	int fd;
+ 	struct rmtcallfd_list *rmt;
+ 	SVCXPRT *xprt;
++	struct __rpc_sockinfo si;
++	struct t_bind taddr;
+ 
+ 	if ((fd = __rpc_nconf2fd(nconf)) == -1) {
+ 		if (debugging)
+@@ -511,6 +515,19 @@ create_rmtcall_fd(struct netconfig *nconf)
+ 			nconf->nc_device, errno);
+ 		return (-1);
+ 	}
++
++	if (random_port) {
++		__rpc_fd2sockinfo(fd, &si);
++		memset(&taddr, 0, sizeof(taddr));
++		taddr.addr.maxlen = taddr.addr.len = si.si_alen;
++		taddr.addr.buf = malloc(si.si_alen);
++		if (taddr.addr.buf == NULL) {
++			return -1;
++		}
++		*(unsigned short *)(&(taddr.addr.buf[0])) = si.si_af;
++		*(unsigned short *)(&(taddr.addr.buf[2])) = htons(random_port);
++		xprt = svc_tli_create(fd, nconf, &taddr, RPC_MAXDATASIZE, RPC_MAXDATASIZE);
++	} else
+ 	xprt = svc_tli_create(fd, 0, (struct t_bind *) 0, 0, 0);
+ 	if (xprt == NULL) {
+ 		if (debugging)
+diff --git a/src/rpcbind.c b/src/rpcbind.c
+index 83dbe93..e82cf45 100644
+--- a/src/rpcbind.c
++++ b/src/rpcbind.c
+@@ -99,6 +99,7 @@ int runasdaemon = 0;
+ int insecure = 0;
+ int oldstyle_local = 0;
+ int verboselog = 0;
++unsigned short random_port = 0;
+ 
+ char **hosts = NULL;
+ int nhosts = 0;
+@@ -748,7 +749,7 @@ parseargs(int argc, char *argv[])
+ {
+ 	int c;
+ 	oldstyle_local = 1;
+-	while ((c = getopt(argc, argv, "adh:ilswf")) != -1) {
++	while ((c = getopt(argc, argv, "adh:p:ilswf")) != -1) {
+ 		switch (c) {
+ 		case 'a':
+ 			doabort = 1;	/* when debugging, do an abort on */
+@@ -766,6 +767,9 @@ parseargs(int argc, char *argv[])
+ 			if (hosts[nhosts - 1] == NULL)
+ 				errx(1, "Out of memory");
+ 			break;
++		case 'p':
++			random_port = atoi(optarg);
++			break;
+ 		case 'i':
+ 			insecure = 1;
+ 			break;
+-- 
+1.7.9.5
+
diff --git a/meta/recipes-extended/rpcbind/rpcbind_0.2.1.bb b/meta/recipes-extended/rpcbind/rpcbind_0.2.1.bb
index 89e567b..65351d0 100644
--- a/meta/recipes-extended/rpcbind/rpcbind_0.2.1.bb
+++ b/meta/recipes-extended/rpcbind/rpcbind_0.2.1.bb
@@ -12,6 +12,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=b46486e4c4a416602693a711bb5bfa39 \
 
 SRC_URI = "${SOURCEFORGE_MIRROR}/rpcbind/rpcbind-${PV}.tar.bz2 \
            file://0001-rpcbind-rpcuser-not-being-set-in-Makefile.am.patch \
+           file://rpcbind_add_option_to_fix_port_number.patch \
            file://init.d \
            ${UCLIBCPATCHES} \
            file://rpcbind.conf \
-- 
1.7.9.5

Re: [PATCH] rpcbind: add option to fix port number

[Burton, Ross]

On 12 August 2014 08:20, Li Wang <li.wang@windriver.com> wrote:
> fix a random port to offer customer an option for select.

I'm curious as to why this is needed.

Ross

Re: [PATCH] rpcbind: add option to fix port number

[Li.Wang]

Hi,

this is a description from customer:
=====
customer's description of the problem:
"
It would seem rcpbind opens a random port.
     Clearly not the most simple thing to protect with an ipfilter.
     Opening random ports in privileged port range, among them one port 
that
     identifies itself as pop3s, is not a good practice. Both Ericsson 
and our
     customers run regular vulnerability assessment tools against our 
product,
     and this will clearly be seen as a potential problem. Furthermore, 
we will
     not be able to filter the ports, since they are random, and neither 
will we
     be able to provide decent answers to our customers. To summarize: this
     should be taken care of, ie fix rpcbind so that it uses a non 
random port
     and/or to bind to a specific interface.
=====

Thanks,
LiWang.

