2 ####################################
3 ### Beginning of configurable stuff.
5 # By default, logfile entries are written to the same file as used for
6 # sendmail transaction logs. Change the definition of the following macro
7 # if you disagree. See `man 3 syslog' for examples. Some syslog versions
8 # do not provide this flexibility.
12 # To disable tcp-wrapper style access control, comment out the following
13 # macro definitions. Access control can also be turned off by providing
14 # no access control tables. The local system, since it runs the portmap
15 # daemon, is always treated as an authorized host.
16 # By default, access control does not do hostname lookup as there is a risk
17 # that will require portmap access, hence deadlock. If you are sure the
18 # target system will never user NIS for hostname lookup, you can define
19 # USE_DNS to add hostname tests in hosts.allow/deny.
21 ifeq ($(NO_TCP_WRAPPER),)
22 CPPFLAGS += -DHOSTS_ACCESS
25 CPPFLAGS += -DENABLE_DNS
26 MAN_SED += -e 's/USE_DNS/yes/'
30 # For no-mmu systems, we have to disable the fork() functions.
35 # For static builds, we might hit perror() symbol clashes
37 CPPFLAGS += -DNO_PERROR
44 SBINDIR = $(PREFIX)/sbin
47 DATADIR = $(PREFIX)/share
50 MANDIR = $(DATADIR)/man
53 MAN8DIR = $(MANDIR)/man8
56 ## backwards compatibility to older distro builders
64 ifeq ($(INSTALL_MAN),)
65 INSTALL_MAN = $(INSTALL) -o root -g root -m 0644
67 ifeq ($(INSTALL_BIN),)
68 INSTALL_BIN = $(INSTALL) -s -o root -g root -m 0755
72 # Comment out if your RPC library does not allocate privileged ports for
73 # requests from processes with root privilege, or the new portmap will
74 # always reject requests to register/unregister services on privileged
75 # ports. You can find out by running "rpcinfo -p"; if all mountd and NIS
76 # daemons use a port >= 1024 you should probably disable the next line.
78 CPPFLAGS += -DCHECK_PORT
80 # The portmap daemon runs a uid=1/gid=1 by default. You can change that
81 # be defining DAEMON_UID and DAMEON_GID to numbers, or RPCUSER to a
82 # name, though you must be sure that name lookup will not require use
85 CPPFLAGS += -DRPCUSER=\"$(RPCUSER)\"
86 MAN_SED += -e 's/RPCUSER/$(RPCUSER)/'
88 MAN_SED += -e 's/RPCUSER//'
91 CPPFLAGS += -DDAEMON_UID=$(DAEMON_UID) -DDAEMON_GID=$(DAEMON_GID)
92 MAN_SED += -e 's/DAEMON_UID/$(DAEMON_UID)/' -e 's/DAEMON_GID/$(DAEMON_GID)/'
94 MAN_SED += -e 's/DAEMON_UID/1/' -e 's/DAEMON_GID/1/'
97 # Warning: troublesome feature ahead!! Enable only when you are really
100 # It is possible to prevent an attacker from manipulating your portmapper
101 # tables from outside with requests that contain spoofed source addresses.
102 # The countermeasure is to force all rpc servers to register and
103 # unregister with the portmapper via the loopback network interface,
104 # instead of via the primary network interface that every host can talk
105 # to. For this countermeasure to work it is necessary to uncomment the
106 # LOOPBACK definition below, and to take the following additional steps:
108 # (1) Modify the libc library (or librpc if you have one) and replace
109 # get_myaddress() by a version that selects the loopback address instead
110 # of the primary network interface address. A suitable version is
111 # provided in the file get_myaddress.c. This forces rpc servers to send
112 # all set/unset requests to the loopback address.
114 # (2) Rebuild all statically-linked rpc servers with the modified
117 # (3) Disable IP source routing in the kernel (otherwise an outside
118 # attacker can still send requests that appear to come from the local
121 # Instead of (1) it may be sufficient to run the rpc servers with a
122 # preload shared object that implements the alternate get_myaddress()
123 # behavior (see Makefile.shlib). You still need to disable IP source
126 # I warned you, you need to be really desperate to do this. It is
127 # probably much easier to just block port UDP and TCP ports 111 on
130 # CPPFLAGS += -DLOOPBACK_SETUNSET
132 # When the portmapper cannot find any local interfaces (it will complain
133 # to the syslog daemon) your system probably has variable-length socket
134 # address structures (struct sockaddr has a sa_len component; examples:
135 # AIX 4.1 and 4.4BSD). Uncomment next macro definition in that case.
137 # CPPFLAGS += -DHAS_SA_LEN # AIX 4.x, BSD 4.4, FreeBSD, NetBSD
139 # With verbose logging on, HP-UX 9.x and AIX 4.1 leave zombies behind when
140 # SIGCHLD is not ignored. Enable next macro for a fix.
142 CPPFLAGS += -DIGNORE_SIGCHLD # AIX 4.x, HP-UX 9.x
144 # Uncomment the following macro if your system does not have u_long.
146 # CPPFLAGS +=-Du_long="unsigned long"
150 # CFLAGS += -arch m68k -arch i386 -arch hppa
156 # Auxiliary libraries that you may have to specify
160 # Comment out if your compiler talks ANSI and understands const
162 # CPPFLAGS += -Dconst=
164 ### End of configurable stuff.
165 ##############################
167 CPPFLAGS += -DFACILITY=$(FACILITY)
169 CFLAGS += -Wall -Wstrict-prototypes
171 all: portmap pmap_dump pmap_set portmap.man
173 CPPFLAGS += $(HOSTS_ACCESS)
174 portmap: CFLAGS += $(CFLAGS_PIE)
175 portmap: LDLIBS += $(WRAP_LIB)
176 portmap: LDFLAGS += $(LDFLAGS_PIE)
177 portmap: portmap.o pmap_check.o from_local.o
179 from_local: CPPFLAGS += -DTEST
181 portmap.man : portmap.8
182 sed $(MAN_SED) < portmap.8 > portmap.man
184 install: all install-portmap install-pmap_dump install-pmap_set install-man
187 mkdir -p $(DESTDIR)$(SBINDIR)
190 mkdir -p $(DESTDIR)$(MAN8DIR)
192 install-man: install-dirs-man
193 $(INSTALL_MAN) portmap.man $(DESTDIR)$(MAN8DIR)/portmap.8
194 $(INSTALL_MAN) pmap_dump.8 $(DESTDIR)$(MAN8DIR)/pmap_dump.8
195 $(INSTALL_MAN) pmap_set.8 $(DESTDIR)$(MAN8DIR)/map_set.8
197 install-pmap_dump: pmap_dump install-dirs-sbin
198 $(INSTALL_BIN) pmap_dump $(DESTDIR)$(SBINDIR)
200 install-pmap_set: pmap_set install-dirs-sbin
201 $(INSTALL_BIN) pmap_set $(DESTDIR)$(SBINDIR)
203 install-portmap: portmap install-dirs-sbin
204 $(INSTALL_BIN) portmap $(DESTDIR)$(SBINDIR)
207 rm -f *.o portmap pmap_dump pmap_set from_local \
212 $(CC) -MM $(CFLAGS) *.c > .depend
214 .PHONY: all clean install