Attachment #5108 for bug #26309

View | Details | Raw Unified | Return to bug 26309
Collapse All | Expand All




	 if [ ! -d work.$$sysname ]; then \
	   echo No build directory for $$sysname - please run ./configure.; \
	else \
	   $(MAKE) -C work.$$sysname all; \
	fi

install:

	 if [ ! -d work.$$sysname ]; then \
	   echo No build directory for $$sysname - please run ./configure.; \
	else \
	   $(MAKE) -C work.$$sysname install; \
	fi

depend:

	 if [ ! -d work.$$sysname ]; then \
	   echo No build directory for $$sysname - please run ./configure.; \
	else \
	   $(MAKE) -C work.$$sysname depend; \
	fi

clean:

	 if [ ! -d work.$$sysname ]; then \
	   echo No build directory for $$sysname - please run ./configure.; \
	else \
	   $(MAKE) -C work.$$sysname clean; \
	fi

realclean:

	 if [ ! -d work.$$sysname ]; then \
	   echo No build directory for $$sysname - please run ./configure.; \
	else \
	   $(MAKE) -C work.$$sysname realclean; \
	fi

distclean:

	 if [ ! -d work.$$sysname ]; then \
	   echo No build directory for $$sysname - please run ./configure.; \
	else \
	   $(MAKE) -C work.$$sysname distclean; \
	fi

links:

	 if [ ! -d work.$$sysname ]; then \
	   echo No build directory for $$sysname - please run ./configure.; \
	else \
	   $(MAKE) -C work.$$sysname links; \
	fi


Lines 50-56 DEBUG = -g Link Here

(-)a/Makefile.conf (-1 / +1 lines)
50	#WARNERR = -Werror	50	#WARNERR = -Werror
51	RANLIB = ranlib	51	RANLIB = ranlib
52	MKDEP = mkdep	52	MKDEP = mkdep
53	CLIENT_PATH = '"PATH=/usr/ucb:/usr/bin:/usr/sbin:/bin:/sbin"'	53	CLIENT_PATH = '"PATH=/sbin:/usr/sbin:/usr/local/sbin:/bin:/usr/bin:/usr/local/bin"'
54		54
55	BINDLIB = ../minires/libres.a	55	BINDLIB = ../minires/libres.a
56	BINDINC =	56	BINDINC =




	       Internet Systems Consortium DHCP Distribution
			   Version 3.1-ESV-R3
			     July 27, 2011
                    (with modifications for ALT Linux)

			       README FILE



			       SUPPORT

Please note the following before requesting help:

This software is a part of the Internet Software Consortium's DHCP suite
with modifications for ALT Linux.
The ISC folks quite reasonably require that you do not bother them with
questions on software that includes third-party modifications and might
not be based off their latest code.  Hence, please direct any questions
to the community@ mailing list instead; the subscription instructions
are given at http://lists.altlinux.org/mailman/listinfo/community .

The rest of this section describes the ISC's original guidelines on
requesting support and/or reporting bugs.  These will only apply to
you if you reproduce your problem on the latest version of ISC's DHCP
suite as available from ftp://ftp.isc.org .

The Internet Systems Consortium DHCP server is developed and distributed
by ISC in the public trust, thanks to the generous donations of its
sponsors.  ISC now also offers commercial quality support contracts for

Lines 128-133 dhclient.leases.cat5: dhclient.leases.man5 Link Here

(-)a/client/Makefile.dist (-1 / +1 lines)
128		128
129		129
130	dhclient: $(OBJS) $(DHCPLIB)	130	dhclient: $(OBJS) $(DHCPLIB)
131	$(CC) $(LFLAGS) -o $(PROG) $(OBJS) $(DHCPLIB) $(LIBS)	131	$(CC) -pie $(LFLAGS) -o $(PROG) $(OBJS) $(DHCPLIB) $(LIBS)
132		132
133	# Dependencies (semi-automatically-generated)	133	# Dependencies (semi-automatically-generated)





	if (!quiet) {
		log_info ("%s %s", message, DHCP_VERSION);
		log_info ("%s", copyright);
		log_info ("%s", arr);
		log_info ("%s", url);
		log_info ("%s", "");
	} else
		log_perror = 0;

static void usage ()
{
	log_info ("%s %s", message, DHCP_VERSION);
	log_info ("%s", copyright);
	log_info ("%s", arr);
	log_info ("%s", url);

	log_error ("Usage: dhclient [-1dqr] [-nw] [-p <port>] %s",
		   "[-s server]");

		return;
	}

	snprintf (obuf, sizeof(obuf),
		"%s from %s", name, piaddr (packet -> client_addr));


