Browse Source
dhcp: Updated (3.0.5 -> 4.1.1-P1) removed obsolete patches and rediffed some others.
user/amery/mess
Alejandro Mery
4 changed files with 6 additions and 252 deletions
Split View
Diff Options
-
+1 -17network/dhcp/dhclient-script-no-domain.patch
-
+0 -228network/dhcp/dhcp-3.0+paranoia.patch
-
+2 -4network/dhcp/dhcp.conf
-
+3 -3network/dhcp/dhcp.desc
@ -1,228 +0,0 @@ |
|||
# --- SDE-COPYRIGHT-NOTE-BEGIN --- |
|||
# This copyright note is auto-generated by ./scripts/Create-CopyPatch. |
|||
# |
|||
# Filename: package/.../dhcp/dhcp-3.0+paranoia.patch |
|||
# Copyright (C) 2004 - 2006 The T2 SDE Project |
|||
# Copyright (C) 1998 - 2003 Clifford Wolf |
|||
# |
|||
# More information can be found in the files COPYING and README. |
|||
# |
|||
# This patch file is dual-licensed. It is available under the license the |
|||
# patched project is licensed under, as long as it is an OpenSource license |
|||
# as defined at http://www.opensource.org/ (e.g. BSD, X11) or under the terms |
|||
# of the GNU General Public License as published by the Free Software |
|||
# Foundation; either version 2 of the License, or (at your option) any later |
|||
# version. |
|||
# --- SDE-COPYRIGHT-NOTE-END --- |
|||
|
|||
borrowed from ari edelkind's site |
|||
http://www.episec.com/people/edelkind/patches/dhcp/dhcp-3.0+paranoia.patch |
|||
|
|||
---
|
|||
|
|||
paranoia (non-root/chroot) patch for ISC dhcp 3.0 |
|||
file to patch: dhcp-3.0/server/dhcpd.c |
|||
|
|||
update from paranoia patch for ISC dhcp 2.0 |
|||
|
|||
Adds 3 options: |
|||
|
|||
-user <user> |
|||
-group <group> |
|||
-chroot <chroot_dir> |
|||
|
|||
Notes: |
|||
-DPARANOIA must be passed as an argument to the --copts option |
|||
of configure. Otherwise, the paranoia code will not be compiled |
|||
in. Example: ./configure --copts -DPARANOIA |
|||
|
|||
The chroot() call has been delayed in order to allow /dev/log to |
|||
be reopened after the configuration file has been read. This is |
|||
beneficial for systems on which /dev/log is a unix domain socket. |
|||
The main side effect is that dhcpd.conf should be placed in /etc, |
|||
instead of <chroot_dir>/etc. |
|||
|
|||
If dhcpd is to be run on a sysV-style architecture (or, more |
|||
generally, if /dev/log is a character device), one may opt to |
|||
create the <chroot_dir>/dev/log character device and add |
|||
-DEARLY_CHROOT to the --copts option of configure (in addition to |
|||
-DPARANOIA). This will perform the chroot() call at the earliest |
|||
convenience (before reading the configuration file). |
|||
|
|||
If the -user option is used, the lease and pid file directories |
|||
should be writable to the server process after it drops |
|||
privileges. |
|||
|
|||
|
|||
ari edelkind (12/10/2001) |
|||
last modified 12/10/2001 |
|||
|
|||
|
|||
--- dhcp-3.0/server/dhcpd.c Thu Jun 21 22:12:58 2001
|
|||
+++ dhcp-3.0+paranoia/server/dhcpd.c Wed Oct 17 08:23:00 2001
|
|||
@@ -56,6 +56,16 @@
|
|||
#include "version.h" |
|||
#include <omapip/omapip_p.h> |
|||
|
|||
+#if defined (PARANOIA)
|
|||
+# include <sys/types.h>
|
|||
+# include <unistd.h>
|
|||
+# include <pwd.h>
|
|||
+/* get around the ISC declaration of group */
|
|||
+# define group real_group
|
|||
+# include <grp.h>
|
|||
+# undef group
|
|||
+#endif /* PARANOIA */
|
|||
+
|
|||
static void usage PROTO ((void)); |
|||
|
|||
TIME cur_time; |
|||
@@ -204,6 +214,22 @@
|
|||
omapi_object_dereference (&listener, MDL); |
|||
} |
|||
|
|||
+#if defined (PARANOIA)
|
|||
+/* to be used in one of two possible scenarios */
|
|||
+static void setup_chroot (char *chroot_dir) {
|
|||
+ if (geteuid())
|
|||
+ log_fatal ("you must be root to use chroot");
|
|||
+
|
|||
+ if (chroot(chroot_dir)) {
|
|||
+ log_fatal ("chroot(\"%s\"): %m", chroot_dir);
|
|||
+ }
|
|||
+ if (chdir ("/")) {
|
|||
+ /* probably permission denied */
