From patchwork Sun Feb 25 23:53:53 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: NeilBrown <neilb@suse.de>
X-Patchwork-Id: 13571064
Received: from smtp-out1.suse.de (smtp-out1.suse.de [195.135.223.130])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id DF31B1BC46
	for <linux-nfs@vger.kernel.org>; Sun, 25 Feb 2024 23:56:47 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=195.135.223.130
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1708905409; cv=none;
 b=XMz4nV0CsG7XFW5yAnt5lQjr6lkTxTKaVLe7RpAlg0gGwdWVFKr6xd+UAIRDSttKspntrlpqbHgcdbs3QBgj9Ghi7xfiMCoiaVBNVYVTCz2irYFEoJVEUFL06UelNtez6j6iqfgvZQUXxBKM97Zkp+OvrF5DTtdutMy+7AbULRY=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1708905409; c=relaxed/simple;
	bh=IVhtrv+/GpaFzLZik2j4vWxNDQtKLvyJ66wQwR1utCg=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version;
 b=oGdrEDMeAKSmjU0KHHy7sDlxok0U9gkPwzJ7863fudZTCzZZZ/HyVg6to8j4yUYgbhZ7lqjOGPz1/YHGeP/zsriJF7MSIHnZ0tLVMIOtLMD3zqKfRkS3X66VFyIqKMZAfhBPXyRHNrx6aKz7zTeOL6uGjrOPwCnSFClnGsSUwPc=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=suse.de;
 spf=pass smtp.mailfrom=suse.de;
 dkim=pass (1024-bit key) header.d=suse.de header.i=@suse.de
 header.b=yudRTtSo;
 dkim=permerror (0-bit key) header.d=suse.de header.i=@suse.de
 header.b=V9JzD9B6;
 dkim=pass (1024-bit key) header.d=suse.de header.i=@suse.de
 header.b=yudRTtSo;
 dkim=permerror (0-bit key) header.d=suse.de header.i=@suse.de
 header.b=V9JzD9B6; arc=none smtp.client-ip=195.135.223.130
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=suse.de
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=suse.de
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (1024-bit key) header.d=suse.de header.i=@suse.de
 header.b="yudRTtSo";
	dkim=permerror (0-bit key) header.d=suse.de header.i=@suse.de
 header.b="V9JzD9B6";
	dkim=pass (1024-bit key) header.d=suse.de header.i=@suse.de
 header.b="yudRTtSo";
	dkim=permerror (0-bit key) header.d=suse.de header.i=@suse.de
 header.b="V9JzD9B6"
Received: from imap1.dmz-prg2.suse.org (imap1.dmz-prg2.suse.org
 [IPv6:2a07:de40:b281:104:10:150:64:97])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest
 SHA256)
	(No client certificate requested)
	by smtp-out1.suse.de (Postfix) with ESMTPS id 0E689224A6;
	Sun, 25 Feb 2024 23:56:46 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de;
 s=susede2_rsa;
	t=1708905406;
 h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:
	 mime-version:mime-version:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=dBD/PTNlRql+KYKWS7ScKHrTH9Lsr83brwo7SuPfEMI=;
	b=yudRTtSo8RW6iLZmzJ/pCErEBMqgfnroPqGlJmMklspxPrRQKR7EShLvbG5BvyBhtUqM5z
	5XftDmZHs6OmcDo1Zp/wAxTLaHgfv6pLXbFghrG8urY58aG8t8BvS1A+PhDSZNkk7fuzRP
	ejHI/L4zl7zjY7+yMXpgCXAHFwOz4qU=
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de;
	s=susede2_ed25519; t=1708905406;
	h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:
	 mime-version:mime-version:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=dBD/PTNlRql+KYKWS7ScKHrTH9Lsr83brwo7SuPfEMI=;
	b=V9JzD9B6Yc7bTaZ0/16XCzaKpH8shIF+MQU2nQvFqbTnI5lMnijvgrVoHdoX4hLb3C2boY
	6s7vQD9YEk0DCmBA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de;
 s=susede2_rsa;
	t=1708905406;
 h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:
	 mime-version:mime-version:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=dBD/PTNlRql+KYKWS7ScKHrTH9Lsr83brwo7SuPfEMI=;
	b=yudRTtSo8RW6iLZmzJ/pCErEBMqgfnroPqGlJmMklspxPrRQKR7EShLvbG5BvyBhtUqM5z
	5XftDmZHs6OmcDo1Zp/wAxTLaHgfv6pLXbFghrG8urY58aG8t8BvS1A+PhDSZNkk7fuzRP
	ejHI/L4zl7zjY7+yMXpgCXAHFwOz4qU=
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de;
	s=susede2_ed25519; t=1708905406;
	h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:
	 mime-version:mime-version:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=dBD/PTNlRql+KYKWS7ScKHrTH9Lsr83brwo7SuPfEMI=;
	b=V9JzD9B6Yc7bTaZ0/16XCzaKpH8shIF+MQU2nQvFqbTnI5lMnijvgrVoHdoX4hLb3C2boY
	6s7vQD9YEk0DCmBA==
Received: from imap1.dmz-prg2.suse.org (localhost [127.0.0.1])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest
 SHA256)
	(No client certificate requested)
	by imap1.dmz-prg2.suse.org (Postfix) with ESMTPS id 8A87B13432;
	Sun, 25 Feb 2024 23:56:44 +0000 (UTC)
Received: from dovecot-director2.suse.de ([10.150.64.162])
	by imap1.dmz-prg2.suse.org with ESMTPSA
	id BN7rC7zT22WvJgAAD6G6ig
	(envelope-from <neilb@suse.de>); Sun, 25 Feb 2024 23:56:44 +0000
From: NeilBrown <neilb@suse.de>
To: Steve Dickson <steved@redhat.com>
Cc: linux-nfs@vger.kernel.org,
	Petr Vorel <pvorel@suse.cz>
Subject: [PATCH 1/4] manpage: describe use of extra port for broadcast rpc
Date: Mon, 26 Feb 2024 10:53:53 +1100
Message-ID: <20240225235628.12473-2-neilb@suse.de>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <20240225235628.12473-1-neilb@suse.de>
References: <20240225235628.12473-1-neilb@suse.de>
Precedence: bulk
X-Mailing-List: linux-nfs@vger.kernel.org
List-Id: <linux-nfs.vger.kernel.org>
List-Subscribe: <mailto:linux-nfs+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-nfs+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
X-Spam-Level: 
X-Spamd-Bar: /
Authentication-Results: smtp-out1.suse.de;
	dkim=pass header.d=suse.de header.s=susede2_rsa header.b=yudRTtSo;
	dkim=pass header.d=suse.de header.s=susede2_ed25519 header.b=V9JzD9B6
X-Rspamd-Server: rspamd2.dmz-prg2.suse.org
X-Spamd-Result: default: False [-0.01 / 50.00];
	 RCVD_VIA_SMTP_AUTH(0.00)[];
	 TO_DN_SOME(0.00)[];
	 R_MISSING_CHARSET(2.50)[];
	 BROKEN_CONTENT_TYPE(1.50)[];
	 RCVD_COUNT_THREE(0.00)[3];
	 DKIM_TRACE(0.00)[suse.de:+];
	 MX_GOOD(-0.01)[];
	 NEURAL_HAM_SHORT(-0.20)[-1.000];
	 FROM_EQ_ENVFROM(0.00)[];
	 MIME_TRACE(0.00)[0:+];
	 BAYES_HAM(-0.00)[26.08%];
	 ARC_NA(0.00)[];
	 R_DKIM_ALLOW(-0.20)[suse.de:s=susede2_rsa,suse.de:s=susede2_ed25519];
	 RCVD_DKIM_ARC_DNSWL_HI(-1.00)[];
	 FROM_HAS_DN(0.00)[];
	 RCPT_COUNT_THREE(0.00)[3];
	 TO_MATCH_ENVRCPT_ALL(0.00)[];
	 NEURAL_HAM_LONG(-1.00)[-1.000];
	 MIME_GOOD(-0.10)[text/plain];
	 DWL_DNSWL_MED(-2.00)[suse.de:dkim];
	 DKIM_SIGNED(0.00)[suse.de:s=susede2_rsa,suse.de:s=susede2_ed25519];
	 MID_CONTAINS_FROM(1.00)[];
	 DBL_BLOCKED_OPENRESOLVER(0.00)[suse.de:dkim,suse.com:email];
	 FUZZY_BLOCKED(0.00)[rspamd.com];
	 RCVD_IN_DNSWL_HI(-0.50)[2a07:de40:b281:104:10:150:64:97:from];
	 RCVD_TLS_ALL(0.00)[]
X-Spam-Score: -0.01
X-Rspamd-Queue-Id: 0E689224A6
X-Spam-Flag: NO

