Attachment #1216 for bug #8346

View | Details | Raw Unified | Return to bug 8346
Collapse All | Expand All

Lines 112-117 int main (argc, argv, envp) Link Here

(-)dhcp-3.0.3.orig/client/dhclient.c (+1 lines)
112	} else if (i != -1)	112	} else if (i != -1)
113	close (i);	113	close (i);
114		114
		115	tzset();
115	#ifdef SYSLOG_4_2	116	#ifdef SYSLOG_4_2
116	openlog ("dhclient", LOG_NDELAY);	117	openlog ("dhclient", LOG_NDELAY);
117	log_priority = LOG_DAEMON;	118	log_priority = LOG_DAEMON;

Lines 102-107 int main (int argc, char argv, char Link Here

(-)dhcp-3.0.3.orig/dhcpctl/omshell.c (+1 lines)
102	}	102	}
103		103
104	/* Initially, log errors to stderr as well as to syslogd. */	104	/* Initially, log errors to stderr as well as to syslogd. */
		105	tzset();
105	#ifdef SYSLOG_4_2	106	#ifdef SYSLOG_4_2
106	openlog ("omshell", LOG_NDELAY);	107	openlog ("omshell", LOG_NDELAY);
107	log_priority = DHCPD_LOG_FACILITY;	108	log_priority = DHCPD_LOG_FACILITY;

Lines 83-93 extern int h_errno; Link Here

(-)dhcp-3.0.3.orig/includes/cf/linux.h (-2 / +2 lines)
83	directory. */	83	directory. */
84		84
85	#ifndef _PATH_DHCPD_DB	85	#ifndef _PATH_DHCPD_DB
86	#define _PATH_DHCPD_DB "/var/lib/dhcp/dhcpd.leases"	86	#define _PATH_DHCPD_DB "/state/dhcpd.leases"
87	#endif	87	#endif
88		88
89	#ifndef _PATH_DHCLIENT_DB	89	#ifndef _PATH_DHCLIENT_DB
90	#define _PATH_DHCLIENT_DB "/var/lib/dhcp/dhclient.leases"	90	#define _PATH_DHCLIENT_DB "/var/lib/dhcp/dhclient/state/dhclient.leases"
91	#endif	91	#endif
92		92
93	/* Varargs stuff... */	93	/* Varargs stuff... */

Lines 77-82 dhcrelay - Dynamic Host Configuration Pr Link Here

(-)dhcp-3.0.3.orig/relay/dhcrelay.8 (-2 / +20 lines)
77	\|	77	\|
78	.I discard	78	.I discard
79	]	79	]
		80	[
		81	.B -u
		82	.I user
		83	]
		84	[
		85	.B -j
		86	.I chroot-dir
		87	]
80	.I server0	88	.I server0
81	[	89	[
82	.I ...serverN	90	.I ...serverN
Lines 139-144 This can be unhelpful in a system startu Link Here
139	behaviour, specify the	147	behaviour, specify the
140	.B -q	148	.B -q
141	flag.	149	flag.
		150	.PP
		151	Upon startup, this version of dhcrelay will switch to a non-root
		152	pseudo-user and enter a chroot jail. The default username (\fIdhcrelay\fR)
		153	and the default chroot jail directory path (\fI/var/empty\fR)
		154	may be overridden with the \fB-u\fR and \fB-j\fR options, respectively.
142	.SH RELAY AGENT INFORMATION OPTIONS	155	.SH RELAY AGENT INFORMATION OPTIONS
143	If the	156	If the
144	.B -a	157	.B -a
Lines 239-245 has been written for Internet Systems Co Link Here
239	by Ted Lemon in cooperation with Vixie	252	by Ted Lemon in cooperation with Vixie
240	Enterprises. To learn more about Internet Systems Consortium,	253	Enterprises. To learn more about Internet Systems Consortium,
241	see	254	see
242	.B http://www.isc.org/isc.	255	.BR http://www.isc.org/isc .
243	To learn more about Vixie	256	To learn more about Vixie
244	Enterprises, see	257	Enterprises, see
245	.B http://www.vix.com.	258	.BR http://www.vix.com .
		259	.PP
		260	This version of dhcrelay has been modified for ALT Linux
		261	.RB ( http://www.altlinux.com/ ).
		262	In particular, the privilege reduction functionality and the \fB-u\fR
		263	and \fB-j\fR options are Openwall/ALT Linux extensions.