	/* If this lease doesn't supply the minimum required parameters,

{
	char spbuf [1024];
	char *s;
	int len;
	struct string_list *val;
	va_list list;


	len = vsnprintf (spbuf, sizeof spbuf, fmt, list);
	va_end (list);

/* Handle truncation on glibc 2.0.x or possible unexpected errors on others;
 * avoid integer overflow in the addition below. */
	if (len < 0 || len > 0x3fffffff)
		return;

	val = dmalloc (strlen (prefix) + strlen (name) + 1 /* = */ +
		       len + sizeof *val, MDL);
	if (!val)




#!/bin/bash
# dhclient-script for Linux. Dan Halbert, March, 1997.
# Updated for Linux 2.[12] by Brian J. Murrell, January 1999.
# No guarantees about this. I'm a novice at the details of Linux
# networking.

# Notes:


# address if it is not supplied. This might be much more easily done
# by the dhclient C code, and passed on.

# 4. TIMEOUT not tested. ping has a flag I don't know, and I'm suspicious
# of the $1 in its args.

make_resolv_conf() {
  if [ -n "$new_domain_name" ] || [ -n "$new_domain_name_servers" ]; then
    echo '; generated by /sbin/dhclient-script' > /etc/resolv.conf
    chmod 644 /etc/resolv.conf
    if [ -n "$new_domain_name" ]; then
       echo search $new_domain_name >> /etc/resolv.conf
    elif [ x"$new_domain_name" != x ]; then
      # Note that the DHCP 'Domain Name Option' is really just a domain
      # name, and that this practice of using the domain name option as
      # a search path is both nonstandard and deprecated.
      echo search $new_domain_name >> /etc/resolv.conf.dhclient
    fi
    for nameserver in $new_domain_name_servers; do
      echo nameserver $nameserver >>/etc/resolv.conf
    done

    mv /etc/resolv.conf.dhclient /etc/resolv.conf
  fi
}


  fi
fi

cd /etc/sysconfig/network-scripts
. /etc/sysconfig/network-scripts/network-functions
. /etc/rc.d/init.d/functions

[ -f ../network ] && . ../network
[ -f ../networking/network ] && . ../networking/network

CONFIG="ifcfg-$interface"

[ -f "${CONFIG}" ] || {
    echo $"$0: configuration for $interface not found." >&2
    exit_with_hooks 1
}

source_config

release=`uname -r`
release=`expr $release : '\(.*\)\..*'`
relminor=`echo $release |sed -e 's/[0-9]*\.\([0-9][0-9]*\)\(\..*\)*$/\1/'`

  
if [ x$reason = xBOUND ] || [ x$reason = xRENEW ] || \
   [ x$reason = xREBIND ] || [ x$reason = xREBOOT ]; then
  if [ -n "$new_host_name" ] && need_hostname; then
       if need_hostname || [ "`hostname`" != "$new_host_name" ]; then
               hostname $new_host_name
       fi
     [ x$current_hostname = x$old_host_name ]; then
    if [ x$new_host_name != x$old_host_name ]; then
      hostname "$new_host_name"
    fi
  fi
    
  if [ x$old_ip_address != x ] && [ x$alias_ip_address != x ] && \

    ifconfig $interface:0 inet $alias_ip_address $alias_subnet_arg
    route add -host $alias_ip_address $interface:0
  fi
  if [ "${PEERDNS}" != "no" ]; then
    make_resolv_conf
  fi

  exit_with_hooks 0
fi


  ifconfig $interface inet $new_ip_address $new_subnet_arg \
					$new_broadcast_arg $mtu_arg
  set $new_routers
  if ping -q -c 1 -w 10 $1; then
    if [ x$new_ip_address != x$alias_ip_address ] && \
			[ x$alias_ip_address != x ]; then
      ifconfig $interface:0 inet $alias_ip_address $alias_subnet_arg

    for router in $new_routers; do
      route add default gw $router
    done
    if [ "${PEERDNS}" != "no" ]; then
      make_resolv_conf
    fi
    exit_with_hooks 0
  fi
  ifconfig $interface inet 0 down