From: NeilBrown <neilb@suse.com>

Some people notice the extra privileged UDP port that
rpcbind creates, and wonder what it is for.  So add
a section to the man page to explain it.

Signed-off-by: NeilBrown <neilb@suse.com>
---
 man/rpcbind.8 | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/man/rpcbind.8 b/man/rpcbind.8
index fbf0ace24b27..6ba318f5ff77 100644
--- a/man/rpcbind.8
+++ b/man/rpcbind.8
@@ -66,6 +66,25 @@ reports the condition and terminates.
 The
 .Nm
 utility can only be started by the super-user.
+.Sh "BROADCAST RPC"
+.Nm
+supports a little-used part of the ONC-RPC specification known as
+Broadcast RPC.
+A client can send a UDP broadcast message to
+.Nm
+on every host on a local subnetwork, and each
+.Nm
+will forward the request to the local service if available.
+Should the service reply,
+.Nm
+will forward that reply back to the originator.
+To support this,
+.Nm
+creates an extra UDP socket bound to an arbitrary privileged port
+number, and uses it to forward requests to local services and to
+receive replies from them.
+When configuring a firewall, the "port 111" sockets may need to
+be accessible through the firewall, but the extra UDP socket does not.
 .Sh OPTIONS
 .Bl -tag -width indent
 .It Fl a