Lines 39-44 static char ocopyright[] = Link Here

(-)dhcp-3.0.3.orig/relay/dhcrelay.c (-1 / +49 lines)
39		39
40	#include "dhcpd.h"	40	#include "dhcpd.h"
41	#include "version.h"	41	#include "version.h"
		42	#include <sys/types.h>
		43	#include <pwd.h>
		44	#include <unistd.h>
		45	#define group real_group
		46	#include <grp.h>
		47	#undef group
42		48
43	static void usage PROTO ((void));	49	static void usage PROTO ((void));
44		50
Lines 102-107 static char arr [] = "All rights reserve Link Here
102	static char message [] = "Internet Systems Consortium DHCP Relay Agent";	108	static char message [] = "Internet Systems Consortium DHCP Relay Agent";
103	static char url [] = "For info, please visit http://www.isc.org/sw/dhcp/";	109	static char url [] = "For info, please visit http://www.isc.org/sw/dhcp/";
104		110
		111	static int drop_priv(const char server_user, const char server_jail)
		112	{
		113	struct passwd *pw;
		114
		115	if (!server_user)
		116	server_user = "dhcrelay";
		117	if (!server_jail)
		118	server_jail = "/var/empty";
		119	if (!server_user \|\| !server_jail)
		120	return 0;
		121
		122	if (!(pw = getpwnam(server_user)))
		123	return -1;
		124
		125	if (initgroups(server_user, pw->pw_gid) \|\| setgid(pw->pw_gid))
		126	return -1;
		127
		128	if (chroot(server_jail) \|\| chdir("/"))
		129	return -1;
		130
		131	if (setuid(pw->pw_uid))
		132	return -1;
		133
		134	return 0;
		135	}
		136
105	int main (argc, argv, envp)	137	int main (argc, argv, envp)
106	int argc;	138	int argc;
107	char argv, envp;	139	char argv, envp;
Lines 114-119 int main (argc, argv, envp) Link Here
114	isc_result_t status;	146	isc_result_t status;
115	char *s;	147	char *s;
116		148
		149	char *server_user = NULL;
		150	char *server_jail = NULL;
		151
117	/* Make sure we have stdin, stdout and stderr. */	152	/* Make sure we have stdin, stdout and stderr. */
118	i = open ("/dev/null", O_RDWR);	153	i = open ("/dev/null", O_RDWR);
119	if (i == 0)	154	if (i == 0)
Lines 124-129 int main (argc, argv, envp) Link Here
124	} else if (i != -1)	159	} else if (i != -1)
125	close (i);	160	close (i);
126		161
		162	tzset();
127	#ifdef SYSLOG_4_2	163	#ifdef SYSLOG_4_2
128	openlog ("dhcrelay", LOG_NDELAY);	164	openlog ("dhcrelay", LOG_NDELAY);
129	log_priority = LOG_DAEMON;	165	log_priority = LOG_DAEMON;
Lines 185-190 int main (argc, argv, envp) Link Here
185	if (++i == argc)	221	if (++i == argc)
186	usage ();	222	usage ();
187	dhcp_max_agent_option_packet_length = atoi (argv [i]);	223	dhcp_max_agent_option_packet_length = atoi (argv [i]);
		224	} else if (!strcmp (argv [i], "-u")) {
		225	if (++i == argc)
		226	usage ();
		227	server_user = argv[i];
		228	} else if (!strcmp (argv [i], "-j")) {
		229	if (++i == argc)
		230	usage ();
		231	server_jail = argv[i];
188	} else if (!strcmp (argv [i], "-m")) {	232	} else if (!strcmp (argv [i], "-m")) {
189	if (++i == argc)	233	if (++i == argc)
190	usage ();	234	usage ();
Lines 316-321 int main (argc, argv, envp) Link Here
316	pid = setsid ();	360	pid = setsid ();
317	}	361	}
318		362
		363	if (drop_priv(server_user, server_jail) < 0)
		364	log_fatal("Failed to lower privileges.");
		365
319	/* Start dispatching packets and timeouts... */	366	/* Start dispatching packets and timeouts... */
320	dispatch ();	367	dispatch ();
321		368
Lines 455-464 void relay (ip, packet, length, from_por Link Here
455		502
456	static void usage ()	503	static void usage ()
457	{	504	{
458	log_fatal ("Usage: dhcrelay [-p <port>] [-d] [-D] [-i %s%s%s%s",	505	log_fatal ("Usage: dhcrelay [-p <port>] [-d] [-D] [-i %s%s%s%s%s",
459	"interface] [-q] [-a]\n ",	506	"interface] [-q] [-a]\n ",
460	"[-c count] [-A length] ",	507	"[-c count] [-A length] ",
461	"[-m append\|replace\|forward\|discard]\n",	508	"[-m append\|replace\|forward\|discard]\n",
		509	"[-u user] [-j chroot-dir]\n",
462	" [server1 [... serverN]]");	510	" [server1 [... serverN]]");
463	}	511	}
464		512

