OpenSDE
/
package-nopast
3
0
Fork 0
Code Issues 9 Projects 1 Releases Activity
OpenSDE Packages Database (without history before r20070)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
341 Commits
49 Branches
0 Tags
34 MiB
Tree: 1275d05bf1
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '1275d05bf1'
${ noResults }
package-nopast/network/dhcp/dhcp-3.0+paranoia.patch

228 lines
6.1 KiB
Raw Normal View History

* relocated current package database to the trunk of the package sub-project git-svn-id: svn://svn.opensde.net/opensde/package/trunk@20072 10447126-35f2-4685-b0cf-6dd780d3921f
18 years ago
  1. # --- T2-COPYRIGHT-NOTE-BEGIN ---
  2. # This copyright note is auto-generated by ./scripts/Create-CopyPatch.
  3. #
  4. # T2 SDE: package/.../dhcp/dhcp-3.0+paranoia.patch
  5. # Copyright (C) 2004 - 2006 The T2 SDE Project
  6. # Copyright (C) 1998 - 2003 Clifford Wolf
  7. #
  8. # More information can be found in the files COPYING and README.
  9. #
  10. # This patch file is dual-licensed. It is available under the license the
  11. # patched project is licensed under, as long as it is an OpenSource license
  12. # as defined at http://www.opensource.org/ (e.g. BSD, X11) or under the terms
  13. # of the GNU General Public License as published by the Free Software
  14. # Foundation; either version 2 of the License, or (at your option) any later
  15. # version.
  16. # --- T2-COPYRIGHT-NOTE-END ---
  18. borrowed from ari edelkind's site
  19. http://www.episec.com/people/edelkind/patches/dhcp/dhcp-3.0+paranoia.patch
  21. ---
  23. paranoia (non-root/chroot) patch for ISC dhcp 3.0
  24. file to patch: dhcp-3.0/server/dhcpd.c
  26. update from paranoia patch for ISC dhcp 2.0
  28. Adds 3 options:
  30. -user <user>
  31. -group <group>
  32. -chroot <chroot_dir>
  34. Notes:
  35. -DPARANOIA must be passed as an argument to the --copts option
  36. of configure. Otherwise, the paranoia code will not be compiled
  37. in. Example: ./configure --copts -DPARANOIA
  39. The chroot() call has been delayed in order to allow /dev/log to
  40. be reopened after the configuration file has been read. This is
  41. beneficial for systems on which /dev/log is a unix domain socket.
  42. The main side effect is that dhcpd.conf should be placed in /etc,
  43. instead of <chroot_dir>/etc.
  45. If dhcpd is to be run on a sysV-style architecture (or, more
  46. generally, if /dev/log is a character device), one may opt to
  47. create the <chroot_dir>/dev/log character device and add
  48. -DEARLY_CHROOT to the --copts option of configure (in addition to
  49. -DPARANOIA). This will perform the chroot() call at the earliest
  50. convenience (before reading the configuration file).
  52. If the -user option is used, the lease and pid file directories
  53. should be writable to the server process after it drops
  54. privileges.
  57. ari edelkind (12/10/2001)
  58. last modified 12/10/2001
  61. --- dhcp-3.0/server/dhcpd.c Thu Jun 21 22:12:58 2001
  62. +++ dhcp-3.0+paranoia/server/dhcpd.c Wed Oct 17 08:23:00 2001
  63. @@ -56,6 +56,16 @@
  64. #include "version.h"
  65. #include <omapip/omapip_p.h>
  67. +#if defined (PARANOIA)
  68. +# include <sys/types.h>
  69. +# include <unistd.h>
  70. +# include <pwd.h>
  71. +/* get around the ISC declaration of group */
  72. +# define group real_group
  73. +# include <grp.h>
  74. +# undef group
  75. +#endif /* PARANOIA */
  76. +
  77. static void usage PROTO ((void));
  79. TIME cur_time;
  80. @@ -204,6 +214,22 @@
  81. omapi_object_dereference (&listener, MDL);
  82. }
  84. +#if defined (PARANOIA)
  85. +/* to be used in one of two possible scenarios */
  86. +static void setup_chroot (char *chroot_dir) {
  87. + if (geteuid())
  88. + log_fatal ("you must be root to use chroot");
  89. +
  90. + if (chroot(chroot_dir)) {
  91. + log_fatal ("chroot(\"%s\"): %m", chroot_dir);
  92. + }
  93. + if (chdir ("/")) {