From patchwork Sun Feb 25 23:53:54 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: NeilBrown <neilb@suse.de>
X-Patchwork-Id: 13571065
Received: from smtp-out2.suse.de (smtp-out2.suse.de [195.135.223.131])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9CD421BC46
	for <linux-nfs@vger.kernel.org>; Sun, 25 Feb 2024 23:56:57 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=195.135.223.131
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1708905419; cv=none;
 b=FMJU07n6qPXsQY3fDn9Jb7gN+k9ubTl7G2GJjaWgfs1p8lIIhE0mKa7qCERtK3ZyI8oryvh8EIxScR6dwdclMAWsdZP7AgfCst3UmNkkUold+BjKvsfRLZGPloOkPsKpAFuy+IYzbWB87/vufjUQPIIFMrnUhJAKK8Skp5bisro=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1708905419; c=relaxed/simple;
	bh=l3aT9iuPDZ1r0hy5dm85cPlpM0up9llB/QqrN/tuNd4=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version;
 b=a2EIC9J5GQme8REH8CYQG4YHEpAFzmHvAjphkk0f11M24IcA52loVpZrHXhXoqv3TEcmXo1D/LPlnMyadrjRW1U+RxCUX+mTH+y85oFMHCvA8qujA8eNPj7dvofhtQSukWGjCLpyXRYfPC2P5RWiFjt6GkbTNzcHP8giKrlx8PU=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=suse.de;
 spf=pass smtp.mailfrom=suse.de;
 dkim=pass (1024-bit key) header.d=suse.de header.i=@suse.de
 header.b=gdNIlzRC;
 dkim=permerror (0-bit key) header.d=suse.de header.i=@suse.de
 header.b=XVaBeJUI;
 dkim=pass (1024-bit key) header.d=suse.de header.i=@suse.de
 header.b=gdNIlzRC;
 dkim=permerror (0-bit key) header.d=suse.de header.i=@suse.de
 header.b=XVaBeJUI; arc=none smtp.client-ip=195.135.223.131
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=suse.de
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=suse.de
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (1024-bit key) header.d=suse.de header.i=@suse.de
 header.b="gdNIlzRC";
	dkim=permerror (0-bit key) header.d=suse.de header.i=@suse.de
 header.b="XVaBeJUI";
	dkim=pass (1024-bit key) header.d=suse.de header.i=@suse.de
 header.b="gdNIlzRC";
	dkim=permerror (0-bit key) header.d=suse.de header.i=@suse.de
 header.b="XVaBeJUI"
Received: from imap1.dmz-prg2.suse.org (imap1.dmz-prg2.suse.org
 [IPv6:2a07:de40:b281:104:10:150:64:97])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest
 SHA256)
	(No client certificate requested)
	by smtp-out2.suse.de (Postfix) with ESMTPS id BECFA1FD08;
	Sun, 25 Feb 2024 23:56:55 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de;
 s=susede2_rsa;
	t=1708905415;
 h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:
	 mime-version:mime-version:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=Udet3eoKQu5eenuByJlBzWkfdc96g3Rz8xG5V7rdWoM=;
	b=gdNIlzRC4NJwU40+va5S1ujsSWqY+aI3NYGuAjedHCOWcF3cAr5U5QKLpnySI6TU+O/dnd
	kHPKzlEZBKgL7Sfbwrnn2dEmhDQCO2YwCAyKtsfdsG8X+y93kpC9o3ERRnYnwIePpd9pcv
	w24eop3atNConEZITxKedOQBDfkM5Ro=
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de;
	s=susede2_ed25519; t=1708905415;
	h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:
	 mime-version:mime-version:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=Udet3eoKQu5eenuByJlBzWkfdc96g3Rz8xG5V7rdWoM=;
	b=XVaBeJUIpoj8urY35awTNd21pO/IGDNHj1g4pU0E3HeTwiJB9xpnh5AQPk5s6XSSKdZG7J
	EqkotKBOuyZzgnCw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de;
 s=susede2_rsa;
	t=1708905415;
 h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:
	 mime-version:mime-version:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=Udet3eoKQu5eenuByJlBzWkfdc96g3Rz8xG5V7rdWoM=;
	b=gdNIlzRC4NJwU40+va5S1ujsSWqY+aI3NYGuAjedHCOWcF3cAr5U5QKLpnySI6TU+O/dnd
	kHPKzlEZBKgL7Sfbwrnn2dEmhDQCO2YwCAyKtsfdsG8X+y93kpC9o3ERRnYnwIePpd9pcv
	w24eop3atNConEZITxKedOQBDfkM5Ro=
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de;
	s=susede2_ed25519; t=1708905415;
	h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:
	 mime-version:mime-version:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=Udet3eoKQu5eenuByJlBzWkfdc96g3Rz8xG5V7rdWoM=;
	b=XVaBeJUIpoj8urY35awTNd21pO/IGDNHj1g4pU0E3HeTwiJB9xpnh5AQPk5s6XSSKdZG7J
	EqkotKBOuyZzgnCw==
Received: from imap1.dmz-prg2.suse.org (localhost [127.0.0.1])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest
 SHA256)
	(No client certificate requested)
	by imap1.dmz-prg2.suse.org (Postfix) with ESMTPS id 4386313432;
	Sun, 25 Feb 2024 23:56:53 +0000 (UTC)
Received: from dovecot-director2.suse.de ([10.150.64.162])
	by imap1.dmz-prg2.suse.org with ESMTPSA
	id zHX5NcXT22W9JgAAD6G6ig
	(envelope-from <neilb@suse.de>); Sun, 25 Feb 2024 23:56:53 +0000
From: NeilBrown <neilb@suse.de>
To: Steve Dickson <steved@redhat.com>
Cc: linux-nfs@vger.kernel.org,
	Petr Vorel <pvorel@suse.cz>
Subject: [PATCH 2/4] rpcbind: allow broadcast RPC to be disabled.
Date: Mon, 26 Feb 2024 10:53:54 +1100
Message-ID: <20240225235628.12473-3-neilb@suse.de>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <20240225235628.12473-1-neilb@suse.de>
References: <20240225235628.12473-1-neilb@suse.de>
Precedence: bulk
X-Mailing-List: linux-nfs@vger.kernel.org
List-Id: <linux-nfs.vger.kernel.org>
List-Subscribe: <mailto:linux-nfs+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-nfs+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
X-Spam-Level: 
Authentication-Results: smtp-out2.suse.de;
	dkim=pass header.d=suse.de header.s=susede2_rsa header.b=gdNIlzRC;
	dkim=pass header.d=suse.de header.s=susede2_ed25519 header.b=XVaBeJUI
X-Rspamd-Server: rspamd2.dmz-prg2.suse.org
X-Spamd-Result: default: False [-3.01 / 50.00];
	 RCVD_VIA_SMTP_AUTH(0.00)[];
	 TO_DN_SOME(0.00)[];
	 R_MISSING_CHARSET(2.50)[];
	 BROKEN_CONTENT_TYPE(1.50)[];
	 RCVD_COUNT_THREE(0.00)[3];
	 DKIM_TRACE(0.00)[suse.de:+];
	 MX_GOOD(-0.01)[];
	 NEURAL_HAM_SHORT(-0.20)[-1.000];
	 FROM_EQ_ENVFROM(0.00)[];
	 MIME_TRACE(0.00)[0:+];
	 BAYES_HAM(-3.00)[100.00%];
	 ARC_NA(0.00)[];
	 R_DKIM_ALLOW(-0.20)[suse.de:s=susede2_rsa,suse.de:s=susede2_ed25519];
	 RCVD_DKIM_ARC_DNSWL_HI(-1.00)[];
	 FROM_HAS_DN(0.00)[];
	 RCPT_COUNT_THREE(0.00)[3];
	 TO_MATCH_ENVRCPT_ALL(0.00)[];
	 NEURAL_HAM_LONG(-1.00)[-1.000];
	 MIME_GOOD(-0.10)[text/plain];
	 DWL_DNSWL_MED(-2.00)[suse.de:dkim];
	 DKIM_SIGNED(0.00)[suse.de:s=susede2_rsa,suse.de:s=susede2_ed25519];
	 MID_CONTAINS_FROM(1.00)[];
	 DBL_BLOCKED_OPENRESOLVER(0.00)[suse.de:dkim,suse.com:email];
	 FUZZY_BLOCKED(0.00)[rspamd.com];
	 RCVD_IN_DNSWL_HI(-0.50)[2a07:de40:b281:104:10:150:64:97:from];
	 RCVD_TLS_ALL(0.00)[]
X-Spam-Score: -3.01
X-Rspamd-Queue-Id: BECFA1FD08
X-Spam-Flag: NO

