privsep: Allow a blank string to force privsep users home directory

So FreeBSD users can set it like other OS's if they so choose.

diff --git a/Makefile.inc b/Makefile.inc
index 6775f7f0e2fd0076a4e04c4e00968078e85682cb..1920880857dc4d8ff56eed6925719eed4154ae64 100644 (file)
--- a/Makefile.inc
+++ b/Makefile.inc
@@ -33,5 +33,6 @@ SED_STATUSARG=                -e 's:@STATUSARG@:${STATUSARG}:g'
 SED_SCRIPT=            -e 's:@SCRIPT@:${SCRIPT}:g'
 SED_SYS=               -e 's:@SYSCONFDIR@:${SYSCONFDIR}:g'
 SED_DEFAULT_HOSTNAME=  -e 's:@DEFAULT_HOSTNAME@:${DEFAULT_HOSTNAME}:g'
-SED_CHROOT?=           -e 's:@CHDIR^@::g' -e 's:@CHDIR$$@::g' -e '/@CHDIR@/d'
+SED_CHROOT?=           -e 's:@CHDIR^@::g' -e 's:@CHDIR$$@::g' \
+       -e '/@CHDIR1@/d' -e '/@CHDIR2@/d'
 SED_PRIVSEP_USER=      -e 's:@PRIVSEP_USER@:${PRIVSEP_USER}:g'

diff --git a/configure b/configure
index 58fcd808158c5c4aa0ba92e7b3f2afc48445106c..ebf104c48f2fe2b475849a9ec81f7f62aecb33a1 100755 (executable)
--- a/configure
+++ b/configure
@@ -583,7 +583,11 @@ if [ "$PRIVSEP" = yes ]; then
        echo "PRIVSEP_USER?=    $PRIVSEP_USER" >>$CONFIG_MK
        if [ -n "$PRIVSEP_CHROOT" ]; then
                echo "PRIVSEP_CHROOT=   $PRIVSEP_CHROOT" >>$CONFIG_MK
-               echo "SED_CHROOT=       -e 's:@CHDIR^@.*@CHDIR\$\$@:default of:g' -e 's:@CHDIR@:.Pa \${PRIVSEP_CHROOT} .:g'" >>$CONFIG_MK
+               cat <<EOF >>$CONFIG_MK
+SED_CHROOT=    -e 's:@CHDIR^@.*@CHDIR\$\$@:default of:g' \\
+       -e 's:@CHDIR1@:.Pa \${PRIVSEP_CHROOT} .:g' \\
+       -e 's:@CHDIR2@:A blank string chroots to the privileged separation users home directory.:g'
+EOF
        fi
        echo "#ifndef PRIVSEP_USER" >>$CONFIG_H
        echo "#define PRIVSEP_USER               \"$PRIVSEP_USER\"" >>$CONFIG_H

diff --git a/src/dhcpcd.8.in b/src/dhcpcd.8.in
index 83d090f50904051f9acf70eda8f9c72864c45103..4188d6be8be7c61d0b0b9392d4a0483b2ee4f7a0 100644 (file)
--- a/src/dhcpcd.8.in
+++ b/src/dhcpcd.8.in
@@ -269,7 +269,8 @@ to the
 .Ar chroot
 directory rather than the
 @CHDIR^@privilege separation users home directory.@CHDIR$@
-@CHDIR@
+@CHDIR1@
+@CHDIR2@
 The privilege separation user is @PRIVSEP_USER@.
 .It Fl D , Fl Fl duid
 Use a DHCP Unique Identifier.

diff --git a/src/dhcpcd.c b/src/dhcpcd.c
index 71ae45ac9b49803f08d09fec8eb876e0396d0241..060f2e935d0df02f08e824d88e0697ea9c2397e2 100644 (file)
--- a/src/dhcpcd.c
+++ b/src/dhcpcd.c
@@ -1896,7 +1896,15 @@ main(int argc, char **argv)
                        break;
 #ifdef PRIVSEP
                case O_CHROOT:
-                       ctx.ps_chroot = optarg;
+#ifdef PRIVSEP_CHROOT
+                       if (*optarg == '\0' ||
+                           (((optarg[0] == '"' && optarg[1] == '"') ||
+                             (optarg[0] == '\'' && optarg[1] == '\'')) &&
+                            optarg[2] == '\0'))
+                               ctx.ps_chroot = NULL;
+                       else
+#endif
+                               ctx.ps_chroot = optarg;
                        break;
 #endif
                case '?':