]>
Commit | Line | Data |
---|---|---|
78ab9b04 MT |
1 | diff -up dhcp-4.2.2b1/client/dhclient.8.capability dhcp-4.2.2b1/client/dhclient.8 |
2 | --- dhcp-4.2.2b1/client/dhclient.8.capability 2011-07-01 15:09:06.603784531 +0200 | |
3 | +++ dhcp-4.2.2b1/client/dhclient.8 2011-07-01 15:09:06.663783913 +0200 | |
4 | @@ -118,6 +118,9 @@ dhclient - Dynamic Host Configuration Pr | |
5 | .B -w | |
6 | ] | |
7 | [ | |
8 | +.B -nc | |
9 | +] | |
10 | +[ | |
11 | .B -B | |
12 | ] | |
13 | [ | |
14 | @@ -296,6 +299,32 @@ has been added or removed, so that the c | |
15 | address on that interface. | |
16 | ||
17 | .TP | |
18 | +.BI \-nc | |
19 | +Do not drop capabilities. | |
20 | + | |
21 | +Normally, if | |
22 | +.B dhclient | |
23 | +was compiled with libcap-ng support, | |
24 | +.B dhclient | |
25 | +drops most capabilities immediately upon startup. While more secure, | |
26 | +this greatly restricts the additional actions that hooks in | |
27 | +.B dhclient-script (8) | |
28 | +can take. (For example, any daemons that | |
29 | +.B dhclient-script (8) | |
30 | +starts or restarts will inherit the restricted capabilities as well, | |
31 | +which may interfere with their correct operation.) Thus, the | |
32 | +.BI \-nc | |
33 | +option can be used to prevent | |
34 | +.B dhclient | |
35 | +from dropping capabilities. | |
36 | + | |
37 | +The | |
38 | +.BI \-nc | |
39 | +option is ignored if | |
40 | +.B dhclient | |
41 | +was not compiled with libcap-ng support. | |
42 | + | |
43 | +.TP | |
44 | .BI \-B | |
45 | Set the BOOTP broadcast flag in request packets so servers will always | |
46 | broadcast replies. | |
47 | diff -up dhcp-4.2.2b1/client/dhclient.c.capability dhcp-4.2.2b1/client/dhclient.c | |
48 | --- dhcp-4.2.2b1/client/dhclient.c.capability 2011-07-01 15:09:06.644784107 +0200 | |
49 | +++ dhcp-4.2.2b1/client/dhclient.c 2011-07-01 15:09:06.664783903 +0200 | |
50 | @@ -39,6 +39,10 @@ | |
51 | #include <limits.h> | |
52 | #include <dns/result.h> | |
53 | ||
54 | +#ifdef HAVE_LIBCAP_NG | |
55 | +#include <cap-ng.h> | |
56 | +#endif | |
57 | + | |
58 | /* | |
59 | * Defined in stdio.h when _GNU_SOURCE is set, but we don't want to define | |
60 | * that when building ISC code. | |
61 | @@ -141,6 +145,9 @@ main(int argc, char **argv) { | |
62 | int timeout_arg = 0; | |
63 | char *arg_conf = NULL; | |
64 | int arg_conf_len = 0; | |
65 | +#ifdef HAVE_LIBCAP_NG | |
66 | + int keep_capabilities = 0; | |
67 | +#endif | |
68 | ||
69 | /* Initialize client globals. */ | |
70 | memset(&default_duid, 0, sizeof(default_duid)); | |
71 | @@ -410,6 +417,10 @@ main(int argc, char **argv) { | |
72 | } | |
73 | ||
74 | dhclient_request_options = argv[i]; | |
75 | + } else if (!strcmp(argv[i], "-nc")) { | |
76 | +#ifdef HAVE_LIBCAP_NG | |
77 | + keep_capabilities = 1; | |
78 | +#endif | |
79 | } else if (argv[i][0] == '-') { | |
80 | usage(); | |
81 | } else if (interfaces_requested < 0) { | |
82 | @@ -458,6 +469,19 @@ main(int argc, char **argv) { | |
83 | path_dhclient_script = s; | |
84 | } | |
85 | ||
86 | +#ifdef HAVE_LIBCAP_NG | |
87 | + /* Drop capabilities */ | |
88 | + if (!keep_capabilities) { | |
89 | + capng_clear(CAPNG_SELECT_CAPS); | |
90 | + capng_update(CAPNG_ADD, CAPNG_EFFECTIVE|CAPNG_PERMITTED, | |
91 | + CAP_DAC_OVERRIDE); // Drop this someday | |
92 | + capng_updatev(CAPNG_ADD, CAPNG_EFFECTIVE|CAPNG_PERMITTED, | |
