diff --git a/dhclient-script b/dhclient-script index bcdcb89..4f9dff9 100644 --- a/dhclient-script +++ b/dhclient-script @@ -42,11 +42,13 @@ logmessage() { logger -p ${LOGFACILITY}.${LOGLEVEL} -t "NET" "dhclient: ${msg}" } -fix_context() { - if [ -x /sbin/restorecon ]; then +if [ -x /sbin/restorecon ]; then + fix_context() { /sbin/restorecon ${1} >/dev/null 2>&1 - fi -} + } +else + fix_context() { :; } +fi save_previous() { origfile="${1}" @@ -125,7 +127,7 @@ make_resolv_conf() { [ -n "${new_domain_name_servers}" ] || [ -n "${new_domain_search}" ]; then save_previous /etc/resolv.conf - rscf="$(mktemp /tmp/XXXXXX)" + rscf="$(mktemp ${TMPDIR:-/tmp}/XXXXXX)" echo "; generated by /sbin/dhclient-script" > ${rscf} if [ -n "${SEARCH}" ]; then @@ -165,7 +167,7 @@ make_resolv_conf() { elif [ -n "${new_dhcp6_name_servers}" ] || [ -n "${new_dhcp6_domain_search}" ]; then save_previous /etc/resolv.conf - rscf="$(mktemp /tmp/XXXXXX)" + rscf="$(mktemp ${TMPDIR:-/tmp}/XXXXXX)" echo "; generated by /sbin/dhclient-script" > ${rscf} if [ -n "${SEARCH}" ]; then @@ -299,13 +301,12 @@ is_router_reachable() { add_default_gateway() { router="${1}" - metric="" - - if [ $# -gt 1 ] && [ ${2} -gt 0 ]; then - metric="metric ${2}" - fi if is_router_reachable ${router} ; then + metric="" + if [ $# -gt 1 ] && [ ${2} -gt 0 ]; then + metric="metric ${2}" + fi ip -4 route replace default via ${router} dev ${interface} ${metric} if [ $? -ne 0 ]; then logmessage "failed to create default route: ${router} dev ${interface} ${metric}" @@ -318,6 +319,20 @@ add_default_gateway() { return 1 } +execute_client_side_configuration_scripts() { +# execute any additional client side configuration scripts we have + if [ "${1}" == "config" ] || [ "${1}" == "restore" ]; then + for f in ${ETCDIR}/dhclient.d/*.sh ; do + if [ -x ${f} ]; then + subsystem="${f%.sh}" + subsystem="${subsystem##*/}" + . ${f} + "${subsystem}_${1}" + fi + done + fi +} + flush_dev() { # Instead of bringing the interface down (#574568) # explicitly clear the ARP cache and flush all addresses & routes. @@ -383,8 +398,8 @@ dhconfig() { new_routers="" prefix="0" else - prefix=$(echo ${target} | cut -d "." -f 1) - target=$(echo ${target} | cut -d "." -f 2-) + prefix=${target%%.*} + target=${target#*.} IFS="." target_arr=(${target}) unset IFS ((pads=4-${#target_arr[@]})) @@ -402,22 +417,22 @@ dhconfig() { fi gateway=${static_routes[$i+1]} - metric='' - for t in ${route_targets[@]}; do - if [ ${t} = ${target} ]; then - if [ -z "${metric}" ]; then - metric=1 - else - ((metric=metric+1)) + if is_router_reachable ${gateway}; then + metric='' + for t in ${route_targets[@]}; do + if [ ${t} = ${target} ]; then + if [ -z "${metric}" ]; then + metric=1 + else + ((metric=metric+1)) + fi fi - fi - done + done - if [ -n "${metric}" ]; then - metric="metric ${metric}" - fi + if [ -n "${metric}" ]; then + metric="metric ${metric}" + fi - if is_router_reachable ${gateway}; then ip -4 route replace ${target}/${prefix} proto static via ${gateway} dev ${interface} ${metric} if [ $? -ne 0 ]; then @@ -430,7 +445,7 @@ dhconfig() { fi # gateways - if [[ ( "${DEFROUTE}" != "no") && + if [[ ( "${DEFROUTE}" != "no" ) && (( -z "${GATEWAYDEV}" ) || ( "${GATEWAYDEV}" = "${interface}" )) ]]; then if [[ ( -z "$GATEWAY" ) || @@ -487,42 +502,30 @@ dhconfig() { hostname ${new_host_name} || echo "See -nc option in dhclient(8) man page." fi - if [ -n "${DHCP_TIME_OFFSET_SETS_TIMEZONE}" ] && - [[ "${DHCP_TIME_OFFSET_SETS_TIMEZONE}" = [yY1]* ]]; then - if [ -n "${new_time_offset}" ]; then - # DHCP option "time-offset" is requested by default and should be - # handled. The geographical zone abbreviation cannot be determined - # from the GMT offset, but the $ZONEINFO/Etc/GMT$offset file can be - # used - note: this disables DST. - ((z=new_time_offset/3600)) - ((hoursWest=$(printf '%+d' $z))) - - if (( $hoursWest < 0 )); then - # tzdata treats negative 'hours west' as positive 'gmtoff'! - ((hoursWest*=-1)) - fi + if [[ ( "${DHCP_TIME_OFFSET_SETS_TIMEZONE}" = [yY1]* ) && + ( -n "${new_time_offset}" ) ]]; then + # DHCP option "time-offset" is requested by default and should be + # handled. The geographical zone abbreviation cannot be determined + # from the GMT offset, but the $ZONEINFO/Etc/GMT$offset file can be + # used - note: this disables DST. + ((z=new_time_offset/3600)) + ((hoursWest=$(printf '%+d' $z))) - tzfile=/usr/share/zoneinfo/Etc/GMT$(printf '%+d' ${hoursWest}) - if [ -e ${tzfile} ]; then - save_previous /etc/localtime - cp -fp ${tzfile} /etc/localtime - touch /etc/localtime - fix_context /etc/localtime - fi + if (( $hoursWest < 0 )); then + # tzdata treats negative 'hours west' as positive 'gmtoff'! + ((hoursWest*=-1)) fi - fi - # execute any additional client side configuration scripts we have - if [ -d ${ETCDIR}/dhclient.d ]; then - for f in ${ETCDIR}/dhclient.d/*.sh ; do - if [ -x ${f} ]; then - subsystem="${f%.sh}" - subsystem="${subsystem##*/}" - . ${f} - "${subsystem}_config" - fi - done + tzfile=/usr/share/zoneinfo/Etc/GMT$(printf '%+d' ${hoursWest}) + if [ -e ${tzfile} ]; then + save_previous /etc/localtime + cp -fp ${tzfile} /etc/localtime + touch /etc/localtime + fix_context /etc/localtime + fi fi + + execute_client_side_configuration_scripts "config" } # Section 18.1.8. (Receipt of Reply Messages) of RFC 3315 says: @@ -601,17 +604,7 @@ dh6config() { ;; esac - # execute any additional client side configuration scripts we have - if [ -d ${ETCDIR}/dhclient.d ]; then - for f in ${ETCDIR}/dhclient.d/*.sh ; do - if [ -x ${f} ]; then - subsystem="${f%.sh}" - subsystem="${subsystem##*/}" - . ${f} - "${subsystem}_config" - fi - done - fi + execute_client_side_configuration_scripts "config" } @@ -723,17 +716,7 @@ case "${reason}" in ip -6 addr del ${old_ip6_address}/${old_ip6_prefixlen} \ dev ${interface} - # execute any additional client side configuration scripts we have - if [ -d ${ETCDIR}/dhclient.d ]; then - for f in ${ETCDIR}/dhclient.d/*.sh ; do - if [ -x ${f} ]; then - subsystem="${f%.sh}" - subsystem="${subsystem##*/}" - . ${f} - "${subsystem}_restore" - fi - done - fi + execute_client_side_configuration_scripts "restore" if [ -x ${ETCDIR}/dhclient-${interface}-down-hooks ]; then . ${ETCDIR}/dhclient-${interface}-down-hooks @@ -756,30 +739,18 @@ case "${reason}" in rm -f ${SAVEDIR}/resolv.conf.predhclient.${interface} fi - if [ -n "${DHCP_TIME_OFFSET_SETS_TIMEZONE}" ] && - [[ "${DHCP_TIME_OFFSET_SETS_TIMEZONE}" = [yY1]* ]]; then - if [ -e ${SAVEDIR}/localtime.predhclient.${interface} ]; then - rm -f /etc/localtime - contents="$(< ${SAVEDIR}/localtime.predhclient.${interface})" - echo "${contents}" > /etc/localtime - rm -f ${SAVEDIR}/localtime.predhclient.${interface} - touch /etc/localtime - fix_context /etc/localtime - fi + if [[ ( "${DHCP_TIME_OFFSET_SETS_TIMEZONE}" = [yY1]* ) && + ( -e ${SAVEDIR}/localtime.predhclient.${interface} ) ]]; then + rm -f /etc/localtime + contents="$(< ${SAVEDIR}/localtime.predhclient.${interface})" + echo "${contents}" > /etc/localtime + rm -f ${SAVEDIR}/localtime.predhclient.${interface} + touch /etc/localtime + fix_context /etc/localtime fi fi - # execute any additional client side configuration scripts we have - if [ -d ${ETCDIR}/dhclient.d ]; then - for f in ${ETCDIR}/dhclient.d/*.sh ; do - if [ -x ${f} ]; then - subsystem="${f%.sh}" - subsystem="${subsystem##*/}" - . ${f} - "${subsystem}_restore" - fi - done - fi + execute_client_side_configuration_scripts "restore" if [ -x ${ETCDIR}/dhclient-${interface}-down-hooks ]; then . ${ETCDIR}/dhclient-${interface}-down-hooks diff --git a/dhcp.spec b/dhcp.spec index 8db9167..216c9b2 100644 --- a/dhcp.spec +++ b/dhcp.spec @@ -15,7 +15,7 @@ Summary: Dynamic host configuration protocol software Name: dhcp Version: 4.2.1 -Release: 0.1.%{prever}%{?dist} +Release: 0.2.%{prever}%{?dist} # NEVER CHANGE THE EPOCH on this package. The previous maintainer (prior to # dcantrell maintaining the package) made incorrect use of the epoch and # that's why it is at 12 now. It should have never been used, but it was. @@ -650,6 +650,9 @@ fi %attr(0644,root,root) %{_mandir}/man3/omapi.3.gz %changelog +* Fri Jan 28 2011 Jiri Popelka - 12:4.2.1-0.2.b1 +- dhclient-script improvements, thanks to Ville Skyttä (#672279) + * Thu Jan 27 2011 Jiri Popelka - 12:4.2.1-0.1.b1 - 4.2.1b1: fix for CVE-2011-0413 (#672996) - No longer need invalid-dhclient-conf, parse_date and release6-elapsed patches