From 1d7e766ae1d2e3046c2b5af5850b8b774cf6bcb7 Mon Sep 17 00:00:00 2001 From: David Cantrell Date: Aug 01 2008 22:23:12 +0000 Subject: - Carry over RES_OPTIONS from ifcfg-ethX files to /etc/resolv.conf (#202923) - Clean up Requires tags for devel packages - Allow SEARCH variable in ifcfg files to override search path (#454152) - Do not down interface if there is an active lease (#453982) - Clean up how dhclient-script restarts ypbind - Set close-on-exec on dhclient.leases for SELinux (#446632) --- diff --git a/dhcp-4.0.0-FD_CLOEXEC.patch b/dhcp-4.0.0-FD_CLOEXEC.patch new file mode 100644 index 0000000..9ad9190 --- /dev/null +++ b/dhcp-4.0.0-FD_CLOEXEC.patch @@ -0,0 +1,133 @@ +diff -up dhcp-4.0.0/client/dhclient.c.FD_CLOEXEC dhcp-4.0.0/client/dhclient.c +--- dhcp-4.0.0/client/dhclient.c.FD_CLOEXEC 2008-08-01 11:02:35.000000000 -1000 ++++ dhcp-4.0.0/client/dhclient.c 2008-08-01 11:14:01.000000000 -1000 +@@ -2696,6 +2696,7 @@ int leases_written = 0; + + void rewrite_client_leases () + { ++ int fd, flags; + struct interface_info *ip; + struct client_state *client; + struct client_lease *lp; +@@ -2708,6 +2709,23 @@ void rewrite_client_leases () + return; + } + ++ if ((fd = fileno(leaseFile)) == -1) { ++ log_error ("could not determine fd for %s: %s", path_dhclient_db, strerror(errno)); ++ return; ++ } ++ ++ if ((flags = fcntl(fd, F_GETFD)) == -1) { ++ log_error ("failed to get flags for %s: %s", path_dhclient_db, strerror(errno)); ++ return; ++ } ++ ++ flags |= FD_CLOEXEC; ++ ++ if (fcntl(fd, F_SETFD, flags) == -1) { ++ log_error ("failed to set close-on-exec for %s", path_dhclient_db); ++ return; ++ } ++ + /* If there is a default duid, write it out. */ + if (default_duid.len != 0) + write_duid(&default_duid); +@@ -2800,7 +2818,7 @@ static isc_result_t + write_duid(struct data_string *duid) + { + char *str; +- int stat; ++ int stat, flags, fd; + + if ((duid == NULL) || (duid->len <= 2)) + return ISC_R_INVALIDARG; +@@ -2811,6 +2829,23 @@ write_duid(struct data_string *duid) + log_error("can't create %s: %m", path_dhclient_db); + return ISC_R_IOERROR; + } ++ ++ if ((fd = fileno(leaseFile)) == -1) { ++ log_error ("could not determine fd for %s: %s", path_dhclient_db, strerror(errno)); ++ return ISC_R_IOERROR; ++ } ++ ++ if ((flags = fcntl(fd, F_GETFD)) == -1) { ++ log_error ("failed to get flags for %s: %s", path_dhclient_db, strerror(errno)); ++ return ISC_R_IOERROR; ++ } ++ ++ flags |= FD_CLOEXEC; ++ ++ if (fcntl(fd, F_SETFD, flags) == -1) { ++ log_error ("failed to set close-on-exec for %s", path_dhclient_db); ++ return ISC_R_IOERROR; ++ } + } + + /* It would make more sense to write this as a hex string, +@@ -2840,7 +2875,7 @@ write_client6_lease(struct client_state + { + struct dhc6_ia *ia; + struct dhc6_addr *addr; +- int stat; ++ int stat, flags, fd; + + /* This should include the current lease. */ + if (!rewrite && (leases_written++ > 20)) { +@@ -2858,6 +2893,23 @@ write_client6_lease(struct client_state + log_error("can't create %s: %m", path_dhclient_db); + return ISC_R_IOERROR; + } ++ ++ if ((fd = fileno(leaseFile)) == -1) { ++ log_error ("could not determine fd for %s: %s", path_dhclient_db, strerror(errno)); ++ return ISC_R_IOERROR; ++ } ++ ++ if ((flags = fcntl(fd, F_GETFD)) == -1) { ++ log_error ("failed to get flags for %s: %s", path_dhclient_db, strerror(errno)); ++ return ISC_R_IOERROR; ++ } ++ ++ flags |= FD_CLOEXEC; ++ ++ if (fcntl(fd, F_SETFD, flags) == -1) { ++ log_error ("failed to set close-on-exec for %s", path_dhclient_db); ++ return ISC_R_IOERROR; ++ } + } + + stat = fprintf(leaseFile, "lease6 {\n"); +@@ -2940,6 +2992,7 @@ int write_client_lease (client, lease, r + { + struct data_string ds; + int errors = 0; ++ int flags, fd; + char *s; + const char *tval; + +@@ -2961,6 +3014,23 @@ int write_client_lease (client, lease, r + log_error ("can't create %s: %m", path_dhclient_db); + return 0; + } ++ ++ if ((fd = fileno(leaseFile)) == -1) { ++ log_error ("could not determine fd for %s: %s", path_dhclient_db, strerror(errno)); ++ return ISC_R_IOERROR; ++ } ++ ++ if ((flags = fcntl(fd, F_GETFD)) == -1) { ++ log_error ("failed to get flags for %s: %s", path_dhclient_db, strerror(errno)); ++ return ISC_R_IOERROR; ++ } ++ ++ flags |= FD_CLOEXEC; ++ ++ if (fcntl(fd, F_SETFD, flags) == -1) { ++ log_error ("failed to set close-on-exec for %s", path_dhclient_db); ++ return ISC_R_IOERROR; ++ } + } + + errno = 0; diff --git a/dhcp-4.0.0-inherit-leases.patch b/dhcp-4.0.0-inherit-leases.patch new file mode 100644 index 0000000..642fdea --- /dev/null +++ b/dhcp-4.0.0-inherit-leases.patch @@ -0,0 +1,34 @@ +diff -up dhcp-4.0.0/client/dhclient.c.inherit dhcp-4.0.0/client/dhclient.c +--- dhcp-4.0.0/client/dhclient.c.inherit 2008-08-01 11:34:29.000000000 -1000 ++++ dhcp-4.0.0/client/dhclient.c 2008-08-01 11:34:42.000000000 -1000 +@@ -2296,6 +2296,7 @@ void send_request (cpp) + { + struct client_state *client = cpp; + ++ int i; + int result; + int interval; + struct sockaddr_in destination; +@@ -2354,6 +2355,22 @@ void send_request (cpp) + /* Now do a preinit on the interface so that we can + discover a new address. */ + script_init (client, "PREINIT", (struct string_list *)0); ++ ++ /* Has an active lease */ ++ if (client -> interface -> addresses != NULL) { ++ for (i = 0; i < client -> interface -> address_count; i++) { ++ if (client -> active && ++ client -> active -> is_bootp && ++ client -> active -> expiry > cur_time && ++ client -> interface -> addresses[i].s_addr != 0 && ++ client -> active -> address.len == 4 && ++ memcpy (client -> active -> address.iabuf, &(client -> interface -> addresses[i]), 4) == 0) { ++ client_envadd (client, "", "keep_old_ip", "%s", "yes"); ++ break; ++ } ++ } ++ } ++ + if (client -> alias) + script_write_params (client, "alias_", + client -> alias); diff --git a/dhcp-4.0.0-selinux.patch b/dhcp-4.0.0-selinux.patch deleted file mode 100644 index ebcf51a..0000000 --- a/dhcp-4.0.0-selinux.patch +++ /dev/null @@ -1,48 +0,0 @@ -diff -up dhcp-4.0.0//client/dhclient.c.selinux dhcp-4.0.0//client/dhclient.c ---- dhcp-4.0.0//client/dhclient.c.selinux 2008-05-16 13:42:18.000000000 -1000 -+++ dhcp-4.0.0//client/dhclient.c 2008-05-16 13:57:54.000000000 -1000 -@@ -2908,6 +2908,11 @@ void rewrite_client_leases () - return; - } - -+ if (fcntl(leaseFile, F_SETFD, FD_CLOEXEC) == -1) { -+ log_error ("failed to set close-on-exec for %s", path_dhclient_db); -+ return; -+ } -+ - /* If there is a default duid, write it out. */ - if (default_duid.len != 0) - write_duid(&default_duid); -@@ -3011,6 +3016,10 @@ write_duid(struct data_string *duid) - log_error("can't create %s: %m", path_dhclient_db); - return ISC_R_IOERROR; - } -+ if (fcntl(leaseFile, F_SETFD, FD_CLOEXEC) == -1) { -+ log_error ("failed to set close-on-exec for %s", path_dhclient_db); -+ return ISC_R_IOERROR; -+ } - } - - /* It would make more sense to write this as a hex string, -@@ -3058,6 +3067,10 @@ write_client6_lease(struct client_state - log_error("can't create %s: %m", path_dhclient_db); - return ISC_R_IOERROR; - } -+ if (fcntl(leaseFile, F_SETFD, FD_CLOEXEC) == -1) { -+ log_error ("failed to set close-on-exec for %s", path_dhclient_db); -+ return ISC_R_IOERROR; -+ } - } - - stat = fprintf(leaseFile, "lease6 {\n"); -@@ -3161,6 +3174,10 @@ int write_client_lease (client, lease, r - log_error ("can't create %s: %m", path_dhclient_db); - return 0; - } -+ if (fcntl(leaseFile, F_SETFD, FD_CLOEXEC) == -1) { -+ log_error ("failed to set close-on-exec for %s", path_dhclient_db); -+ return ISC_R_IOERROR; -+ } - } - - errno = 0; diff --git a/dhcp.spec b/dhcp.spec index b0bbf2c..cc59fd1 100644 --- a/dhcp.spec +++ b/dhcp.spec @@ -4,7 +4,7 @@ Summary: DHCP (Dynamic Host Configuration Protocol) server and relay agent Name: dhcp Version: 4.0.0 -Release: 16%{?dist} +Release: 17%{?dist} # NEVER CHANGE THE EPOCH on this package. The previous maintainer (prior to # dcantrell maintaining the package) made incorrect use of the epoch and # that's why it is at 12 now. It should have never been used, but it was. @@ -43,8 +43,9 @@ Patch13: %{name}-4.0.0-dhclient-anycast.patch Patch14: %{name}-4.0.0-manpages.patch Patch15: %{name}-4.0.0-paths.patch Patch16: %{name}-4.0.0-NetworkManager-crash.patch -Patch17: %{name}-4.0.0-selinux.patch +Patch17: %{name}-4.0.0-FD_CLOEXEC.patch Patch18: %{name}-4.0.0-libdhcp4client.patch +Patch19: %{name}-4.0.0-inherit-leases.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: autoconf @@ -194,6 +195,9 @@ client library. # Add the libdhcp4client target (library version of dhclient) %patch18 -p1 +# If we have an active lease, do not down the interface (#453982) +%patch19 -p1 + # Copy in documentation and example scripts for LDAP patch to dhcpd %{__install} -p -m 0644 %{SOURCE5} . %{__install} -p -m 0644 %{SOURCE6} doc/ @@ -422,9 +426,18 @@ fi %{_libdir}/libdhcp4client.so %changelog +* Fri Aug 01 2008 David Cantrell - 12:4.0.0-17 +- Carry over RES_OPTIONS from ifcfg-ethX files to /etc/resolv.conf (#202923) +- Clean up Requires tags for devel packages +- Allow SEARCH variable in ifcfg files to override search path (#454152) +- Do not down interface if there is an active lease (#453982) +- Clean up how dhclient-script restarts ypbind +- Set