From: NeilBrown <neilb@suse.com>

Support for broadcast RPC involves binding a second privileged
port.  It is possible that rpcbind might choose a port that some
other service will need, and that can cause problems.

Having this port open increases the attack surface of rpcbind.  RPC
replies can be sent to it by any host, and they will only be rejected
once they have been parsed enough to determine that the xid doesn't
match.

Boardcast is not widely used.  It is not used at all for NFS.  For NIS
(previously yellow pages) it can be used to find a local NIS server,
though this can also be statically configured.

In cases where broadcast-RPC is not needed, it is best to disable the
port.  This patch adds a new "-b" option to disable broadcast RPC.

Signed-off-by: NeilBrown <neilb@suse.com>
Reviewed-by: Petr Vorel <pvorel@suse.cz>
---
 man/rpcbind.8 |  5 +++++
 src/rpcbind.c | 10 +++++++---
 2 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/man/rpcbind.8 b/man/rpcbind.8
index 6ba318f5ff77..ba1b191b119d 100644
--- a/man/rpcbind.8
+++ b/man/rpcbind.8
@@ -103,6 +103,11 @@ With this option, the name-to-address translation consistency
 checks are shown in detail.
 .It Fl f
 Do not fork and become a background process.
+.It Fl b
+Do not support broadcast RPC and do not bind the extra port.
+This is useful if
+.Nm
+inadvertently binds a port that some other service needs to use.
 .It Fl h
 Specify specific IP addresses to bind to for UDP requests.
 This option may be specified multiple times and can be used to
diff --git a/src/rpcbind.c b/src/rpcbind.c
index ecebe97da435..4819d6e5ba41 100644
--- a/src/rpcbind.c
+++ b/src/rpcbind.c
@@ -87,6 +87,7 @@ int debugging = 0;	/* Tell me what's going on */
 int doabort = 0;	/* When debugging, do an abort on errors */
 int dofork = 1;		/* fork? */
 int createdsocket = 0;  /* Did I create the socket or systemd did it for me? */
+int dobroadcast = 1;	/* Support forwarding of broadcast RPC calls (CALLIT) */
 
 rpcblist_ptr list_rbl;	/* A list of version 3/4 rpcbind services */
 
@@ -801,7 +802,7 @@ got_socket:
 	/*
 	 * rmtcall only supported on CLTS transports for now.
 	 */
-	if (nconf->nc_semantics == NC_TPI_CLTS) {
+	if (dobroadcast && nconf->nc_semantics == NC_TPI_CLTS) {
 		status = create_rmtcall_fd(nconf);
 #ifdef RPCBIND_DEBUG
 		if (debugging) {
@@ -886,7 +887,7 @@ parseargs(int argc, char *argv[])
 {
 	int c;
 	oldstyle_local = 1;
-	while ((c = getopt(argc, argv, "adh:ilswf")) != -1) {
+	while ((c = getopt(argc, argv, "adh:ilswfb")) != -1) {
 		switch (c) {
 		case 'a':
 			doabort = 1;	/* when debugging, do an abort on */
@@ -921,8 +922,11 @@ parseargs(int argc, char *argv[])
 			warmstart = 1;
 			break;
 #endif
+		case 'b':
+			dobroadcast = 0;
+			break;
 		default:	/* error */
-			fprintf(stderr,	"usage: rpcbind [-adhilswf]\n");
+			fprintf(stderr,	"usage: rpcbind [-adhilswfb]\n");
 			exit (1);
 		}
 	}