  94. + /* probably permission denied */
  95. + log_fatal ("chdir(\"/\"): %m");
  96. + }
  97. +}
  98. +#endif /* PARANOIA */
  99. +
  100. int main (argc, argv, envp)
  101. int argc;
  102. char **argv, **envp;
  103. @@ -236,6 +262,14 @@
  104. char *traceinfile = (char *)0;
  105. char *traceoutfile = (char *)0;
  106. #endif
  107. +#if defined (PARANOIA)
  108. + char *set_user = 0;
  109. + char *set_group = 0;
  110. + char *set_chroot = 0;
  111. +
  112. + uid_t set_uid = 0;
  113. + gid_t set_gid = 0;
  114. +#endif /* PARANOIA */
  116. /* Make sure we have stdin, stdout and stderr. */
  117. status = open ("/dev/null", O_RDWR);
  118. @@ -298,6 +332,20 @@
  119. if (++i == argc)
  120. usage ();
  121. server = argv [i];
  122. +#if defined (PARANOIA)
  123. + } else if (!strcmp (argv [i], "-user")) {
  124. + if (++i == argc)
  125. + usage ();
  126. + set_user = argv [i];
  127. + } else if (!strcmp (argv [i], "-group")) {
  128. + if (++i == argc)
  129. + usage ();
  130. + set_group = argv [i];
  131. + } else if (!strcmp (argv [i], "-chroot")) {
  132. + if (++i == argc)
  133. + usage ();
  134. + set_chroot = argv [i];
  135. +#endif /* PARANOIA */
  136. } else if (!strcmp (argv [i], "-cf")) {
  137. if (++i == argc)
  138. usage ();
  139. @@ -397,6 +445,44 @@
  140. trace_seed_stop, MDL);
  141. #endif
  143. +#if defined (PARANOIA)
  144. + /* get user and group info if those options were given */
  145. + if (set_user) {
  146. + struct passwd *tmp_pwd;
  147. +
  148. + if (geteuid())
  149. + log_fatal ("you must be root to set user");
  150. +
  151. + if (!(tmp_pwd = getpwnam(set_user)))
  152. + log_fatal ("no such user: %s", set_user);
  153. +
  154. + set_uid = tmp_pwd->pw_uid;
  155. +
  156. + /* use the user's group as the default gid */
  157. + if (!set_group)
  158. + set_gid = tmp_pwd->pw_gid;
  159. + }
  160. +
  161. + if (set_group) {
  162. +/* get around the ISC declaration of group */
  163. +#define group real_group
  164. + struct group *tmp_grp;
  165. +
  166. + if (geteuid())
  167. + log_fatal ("you must be root to set group");
  168. +
  169. + if (!(tmp_grp = getgrnam(set_group)))
  170. + log_fatal ("no such group: %s", set_group);
  171. +
  172. + set_gid = tmp_grp->gr_gid;
  173. +#undef group
  174. + }
  175. +
  176. +# if defined (EARLY_CHROOT)
  177. + if (set_chroot) setup_chroot (set_chroot);
  178. +# endif /* EARLY_CHROOT */
  179. +#endif /* PARANOIA */
  180. +
  181. /* Default to the DHCP/BOOTP port. */
  182. if (!local_port)
  183. {
  184. @@ -500,6 +586,10 @@
  186. postconf_initialization (quiet);
  188. +#if defined (PARANOIA) && !defined (EARLY_CHROOT)
  189. + if (set_chroot) setup_chroot (set_chroot);
  190. +#endif /* PARANOIA && !EARLY_CHROOT */
  191. +
  192. /* test option should cause an early exit */
  193. if (cftest && !lftest)
  194. exit(0);
  195. @@ -543,6 +633,22 @@
  196. exit (0);
  197. }
  199. +#if defined (PARANOIA)
  200. + /* change uid to the specified one */
  201. +
  202. + if (set_gid) {
  203. + if (setgroups (0, (void *)0))
  204. + log_fatal ("setgroups: %m");
  205. + if (setgid (set_gid))
  206. + log_fatal ("setgid(%d): %m", (int) set_gid);
  207. + }
  208. +
  209. + if (set_uid) {
  210. + if (setuid (set_uid))
  211. + log_fatal ("setuid(%d): %m", (int) set_uid);
  212. + }
  213. +#endif /* PARANOIA */
  214. +
  215. /* Read previous pid file. */
  216. if ((i = open (path_dhcpd_pid, O_RDONLY)) >= 0) {
  217. status = read (i, pbuf, (sizeof pbuf) - 1);
  218. @@ -888,6 +994,10 @@
  220. log_fatal ("Usage: dhcpd [-p <UDP port #>] [-d] [-f]%s%s%s%s",
  221. "\n [-cf config-file] [-lf lease-file]",
  222. +#if defined (PARANOIA)
  223. + /* meld into the following string */
  224. + "\n [-user user] [-group group] [-chroot dir]"
  225. +#endif /* PARANOIA */
  226. #if defined (TRACING)
  227. "\n [-tf trace-output-file]",
  228. "\n [-play trace-input-file]",