dhcp/patches/dhcp-4.2.5-paranoia.patch

   1 diff -up dhcp-4.2.5/client/dhclient.c.paranoia dhcp-4.2.5/client/dhclient.c
   2 --- dhcp-4.2.5/client/dhclient.c.paranoia       2013-03-26 13:14:50.574542083 +0100
   3 +++ dhcp-4.2.5/client/dhclient.c        2013-03-26 13:14:50.584541964 +0100
   4 @@ -1698,11 +1698,6 @@ int write_host (host)
   5         return 0;
   6  }
   7
   8 -void db_startup (testp)
   9 -       int testp;
  10 -{
  11 -}
  12 -
  13  void bootp (packet)
  14         struct packet *packet;
  15  {
  16 diff -up dhcp-4.2.5/includes/dhcpd.h.paranoia dhcp-4.2.5/includes/dhcpd.h
  17 --- dhcp-4.2.5/includes/dhcpd.h.paranoia        2013-03-26 13:14:50.576542059 +0100
  18 +++ dhcp-4.2.5/includes/dhcpd.h 2013-03-26 13:14:50.585541952 +0100
  19 @@ -2798,7 +2798,11 @@ void commit_leases_timeout (void *);
  20  void commit_leases_readerdry(void *);
  21  int commit_leases (void);
  22  int commit_leases_timed (void);
  23 +#if defined (PARANOIA)
  24 +void db_startup (int, uid_t, gid_t);
  25 +#else
  26  void db_startup (int);
  27 +#endif /* PARANOIA */
  28  int new_lease_file (void);
  29  int group_writer (struct group_object *);
  30  int write_ia(const struct ia_xx *);
  31 diff -up dhcp-4.2.5/server/confpars.c.paranoia dhcp-4.2.5/server/confpars.c
  32 --- dhcp-4.2.5/server/confpars.c.paranoia       2013-03-26 13:14:50.522542705 +0100
  33 +++ dhcp-4.2.5/server/confpars.c        2013-03-26 13:14:50.587541928 +0100
  34 @@ -224,7 +224,11 @@ void trace_conf_input (trace_type_t *tty
  35         }
  36
  37         if (!leaseconf_initialized && ttype == trace_readleases_type) {
  38 +#if defined (PARANOIA)
  39 +               db_startup (0, 0, 0);
  40 +#else
  41                 db_startup (0);
  42 +#endif /* PARANOIA */
  43                 leaseconf_initialized = 1;
  44                 postdb_startup ();
  45         }
  46 diff -up dhcp-4.2.5/server/db.c.paranoia dhcp-4.2.5/server/db.c
  47 --- dhcp-4.2.5/server/db.c.paranoia     2013-03-26 13:14:50.522542705 +0100
  48 +++ dhcp-4.2.5/server/db.c      2013-03-26 13:14:50.588541916 +0100
  49 @@ -47,6 +47,10 @@ static int counting = 0;
  50  static int count = 0;
  51  TIME write_time;
  52  int lease_file_is_corrupt = 0;
  53 +#if defined (PARANOIA)
  54 +uid_t global_set_uid = 0;
  55 +gid_t global_set_gid = 0;
  56 +#endif /* PARANOIA */
  57
  58  /* Write a single binding scope value in parsable format.