From patchwork Sun Feb 25 23:53:55 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: NeilBrown <neilb@suse.de>
X-Patchwork-Id: 13571066
Received: from smtp-out1.suse.de (smtp-out1.suse.de [195.135.223.130])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3CE241B94E
	for <linux-nfs@vger.kernel.org>; Sun, 25 Feb 2024 23:57:09 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=195.135.223.130
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1708905430; cv=none;
 b=FefF+zG/M3YHwWyaya+qUxG5mqIH019myPh5Cet1SCwA7mUMaUtj2/XoaquSCjjlKY5gpiMBvqQ8bzgJ5aQcNtIUaJYRy+I+tPmWCmuBpU1iHGiZtjpKmHDRc0THbcd5IKsFKm8GZA6k96hZ6yYSQKycfLCWvl4rgWCMkzu/WwA=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1708905430; c=relaxed/simple;
	bh=KHI2Z1Q4UmL1TSbIWWXhDKICyitZ4QSc+DKIfGBGygg=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version;
 b=qCGXNoYv+Uc/wewLqr9k+5yN2mEsIT3PirDYIBnZc0wWiM5XOxn5bLODIdV/1ydW0L9fHt0yuDaCiKhx3aZ1MmMUTtLceWLRqkBdU34jfxFq7nP160xU3lZOb3MGam/fSsbGDN4ScCUP9J83l13SBUjHWgIwPTVDxrDF9x5RRyk=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=suse.de;
 spf=pass smtp.mailfrom=suse.de;
 dkim=pass (1024-bit key) header.d=suse.de header.i=@suse.de
 header.b=ES4rSOwA;
 dkim=permerror (0-bit key) header.d=suse.de header.i=@suse.de
 header.b=bKcg1+38;
 dkim=pass (1024-bit key) header.d=suse.de header.i=@suse.de
 header.b=RaHUHjJ7;
 dkim=permerror (0-bit key) header.d=suse.de header.i=@suse.de
 header.b=n/BoFSb3; arc=none smtp.client-ip=195.135.223.130
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=suse.de
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=suse.de
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (1024-bit key) header.d=suse.de header.i=@suse.de
 header.b="ES4rSOwA";
	dkim=permerror (0-bit key) header.d=suse.de header.i=@suse.de
 header.b="bKcg1+38";
	dkim=pass (1024-bit key) header.d=suse.de header.i=@suse.de
 header.b="RaHUHjJ7";
	dkim=permerror (0-bit key) header.d=suse.de header.i=@suse.de
 header.b="n/BoFSb3"
Received: from imap1.dmz-prg2.suse.org (imap1.dmz-prg2.suse.org
 [IPv6:2a07:de40:b281:104:10:150:64:97])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest
 SHA256)
	(No client certificate requested)
	by smtp-out1.suse.de (Postfix) with ESMTPS id 7B7E1224AE;
	Sun, 25 Feb 2024 23:57:05 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de;
 s=susede2_rsa;
	t=1708905427;
 h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:
	 mime-version:mime-version:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=IurPwmuUAjX6zsDna8Z2CwOq6akHYm61/vixzhal1KU=;
	b=ES4rSOwAGT9nA3kKIZeU3M02nF0UWWuL2gVsi5gPUw4T51BUBZu7ZU+DcOKULIR5VXf7Eg
	CPTJdi4p1PHEJWe2d4shs7coDg+XXyiGgD46a8ug1hIwyQ7LJntfNcJvh7nFNQ8SqHIzam
	v/jrJc0J9HBU9cZu5ZvF8WdOldA7k1s=
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de;
	s=susede2_ed25519; t=1708905427;
	h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:
	 mime-version:mime-version:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=IurPwmuUAjX6zsDna8Z2CwOq6akHYm61/vixzhal1KU=;
	b=bKcg1+38qZpbL+XF9YSrsPIc9tWnWQa2N8uTU3AgAtA9ZIC2SZXYdEIcs399lhuKJx8mGG
	YPzM4BoGbVOVBeBg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de;
 s=susede2_rsa;
	t=1708905425;
 h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:
	 mime-version:mime-version:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=IurPwmuUAjX6zsDna8Z2CwOq6akHYm61/vixzhal1KU=;
	b=RaHUHjJ71BcnqSeVGoiEjp58Q/Y61e46nt0uin+BH7XLUADeTDwB2P2QVPwIcAbeyWd6vB
	voCg42VprRZOwDlwNbTAkURzDdN6E4uoBAxv6Ph4Era3AtImoqYN7P1IfsGcf+oUCmTn5B
	HGAdnEX8YqmltP1m6lk/gZRowEfHnHw=
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de;
	s=susede2_ed25519; t=1708905425;
	h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:
	 mime-version:mime-version:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=IurPwmuUAjX6zsDna8Z2CwOq6akHYm61/vixzhal1KU=;
	b=n/BoFSb3e5ejBp8oZ8/YRBh9eJi39ry5oOZkU3LfoxTavOg8Ey3RYXWF6r4mUFM5Ctcc53
	XGBUEvRBHuHl3rAA==
Received: from imap1.dmz-prg2.suse.org (localhost [127.0.0.1])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest
 SHA256)
	(No client certificate requested)
	by imap1.dmz-prg2.suse.org (Postfix) with ESMTPS id 013F413432;
	Sun, 25 Feb 2024 23:57:03 +0000 (UTC)
Received: from dovecot-director2.suse.de ([10.150.64.162])
	by imap1.dmz-prg2.suse.org with ESMTPSA
	id pBvxJc/T22XFJgAAD6G6ig
	(envelope-from <neilb@suse.de>); Sun, 25 Feb 2024 23:57:03 +0000
From: NeilBrown <neilb@suse.de>
To: Steve Dickson <steved@redhat.com>
Cc: linux-nfs@vger.kernel.org,
	Petr Vorel <pvorel@suse.cz>
Subject: [PATCH 3/4] Listen on an AF_UNIX abstract address if supported.
Date: Mon, 26 Feb 2024 10:53:55 +1100
Message-ID: <20240225235628.12473-4-neilb@suse.de>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <20240225235628.12473-1-neilb@suse.de>
References: <20240225235628.12473-1-neilb@suse.de>
Precedence: bulk
X-Mailing-List: linux-nfs@vger.kernel.org
List-Id: <linux-nfs.vger.kernel.org>
List-Subscribe: <mailto:linux-nfs+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-nfs+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
X-Spam-Level: 
X-Spamd-Bar: /
Authentication-Results: smtp-out1.suse.de;
	dkim=pass header.d=suse.de header.s=susede2_rsa header.b=RaHUHjJ7;
	dkim=pass header.d=suse.de header.s=susede2_ed25519 header.b="n/BoFSb3"
X-Rspamd-Server: rspamd2.dmz-prg2.suse.org
X-Spamd-Result: default: False [-0.01 / 50.00];
	 RCVD_VIA_SMTP_AUTH(0.00)[];
	 SPAMHAUS_XBL(0.00)[2a07:de40:b281:104:10:150:64:97:from];
	 TO_DN_SOME(0.00)[];
	 R_MISSING_CHARSET(2.50)[];
	 BROKEN_CONTENT_TYPE(1.50)[];
	 RCVD_COUNT_THREE(0.00)[3];
	 DKIM_TRACE(0.00)[suse.de:+];
	 MX_GOOD(-0.01)[];
	 NEURAL_HAM_SHORT(-0.20)[-1.000];
	 FROM_EQ_ENVFROM(0.00)[];
	 MIME_TRACE(0.00)[0:+];
	 ARC_NA(0.00)[];
	 R_DKIM_ALLOW(-0.20)[suse.de:s=susede2_rsa,suse.de:s=susede2_ed25519];
	 RCVD_DKIM_ARC_DNSWL_HI(-1.00)[];
	 FROM_HAS_DN(0.00)[];
	 RCPT_COUNT_THREE(0.00)[3];
	 TO_MATCH_ENVRCPT_ALL(0.00)[];
	 NEURAL_HAM_LONG(-1.00)[-1.000];
	 MIME_GOOD(-0.10)[text/plain];
	 DWL_DNSWL_MED(-2.00)[suse.de:dkim];
	 DKIM_SIGNED(0.00)[suse.de:s=susede2_rsa,suse.de:s=susede2_ed25519];
	 MID_CONTAINS_FROM(1.00)[];
	 DBL_BLOCKED_OPENRESOLVER(0.00)[socket.in:url,configure.ac:url,suse.de:dkim,suse.de:email];
	 FUZZY_BLOCKED(0.00)[rspamd.com];
	 RCVD_IN_DNSWL_HI(-0.50)[2a07:de40:b281:104:10:150:64:97:from];
	 RCVD_TLS_ALL(0.00)[]
X-Spam-Score: -0.01
X-Rspamd-Queue-Id: 7B7E1224AE
X-Spam-Flag: NO