Lines 25-35 SEDMANPAGES = dhcp-options.man5 dhcp-eval.man5 Link Here

(-)a/common/Makefile.dist (-2 / +2 lines)
25	SRC = raw.c parse.c nit.c icmp.c dispatch.c conflex.c upf.c bpf.c socket.c \	25	SRC = raw.c parse.c nit.c icmp.c dispatch.c conflex.c upf.c bpf.c socket.c \
26	lpf.c dlpi.c packet.c tr.c ethernet.c memory.c print.c options.c \	26	lpf.c dlpi.c packet.c tr.c ethernet.c memory.c print.c options.c \
27	inet.c tree.c tables.c alloc.c fddi.c ctrace.c dns.c resolv.c \	27	inet.c tree.c tables.c alloc.c fddi.c ctrace.c dns.c resolv.c \
28	execute.c discover.c comapi.c	28	execute.c discover.c comapi.c droproot.c
29	OBJ = raw.o parse.o nit.o icmp.o dispatch.o conflex.o upf.o bpf.o socket.o \	29	OBJ = raw.o parse.o nit.o icmp.o dispatch.o conflex.o upf.o bpf.o socket.o \
30	lpf.o dlpi.o packet.o tr.o ethernet.o memory.o print.o options.o \	30	lpf.o dlpi.o packet.o tr.o ethernet.o memory.o print.o options.o \
31	inet.o tree.o tables.o alloc.o fddi.o ctrace.o dns.o resolv.o \	31	inet.o tree.o tables.o alloc.o fddi.o ctrace.o dns.o resolv.o \
32	execute.o discover.o comapi.o	32	execute.o discover.o comapi.o droproot.o
33	MAN = dhcp-options.5 dhcp-eval.5	33	MAN = dhcp-options.5 dhcp-eval.5
34		34
35	INCLUDES = -I$(TOP) $(BINDINC) -I$(TOP)/includes	35	INCLUDES = -I$(TOP) $(BINDINC) -I$(TOP)/includes

Lines 91-97 int if_register_bpf (info) Link Here

(-)a/common/bpf.c (-1 / +1 lines)
91	/* Open a BPF device */	91	/* Open a BPF device */
92	for (b = 0; 1; b++) {	92	for (b = 0; 1; b++) {
93	/* %Audit% 31 bytes max. %2004.06.17,Safe% */	93	/* %Audit% 31 bytes max. %2004.06.17,Safe% */
94	sprintf(filename, BPF_FORMAT, b);	94	snprintf(filename, sizeof(filename), BPF_FORMAT, b);
95	sock = open (filename, O_RDWR, 0);	95	sock = open (filename, O_RDWR, 0);
96	if (sock < 0) {	96	if (sock < 0) {
97	if (errno == EBUSY) {	97	if (errno == EBUSY) {

Lines 288-294 isc_result_t dhcp_group_signal_handler (omapi_object_t *h, Link Here

(-)a/common/comapi.c (-1 / +1 lines)
288	/* Group objects always have to have names. */	288	/* Group objects always have to have names. */
289	if (!group -> name) {	289	if (!group -> name) {
290	char hnbuf [64];	290	char hnbuf [64];
291	sprintf (hnbuf, "ng%08lx%08lx",	291	snprintf (hnbuf, sizeof(hnbuf), "ng%08lx%08lx",
292	(unsigned long)cur_time,	292	(unsigned long)cur_time,
293	(unsigned long)group);	293	(unsigned long)group);
294	group -> name = dmalloc (strlen (hnbuf) + 1, MDL);	294	group -> name = dmalloc (strlen (hnbuf) + 1, MDL);

Lines 533-539 isc_result_t ddns_update_a (struct data_string *ddns_fwd_name, Link Here