  59   */
  60 @@ -1026,8 +1030,11 @@ int commit_leases_timed()
  61         return (1);
  62  }
  63
  64 -void db_startup (testp)
  65 -       int testp;
  66 +#if defined (PARANOIA)
  67 +void db_startup (int testp, uid_t set_uid, gid_t set_gid)
  68 +#else
  69 +void db_startup (int testp)
  70 +#endif /* PARANOIA */
  71  {
  72         isc_result_t status;
  73
  74 @@ -1046,6 +1053,11 @@ void db_startup (testp)
  75         }
  76  #endif
  77
  78 +#if defined (PARANOIA)
  79 +       global_set_uid = set_uid;
  80 +       global_set_gid = set_gid;
  81 +#endif /* PARANOIA */
  82 +
  83  #if defined (TRACING)
  84         /* If we're playing back, there is no lease file, so we can't
  85            append it, so we create one immediately (maybe this isn't
  86 @@ -1108,6 +1120,17 @@ int new_lease_file ()
  87                 log_error ("Can't create new lease file: %m");
  88                 return 0;
  89         }
  90 +
  91 +#if defined (PARANOIA)
  92 +       if (global_set_uid && !geteuid() &&
  93 +           global_set_gid && !getegid())
  94 +               if (fchown(db_fd, global_set_uid, global_set_gid)) {
  95 +                       log_fatal ("Can't chown new lease file: %m");
  96 +                       close(db_fd);
  97 +                       goto fdfail;
  98 +       }
  99 +#endif /* PARANOIA */
 100 +
 101         if ((new_db_file = fdopen(db_fd, "we")) == NULL) {
 102                 log_error("Can't fdopen new lease file: %m");
 103                 close(db_fd);
 104 diff -up dhcp-4.2.5/server/dhcpd.8.paranoia dhcp-4.2.5/server/dhcpd.8
 105 --- dhcp-4.2.5/server/dhcpd.8.paranoia  2013-01-03 01:02:25.000000000 +0100
 106 +++ dhcp-4.2.5/server/dhcpd.8   2013-03-26 13:28:16.576604471 +0100
 107 @@ -82,6 +82,18 @@ dhcpd - Dynamic Host Configuration Proto
 108  .I trace-output-file
 109  ]
 110  [
 111 +.B -user
 112 +.I user
 113 +]
 114 +[
 115 +.B -group
 116 +.I group
 117 +]
 118 +[
 119 +.B -chroot
 120 +.I dir
 121 +]
 122 +[
 123  .B -play
 124  .I trace-playback-file
 125  ]
 126 @@ -269,6 +281,15 @@ lease file.
 127  .TP
 128  .BI --version
 129  Print version number and exit.
 130 +.TP
 131 +.BI \-user \ user
 132 +Setuid to user after completing privileged operations, such as creating sockets that listen on privileged ports.
 133 +.TP
 134 +.BI \-group \ group
 135 +Setgid to group after completing privileged operations, such as creating sockets that listen on privileged ports.
 136 +.TP
 137 +.BI \-chroot \ dir
 138 +Chroot to directory after processing the command line arguments, but before reading the configuration file.
 139  .PP
 140  .I Modifying default file locations:
 141  The following options can be used to modify the locations
 142 diff -up dhcp-4.2.5/server/dhcpd.c.paranoia dhcp-4.2.5/server/dhcpd.c
 143 --- dhcp-4.2.5/server/dhcpd.c.paranoia  2013-03-26 13:14:50.523542693 +0100
 144 +++ dhcp-4.2.5/server/dhcpd.c   2013-03-26 13:14:50.589541904 +0100
 145 @@ -702,7 +702,11 @@ main(int argc, char **argv) {
 146         group_write_hook = group_writer;
 147
 148         /* Start up the database... */
 149 +#if defined (PARANOIA)
 150 +       db_startup (lftest, set_uid, set_gid);
 151 +#else
 152         db_startup (lftest);
 153 +#endif /* PARANOIA */
 154
 155         if (lftest)
 156                 exit (0);
 157 @@ -773,22 +777,6 @@ main(int argc, char **argv) {
 158                         exit (0);
 159         }
 160
 161 -#if defined (PARANOIA)
 162 -       /* change uid to the specified one */
 163 -
 164 -       if (set_gid) {
 165 -               if (setgroups (0, (void *)0))
 166 -                       log_fatal ("setgroups: %m");
 167 -               if (setgid (set_gid))
 168 -                       log_fatal ("setgid(%d): %m", (int) set_gid);
 169 -       }
 170 -
 171 -       if (set_uid) {
 172 -               if (setuid (set_uid))
 173 -                       log_fatal ("setuid(%d): %m", (int) set_uid);
 174 -       }
 175 -#endif /* PARANOIA */
 176 -
 177         /*
 178          * Deal with pid files.  If the user told us
 179          * not to write a file we don't read one either
 180 @@ -825,6 +813,22 @@ main(int argc, char **argv) {
 181                 }
 182         }
 183
 184 +#if defined (PARANOIA)
 185 +       /* change uid to the specified one */
 186 +
 187 +       if (set_gid) {
 188 +               if (setgroups (0, (void *)0))
 189 +                       log_fatal ("setgroups: %m");
 190 +               if (setgid (set_gid))
 191 +                       log_fatal ("setgid(%d): %m", (int) set_gid);
 192 +       }
 193 +
 194 +       if (set_uid) {
 195 +               if (setuid (set_uid))
 196 +                       log_fatal ("setuid(%d): %m", (int) set_uid);
 197 +       }
 198 +#endif /* PARANOIA */
 199 +
 200         /* If we were requested to log to stdout on the command line,
 201            keep doing so; otherwise, stop. */
 202         if (log_perror == -1)