As RPC is primarily a network service it is best, on Linux, to use
network namespaces to isolate it.  However contacting rpcbind via an
AF_UNIX socket allows escape from the network namespace.
If clients could use an abstract address, that would ensure clients
contact an rpcbind in the same network namespace.

systemd can pass in a listening abstract socket by providing an '@'
prefix.  However with libtirpc 1.3.3 or earlier attempting this will
fail as the library mistakenly determines that the socket is not bound.
This generates unsightly error messages.
So it is best not to request the abstract address when it is not likely
to work.

A patch to fix this also proposes adding a define for
_PATH_RPCBINDSOCK_ABSTRACT to the header files.  We can check for this
and only include the new ListenStream when that define is present.

Signed-off-by: NeilBrown <neilb@suse.de>
Reviewed-by: Petr Vorel <pvorel@suse.cz>
---
 configure.ac                                  | 13 ++++++++++++-
 systemd/{rpcbind.socket => rpcbind.socket.in} |  1 +
 2 files changed, 13 insertions(+), 1 deletion(-)
 rename systemd/{rpcbind.socket => rpcbind.socket.in} (88%)

diff --git a/configure.ac b/configure.ac
index c2069a2b3b0e..573e4fdf3a3e 100644
--- a/configure.ac
+++ b/configure.ac
@@ -50,6 +50,17 @@ AC_SUBST([nss_modules], [$with_nss_modules])
 
 PKG_CHECK_MODULES([TIRPC], [libtirpc])
 
+CPPFLAGS=$TIRPC_CFLAGS
+AC_MSG_CHECKING([for abstract socket support in libtirpc])
+AC_COMPILE_IFELSE([AC_LANG_PROGRAM([
+#include <rpc/rpc.h>
+],[
+char *path = _PATH_RPCBINDSOCK_ABSTRACT;
+])], [have_abstract=yes], [have_abstract=no])
+CPPFLAGS=
+AC_MSG_RESULT([$have_abstract])
+AM_CONDITIONAL(ABSTRACT, [ test "x$have_abstract" = "xyes" ])
+
 PKG_PROG_PKG_CONFIG
 AC_ARG_WITH([systemdsystemunitdir],
   AS_HELP_STRING([--with-systemdsystemunitdir=DIR], [Directory for systemd service files]),
@@ -76,4 +87,4 @@ AC_CHECK_HEADERS([nss.h])
 AC_SUBST([_sbindir])
 AC_CONFIG_COMMANDS_PRE([eval eval _sbindir=$sbindir])
 