93 | + CAP_NET_ADMIN, CAP_NET_RAW, | |
94 | + CAP_NET_BIND_SERVICE, CAP_SYS_ADMIN, -1); | |
95 | + capng_apply(CAPNG_SELECT_CAPS); | |
96 | + } | |
97 | +#endif | |
98 | + | |
99 | /* Set up the initial dhcp option universe. */ | |
100 | initialize_common_option_spaces(); | |
101 | ||
102 | diff -up dhcp-4.2.2b1/client/dhclient-script.8.capability dhcp-4.2.2b1/client/dhclient-script.8 | |
103 | --- dhcp-4.2.2b1/client/dhclient-script.8.capability 2011-07-01 15:09:06.604784521 +0200 | |
104 | +++ dhcp-4.2.2b1/client/dhclient-script.8 2011-07-01 15:09:06.666783883 +0200 | |
105 | @@ -239,6 +239,16 @@ repeatedly initialized to the values pro | |
106 | the other. Assuming the information provided by both servers is | |
107 | valid, this shouldn't cause any real problems, but it could be | |
108 | confusing. | |
109 | +.PP | |
110 | +Normally, if dhclient was compiled with libcap-ng support, | |
111 | +dhclient drops most capabilities immediately upon startup. | |
112 | +While more secure, this greatly restricts the additional actions that | |
113 | +hooks in dhclient-script can take. For example, any daemons that | |
114 | +dhclient-script starts or restarts will inherit the restricted | |
115 | +capabilities as well, which may interfere with their correct operation. | |
116 | +Thus, the | |
117 | +.BI \-nc | |
118 | +option can be used to prevent dhclient from dropping capabilities. | |
119 | .SH SEE ALSO | |
120 | dhclient(8), dhcpd(8), dhcrelay(8), dhclient.conf(5) and | |
121 | dhclient.leases(5). | |
122 | diff -up dhcp-4.2.2b1/client/Makefile.am.capability dhcp-4.2.2b1/client/Makefile.am | |
123 | --- dhcp-4.2.2b1/client/Makefile.am.capability 2011-07-01 15:09:06.526785327 +0200 | |
124 | +++ dhcp-4.2.2b1/client/Makefile.am 2011-07-01 15:09:06.667783873 +0200 | |
125 | @@ -5,7 +5,7 @@ dhclient_SOURCES = clparse.c dhclient.c | |
126 | scripts/netbsd scripts/nextstep scripts/openbsd \ | |
127 | scripts/solaris scripts/openwrt | |
128 | dhclient_LDADD = ../common/libdhcp.a ../omapip/libomapi.a \ | |
129 | - $(BIND9_LIBDIR) -ldns-export -lisc-export | |
130 | + $(BIND9_LIBDIR) -ldns-export -lisc-export $(CAPNG_LDADD) | |
131 | man_MANS = dhclient.8 dhclient-script.8 dhclient.conf.5 dhclient.leases.5 | |
132 | EXTRA_DIST = $(man_MANS) | |
133 | ||
134 | diff -up dhcp-4.2.2b1/configure.ac.capability dhcp-4.2.2b1/configure.ac | |
135 | --- dhcp-4.2.2b1/configure.ac.capability 2011-07-01 15:09:06.527785317 +0200 | |
136 | +++ dhcp-4.2.2b1/configure.ac 2011-07-01 15:09:06.667783873 +0200 | |
137 | @@ -449,6 +449,41 @@ AC_TRY_LINK( | |
138 | # Look for optional headers. | |
139 | AC_CHECK_HEADERS(sys/socket.h net/if_dl.h net/if6.h regex.h) | |
140 | ||
141 | +# look for capabilities library | |
142 | +AC_ARG_WITH(libcap-ng, | |
143 | + [ --with-libcap-ng=[auto/yes/no] Add Libcap-ng support [default=auto]],, | |
144 | + with_libcap_ng=auto) | |
145 | + | |
146 | +# Check for Libcap-ng API | |
147 | +# | |
148 | +# libcap-ng detection | |
149 | +if test x$with_libcap_ng = xno ; then | |
150 | + have_libcap_ng=no; | |
151 | +else | |
152 | + # Start by checking for header file | |
153 | + AC_CHECK_HEADER(cap-ng.h, capng_headers=yes, capng_headers=no) | |
154 | + | |
155 | + # See if we have libcap-ng library | |
156 | + AC_CHECK_LIB(cap-ng, capng_clear, | |
157 | + CAPNG_LDADD=-lcap-ng,) | |