Lines 70-75 dhcpd - Dynamic Host Configuration Proto Link Here

(-)dhcp-3.0.3.orig/server/dhcpd.8 (+19 lines)
70	.I trace-playback-file	70	.I trace-playback-file
71	]	71	]
72	[	72	[
		73	.B -u
		74	.I user
		75	]
		76	[
		77	.B -j
		78	.I chroot-dir
		79	]
		80	[
73	.I if0	81	.I if0
74	[	82	[
75	.I ...ifN	83	.I ...ifN
Lines 232-237 using the \fB-lf\fR switch, so that the Link Here
232	your existing lease file with its test data. The DHCP server will	240	your existing lease file with its test data. The DHCP server will
233	refuse to operate in playback mode unless you specify an alternate	241	refuse to operate in playback mode unless you specify an alternate
234	lease file.	242	lease file.
		243	.PP
		244	Upon startup, this version of the DHCP server will switch to a non-root
		245	pseudo-user and enter a chroot jail. The default username (\fIdhcpd\fR)
		246	and the default chroot jail directory path (\fI/var/lib/dhcp/dhcpd\fR)
		247	may be overridden with the \fB-u\fR and \fB-j\fR options, respectively.
		248	.PP
235	.SH CONFIGURATION	249	.SH CONFIGURATION
236	The syntax of the dhcpd.conf(5) file is discussed separately. This	250	The syntax of the dhcpd.conf(5) file is discussed separately. This
237	section should be used as an overview of the configuration process,	251	section should be used as an overview of the configuration process,
Lines 732-734 Consortium. Version 3 of the DHCP serv Link Here
732	Information about Internet Systems Consortium is available at	746	Information about Internet Systems Consortium is available at
733	.B http://www.isc.org/\fR.	747	.B http://www.isc.org/\fR.
734	Information about Nominum can be found at \fBhttp://www.nominum.com/\fR.	748	Information about Nominum can be found at \fBhttp://www.nominum.com/\fR.
		749	.PP
		750	This version of dhcpd has been modified for ALT Linux
		751	.RB ( http://www.altlinux.com/ ).
		752	In particular, the privilege reduction functionality and the \fB-u\fR
		753	and \fB-j\fR options are Openwall/ALT Linux extensions.