-AC_OUTPUT([Makefile systemd/rpcbind.service])
+AC_OUTPUT([Makefile systemd/rpcbind.service systemd/rpcbind.socket])
diff --git a/systemd/rpcbind.socket b/systemd/rpcbind.socket.in
similarity index 88%
rename from systemd/rpcbind.socket
rename to systemd/rpcbind.socket.in
index 3b1a93694c21..5dd09a143e16 100644
--- a/systemd/rpcbind.socket
+++ b/systemd/rpcbind.socket.in
@@ -6,6 +6,7 @@ Before=rpcbind.target
 
 [Socket]
 ListenStream=/run/rpcbind.sock
+@ABSTRACT_TRUE@ListenStream=@/run/rpcbind.sock
 
 # RPC netconfig can't handle ipv6/ipv4 dual sockets
 BindIPv6Only=ipv6-only

From patchwork Sun Feb 25 23:53:56 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: NeilBrown <neilb@suse.de>
X-Patchwork-Id: 13571067
Received: from smtp-out1.suse.de (smtp-out1.suse.de [195.135.223.130])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id DD5D21BC53
	for <linux-nfs@vger.kernel.org>; Sun, 25 Feb 2024 23:57:12 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=195.135.223.130
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1708905434; cv=none;
 b=jfk0EUU8JIz+yFsUByMBIw3EGgxgUc82uHGNX0nKBWFAX8blMnmPaAhftZtBFcbIwRNhFyVJehIbG34hFzOqzDsorrRiRf33vPXVGgc1FZ7NEyhF/Q1yfYQiPoQ0qwKV4kumwmXVHnAg7prTIi5dd/y8d6DnvWogwLQtGzpZAI0=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1708905434; c=relaxed/simple;
	bh=PBoK0ictngehnCw+nI2XNGAUlUnWVC5aX6T5lmr/4uc=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version;
 b=u3sJPa9XKGyTFUcX+pb2e3VB9QnlGn2vErwLCJ7CzuYWxOr6oX6PZQCxtqa2jjvfCn8KPMeVV+GRozGSEJmnNgfczI5d/iBUuB+HkftTuvn7hd9k3xyai/kODVfQWUq6D6BeQYiDnohFR3J5q7lMfTEbebBG4yh4xbJp1Q5yiFM=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=suse.de;
 spf=pass smtp.mailfrom=suse.de;
 dkim=pass (1024-bit key) header.d=suse.de header.i=@suse.de
 header.b=1w0TkBSn;
 dkim=permerror (0-bit key) header.d=suse.de header.i=@suse.de
 header.b=mWVJ/QZj;
 dkim=pass (1024-bit key) header.d=suse.de header.i=@suse.de
 header.b=1w0TkBSn;
 dkim=permerror (0-bit key) header.d=suse.de header.i=@suse.de
 header.b=mWVJ/QZj; arc=none smtp.client-ip=195.135.223.130
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=suse.de
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=suse.de
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (1024-bit key) header.d=suse.de header.i=@suse.de
 header.b="1w0TkBSn";
	dkim=permerror (0-bit key) header.d=suse.de header.i=@suse.de
 header.b="mWVJ/QZj";
	dkim=pass (1024-bit key) header.d=suse.de header.i=@suse.de
 header.b="1w0TkBSn";
	dkim=permerror (0-bit key) header.d=suse.de header.i=@suse.de
 header.b="mWVJ/QZj"
Received: from imap1.dmz-prg2.suse.org (imap1.dmz-prg2.suse.org
 [10.150.64.97])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest
 SHA256)
	(No client certificate requested)
	by smtp-out1.suse.de (Postfix) with ESMTPS id 2E7C2224A6;
	Sun, 25 Feb 2024 23:57:11 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de;
 s=susede2_rsa;
	t=1708905431;
 h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:
	 mime-version:mime-version:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=PQk+j2UTs1NqVIXymPFcFYSoNQ3WPS/GzE2zlPXW7Nc=;
	b=1w0TkBSnT/2Lk3AHrMxBaPWXNUe/RE4G6syJdalvrnn42pimWF8fYLMGw0K7jNN1rlfnr5
	Rxrufu8KH24Di3mgrdUjxtQAqmZqC7sHzZaXmYgdEEoOAqYLlLwKVBh6sJk/i2cM5/hVA3
	sK0lKpWr9CHFApdHTqPmBKbvgZCGsLM=
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de;
	s=susede2_ed25519; t=1708905431;
	h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:
	 mime-version:mime-version:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=PQk+j2UTs1NqVIXymPFcFYSoNQ3WPS/GzE2zlPXW7Nc=;
	b=mWVJ/QZjxwN/r5UuuyStzOCvoxZ/MKoNJ3GixMzIKS6gk6yl4Rk1sdiIiLInqXpifOxX8X
	qq+V5Y8i8un1beBw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de;
 s=susede2_rsa;
	t=1708905431;
 h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:
	 mime-version:mime-version:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=PQk+j2UTs1NqVIXymPFcFYSoNQ3WPS/GzE2zlPXW7Nc=;
	b=1w0TkBSnT/2Lk3AHrMxBaPWXNUe/RE4G6syJdalvrnn42pimWF8fYLMGw0K7jNN1rlfnr5
	Rxrufu8KH24Di3mgrdUjxtQAqmZqC7sHzZaXmYgdEEoOAqYLlLwKVBh6sJk/i2cM5/hVA3
	sK0lKpWr9CHFApdHTqPmBKbvgZCGsLM=
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de;
	s=susede2_ed25519; t=1708905431;
	h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:
	 mime-version:mime-version:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=PQk+j2UTs1NqVIXymPFcFYSoNQ3WPS/GzE2zlPXW7Nc=;
	b=mWVJ/QZjxwN/r5UuuyStzOCvoxZ/MKoNJ3GixMzIKS6gk6yl4Rk1sdiIiLInqXpifOxX8X
	qq+V5Y8i8un1beBw==
Received: from imap1.dmz-prg2.suse.org (localhost [127.0.0.1])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest
 SHA256)
	(No client certificate requested)
	by imap1.dmz-prg2.suse.org (Postfix) with ESMTPS id A8F4413432;
	Sun, 25 Feb 2024 23:57:09 +0000 (UTC)
Received: from dovecot-director2.suse.de ([10.150.64.162])
	by imap1.dmz-prg2.suse.org with ESMTPSA
	id QAhSE9XT22XMJgAAD6G6ig
	(envelope-from <neilb@suse.de>); Sun, 25 Feb 2024 23:57:09 +0000
From: NeilBrown <neilb@suse.de>
To: Steve Dickson <steved@redhat.com>
Cc: linux-nfs@vger.kernel.org,
	Petr Vorel <pvorel@suse.cz>
Subject: [PATCH 4/4] rpcinfo: try connecting using abstract address.
Date: Mon, 26 Feb 2024 10:53:56 +1100
Message-ID: <20240225235628.12473-5-neilb@suse.de>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <20240225235628.12473-1-neilb@suse.de>
References: <20240225235628.12473-1-neilb@suse.de>
Precedence: bulk
X-Mailing-List: linux-nfs@vger.kernel.org
List-Id: <linux-nfs.vger.kernel.org>
List-Subscribe: <mailto:linux-nfs+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-nfs+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Authentication-Results: smtp-out1.suse.de;
	none
X-Spam-Level: ***
X-Spam-Score: 3.70
X-Spamd-Result: default: False [3.70 / 50.00];
	 ARC_NA(0.00)[];
	 RCVD_VIA_SMTP_AUTH(0.00)[];
	 FROM_HAS_DN(0.00)[];
	 RCPT_COUNT_THREE(0.00)[3];
	 R_MISSING_CHARSET(2.50)[];
	 TO_MATCH_ENVRCPT_ALL(0.00)[];
	 MIME_GOOD(-0.10)[text/plain];
	 BROKEN_CONTENT_TYPE(1.50)[];
	 TO_DN_SOME(0.00)[];
	 NEURAL_HAM_LONG(-1.00)[-1.000];
	 RCVD_COUNT_THREE(0.00)[3];
	 DKIM_SIGNED(0.00)[suse.de:s=susede2_rsa,suse.de:s=susede2_ed25519];
	 NEURAL_HAM_SHORT(-0.20)[-0.999];
	 MID_CONTAINS_FROM(1.00)[];
	 DBL_BLOCKED_OPENRESOLVER(0.00)[suse.de:email];
	 FUZZY_BLOCKED(0.00)[rspamd.com];
	 FROM_EQ_ENVFROM(0.00)[];
	 MIME_TRACE(0.00)[0:+];
	 RCVD_TLS_ALL(0.00)[];
	 BAYES_HAM(-0.00)[24.90%]
X-Spam-Flag: NO