158 | + | |
159 | + # Check results are usable | |
160 | + if test x$with_libcap_ng = xyes -a x$CAPNG_LDADD = x ; then | |
161 | + AC_MSG_ERROR(libcap-ng support was requested and the library was not found) | |
162 | + fi | |
163 | + if test x$CAPNG_LDADD != x -a $capng_headers = no ; then | |
164 | + AC_MSG_ERROR(libcap-ng libraries found but headers are missing) | |
165 | + fi | |
166 | +fi | |
167 | +AC_SUBST(CAPNG_LDADD) | |
168 | +AC_MSG_CHECKING(whether to use libcap-ng) | |
169 | +if test x$CAPNG_LDADD != x ; then | |
170 | + AC_DEFINE(HAVE_LIBCAP_NG,1,[libcap-ng support]) | |
171 | + AC_MSG_RESULT(yes) | |
172 | +else | |
173 | + AC_MSG_RESULT(no) | |
174 | +fi | |
175 | + | |
176 | # Solaris needs some libraries for functions | |
177 | AC_SEARCH_LIBS(socket, [socket]) | |
178 | AC_SEARCH_LIBS(inet_ntoa, [nsl]) | |
179 | diff -up dhcp-4.2.2b1/relay/dhcrelay.c.capability dhcp-4.2.2b1/relay/dhcrelay.c | |
180 | --- dhcp-4.2.2b1/relay/dhcrelay.c.capability 2011-07-01 15:09:06.626784295 +0200 | |
181 | +++ dhcp-4.2.2b1/relay/dhcrelay.c 2011-07-01 15:12:05.362223794 +0200 | |
182 | @@ -36,6 +36,11 @@ | |
183 | #include <syslog.h> | |
184 | #include <sys/time.h> | |
185 | ||
186 | +#ifdef HAVE_LIBCAP_NG | |
187 | +# include <cap-ng.h> | |
188 | + int keep_capabilities = 0; | |
189 | +#endif | |
190 | + | |
191 | TIME default_lease_time = 43200; /* 12 hours... */ | |
192 | TIME max_lease_time = 86400; /* 24 hours... */ | |
193 | struct tree_cache *global_options[256]; | |
194 | @@ -356,6 +361,10 @@ main(int argc, char **argv) { | |
195 | sl->next = upstreams; | |
196 | upstreams = sl; | |
197 | #endif | |
198 | + } else if (!strcmp(argv[i], "-nc")) { | |
199 | +#ifdef HAVE_LIBCAP_NG | |
200 | + keep_capabilities = 1; | |
201 | +#endif | |
202 | } else if (!strcmp(argv[i], "-pf")) { | |
203 | if (++i == argc) | |
204 | usage(); | |
205 | @@ -426,6 +435,17 @@ main(int argc, char **argv) { | |
206 | #endif | |
207 | } | |
208 | ||
209 | +#ifdef HAVE_LIBCAP_NG | |
210 | + /* Drop capabilities */ | |
211 | + if (!keep_capabilities) { | |
212 | + capng_clear(CAPNG_SELECT_BOTH); | |
213 | + capng_updatev(CAPNG_ADD, CAPNG_EFFECTIVE|CAPNG_PERMITTED, | |
214 | + CAP_NET_RAW, CAP_NET_BIND_SERVICE, -1); | |
215 | + capng_apply(CAPNG_SELECT_BOTH); | |
216 | + log_info ("Dropped all unnecessary capabilities."); | |
217 | + } | |
218 | +#endif | |
219 | + | |
220 | if (!quiet) { | |
221 | log_info("%s %s", message, PACKAGE_VERSION); | |
222 | log_info(copyright); | |
223 | @@ -573,6 +593,15 @@ main(int argc, char **argv) { | |
224 | dhcpv6_packet_handler = do_packet6; | |
225 | #endif | |
226 | ||
227 | +#ifdef HAVE_LIBCAP_NG | |
228 | + /* Drop all capabilities */ | |
229 | + if (!keep_capabilities) { | |
230 | + capng_clear(CAPNG_SELECT_BOTH); | |
231 | + capng_apply(CAPNG_SELECT_BOTH); | |
232 | + log_info ("Dropped all capabilities."); | |
233 | + } | |
234 | +#endif | |
235 | + | |
236 | /* Start dispatching packets and timeouts... */ | |
237 | dispatch(); | |
238 | ||
239 | diff -up dhcp-4.2.2b1/relay/Makefile.am.capability dhcp-4.2.2b1/relay/Makefile.am | |
240 | --- dhcp-4.2.2b1/relay/Makefile.am.capability 2011-07-01 15:09:06.546785121 +0200 | |
241 | +++ dhcp-4.2.2b1/relay/Makefile.am 2011-07-01 15:09:06.670783841 +0200 | |
242 | @@ -3,7 +3,7 @@ AM_CPPFLAGS = -DLOCALSTATEDIR='"@localst | |
