From 4a364d130b918caed6d357fd5a1fcc2c35926851 Mon Sep 17 00:00:00 2001 From: Jiri Popelka Date: Mar 26 2013 12:34:34 +0000 Subject: describe -user/-group/-chroot in dhcpd.8 --- diff --git a/dhcp-4.2.4-paranoia.patch b/dhcp-4.2.4-paranoia.patch deleted file mode 100644 index 513579d..0000000 --- a/dhcp-4.2.4-paranoia.patch +++ /dev/null @@ -1,164 +0,0 @@ -diff -up dhcp-4.2.4-P2/client/dhclient.c.paranoia dhcp-4.2.4-P2/client/dhclient.c ---- dhcp-4.2.4-P2/client/dhclient.c.paranoia 2012-10-16 15:56:41.562001524 +0200 -+++ dhcp-4.2.4-P2/client/dhclient.c 2012-10-16 15:56:42.106994294 +0200 -@@ -1696,11 +1696,6 @@ int write_host (host) - return 0; - } - --void db_startup (testp) -- int testp; --{ --} -- - void bootp (packet) - struct packet *packet; - { -diff -up dhcp-4.2.4-P2/includes/dhcpd.h.paranoia dhcp-4.2.4-P2/includes/dhcpd.h ---- dhcp-4.2.4-P2/includes/dhcpd.h.paranoia 2012-10-16 15:56:41.784998564 +0200 -+++ dhcp-4.2.4-P2/includes/dhcpd.h 2012-10-16 15:56:42.108994268 +0200 -@@ -2793,7 +2793,11 @@ void commit_leases_timeout (void *); - void commit_leases_readerdry(void *); - int commit_leases (void); - int commit_leases_timed (void); -+#if defined (PARANOIA) -+void db_startup (int, uid_t, gid_t); -+#else - void db_startup (int); -+#endif /* PARANOIA */ - int new_lease_file (void); - int group_writer (struct group_object *); - int write_ia(const struct ia_xx *); -diff -up dhcp-4.2.4-P2/server/confpars.c.paranoia dhcp-4.2.4-P2/server/confpars.c ---- dhcp-4.2.4-P2/server/confpars.c.paranoia 2012-10-16 15:56:39.052034671 +0200 -+++ dhcp-4.2.4-P2/server/confpars.c 2012-10-16 15:56:42.109994255 +0200 -@@ -224,7 +224,11 @@ void trace_conf_input (trace_type_t *tty - } - - if (!leaseconf_initialized && ttype == trace_readleases_type) { -+#if defined (PARANOIA) -+ db_startup (0, 0, 0); -+#else - db_startup (0); -+#endif /* PARANOIA */ - leaseconf_initialized = 1; - postdb_startup (); - } -diff -up dhcp-4.2.4-P2/server/db.c.paranoia dhcp-4.2.4-P2/server/db.c ---- dhcp-4.2.4-P2/server/db.c.paranoia 2012-10-16 15:56:39.062034541 +0200 -+++ dhcp-4.2.4-P2/server/db.c 2012-10-16 15:56:42.110994242 +0200 -@@ -47,6 +47,10 @@ static int counting = 0; - static int count = 0; - TIME write_time; - int lease_file_is_corrupt = 0; -+#if defined (PARANOIA) -+uid_t global_set_uid = 0; -+gid_t global_set_gid = 0; -+#endif /* PARANOIA */ - - /* Write a single binding scope value in parsable format. - */ -@@ -1027,8 +1031,11 @@ int commit_leases_timed() - return (1); - } - --void db_startup (testp) -- int testp; -+#if defined (PARANOIA) -+void db_startup (int testp, uid_t set_uid, gid_t set_gid) -+#else -+void db_startup (int testp) -+#endif /* PARANOIA */ - { - isc_result_t status; - -@@ -1047,6 +1054,11 @@ void db_startup (testp) - } - #endif - -+#if defined (PARANOIA) -+ global_set_uid = set_uid; -+ global_set_gid = set_gid; -+#endif /* PARANOIA */ -+ - #if defined (TRACING) - /* If we're playing back, there is no lease file, so we can't - append it, so we create one