rpcinfo doesn't use library calls to set up the address for rpcbind.  So
to get to it try the new abstract address, we need to explicitly
teach it how.

Signed-off-by: NeilBrown <neilb@suse.de>
Reviewed-by: Petr Vorel <pvorel@suse.cz>
---
 src/rpcinfo.c | 24 +++++++++++++++++++++++-
 1 file changed, 23 insertions(+), 1 deletion(-)

diff --git a/src/rpcinfo.c b/src/rpcinfo.c
index 0e14f78ad2de..4464cbc0941b 100644
--- a/src/rpcinfo.c
+++ b/src/rpcinfo.c
@@ -311,6 +311,13 @@ main (int argc, char **argv)
   return (0);
 }
 
+/* Evaluate to actual length of the `sockaddr_un' structure, whether
+ * abstract or not.
+ */
+#include <stddef.h>
+#define SUN_LEN_A(ptr) (offsetof(struct sockaddr_un, sun_path)	\
+			+ 1 + strlen((ptr)->sun_path + 1))
+
 static CLIENT *
 local_rpcb (rpcprog_t prog, rpcvers_t vers)
 {
@@ -334,6 +341,7 @@ local_rpcb (rpcprog_t prog, rpcvers_t vers)
   endnetconfig(localhandle);
   return clnt;
 #else
+  CLIENT *clnt;
   struct netbuf nbuf;
   struct sockaddr_un sun;
   int sock;
@@ -344,12 +352,26 @@ local_rpcb (rpcprog_t prog, rpcvers_t vers)
     return NULL;
 
   sun.sun_family = AF_LOCAL;
+
+#ifdef _PATH_RPCBINDSOCK_ABSTRACT
+  memcpy(sun.sun_path, _PATH_RPCBINDSOCK_ABSTRACT,
+         sizeof(_PATH_RPCBINDSOCK_ABSTRACT));
+  nbuf.len = SUN_LEN_A (&sun);
+  nbuf.maxlen = sizeof (struct sockaddr_un);
+  nbuf.buf = &sun;
+
+  clnt = clnt_vc_create (sock, &nbuf, prog, vers, 0, 0);
+  if (clnt)
+    return clnt;
+#endif
+
   strcpy (sun.sun_path, _PATH_RPCBINDSOCK);
   nbuf.len = SUN_LEN (&sun);
   nbuf.maxlen = sizeof (struct sockaddr_un);
   nbuf.buf = &sun;
 
-  return clnt_vc_create (sock, &nbuf, prog, vers, 0, 0);
+  clnt = clnt_vc_create (sock, &nbuf, prog, vers, 0, 0);
+  return clnt;
 #endif
 }