On 08/12/2014 04:41 PM, Burton, Ross wrote:
> On 12 August 2014 08:20, Li Wang <li.wang@windriver.com> wrote:
>> fix a random port to offer customer an option for select.
> I'm curious as to why this is needed.
>
> Ross

Re: [PATCH] rpcbind: add option to fix port number

[Burton, Ross]

On 12 August 2014 08:20, Li Wang <li.wang@windriver.com> wrote:
> ++      } else
> +       xprt = svc_tli_create(fd, 0, (struct t_bind *) 0, 0, 0);

*Please* don't do that, match bracket style instead.

Ross

[PATCH] rpcbind: add option to fix port number

[Li Wang]

fix a random port to offer customer an option for select.

Signed-off-by: Li Wang <li.wang@windriver.com>
---
 .../rpcbind_add_option_to_fix_port_number.patch    |   97 ++++++++++++++++++++
 meta/recipes-extended/rpcbind/rpcbind_0.2.1.bb     |    1 +
 2 files changed, 98 insertions(+)
 create mode 100644 meta/recipes-extended/rpcbind/rpcbind/rpcbind_add_option_to_fix_port_number.patch

diff --git a/meta/recipes-extended/rpcbind/rpcbind/rpcbind_add_option_to_fix_port_number.patch b/meta/recipes-extended/rpcbind/rpcbind/rpcbind_add_option_to_fix_port_number.patch
new file mode 100644
index 0000000..31adb07
--- /dev/null
+++ b/meta/recipes-extended/rpcbind/rpcbind/rpcbind_add_option_to_fix_port_number.patch
@@ -0,0 +1,97 @@
+rpcbind: add option to fix port number
+
+fix a random port to offer customer an option for select.
+
+Upstream-Status: Pending
+Signed-off-by: Li Wang <li.wang@windriver.com>
+---
+ src/rpcb_svc_com.c |   20 +++++++++++++++++++-
+ src/rpcbind.c      |    6 +++++-
+ 2 files changed, 24 insertions(+), 2 deletions(-)
+
+diff --git a/src/rpcb_svc_com.c b/src/rpcb_svc_com.c
+index f6bd6bd..866a0e0 100644
+--- a/src/rpcb_svc_com.c
++++ b/src/rpcb_svc_com.c
+@@ -48,6 +48,7 @@
+ #include <rpc/rpc.h>
+ #include <rpc/rpcb_prot.h>
+ #include <rpc/svc_dg.h>
++#include <rpc/rpc_com.h>
+ #include <netconfig.h>
+ #include <errno.h>
+ #include <syslog.h>
+@@ -496,6 +497,7 @@ xdr_opaque_parms(XDR *xdrs, struct r_rmtcall_args *cap)
+ 
+ static struct rmtcallfd_list *rmthead;
+ static struct rmtcallfd_list *rmttail;
++extern unsigned short random_port;
+ 
+ int
+ create_rmtcall_fd(struct netconfig *nconf)
+@@ -503,6 +505,8 @@ create_rmtcall_fd(struct netconfig *nconf)
+ 	int fd;
+ 	struct rmtcallfd_list *rmt;
+ 	SVCXPRT *xprt;
++	struct __rpc_sockinfo si;
++	struct t_bind taddr;
+ 
+ 	if ((fd = __rpc_nconf2fd(nconf)) == -1) {
+ 		if (debugging)
+@@ -511,7 +515,21 @@ create_rmtcall_fd(struct netconfig *nconf)
+ 			nconf->nc_device, errno);
+ 		return (-1);
+ 	}
+-	xprt = svc_tli_create(fd, 0, (struct t_bind *) 0, 0, 0);
++
++	if (random_port) {
++		__rpc_fd2sockinfo(fd, &si);
++		memset(&taddr, 0, sizeof(taddr));
++		taddr.addr.maxlen = taddr.addr.len = si.si_alen;
++		taddr.addr.buf = malloc(si.si_alen);
++		if (taddr.addr.buf == NULL) {
++			return -1;
++		}
++		*(unsigned short *)(&(taddr.addr.buf[0])) = si.si_af;
++		*(unsigned short *)(&(taddr.addr.buf[2])) = htons(random_port);
++		xprt = svc_tli_create(fd, nconf, &taddr, RPC_MAXDATASIZE, RPC_MAXDATASIZE);
++	} else {
++		xprt = svc_tli_create(fd, 0, (struct t_bind *) 0, 0, 0);
++	}
+ 	if (xprt == NULL) {
+ 		if (debugging)
+ 			fprintf(stderr,
+diff --git a/src/rpcbind.c b/src/rpcbind.c
+index 83dbe93..e82cf45 100644
+--- a/src/rpcbind.c
++++ b/src/rpcbind.c
+@@ -99,6 +99,7 @@ int runasdaemon = 0;
+ int insecure = 0;
+ int oldstyle_local = 0;
+ int verboselog = 0;
++unsigned short random_port = 0;
+ 
+ char **hosts = NULL;
+ int nhosts = 0;
+@@ -748,7 +749,7 @@ parseargs(int argc, char *argv[])
+ {
+ 	int c;
+ 	oldstyle_local = 1;
+-	while ((c = getopt(argc, argv, "adh:ilswf")) != -1) {
++	while ((c = getopt(argc, argv, "adh:p:ilswf")) != -1) {
+ 		switch (c) {
+ 		case 'a':
+ 			doabort = 1;	/* when debugging, do an abort on */
+@@ -766,6 +767,9 @@ parseargs(int argc, char *argv[])
+ 			if (hosts[nhosts - 1] == NULL)
+ 				errx(1, "Out of memory");
+ 			break;
++		case 'p':
++			random_port = atoi(optarg);
++			break;
+ 		case 'i':
+ 			insecure = 1;
+ 			break;
+-- 
+1.7.9.5
+
diff --git a/meta/recipes-extended/rpcbind/rpcbind_0.2.1.bb b/meta/recipes-extended/rpcbind/rpcbind_0.2.1.bb
index 89e567b..65351d0 100644
--- a/meta/recipes-extended/rpcbind/rpcbind_0.2.1.bb
+++ b/meta/recipes-extended/rpcbind/rpcbind_0.2.1.bb
@@ -12,6 +12,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=b46486e4c4a416602693a711bb5bfa39 \
 