immediately (maybe this isn't -@@ -1109,6 +1121,17 @@ int new_lease_file () - log_error ("Can't create new lease file: %m"); - return 0; - } -+ -+#if defined (PARANOIA) -+ if (global_set_uid && !geteuid() && -+ global_set_gid && !getegid()) -+ if (fchown(db_fd, global_set_uid, global_set_gid)) { -+ log_fatal ("Can't chown new lease file: %m"); -+ close(db_fd); -+ goto fdfail; -+ } -+#endif /* PARANOIA */ -+ - if ((new_db_file = fdopen(db_fd, "we")) == NULL) { - log_error("Can't fdopen new lease file: %m"); - close(db_fd); -diff -up dhcp-4.2.4-P2/server/dhcpd.c.paranoia dhcp-4.2.4-P2/server/dhcpd.c ---- dhcp-4.2.4-P2/server/dhcpd.c.paranoia 2012-10-16 15:56:39.180032998 +0200 -+++ dhcp-4.2.4-P2/server/dhcpd.c 2012-10-16 16:01:52.822804493 +0200 -@@ -700,7 +700,11 @@ main(int argc, char **argv) { - group_write_hook = group_writer; - - /* Start up the database... */ -+#if defined (PARANOIA) -+ db_startup (lftest, set_uid, set_gid); -+#else - db_startup (lftest); -+#endif /* PARANOIA */ - - if (lftest) - exit (0); -@@ -771,22 +775,6 @@ main(int argc, char **argv) { - exit (0); - } - --#if defined (PARANOIA) -- /* change uid to the specified one */ -- -- if (set_gid) { -- if (setgroups (0, (void *)0)) -- log_fatal ("setgroups: %m"); -- if (setgid (set_gid)) -- log_fatal ("setgid(%d): %m", (int) set_gid); -- } -- -- if (set_uid) { -- if (setuid (set_uid)) -- log_fatal ("setuid(%d): %m", (int) set_uid); -- } --#endif /* PARANOIA */ -- - /* - * Deal with pid files. If the user told us - * not to write a file we don't read one either -@@ -823,6 +811,22 @@ main(int argc, char **argv) { - } - } - -+#if defined (PARANOIA) -+ /* change uid to the specified one */ -+ -+ if (set_gid) { -+ if (setgroups (0, (void *)0)) -+ log_fatal ("setgroups: %m"); -+ if (setgid (set_gid)) -+ log_fatal ("setgid(%d): %m", (int) set_gid); -+ } -+ -+ if (set_uid) { -+ if (setuid (set_uid)) -+ log_fatal ("setuid(%d): %m", (int) set_uid); -+ } -+#endif /* PARANOIA */ -+ - /* If we were requested to log to stdout on the command line, - keep doing so; otherwise, stop. */ - if (log_perror == -1) diff --git a/dhcp-4.2.5-paranoia.patch b/dhcp-4.2.5-paranoia.patch new file mode 100644 index 0000000..05affdd --- /dev/null +++ b/dhcp-4.2.5-paranoia.patch @@ -0,0 +1,202 @@ +diff -up dhcp-4.2.5/client/dhclient.c.paranoia dhcp-4.2.5/client/dhclient.c +--- dhcp-4.2.5/client/dhclient.c.paranoia 2013-03-26 13:14:50.574542083 +0100 ++++ dhcp-4.2.5/client/dhclient.c 2013-03-26 13:14:50.584541964 +0100 +@@ -1698,11 +1698,6 @@ int write_host (host) + return 0; + } + +-void db_startup (testp) +- int testp; +-{ +-} +- + void bootp (packet) + struct packet *packet; + { +diff -up dhcp-4.2.5/includes/dhcpd.h.paranoia dhcp-4.2.5/includes/dhcpd.h +--- dhcp-4.2.5/includes/dhcpd.h.paranoia 2013-03-26 13:14:50.576542059 +0100 ++++ dhcp-4.2.5/includes/dhcpd.h 2013-03-26 13:14:50.585541952 +0100 +@@ -2798,7 +2798,11 @@ void commit_leases_timeout (void *); + void commit_leases_readerdry(void *); + int commit_leases (void); + int commit_leases_timed (void); ++#if defined (PARANOIA) ++void db_startup (int, uid_t, gid_t); ++#else + void db_startup (int); ++#endif /* PARANOIA */ + int new_lease_file (void); + int group_writer (struct group_object *); + int write_ia(const struct ia_xx *); +diff -up dhcp-4.2.5/server/confpars.c.paranoia dhcp-4.2.5/server/confpars.c +--- dhcp-4.2.5/server/confpars.c.paranoia 2013-03-26 13:14:50.522542705 +0100 ++++ dhcp-4.2.5/server/confpars.c 2013-03-26 13:14:50.587541928 +0100 +@@ -224,7 +224,11 @@ void trace_conf_input (trace_type_t *tty + } + + if (!leaseconf_initialized && ttype == trace_readleases_type) { ++#if defined (PARANOIA) ++ db_startup (0, 0, 0); ++#else + db_startup (0); ++#endif /* PARANOIA */ + leaseconf_initialized = 1; + postdb_startup (); + } +diff -up dhcp-4.2.5/server/db.c.paranoia dhcp-4.2.5/server/db.c +--- dhcp-4.2.5/server/db.c.paranoia 2013-03-26 13:14:50.522542705 +0100 ++++ dhcp-4.2.5/server/db.c 2013-03-26 13:14:50.588541916 +0100 +@@ -47,6 +47,10 @@ static int counting = 0; + static int count = 0; + TIME write_time; + int lease_file_is_corrupt = 0; ++#if defined (PARANOIA) ++uid_t global_set_uid = 0; ++gid_t global_set_gid = 0; ++#endif /* PARANOIA */ + + /* Write a single binding scope value in parsable format. + */ +@@ -1026,8 +1030,11 @@ int commit_leases_timed() + return (1); + } + +-void db_startup (testp) +- int testp; ++#if defined (PARANOIA) ++void db_startup (int testp, uid_t set_uid, gid_t set_gid) ++#else ++void db_startup (int testp) ++#endif /* PARANOIA */ + { + isc_result_t status; + +@@ -1046,6 +1053,11 @@ void db_startup (testp) + } + #endif + ++#if defined (PARANOIA) ++ global_set_uid = set_uid; ++ global_set_gid = set_gid; ++#endif /* PARANOIA */ ++ + #if defined (TRACING) + /* If we're playing back, there is no lease file, so we can't + append it, so we create one immediately (maybe this isn't +@@ -1108,6 +1120,17 @@ int new_lease_file () + log_error ("Can't create new lease file: %m"); + return 0; + } ++ ++#if defined (PARANOIA) ++ if (global_set_uid && !geteuid() && ++ global_set_gid && !getegid()) ++ if (fchown(db_fd, global_set_uid, global_set_gid)) { ++ log_fatal ("Can't chown new lease file: %m"); ++ close(db_fd); ++ goto fdfail; ++ } ++#endif /* PARANOIA */ ++ + if ((new_db_file = fdopen(db_fd, "we")) == NULL) { + log_error("Can't fdopen new lease file: %m"); + close(db_fd); +diff -up dhcp-4.2.5/server/dhcpd.8.paranoia dhcp-4.2.5/server/dhcpd.8 +--- dhcp-4.2.5/server/dhcpd.8.paranoia 2013-01-03 01:02:25.000000000 +0100 ++++ dhcp-4.2.5/server/dhcpd.8 2013-03-26 13:28:16.576604471 +0100 +@@ -82,6 +82,18 @@ dhcpd - Dynamic Host Configuration Proto + .I trace-output-file + ] + [ ++.B -user ++.I user ++] ++[ ++.B -group ++.I group ++] ++[ ++.B -chroot ++.I dir ++] ++[ + .B -play + .I trace-playback-file + ] +@@ -269,6 +281,15 @@ lease file. + .TP + .BI --version + Print version number and exit. ++.TP ++.BI \-user \ user ++Setuid to user after completing privileged operations, such