(-)a/common/dns.c (-2 / +2 lines)
533	return ISC_R_INVALIDARG;	533	return ISC_R_INVALIDARG;
534		534
535	/* %Audit% Cannot exceed 16 bytes. %2004.06.17,Safe% */	535	/* %Audit% Cannot exceed 16 bytes. %2004.06.17,Safe% */
536	sprintf (ddns_address, "%u.%u.%u.%u",	536	snprintf (ddns_address, sizeof(ddns_address), "%u.%u.%u.%u",
537	ddns_addr.iabuf[0], ddns_addr.iabuf[1],	537	ddns_addr.iabuf[0], ddns_addr.iabuf[1],
538	ddns_addr.iabuf[2], ddns_addr.iabuf[3]);	538	ddns_addr.iabuf[2], ddns_addr.iabuf[3]);
539		539
Lines 794-800 isc_result_t ddns_remove_a (struct data_string *ddns_fwd_name, Link Here
794	return ISC_R_INVALIDARG;	794	return ISC_R_INVALIDARG;
795		795
796	/* %Audit% Cannot exceed 16 bytes. %2004.06.17,Safe% */	796	/* %Audit% Cannot exceed 16 bytes. %2004.06.17,Safe% */
797	sprintf (ddns_address, "%u.%u.%u.%u",	797	snprintf (ddns_address, sizeof(ddns_address), "%u.%u.%u.%u",
798	ddns_addr.iabuf[0], ddns_addr.iabuf[1],	798	ddns_addr.iabuf[0], ddns_addr.iabuf[1],
799	ddns_addr.iabuf[2], ddns_addr.iabuf[3]);	799	ddns_addr.iabuf[2], ddns_addr.iabuf[3]);
800		800




#include "dhcpd.h"
#include <unistd.h>
#include <time.h>
#include <pwd.h>
#define group real_group
#include <grp.h>
#undef group

#include <sys/capability.h>
#include <sys/prctl.h>

static int minimized = 0;

void
dhcpd_priv_minimize(const char *user, const char *dir)
{
	struct passwd *pw;
	uid_t   uid;
	gid_t   gid;

	if (!*user)
		return;

	if (!(pw = getpwnam(user)))
		log_fatal("Failed to lower privileges: getpwnam: %s", user);

	uid = pw->pw_uid;
	gid = pw->pw_gid;

	tzset();

	if (initgroups(user, gid))
		log_fatal("Failed to lower privileges: initgroups: %s/%u: %m",
			  user, (unsigned) gid);

	endpwent();

	if (*dir && (chdir(dir) || chroot(".")))
		log_fatal("Failed to lower privileges: chroot: %s: %m", dir);

	if (setgid(gid))
		log_fatal("Failed to lower privileges: setgid: %s/%u: %m",
			  user, (unsigned) gid);

	if (prctl(PR_SET_KEEPCAPS, 1))
		log_fatal("Failed to lower privileges: prctl: %m");

	if (setreuid(uid, uid))
		log_fatal("Failed to lower privileges: setreuid: %s/%u: %m",
			  user, (unsigned) uid);

	cap_t   caps = cap_from_text("cap_net_bind_service=ep");

	if (!caps)
		log_fatal("Failed to lower privileges: cap_from_text: %m");

	if (cap_set_proc(caps) < 0)
		log_fatal("Failed to lower privileges: cap_set_proc: %m");

	cap_free(caps);
	minimized = 1;
}

static void
drop_minimized(void)
{
	cap_t   caps = cap_from_text("all-ep");
	if (!caps)
		log_fatal("Failed to lower privileges: cap_from_text: %m");

	if (cap_set_proc(caps) < 0)
		log_fatal("Failed to lower privileges: cap_set_proc: %m");

	cap_free(caps);
}

static void
drop_all(const char *user, const char *dir)
{
	struct passwd *pw;
	uid_t   uid;
	gid_t   gid;

	if (!(pw = getpwnam(user)))
		log_fatal("Failed to lower privileges: getpwnam: %s", user);

	uid = pw->pw_uid;
	gid = pw->pw_gid;

	tzset();

	if (initgroups(user, gid))
		log_fatal("Failed to lower privileges: initgroups: %s/%u: %m",
			  user, (unsigned) gid);

	endpwent();

	if (*dir && (chdir(dir) || chroot(".")))
		log_fatal("Failed to lower privileges: chroot: %s: %m", dir);

	if (setgid(gid))
		log_fatal("Failed to lower privileges: setgid: %s/%u: %m",
			  user, (unsigned) gid);

	if (setuid(uid))
		log_fatal("Failed to lower privileges: setuid: %s/%u: %m",
			  user, (unsigned) uid);
}


void
dhcpd_priv_drop(const char *user, const char *dir)
{
	if (!*user)
		return;

	if (minimized)
		drop_minimized();
	else
		drop_all(user, dir);
}

Lines 188-194 int addr_eq (addr1, addr2) Link Here

(-)a/common/inet.c (-1 / +1 lines)
188	char *piaddr (addr)	188	char *piaddr (addr)
189	struct iaddr addr;	189	struct iaddr addr;
190	{	190	{
191	static char pbuf [4 * 16];	191	static char pbuf [4 * sizeof(addr.iabuf)];
192	char *s = pbuf;	192	char *s = pbuf;
193	int i;	193	int i;
194		194