|
|||
+ log_fatal ("chdir(\"/\"): %m");
|
|||
+ }
|
|||
+}
|
|||
+#endif /* PARANOIA */
|
|||
+
|
|||
int main (argc, argv, envp) |
|||
int argc; |
|||
char **argv, **envp; |
|||
@@ -236,6 +262,14 @@
|
|||
char *traceinfile = (char *)0; |
|||
char *traceoutfile = (char *)0; |
|||
#endif |
|||
+#if defined (PARANOIA)
|
|||
+ char *set_user = 0;
|
|||
+ char *set_group = 0;
|
|||
+ char *set_chroot = 0;
|
|||
+
|
|||
+ uid_t set_uid = 0;
|
|||
+ gid_t set_gid = 0;
|
|||
+#endif /* PARANOIA */
|
|||
|
|||
/* Make sure we have stdin, stdout and stderr. */ |
|||
status = open ("/dev/null", O_RDWR); |
|||
@@ -298,6 +332,20 @@
|
|||
if (++i == argc) |
|||
usage (); |
|||
server = argv [i]; |
|||
+#if defined (PARANOIA)
|
|||
+ } else if (!strcmp (argv [i], "-user")) {
|
|||
+ if (++i == argc)
|
|||
+ usage ();
|
|||
+ set_user = argv [i];
|
|||
+ } else if (!strcmp (argv [i], "-group")) {
|
|||
+ if (++i == argc)
|
|||
+ usage ();
|
|||
+ set_group = argv [i];
|
|||
+ } else if (!strcmp (argv [i], "-chroot")) {
|
|||
+ if (++i == argc)
|
|||
+ usage ();
|
|||
+ set_chroot = argv [i];
|
|||
+#endif /* PARANOIA */
|
|||
} else if (!strcmp (argv [i], "-cf")) { |
|||
if (++i == argc) |
|||
usage (); |
|||
@@ -397,6 +445,44 @@
|
|||
trace_seed_stop, MDL); |
|||
#endif |
|||
|
|||
+#if defined (PARANOIA)
|
|||
+ /* get user and group info if those options were given */
|
|||
+ if (set_user) {
|
|||
+ struct passwd *tmp_pwd;
|
|||
+
|
|||
+ if (geteuid())
|
|||
+ log_fatal ("you must be root to set user");
|
|||
+
|
|||
+ if (!(tmp_pwd = getpwnam(set_user)))
|
|||
+ log_fatal ("no such user: %s", set_user);
|
|||
+
|
|||
+ set_uid = tmp_pwd->pw_uid;
|
|||
+
|
|||
+ /* use the user's group as the default gid */
|
|||
+ if (!set_group)
|
|||
+ set_gid = tmp_pwd->pw_gid;
|
|||
+ }
|
|||
+
|
|||
+ if (set_group) {
|
|||
+/* get around the ISC declaration of group */
|
|||
+#define group real_group
|
|||
+ struct group *tmp_grp;
|
|||
+
|
|||
+ if (geteuid())
|
|||
+ log_fatal ("you must be root to set group");
|
|||
+
|
|||
+ if (!(tmp_grp = getgrnam(set_group)))
|
|||
+ log_fatal ("no such group: %s", set_group);
|
|||
+
|
|||
+ set_gid = tmp_grp->gr_gid;
|
|||
+#undef group
|
|||
+ }
|
|||
+
|
|||
+# if defined (EARLY_CHROOT)
|
|||
+ if (set_chroot) setup_chroot (set_chroot);
|
|||
+# endif /* EARLY_CHROOT */
|
|||
+#endif /* PARANOIA */
|
|||
+
|
|||
/* Default to the DHCP/BOOTP port. */ |
|||
if (!local_port) |
|||
{ |
|||
@@ -500,6 +586,10 @@
|
|||
|
|||
postconf_initialization (quiet); |
|||
|
|||
+#if defined (PARANOIA) && !defined (EARLY_CHROOT)
|
|||
+ if (set_chroot) setup_chroot (set_chroot);
|
|||
+#endif /* PARANOIA && !EARLY_CHROOT */
|
|||
+
|
|||
/* test option should cause an early exit */ |
|||
if (cftest && !lftest) |
|||
exit(0); |
|||
@@ -543,6 +633,22 @@
|
|||
exit (0); |
|||
} |
|||
|
|||
+#if defined (PARANOIA)
|
|||
+ /* change uid to the specified one */
|
|||
+
|
|||
+ if (set_gid) {
|
|||
+ if (setgroups (0, (void *)0))
|
|||
+ log_fatal ("setgroups: %m");
|
|||
+ if (setgid (set_gid))
|
|||
+ log_fatal ("setgid(%d): %m", (int) set_gid);
|
|||
+ }
|
|||
+
|
|||
+ if (set_uid) {
|
|||
+ if (setuid (set_uid))
|
|||
+ log_fatal ("setuid(%d): %m", (int) set_uid);
|
|||
+ }
|
|||
+#endif /* PARANOIA */
|
|||
+
|
|||
/* Read previous pid file. */ |
|||
if ((i = open (path_dhcpd_pid, O_RDONLY)) >= 0) { |
|||
status = read (i, pbuf, (sizeof pbuf) - 1); |
|||
@@ -888,6 +994,10 @@
|
|||
|
|||
log_fatal ("Usage: dhcpd [-p <UDP port #>] [-d] [-f]%s%s%s%s", |
|||
"\n [-cf config-file] [-lf lease-file]", |
|||
+#if defined (PARANOIA)
|
|||
+ /* meld into the following string */
|
|||
+ "\n [-user user] [-group group] [-chroot dir]"
|
|||
+#endif /* PARANOIA */
|
|||
#if defined (TRACING) |
|||
"\n [-tf trace-output-file]", |
|||
"\n [-play trace-input-file]", |
|||