Ubuntu
rpcbind package

Merge lp:~niedbalski/ubuntu/vivid/rpcbind/fix-lp-1430181 into lp:ubuntu/vivid/rpcbind

  1. Vivid (15.04)
  2. fix-lp-1430181
  3. Merge into vivid
Proposed by Jorge Niedbalski
Status: Work in progress
Proposed branch: lp:~niedbalski/ubuntu/vivid/rpcbind/fix-lp-1430181
Merge into: lp:ubuntu/vivid/rpcbind
Diff against target: 274 lines (+254/-0)
3 files modified
debian/changelog (+8/-0)
debian/patches/rcpbind-tcp-bind-specific-addrs.patch (+245/-0)
debian/patches/series (+1/-0)
To merge this branch: bzr merge lp:~niedbalski/ubuntu/vivid/rpcbind/fix-lp-1430181
Reviewer Review Type Date Requested Status
Ubuntu branches Pending
Review via email: mp+253260@code.launchpad.net

Description of the change

[Description]

There is no way to prevent rpcbind from listening on all interfaces for TCP connections. The setting "-h" only applies to UDP connections.

Without this patch, starting rpcbind with -h makes no effect to listen on a specific address:

$ rpcbind -h 192.168.100.2

tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 22011/rpcbind
tcp6 0 0 :::111 :::* LISTEN 22011/rpcbind
udp 0 0 127.0.0.1:111 0.0.0.0:* 22011/rpcbind
udp 0 0 0.0.0.0:986 0.0.0.0:* 22011/rpcbind
udp6 0 0 ::1:111 :::* 22011/rpcbind
udp6 0 0 :::986 :::* 22011/rpcbind

With this patch, starting rpcbind with -h makes effect to listen to a specific address

$ rpcbind -h 192.168.100.2

tcp 0 0 192.168.100.2:111 0.0.0.0:* LISTEN 24826/rpcbind
tcp 0 0 127.0.0.1:111 0.0.0.0:* LISTEN 24826/rpcbind
tcp6 0 0 ::1:111 :::* LISTEN 24826/rpcbind

To post a comment you must log in.
Revision history for this message
Robie Basak (racb) wrote :

I'm not sure this is appropriate to land at this point in the cycle, or in its current form, so I've made general review comments in the bug instead of here.

Reply
Revision history for this message
Sebastien Bacher (seb128) wrote :

settings as "work in progress" rather than "needs review", seems it needs more work/discussion and is not ready for sponsoring