Lines 253-258 static void lpf_tr_filter_setup (info) Link Here

(-)a/common/lpf.c (+1 lines)
253		253
254	/* Set up the bpf filter program structure. This is defined in	254	/* Set up the bpf filter program structure. This is defined in
255	bpf.c */	255	bpf.c */
		256	memset(&p, '\0', sizeof p);
256	p.len = dhcp_bpf_tr_filter_len;	257	p.len = dhcp_bpf_tr_filter_len;
257	p.filter = dhcp_bpf_tr_filter;	258	p.filter = dhcp_bpf_tr_filter;
258		259

Lines 141-146 void assemble_udp_ip_header (interface, buf, bufix, Link Here

(-)a/common/packet.c (+1 lines)
141	struct udphdr udp;	141	struct udphdr udp;
142		142
143	/* Fill out the IP header */	143	/* Fill out the IP header */
		144	memset( &ip, '\0', sizeof ip);
144	IP_V_SET (&ip, 4);	145	IP_V_SET (&ip, 4);
145	IP_HL_SET (&ip, 20);	146	IP_HL_SET (&ip, 20);
146	ip.ip_tos = IPTOS_LOWDELAY;	147	ip.ip_tos = IPTOS_LOWDELAY;




	return len;
}

static ssize_t
write_loop (int fd, const char *buffer, size_t count)
{
	ssize_t offset = 0;

	while (count > 0)
	{
		ssize_t block = write (fd, &buffer[offset], count);

		if (block < 0 && errno == EINTR)
			continue;
		if (block <= 0)
			return offset ? : block;
		offset += block;
		count -= block;
	}
	return offset;
}

int parse_warn (struct parse *cfile, const char *fmt, ...)
{
	va_list list;

#endif

	if (log_perror) {
		IGNORE_RET(write_loop (STDERR_FILENO, mbuf, strlen (mbuf)));
		IGNORE_RET(write_loop (STDERR_FILENO, "\n", 1));
		IGNORE_RET(write_loop (STDERR_FILENO, cfile -> token_line,
				  strlen (cfile -> token_line)));
		IGNORE_RET(write_loop (STDERR_FILENO, "\n", 1));
		if (cfile -> lexchar < 81)
			IGNORE_RET(write_loop (STDERR_FILENO, lexbuf, lix));
		IGNORE_RET(write_loop (STDERR_FILENO, "^\n", 2));
	}

	cfile -> warnings_occurred = 1;




	unsigned long val;
{
	static char vbuf [32];
	snprintf (vbuf, sizeof(vbuf), "%lu", val);
	return vbuf;
}


	unsigned long val;
{
	static char vbuf [32];
	snprintf (vbuf, sizeof(vbuf), "%lu", val);
	return vbuf;
}


	      case expr_check:
		rv = 10 + strlen (expr -> data.check -> name);
		if (len > rv) {
			snprintf (buf, len, "(check %s)",
				 expr -> data.check -> name);
			return rv;
		}

	      case expr_host_lookup:
		rv = 15 + strlen (expr -> data.host_lookup -> hostname);
		if (len > rv) {
			snprintf (buf, len, "(dns-lookup %s)",
				 expr -> data.host_lookup -> hostname);
			return rv;
		}

		rv = strlen (s) + 2 + (strlen (expr -> data.option -> name) +
			   strlen (expr -> data.option -> universe -> name));
		if (len > rv) {
			snprintf (buf, len, "(option %s.%s)",
				 expr -> data.option -> universe -> name,
				 expr -> data.option -> name);
			return rv;

		rv = 10 + (strlen (expr -> data.option -> name) +
			   strlen (expr -> data.option -> universe -> name));
		if (len > rv) {
			snprintf (buf, len, "(exists %s.%s)",
				 expr -> data.option -> universe -> name,
				 expr -> data.option -> name);
			return rv;

	      case expr_variable_exists:
		rv = 10 + strlen (expr -> data.variable);
		if (len > rv) {
			snprintf (buf, len,
				"(defined %s)", expr -> data.variable);
			return rv;
		}
		break;

	      case expr_variable_reference:
		rv = strlen (expr -> data.variable);
		if (len > rv) {
			snprintf (buf, len, "%s", expr -> data.variable);
			return rv;
		}
		break;