 SRC_URI = "${SOURCEFORGE_MIRROR}/rpcbind/rpcbind-${PV}.tar.bz2 \
            file://0001-rpcbind-rpcuser-not-being-set-in-Makefile.am.patch \
+           file://rpcbind_add_option_to_fix_port_number.patch \
            file://init.d \
            ${UCLIBCPATCHES} \
            file://rpcbind.conf \
-- 
1.7.9.5

Re: [PATCH] rpcbind: add option to fix port number

[Burton, Ross]

On 12 August 2014 09:44, Li.Wang <Li.Wang@windriver.com> wrote:
>     Opening random ports in privileged port range, among them one port that
>     identifies itself as pop3s, is not a good practice. Both Ericsson and
> our
>     customers run regular vulnerability assessment tools against our
> product,
>     and this will clearly be seen as a potential problem. Furthermore, we
> will
>     not be able to filter the ports, since they are random, and neither will
> we
>     be able to provide decent answers to our customers. To summarize: this
>     should be taken care of, ie fix rpcbind so that it uses a non random
> port
>     and/or to bind to a specific interface.

This has been bothering me so I just did some digging.  rpcbind
opening random ports is rather "misguided" but it appears that passing
-s to rpcbind will cause it to drop it's privs and setuid down to
"daemon", with the side-effect that it can't open the privileged ports
anymore.

(source: http://wiki.metawerx.net/wiki/setrpcrandomport)

Ross

Re: [PATCH] rpcbind: add option to fix port number

[Li.Wang]

On 09/05/2014 11:24 PM, Burton, Ross wrote:
> On 12 August 2014 09:44, Li.Wang <Li.Wang@windriver.com> wrote:
>>      Opening random ports in privileged port range, among them one port that
>>      identifies itself as pop3s, is not a good practice. Both Ericsson and
>> our
>>      customers run regular vulnerability assessment tools against our
>> product,
>>      and this will clearly be seen as a potential problem. Furthermore, we
>> will
>>      not be able to filter the ports, since they are random, and neither will
>> we
>>      be able to provide decent answers to our customers. To summarize: this
>>      should be taken care of, ie fix rpcbind so that it uses a non random
>> port
>>      and/or to bind to a specific interface.
> This has been bothering me so I just did some digging.  rpcbind
> opening random ports is rather "misguided" but it appears that passing
> -s to rpcbind will cause it to drop it's privs and setuid down to
> "daemon", with the side-effect that it can't open the privileged ports
> anymore.
>
> (source: http://wiki.metawerx.net/wiki/setrpcrandomport)
this way uses dynamic library, and I use command option which insert 
code to rpcbind.
I think our thought are same, but the complements are different.

indeed, rpcbind has two random ports:
one can be fixed by configure file.
the patch is to point at the other one.

Thanks,
LiWang.
>
> Ross