Reply

Unmerged revisions

43. By Jorge Niedbalski

debian/patches/rcpbind-tcp-bind-specific-addrs.patch: Make it possible
for rpcbind(8) to bind TCP listening socket to an IP other than INADDR_ANY.
Fixes Bug LP: #1430181.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'debian/changelog'
2--- debian/changelog 2015-03-03 08:32:38 +0000
3+++ debian/changelog 2015-03-17 18:47:25 +0000
4@@ -1,3 +1,11 @@
5+rpcbind (0.2.1-6ubuntu3) vivid; urgency=medium
6+
7+ * debian/patches/rcpbind-tcp-bind-specific-addrs.patch: Make it possible
8+ for rpcbind(8) to bind TCP listening socket to an IP other than INADDR_ANY.
9+ Fixes Bug LP: #1430181.
10+
11+ -- Jorge Niedbalski <jorge.niedbalski@canonical.com> Tue, 17 Mar 2015 15:31:24 -0300
12+
13 rpcbind (0.2.1-6ubuntu2) vivid; urgency=medium
14
15 * Add systemd unit. Patch by Simon McVittie. (Closes: #748074, LP: #1312976)
16
17=== added file 'debian/patches/rcpbind-tcp-bind-specific-addrs.patch'
18--- debian/patches/rcpbind-tcp-bind-specific-addrs.patch 1970-01-01 00:00:00 +0000
19+++ debian/patches/rcpbind-tcp-bind-specific-addrs.patch 2015-03-17 18:47:25 +0000
20@@ -0,0 +1,245 @@
21+Description: Make it possible for rpcbind(8) to bind TCP listening socket to an IP
22+other than INADDR_ANY.
23+
24+Origin: other, https://github.com/freebsd/freebsd/commit/dcf99d183073745b493d80af6381a9a76b899740
25+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/rpcbind/+bug/1430181
26+
27+--- rpcbind-0.2.1.orig/man/rpcbind.8
28++++ rpcbind-0.2.1/man/rpcbind.8
29+@@ -85,7 +85,7 @@ checks are shown in detail.
30+ .It Fl f
31+ Do not fork and become a background process.
32+ .It Fl h
33+-Specify specific IP addresses to bind to for UDP requests.
34++Specify specific IP addresses to bind to for requests.
35+ This option
36+ may be specified multiple times and is typically necessary when running
37+ on a multi-homed host.
38+--- rpcbind-0.2.1.orig/src/rpcbind.c
39++++ rpcbind-0.2.1/src/rpcbind.c
40+@@ -289,7 +289,7 @@ init_transport(struct netconfig *nconf)
41+ int status; /* bound checking ? */
42+ int aicode;
43+ int addrlen = 0;
44+- int nhostsbak;
45++ int nhostsbak = 1;
46+ int checkbind;
47+ int on = 1;
48+ struct sockaddr *sa = NULL;
49+@@ -315,18 +315,6 @@ init_transport(struct netconfig *nconf)
50+ }
51+ #endif
52+
53+- /*
54+- * XXX - using RPC library internal functions. For NC_TPI_CLTS
55+- * we call this later, for each socket we like to bind.
56+- */
57+- if (nconf->nc_semantics != NC_TPI_CLTS) {
58+- if ((fd = __rpc_nconf2fd(nconf)) < 0) {
59+- syslog(LOG_ERR, "cannot create socket for %s",
60+- nconf->nc_netid);
61+- return (1);
62+- }
63+- }
64+-
65+ if (!__rpc_nconf2sockinfo(nconf, &si)) {
66+ syslog(LOG_ERR, "cannot get information for %s",
67+ nconf->nc_netid);
68+@@ -349,8 +337,6 @@ init_transport(struct netconfig *nconf)
69+ hints.ai_family = si.si_af;
70+ hints.ai_socktype = si.si_socktype;
71+ hints.ai_protocol = si.si_proto;
72+- }
73+- if (nconf->nc_semantics == NC_TPI_CLTS) {
74+ /*
75+ * If no hosts were specified, just bind to INADDR_ANY. Otherwise
76+ * make sure 127.0.0.1 is added to the list.
77+@@ -368,21 +354,15 @@ init_transport(struct netconfig *nconf)
78+ } else
79+ return 1;
80+ }
81+-
82+- /*
83+- * Bind to specific IPs if asked to
84+- */
85+- checkbind = 0;
86+- while (nhostsbak > 0) {
87+- --nhostsbak;
88+- /*
89+- * XXX - using RPC library internal functions.
90+- */
91+- if ((fd = __rpc_nconf2fd(nconf)) < 0) {
92+- syslog(LOG_ERR, "cannot create socket for %s",
93+- nconf->nc_netid);
94+- return (1);
95+- }
96++ }
97++ /*
98++ * Bind to specific IPs if asked to
99++ */
100++ checkbind = 0;
101++ while (nhostsbak > 0) {
102++ --nhostsbak;
103++ if ((strcmp(nconf->nc_netid, "local") != 0) &&
104++ (strcmp(nconf->nc_netid, "unix") != 0)) {
105+ switch (hints.ai_family) {
106+ case AF_INET:
107+ if (inet_pton(AF_INET, hosts[nhostsbak],
108+@@ -409,7 +389,7 @@ init_transport(struct netconfig *nconf)
109+ host_addr) == 1)
110+ continue;
111+ }
112+- break;
113++ break;
114+ default:
115+ break;
116+ }
117+@@ -432,97 +412,37 @@ init_transport(struct netconfig *nconf)
118+ }
119+ addrlen = res->ai_addrlen;
120+ sa = (struct sockaddr *)res->ai_addr;
121+- oldmask = umask(S_IXUSR|S_IXGRP|S_IXOTH);
122+- if (bind(fd, sa, addrlen) != 0) {
123+- syslog(LOG_ERR, "cannot bind %s on %s: %m",
124+- (hosts[nhostsbak] == NULL) ? "*" :
125+- hosts[nhostsbak], nconf->nc_netid);