as creating sockets that listen on privileged ports. ++.TP ++.BI \-group \ group ++Setgid to group after completing privileged operations, such as creating sockets that listen on privileged ports. ++.TP ++.BI \-chroot \ dir ++Chroot to directory after processing the command line arguments, but before reading the configuration file. + .PP + .I Modifying default file locations: + The following options can be used to modify the locations +diff -up dhcp-4.2.5/server/dhcpd.c.paranoia dhcp-4.2.5/server/dhcpd.c +--- dhcp-4.2.5/server/dhcpd.c.paranoia 2013-03-26 13:14:50.523542693 +0100 ++++ dhcp-4.2.5/server/dhcpd.c 2013-03-26 13:14:50.589541904 +0100 +@@ -702,7 +702,11 @@ main(int argc, char **argv) { + group_write_hook = group_writer; + + /* Start up the database... */ ++#if defined (PARANOIA) ++ db_startup (lftest, set_uid, set_gid); ++#else + db_startup (lftest); ++#endif /* PARANOIA */ + + if (lftest) + exit (0); +@@ -773,22 +777,6 @@ main(int argc, char **argv) { + exit (0); + } + +-#if defined (PARANOIA) +- /* change uid to the specified one */ +- +- if (set_gid) { +- if (setgroups (0, (void *)0)) +- log_fatal ("setgroups: %m"); +- if (setgid (set_gid)) +- log_fatal ("setgid(%d): %m", (int) set_gid); +- } +- +- if (set_uid) { +- if (setuid (set_uid)) +- log_fatal ("setuid(%d): %m", (int) set_uid); +- } +-#endif /* PARANOIA */ +- + /* + * Deal with pid files. If the user told us + * not to write a file we don't read one either +@@ -825,6 +813,22 @@ main(int argc, char **argv) { + } + } + ++#if defined (PARANOIA) ++ /* change uid to the specified one */ ++ ++ if (set_gid) { ++ if (setgroups (0, (void *)0)) ++ log_fatal ("setgroups: %m"); ++ if (setgid (set_gid)) ++ log_fatal ("setgid(%d): %m", (int) set_gid); ++ } ++ ++ if (set_uid) { ++ if (setuid (set_uid)) ++ log_fatal ("setuid(%d): %m", (int) set_uid); ++ } ++#endif /* PARANOIA */ ++ + /* If we were requested to log to stdout on the command line, + keep doing so; otherwise, stop. */ + if (log_perror == -1) diff --git a/dhcp.spec b/dhcp.spec index c3f07b5..1df5970 100644 --- a/dhcp.spec +++ b/dhcp.spec @@ -18,7 +18,7 @@ Summary: Dynamic host configuration protocol software Name: dhcp Version: 4.2.5 -Release: 7%{?dist} +Release: 8%{?dist} # NEVER CHANGE THE EPOCH on this package. The previous maintainer (prior to # dcantrell maintaining the package) made incorrect use of the epoch and # that's why it is at 12 now. It should have never been used, but it was. @@ -62,7 +62,7 @@ Patch28: dhcp-4.2.5-remove-bind.patch Patch29: dhcp-4.2.4-P1-remove-dst.patch Patch30: dhcp-4.2.5-sharedlib.patch Patch31: dhcp-4.2.5-PPP.patch -Patch32: dhcp-4.2.4-paranoia.patch +Patch32: dhcp-4.2.5-paranoia.patch Patch33: dhcp-4.2.5-lpf-ib.patch Patch34: dhcp-4.2.4-improved-xid.patch Patch35: dhcp-4.2.2-gpxe-cid.patch @@ -577,6 +577,9 @@ done %changelog +* Tue Mar 26 2013 Jiri Popelka - 12:4.2.5-8 +- describe -user/-group/-chroot in dhcpd.8 + * Fri Feb 22 2013 Jiri Popelka - 12:4.2.5-7 - remove triggerun condition (#895475)