close-on-exec on dhclient.leases for SELinux (#446632) + * Mon Jun 23 2008 David Cantrell - 12:4.0.0-16 - Remove instances of \032 in domain search option (#450042) - Make 'service dhcpd configtest' display text indicating the status +- Make sure all FDs are closed-on-exec for SELinux * Fri May 16 2008 David Cantrell - 12:4.0.0-15 - Set close-on-exec on dhclient.leases for SELinux (#446632) diff --git a/linux b/linux index 93638f0..17e2e91 100755 --- a/linux +++ b/linux @@ -47,12 +47,20 @@ make_resolv_conf() { rscf=`mktemp /tmp/XXXXXX`; echo '; generated by /sbin/dhclient-script' > $rscf - if [ -n "$new_domain_search" ]; then - echo "search ${new_domain_search//\\032/ }" >> $rscf - else - if [ -n "$new_domain_name" ]; then - echo "search ${new_domain_name//\\032/ }" >> $rscf + if [ -z "$SEARCH" ]; then + if [ -n "$new_domain_search" ]; then + echo "search ${new_domain_search//\\032/ }" >> $rscf + else + if [ -n "$new_domain_name" ]; then + echo "search ${new_domain_name//\\032/ }" >> $rscf + fi fi + else + echo "search $SEARCH" >> $rscf + fi + + if [ -n "$RES_OPTIONS" ]; then + echo "options $RES_OPTIONS" >> $rscf fi for nameserver in $new_domain_name_servers; do @@ -351,8 +359,10 @@ function dhconfig() { let contents=contents+1 fi - if [ $contents -gt 0 ] && [ -r /var/run/ypbind.pid ] && yppid=$(cat /var/run/ypbind.pid) && [ -d /proc/${yppid} ] && [ "$(if [ -x /usr/bin/readlink ]; then readlink /proc/${yppid}/exe; else echo /sbin/ypbind; fi)" = "/sbin/ypbind" ]; then - kill -HUP $yppid + if [ $contents -gt 0 ]; then + if [ -x /etc/rc.d/init.d/ypbind ] && [ -r /var/run/ypbind.pid ]; then + service ypbind restart >/dev/null 2>&1 + fi fi elif [ -n "$new_nis_servers" ]; then save_previous /etc/yp.conf @@ -364,8 +374,10 @@ function dhconfig() { let contents=contents+1 done - if [ $contents -gt 0 ] && [ -r /var/run/ypbind.pid ] && yppid=$(cat /var/run/ypbind.pid) && [ -d /proc/${yppid} ] && [ "$(if [ -x /usr/bin/readlink ]; then readlink /proc/${yppid}/exe; else echo /sbin/ypbind; fi)" = "/sbin/ypbind" ]; then - kill -HUP $yppid + if [ $contents -gt 0 ]; then + if [ -x /etc/rc.d/init.d/ypbind ] && [ -r /var/run/ypbind.pid ]; then + service ypbind restart >/dev/null 2>&1 + fi fi fi @@ -507,8 +519,8 @@ if [ x$reason = xEXPIRE ] || [ x$reason = xFAIL ] || [ x$reason = xRELEASE ] \ /bin/rm -f /etc/yp.conf /bin/mv -f /etc/yp.conf.predhclient.$interface /etc/yp.conf - if [ -r /var/run/ypbind.pid ] && yppid=$(cat /var/run/ypbind.pid) && [ -d /proc/${yppid} ] && [ "$(if [ -x /usr/bin/readlink ]; then readlink /proc/${yppid}/exe; else echo /sbin/ypbind; fi)" = "/sbin/ypbind" ]; then - kill -HUP $yppid + if [ -x /etc/rc.d/init.d/ypbind ] && [ -r /var/run/ypbind.pid ]; then + service ypbind restart >/dev/null 2>&1 fi fi fi @@ -550,10 +562,7 @@ if [ x$reason = xTIMEOUT ] && [ "x$new_routers" != 'x' ]; then exit_with_hooks 0 fi - if [ -z "${dhc_dbus}" ] || (( ( dhc_dbus & 2 ) != 2 )); then - ifconfig $interface inet 0 down - fi - + ifconfig $interface inet 0 down exit_with_hooks 1 elif [ x$reason = xTIMEOUT ]; then exit_with_hooks 1