diff -Nur portmap_5beta.orig/Makefile portmap_5beta/Makefile --- portmap_5beta.orig/Makefile Sat Jul 6 23:06:19 1996 +++ portmap_5beta/Makefile Tue Sep 10 18:35:41 1996 @@ -8,7 +8,7 @@ # if you disagree. See `man 3 syslog' for examples. Some syslog versions # do not provide this flexibility. # -FACILITY=LOG_MAIL +FACILITY=LOG_AUTH # To disable tcp-wrapper style access control, comment out the following # macro definitions. Access control can also be turned off by providing @@ -71,7 +71,7 @@ # With verbose logging on, HP-UX 9.x and AIX 4.1 leave zombies behind when # SIGCHLD is not ignored. Enable next macro for a fix. # -# ZOMBIES = -DIGNORE_SIGCHLD # AIX 4.x, HP-UX 9.x +ZOMBIES = -DIGNORE_SIGCHLD # AIX 4.x, HP-UX 9.x # Uncomment the following macro if your system does not have u_long. # @@ -81,11 +81,15 @@ # libwrap.a object library. WRAP_DIR should specify the directory with # that library. -WRAP_DIR= ../tcp_wrappers +WRAP_DIR= /usr/lib # Auxiliary object files that may be missing from your C library. # -AUX = daemon.o strerror.o +AUX = daemon.o # strerror.o + +LIBS = -lwrap -lbsd +O = -O6 -fomit-frame-pointer -pipe +NSARCHS = -include /usr/include/bsd/bsd.h -I/usr/include/bsd # NEXTSTEP is a little different. The following seems to work with NS 3.2 # @@ -99,7 +103,7 @@ # Comment out if your compiler talks ANSI and understands const # -CONST = -Dconst= +#CONST = -Dconst= ### End of configurable stuff. ############################## @@ -109,10 +113,16 @@ COPT = $(CONST) -Dperror=xperror $(HOSTS_ACCESS) $(CHECK_PORT) \ $(SYS) -DFACILITY=$(FACILITY) $(ULONG) $(ZOMBIES) $(SA_LEN) \ $(LOOPBACK) $(SETPGRP) -CFLAGS = $(COPT) -O $(NSARCHS) +CFLAGS = $(COPT) $(O) $(NSARCHS) OBJECTS = portmap.o pmap_check.o from_local.o $(AUX) all: portmap pmap_dump pmap_set + +install: all + install -s -m 755 portmap /usr/sbin/rpc.portmap + install -s -m 755 pmap_dump /usr/sbin + install -s -m 755 pmap_set /usr/sbin + install -m 644 portmap.8 /usr/man/man8/rpc.portmap.8 portmap: $(OBJECTS) $(WRAP_DIR)/libwrap.a $(CC) $(CFLAGS) -o $@ $(OBJECTS) $(WRAP_LIB) $(LIBS) diff -Nur portmap_5beta.orig/portmap.8 portmap_5beta/portmap.8 --- portmap_5beta.orig/portmap.8 Thu Jan 1 01:00:00 1970 +++ portmap_5beta/portmap.8 Tue Sep 10 18:05:39 1996 @@ -0,0 +1,158 @@ +.\" Copyright (c) 1987 Sun Microsystems +.\" Copyright (c) 1990, 1991 The Regents of the University of California. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. All advertising materials mentioning features or use of this software +.\" must display the following acknowledgement: +.\" This product includes software developed by the University of +.\" California, Berkeley and its contributors. +.\" 4. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" from: @(#)portmap.8 5.3 (Berkeley) 3/16/91 +.\" $Id: portmap.8,v 1.2 1993/08/01 07:24:03 mycroft Exp $ +.\" +.Dd March 16, 1991 +.Dt PORTMAP 8 +.Os BSD 4.3 +.Sh NAME +.Nm portmap +.Nd +.Tn DARPA +port to +.Tn RPC +program number mapper +.Sh SYNOPSIS +.Nm portmap +.Op Fl dv +.Sh DESCRIPTION +.Nm Portmap +is a server that converts +.Tn RPC +program numbers into +.Tn DARPA +protocol port numbers. +It must be running in order to make +.Tn RPC +calls. +.Pp +When an +.Tn RPC +server is started, it will tell +.Nm portmap +what port number it is listening to, and what +.Tn RPC +program numbers it is prepared to serve. +When a client wishes to make an +.Tn RPC +call to a given program number, +it will first contact +.Nm portmap +on the server machine to determine +the port number where +.Tn RPC +packets should be sent. +.Pp +.Nm Portmap +must be started before any +.Tn RPC +servers are invoked. +.Pp +Normally +.Nm portmap +forks and dissociates itself from the terminal +like any other daemon. +.Nm Portmap +then logs errors using +.Xr syslog 3 . +.Pp +Option available: +.Bl -tag -width Ds +.It Fl d +(debug) prevents +.Nm portmap +from running as a daemon, +and causes errors and debugging information +to be printed to the standard error output. +.It Fl v +(verbose) causes +.Nm portmap +to give more logging information to +.Xr syslogd 8. +.Pp +.Sh Access control +By default, host access control is enabled. However, the host that runs +the portmapper is always considered authorized. The host access control +tables are never consulted with requests from the local system itself; +they are always consulted with requests from other hosts. +.Pp +In order to avoid deadlocks, the portmap program does not attempt to +look up the remote host name or user name, nor will it try to match NIS +netgroups. The upshot of all this is that only network number patterns +will work for portmap access control. +.Pp +Sample entries for the host access-control files are: + +.Nm /etc/hosts.allow: + portmap: your.sub.net.number/your.sub.net.mask + portmap: 255.255.255.255 0.0.0.0 + +.Nm /etc/hosts.deny + portmap: ALL + +The syntax of the access-control files is described in the +.Xr hosts_access 5 +and +.Xr hosts_options 5 +manual page that comes with the tcp wrapper (log_tcp) +sources. The safe_finger command comes with later wrapper releases. +.Pp +The first line in the hosts.allow file permits access from all systems +within your own subnet. Some rpc services rely on broadcasts and will +contact your portmapper anyway; and once an intruder has access to your +local network segment you're already in deep trouble. +.Pp +The second line in the hosts.allow file may be needed if there are +any PC-NFS systems on your network segment. +.Pp +For security reasons, the portmap process drops root privilegs after +initialization. The access control files should therefore be readable +for group or world. +.El +.Sh SEE ALSO +.Xr inetd.conf 5 , +.Xr rpcinfo 8 , +.Xr inetd 8 , +.Xr syslogd 8 , +.Xr hosts_access 5 , +.Xr hosts_options 5 +.Sh BUGS +If +.Nm portmap +crashes, all servers must be restarted. +.Sh HISTORY +The +.Nm +command appeared in +.Bx 4.3 diff -Nur portmap_5beta.orig/portmap.c portmap_5beta/portmap.c --- portmap_5beta.orig/portmap.c Sat Jul 6 23:06:24 1996 +++ portmap_5beta/portmap.c Tue Sep 10 18:21:52 1996 @@ -182,9 +182,8 @@ exit(1); } -#ifdef LOG_MAIL - openlog("portmap", debugging ? LOG_PID | LOG_PERROR : LOG_PID, - FACILITY); +#ifdef FACILITY + openlog("portmap", debugging ? LOG_PID | LOG_PERROR : LOG_PID, FACILITY); #else openlog("portmap", debugging ? LOG_PID | LOG_PERROR : LOG_PID); #endif