243 | sbin_PROGRAMS = dhcrelay | |
244 | dhcrelay_SOURCES = dhcrelay.c | |
245 | dhcrelay_LDADD = ../common/libdhcp.a ../omapip/libomapi.a \ | |
246 | - $(BIND9_LIBDIR) -ldns-export -lisc-export | |
247 | + $(BIND9_LIBDIR) -ldns-export -lisc-export $(CAPNG_LDADD) | |
248 | man_MANS = dhcrelay.8 | |
249 | EXTRA_DIST = $(man_MANS) | |
250 | ||
251 | diff -up dhcp-4.2.2b1/server/dhcpd.c.capability dhcp-4.2.2b1/server/dhcpd.c | |
252 | --- dhcp-4.2.2b1/server/dhcpd.c.capability 2011-07-01 15:09:06.636784192 +0200 | |
253 | +++ dhcp-4.2.2b1/server/dhcpd.c 2011-07-01 15:09:06.670783841 +0200 | |
254 | @@ -58,6 +58,11 @@ static const char url [] = | |
255 | # undef group | |
256 | #endif /* PARANOIA */ | |
257 | ||
258 | +#ifdef HAVE_LIBCAP_NG | |
259 | +# include <cap-ng.h> | |
260 | + int keep_capabilities = 0; | |
261 | +#endif | |
262 | + | |
263 | static void usage(void); | |
264 | ||
265 | struct iaddr server_identifier; | |
266 | @@ -403,6 +408,10 @@ main(int argc, char **argv) { | |
267 | traceinfile = argv [i]; | |
268 | trace_replay_init (); | |
269 | #endif /* TRACING */ | |
270 | + } else if (!strcmp(argv[i], "-nc")) { | |
271 | +#ifdef HAVE_LIBCAP_NG | |
272 | + keep_capabilities = 1; | |
273 | +#endif | |
274 | } else if (argv [i][0] == '-') { | |
275 | usage (); | |
276 | } else { | |
277 | @@ -459,6 +468,17 @@ main(int argc, char **argv) { | |
278 | } | |
279 | #endif /* DHCPv6 */ | |
280 | ||
281 | +#ifdef HAVE_LIBCAP_NG | |
282 | + /* Drop capabilities */ | |
283 | + if (!keep_capabilities) { | |
284 | + capng_clear(CAPNG_SELECT_BOTH); | |
285 | + capng_updatev(CAPNG_ADD, CAPNG_EFFECTIVE|CAPNG_PERMITTED, | |
286 | + CAP_NET_RAW, CAP_NET_BIND_SERVICE, CAP_SYS_CHROOT, CAP_SETUID, CAP_SETGID, -1); | |
287 | + capng_apply(CAPNG_SELECT_BOTH); | |
288 | + log_info ("Dropped all unnecessary capabilities."); | |
289 | + } | |
290 | +#endif | |
291 | + | |
292 | /* | |
293 | * convert relative path names to absolute, for files that need | |
294 | * to be reopened after chdir() has been called | |
295 | @@ -859,6 +879,15 @@ main(int argc, char **argv) { | |
296 | omapi_set_int_value ((omapi_object_t *)dhcp_control_object, | |
297 | (omapi_object_t *)0, "state", server_running); | |
298 | ||
299 | +#ifdef HAVE_LIBCAP_NG | |
300 | + /* Drop all capabilities */ | |
301 | + if (!keep_capabilities) { | |
302 | + capng_clear(CAPNG_SELECT_BOTH); | |
303 | + capng_apply(CAPNG_SELECT_BOTH); | |
304 | + log_info ("Dropped all capabilities."); | |
305 | + } | |
306 | +#endif | |
307 | + | |
308 | /* Receive packets and dispatch them... */ | |
309 | dispatch (); | |
310 | ||
311 | diff -up dhcp-4.2.2b1/server/Makefile.am.capability dhcp-4.2.2b1/server/Makefile.am | |
312 | --- dhcp-4.2.2b1/server/Makefile.am.capability 2011-07-01 15:09:06.546785121 +0200 | |
313 | +++ dhcp-4.2.2b1/server/Makefile.am 2011-07-01 15:09:06.671783830 +0200 | |
314 | @@ -8,7 +8,8 @@ dhcpd_SOURCES = dhcpd.c dhcp.c bootp.c c | |
315 | ||
316 | dhcpd_CFLAGS = $(LDAP_CFLAGS) | |
317 | dhcpd_LDADD = ../common/libdhcp.a ../omapip/libomapi.a \ | |
318 | - ../dhcpctl/libdhcpctl.a $(BIND9_LIBDIR) -ldns-export -lisc-export | |
319 | + ../dhcpctl/libdhcpctl.a $(BIND9_LIBDIR) -ldns-export -lisc-export \ | |
320 | + $(CAPNG_LDADD) | |
321 | ||
322 | man_MANS = dhcpd.8 dhcpd.conf.5 dhcpd.leases.5 | |
323 | EXTRA_DIST = $(man_MANS) |