	}

	for (i = 0; i < data -> len; i++) {
		snprintf (obuf, sizeof(obuf), "%2.2x", data -> data [i]);
		col = token_print_indent (file, col, indent,
					  i == 0 ? prefix : "",
					  (i + 1 == data -> len




				    (*result) -> r_data =
					    (*result) -> r_data_ephem;
				    /*%Audit% 16 bytes max. %2004.06.17,Safe%*/
				    snprintf ((char *)(*result) -> r_data_ephem,
					     16, "%u.%u.%u.%u",
					     data.data [0] & 0xff,
					     data.data [1] & 0xff,
					     data.data [2] & 0xff,

		col = write_expression (file, expr -> data.extract_int,
					col, indent, 1);
		col = token_print_indent (file, col, scol, "", " ", ",");
		snprintf (obuf, sizeof(obuf), "%d", width);
		col = token_print_indent (file, col, scol, " ", "", obuf);
		col = token_print_indent (file, col, indent, "", "", ")");
		break;

		col = write_expression (file, expr -> data.extract_int,
					col, indent, 1);
		col = token_print_indent (file, col, scol, "", " ", ",");
		snprintf (obuf, sizeof(obuf), "%d", width);
		col = token_print_indent (file, col, scol, " ", "", obuf);
		col = token_print_indent (file, col, indent, "", "",
					  ")");

		goto encode_int;

	      case expr_const_int:
		snprintf (obuf, sizeof(obuf), "%lu", expr -> data.const_int);
		col = token_print_indent (file, col, indent, "", "", obuf);
		break;


		col = token_print_indent (file, col, indent, " ", "",
					  "(");
		scol = col;
		snprintf (obuf, sizeof(obuf), "%d", expr -> data.ns_add.rrclass);
		col = token_print_indent (file, col, scol, "", "", obuf);
		col = token_print_indent (file, col, scol, "", " ",
					  ",");
		snprintf (obuf, sizeof(obuf), "%d", expr -> data.ns_add.rrtype);
		col = token_print_indent (file, col, scol, "", "", obuf);
		col = token_print_indent (file, col, scol, "", " ",
					  ",");

					  "(");
	      finish_ns_small:
		scol = col;
		snprintf (obuf, sizeof(obuf), "%d", expr -> data.ns_add.rrclass);
		col = token_print_indent (file, col, scol, "", "", obuf);
		col = token_print_indent (file, col, scol, "", " ",
					  ",");
		snprintf (obuf, sizeof(obuf), "%d", expr -> data.ns_add.rrtype);
		col = token_print_indent (file, col, scol, "", "", obuf);
		col = token_print_indent (file, col, scol, "", " ",
					  ",");

Lines 80-86 int if_register_upf (info) Link Here

(-)a/common/upf.c (-1 / +1 lines)
80	/* Open a UPF device */	80	/* Open a UPF device */
81	for (b = 0; 1; b++) {	81	for (b = 0; 1; b++) {
82	/* %Audit% Cannot exceed 36 bytes. %2004.06.17,Safe% */	82	/* %Audit% Cannot exceed 36 bytes. %2004.06.17,Safe% */
83	sprintf(filename, "/dev/pf/pfilt%d", b);	83	snprintf(filename, sizeof(filename), "/dev/pf/pfilt%d", b);
84		84
85	sock = open (filename, O_RDWR, 0);	85	sock = open (filename, O_RDWR, 0);
86	if (sock < 0) {	86	if (sock < 0) {