126+- if (res != NULL)
127+- freeaddrinfo(res);
128+- continue;
129+- } else
130+- checkbind++;
131+- (void) umask(oldmask);
132++ }
133+
134+- /* Copy the address */
135+- taddr.addr.maxlen = taddr.addr.len = addrlen;
136+- taddr.addr.buf = malloc(addrlen);
137+- if (taddr.addr.buf == NULL) {
138+- syslog(LOG_ERR,
139+- "cannot allocate memory for %s address",
140+- nconf->nc_netid);
141++ /*
142++ * XXX - using RPC library internal functions.
143++ */
144++ if ((fd = __rpc_nconf2fd(nconf)) < 0) {
145++ syslog(LOG_ERR, "cannot create socket for %s",
146++ nconf->nc_netid);
147++ continue;
148++ }
149++ oldmask = umask(S_IXUSR|S_IXGRP|S_IXOTH);
150++ if (nconf->nc_semantics != NC_TPI_CLTS) {
151++ __rpc_fd2sockinfo(fd, &si);
152++ if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &on,
153++ sizeof(on)) != 0) {
154++ syslog(LOG_ERR, "cannot set SO_REUSEADDR on %s",
155++ nconf->nc_netid);
156+ if (res != NULL)
157+ freeaddrinfo(res);
158+- return 1;
159+- }
160+- memcpy(taddr.addr.buf, sa, addrlen);
161+-#ifdef RPCBIND_DEBUG
162+- if (debugging) {
163+- /*
164+- * for debugging print out our universal
165+- * address
166+- */
167+- char *uaddr;
168+- struct netbuf nb;
169+- int sa_size = 0;
170+-
171+- nb.buf = sa;
172+- switch( sa->sa_family){
173+- case AF_INET:
174+- sa_size = sizeof (struct sockaddr_in);
175+- break;
176+- case AF_INET6:
177+- sa_size = sizeof (struct sockaddr_in6);
178+- break;
179+- }
180+- nb.len = nb.maxlen = sa_size;
181+- uaddr = taddr2uaddr(nconf, &nb);
182+- (void) fprintf(stderr,
183+- "rpcbind : my address is %s\n", uaddr);
184+- (void) free(uaddr);
185+- }
186+-#endif
187+- my_xprt = (SVCXPRT *)svc_tli_create(fd, nconf, &taddr,
188+- RPC_MAXDATASIZE, RPC_MAXDATASIZE);
189+- if (my_xprt == (SVCXPRT *)NULL) {
190+- syslog(LOG_ERR, "%s: could not create service",
191+- nconf->nc_netid);
192+- goto error;
193+- }
194+- }
195+- if (!checkbind)
196+- return 1;
197+- } else { /* NC_TPI_COTS */
198+- if ((strcmp(nconf->nc_netid, "local") != 0) &&
199+- (strcmp(nconf->nc_netid, "unix") != 0)) {
200+- if ((aicode = getaddrinfo(NULL, servname, &hints, &res))!= 0) {
201+- if ((aicode = getaddrinfo(NULL, "portmapper", &hints, &res))!= 0) {
202+- printf("cannot get local address for %s: %s", nconf->nc_netid, gai_strerror(aicode));
203+- syslog(LOG_ERR,
204+- "cannot get local address for %s: %s",
205+- nconf->nc_netid, gai_strerror(aicode));
206+- return 1;
207+- }
208++ continue;
209+ }
210+- addrlen = res->ai_addrlen;
211+- sa = (struct sockaddr *)res->ai_addr;
212+- }
213+- oldmask = umask(S_IXUSR|S_IXGRP|S_IXOTH);
214+- __rpc_fd2sockinfo(fd, &si);
215+- if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &on,
216+- sizeof(on)) != 0) {
217+- syslog(LOG_ERR, "cannot set SO_REUSEADDR on %s",
218+- nconf->nc_netid);
219+- if (res != NULL)
220+- freeaddrinfo(res);
221+- return 1;
222+ }
223+ if (bind(fd, sa, addrlen) < 0) {
224+- syslog(LOG_ERR, "cannot bind %s: %m", nconf->nc_netid);
225++ syslog(LOG_ERR, "cannot bind %s on %s: %m",
226++ (hosts && hosts[nhostsbak]) ? hosts[nhostsbak] : "*",
227++ nconf->nc_netid);
228+ if (res != NULL)
229+ freeaddrinfo(res);
230+- return 1;
231+- }
232++ continue;
233++ } else
234++ checkbind++;
235+ (void) umask(oldmask);
236+
237+ /* Copy the address */
238+@@ -541,7 +461,7 @@ init_transport(struct netconfig *nconf)
239+ /* for debugging print out our universal address */
240+ char *uaddr;
241+ struct netbuf nb;
242+- int sa_size2 = 0;
243++ int sa_size2 = 0;
244+
245+ nb.buf = sa;
246+ switch( sa->sa_family){
247+@@ -560,7 +480,8 @@ init_transport(struct netconfig *nconf)
248+ }
249+ #endif
250+
251+- listen(fd, SOMAXCONN);
252++ if (nconf->nc_semantics != NC_TPI_CLTS)
253++ listen(fd, SOMAXCONN);
254+
255+ my_xprt = (SVCXPRT *)svc_tli_create(fd, nconf, &taddr, RPC_MAXDATASIZE, RPC_MAXDATASIZE);
256+ if (my_xprt == (SVCXPRT *)NULL) {
257+@@ -569,6 +490,8 @@ init_transport(struct netconfig *nconf)
258+ goto error;
259+ }
260+ }
261++ if (!checkbind)
262++ return 1;
263+
264+ #ifdef PORTMAP
265+ /*
266
267=== modified file 'debian/patches/series'
268--- debian/patches/series 2014-01-14 00:27:44 +0000
269+++ debian/patches/series 2015-03-17 18:47:25 +0000
270@@ -2,3 +2,4 @@
271 03-563971-warmstart-error-msg.patch
272 04-610718-non-linux.patch
273 run-migration
274+rcpbind-tcp-bind-specific-addrs.patch

Subscribers

People subscribed via source and target branches