Lines 46-51 static char url [] = "For info, please v Link Here

(-)dhcp-3.0.3.orig/server/dhcpd.c (-8 / +70 lines)
46	#include "dhcpd.h"	46	#include "dhcpd.h"
47	#include "version.h"	47	#include "version.h"
48	#include <omapip/omapip_p.h>	48	#include <omapip/omapip_p.h>
		49	#include <sys/types.h>
		50	#include <unistd.h>
		51	#include <pwd.h>
		52	#define group real_group
		53	#include <grp.h>
		54	#undef group
49		55
50	static void usage PROTO ((void));	56	static void usage PROTO ((void));
51		57
Lines 193-198 static void omapi_listener_start (void * Link Here
193	omapi_object_dereference (&listener, MDL);	199	omapi_object_dereference (&listener, MDL);
194	}	200	}
195		201
		202	static int drop_priv(const char server_user, const char server_jail)
		203	{
		204	struct passwd *pw;
		205
		206	if (!server_user)
		207	server_user = "dhcpd";
		208	if (!server_jail)
		209	server_jail = "/var/lib/dhcp/dhcpd";
		210	if (!server_user \|\| !server_jail)
		211	return 0;
		212
		213	if (!(pw = getpwnam(server_user)))
		214	return -1;
		215
		216	if (initgroups(server_user, pw->pw_gid) \|\| setgid(pw->pw_gid))
		217	return -1;
		218
		219	if (chroot(server_jail) \|\| chdir("/"))
		220	return -1;
		221
		222	if (setuid(pw->pw_uid))
		223	return -1;
		224
		225	return 0;
		226	}
		227
196	int main (argc, argv, envp)	228	int main (argc, argv, envp)
197	int argc;	229	int argc;
198	char argv, envp;	230	char argv, envp;
Lines 226-231 int main (argc, argv, envp) Link Here
226	char traceoutfile = (char )0;	258	char traceoutfile = (char )0;
227	#endif	259	#endif
228		260
		261	char *server_user = NULL;
		262	char *server_jail = NULL;
		263
229	/* Make sure we have stdin, stdout and stderr. */	264	/* Make sure we have stdin, stdout and stderr. */
230	status = open ("/dev/null", O_RDWR);	265	status = open ("/dev/null", O_RDWR);
231	if (status == 0)	266	if (status == 0)
Lines 252-257 int main (argc, argv, envp) Link Here
252	dhcp_common_objects_setup ();	287	dhcp_common_objects_setup ();
253		288
254	/* Initially, log errors to stderr as well as to syslogd. */	289	/* Initially, log errors to stderr as well as to syslogd. */
		290	tzset();
255	#ifdef SYSLOG_4_2	291	#ifdef SYSLOG_4_2
256	openlog ("dhcpd", LOG_NDELAY);	292	openlog ("dhcpd", LOG_NDELAY);
257	log_priority = DHCPD_LOG_FACILITY;	293	log_priority = DHCPD_LOG_FACILITY;
Lines 320-325 int main (argc, argv, envp) Link Here
320	} else if (!strcmp (argv [i], "-q")) {	356	} else if (!strcmp (argv [i], "-q")) {
321	quiet = 1;	357	quiet = 1;
322	quiet_interface_discovery = 1;	358	quiet_interface_discovery = 1;
		359	} else if (!strcmp (argv [i], "-u")) {
		360	if (++i == argc)
		361	usage();
		362	server_user = argv[i];
		363	} else if (!strcmp (argv [i], "-j")) {
		364	if (++i == argc)
		365	usage();
		366	server_jail = argv[i];
323	} else if (!strcmp (argv [i], "--version")) {	367	} else if (!strcmp (argv [i], "--version")) {
324	log_info ("isc-dhcpd-%s", DHCP_VERSION);	368	log_info ("isc-dhcpd-%s", DHCP_VERSION);
325	exit (0);	369	exit (0);
Lines 499-510 int main (argc, argv, envp) Link Here
499		543
500	group_write_hook = group_writer;	544	group_write_hook = group_writer;
501		545
502	/* Start up the database... */
503	db_startup (lftest);
504
505	if (lftest)
506	exit (0);
507
508	/* Discover all the network interfaces and initialize them. */	546	/* Discover all the network interfaces and initialize them. */
509	discover_interfaces (DISCOVER_SERVER);	547	discover_interfaces (DISCOVER_SERVER);
510		548
Lines 525-531 int main (argc, argv, envp) Link Here
525	#if defined (TRACING)	563	#if defined (TRACING)
526	trace_seed_stash (trace_srandom, seed + cur_time);	564	trace_seed_stash (trace_srandom, seed + cur_time);
527	#endif	565	#endif
528	postdb_startup ();	566
		567	/* Initialize the omapi listener state. */
		568	if (omapi_port != -1) {
		569	omapi_listener_start (0);
		570	}
529		571
530	#ifndef DEBUG	572	#ifndef DEBUG
531	if (daemon) {	573	if (daemon) {
Lines 560-565 int main (argc, argv, envp) Link Here
560	}	602	}
561	}	603	}
562		604
		605	if (pidfilewritten) {
		606	if (drop_priv(server_user, server_jail) < 0)
		607	log_fatal("Failed to lower privileges.");
		608	}
		609
563	/* If we were requested to log to stdout on the command line,	610	/* If we were requested to log to stdout on the command line,
564	keep doing so; otherwise, stop. */	611	keep doing so; otherwise, stop. */
565	if (log_perror == -1)	612	if (log_perror == -1)
Lines 588-594 int main (argc, argv, envp) Link Here
588	close (i);	635	close (i);
589	pidfilewritten = 1;	636	pidfilewritten = 1;
590	}	637	}
		638	if (drop_priv(server_user, server_jail) < 0)
		639	log_fatal("Failed to lower privileges.");
591	}	640	}
		641
		642	/* Start up the database... */
		643	db_startup (lftest);
		644
		645	if (lftest)
		646	exit (0);
		647
		648	#if defined (FAILOVER_PROTOCOL)
		649	/* Initialize the failover listener state. */
		650	dhcp_failover_startup ();
		651	#endif
		652
592	#endif /* !DEBUG */	653	#endif /* !DEBUG */
593		654
594	#if defined (DEBUG_MEMORY_LEAKAGE) \|\| defined (DEBUG_MALLOC_POOL) \|\| \	655	#if defined (DEBUG_MEMORY_LEAKAGE) \|\| defined (DEBUG_MALLOC_POOL) \|\| \
Lines 881-888 static void usage () Link Here
881	log_info (copyright);	942	log_info (copyright);
882	log_info (arr);	943	log_info (arr);
883		944
884	log_fatal ("Usage: dhcpd [-p <UDP port #>] [-d] [-f]%s%s%s%s",	945	log_fatal ("Usage: dhcpd [-p <UDP port #>] [-d] [-f]%s%s%s%s%s",
885	"\n [-cf config-file] [-lf lease-file]",	946	"\n [-cf config-file] [-lf lease-file]",
		947	"\n [-u user] [-j chroot-dir]",
886	#if defined (TRACING)	948	#if defined (TRACING)
887	"\n [-tf trace-output-file]",	949	"\n [-tf trace-output-file]",
888	"\n [-play trace-input-file]",	950	"\n [-play trace-input-file]",

Return to bug 8346