Lines 43-49 Link Here

(-)a/dhcpctl/dhcpctl.3 (-2 / +3 lines)
43	.\"	43	.\"
44	.\"	44	.\"
45	.Sh SYNOPSIS	45	.Sh SYNOPSIS
46	.Fd #include <dhcpctl/dhcpctl.h>	46	.Fd #include <dhcpctl.h>
		47	.sp
47	.Ft dhcpctl_status	48	.Ft dhcpctl_status
48	.Fo dhcpctl_initialize	49	.Fo dhcpctl_initialize
49	.Fa void	50	.Fa void
Lines 426-432 that most error checking has been ommitted for brevity. Link Here
426	#include <netinet/in.h>	427	#include <netinet/in.h>
427		428
428	#include <isc/result.h>	429	#include <isc/result.h>
429	#include <dhcpctl/dhcpctl.h>	430	#include <dhcpctl.h>
430		431
431	int main (int argc, char **argv) {	432	int main (int argc, char **argv) {
432	dhcpctl_data_string ipaddrstring = NULL;	433	dhcpctl_data_string ipaddrstring = NULL;

Lines 184-190 int main (int argc, char argv, char envp) Link Here

(-)a/dhcpctl/omshell.c (-1 / +1 lines)
184	check(status, "new_parse()");	184	check(status, "new_parse()");
185		185
186	token = next_token (&val, (unsigned *)0, cfile);	186	token = next_token (&val, (unsigned *)0, cfile);
187	switch (token) {	187	switch ((int) token) {
188	default:	188	default:
189	parse_warn (cfile, "unknown token: %s", val);	189	parse_warn (cfile, "unknown token: %s", val);
190	skip_to_semi (cfile);	190	skip_to_semi (cfile);

Lines 30-36 CFLAGS = $(DEBUG) $(PREDEFINES) $(INCLUDES) $(COPTS) -DHMAC_MD5 -DMINIRES_LIB Link Here

(-)a/dst/Makefile.dist (-1 / +3 lines)
30		30
31	all: libdst.a	31	all: libdst.a
32		32
33	install:	33	install: all
		34	mkdir -p $(DESTDIR)$(LIBDIR)
		35	$(INSTALL) libdst.a $(DESTDIR)$(LIBDIR)/
34		36
35	libdst.a: $(OBJ)	37	libdst.a: $(OBJ)
36	rm -f dst.a	38	rm -f dst.a




		if ((nn = fwrite(encoded_block, 1, len, fp)) != len) {
			EREPORT(("dst_write_private_key(): Write failure on %s %d != %d errno=%d\n",
				 file, out_len, nn, errno));
			fclose(fp);
			return (-5);
		}
		fclose(fp);

	/* Locate and skip "KEY" */
	if (c != 'K' && c != 'k') {
		EREPORT(("\"KEY\" doesn't appear in file: %s", name));
		fclose(fp);
		return NULL;
	}
	while ((c = getc(fp)) != EOF)

	if (fscanf(fp, "%d %d %d", &flags, &proto, &alg) != 3) {
		EREPORT(("dst_read_public_key(): Can not read flag/proto/alg field from %s\n"
			 ,name));
		fclose(fp);
		return (NULL);
	}
	/* read in the key string */
	if ((fgets(enckey, sizeof(enckey), fp) == NULL) &&
	    (ferror(fp) != 0)) {
		EREPORT(("dst_read_public_kety(): Error reading key\n"));
		fclose(fp);
		return (NULL);
	}


			break;
	if (!feof(fp)) {
		EREPORT(("Key too long in file: %s", name));
		fclose(fp);
		return NULL;
	}
	fclose(fp);

Lines 418-425 dst_s_build_filename(char filename, const char name, unsigned id, Link Here

(-)a/dst/dst_support.c (-2 / +2 lines)
418	if (filename_length < 1 + strlen(name) + 4 + 6 + 1 + strlen(suffix))	418	if (filename_length < 1 + strlen(name) + 4 + 6 + 1 + strlen(suffix))
419	return (-1);	419	return (-1);
420	my_id = id;	420	my_id = id;
421	sprintf(filename, "K%s+%03d+%05d.%s", name, alg, my_id,	421	snprintf(filename, filename_length, "K%s+%03d+%05d.%s",
422	(const char *) suffix);	422	name, alg, my_id, (const char *) suffix);
423	if (strrchr(filename, '/'))	423	if (strrchr(filename, '/'))
424	return (-1);	424	return (-1);
425	if (strrchr(filename, '\\'))	425	if (strrchr(filename, '\\'))

Lines 280-286 dst_hmac_md5_key_to_file_format(const DST_KEY dkey, char buff, Link Here

(-)a/dst/hmac_link.c (-1 / +1 lines)
280	hkey = (HMAC_Key *) dkey->dk_KEY_struct;	280	hkey = (HMAC_Key *) dkey->dk_KEY_struct;
281	memset(buff, 0, buff_len); /* just in case */	281	memset(buff, 0, buff_len); /* just in case */
282	/* write file header */	282	/* write file header */
283	sprintf(buff, key_file_fmt_str, KEY_FILE_FORMAT, KEY_HMAC_MD5, "HMAC");	283	snprintf(buff, buff_len, key_file_fmt_str, KEY_FILE_FORMAT, KEY_HMAC_MD5, "HMAC");
284		284
285	bp = (char *) strchr(buff, '\0');	285	bp = (char *) strchr(buff, '\0');
286	b_len = buff_len - (bp - buff);	286	b_len = buff_len - (bp - buff);

Lines 83-93 extern int h_errno; Link Here

(-)a/includes/cf/linux.h (-2 / +2 lines)
83	directory. */	83	directory. */
84		84
85	#ifndef _PATH_DHCPD_DB	85	#ifndef _PATH_DHCPD_DB
86	#define _PATH_DHCPD_DB "/var/state/dhcp/dhcpd.leases"	86	#define _PATH_DHCPD_DB "/state/dhcpd.leases"
87	#endif	87	#endif
88		88
89	#ifndef _PATH_DHCLIENT_DB	89	#ifndef _PATH_DHCLIENT_DB
90	#define _PATH_DHCLIENT_DB "/var/state/dhcp/dhclient.leases"	90	#define _PATH_DHCLIENT_DB "/var/lib/dhcp/dhclient/state/dhclient.leases"
91	#endif	91	#endif
92		92
93	/* Varargs stuff... */	93	/* Varargs stuff... */

Lines 2643-2645 OMAPI_OBJECT_ALLOC_DECL (dhcp_failover_link, dhcp_failover_link_t, Link Here

(-)a/includes/dhcpd.h (+3 lines)
2643	#endif /* FAILOVER_PROTOCOL */	2643	#endif /* FAILOVER_PROTOCOL */
2644		2644
2645	const char *binding_state_print (enum failover_state);	2645	const char *binding_state_print (enum failover_state);
		2646
		2647	extern void dhcpd_priv_minimize(const char server_user, const char server_jail);
		2648	extern void dhcpd_priv_drop(const char server_user, const char server_jail);





const char *
res_protocolname(int num) {
	static char number[2 + sizeof(num) * 3];
	struct protoent *pp;

	if (protolist == (struct valuelist *)0)
		res_buildprotolist();
	pp = cgetprotobynumber(num);
	if (pp == 0)  {
		(void) snprintf(number, sizeof(number), "%d", num);
		return (number);
	}
	return (pp->p_name);


const char *
res_servicename(u_int16_t port, const char *proto) {	/* Host byte order. */
	static char number[2 + sizeof(port) * 3];
	struct servent *ss;

	if (servicelist == (struct valuelist *)0)
		res_buildservicelist();
	ss = cgetservbyport(htons(port), proto);
	if (ss == 0)  {
		(void) snprintf(number, sizeof(number), "%d", port);
		return (number);
	}
	return (ss->s_name);

Lines 375-381 res_nquerydomain(res_state statp, Link Here

(-)a/minires/res_query.c (-1 / +1 lines)
375	RES_SET_H_ERRNO(statp, NO_RECOVERY);	375	RES_SET_H_ERRNO(statp, NO_RECOVERY);
376	return ISC_R_NOSPACE;	376	return ISC_R_NOSPACE;
377	}	377	}
378	sprintf(nbuf, "%s.%s", name, domain);	378	snprintf(nbuf, sizeof(nbuf), "%s.%s", name, domain);
379	}	379	}
380	return res_nquery(statp,	380	return res_nquery(statp,
381	longname, class, type, answer, anslen, ansret);	381	longname, class, type, answer, anslen, ansret);




static char mbuf [CVT_BUF_MAX + 1];
static char fbuf [CVT_BUF_MAX + 1];

static ssize_t
write_loop (int fd, const char *buffer, size_t count)
{
	ssize_t offset = 0;

	while (count > 0)
	{
		ssize_t block = write (fd, &buffer[offset], count);

		if (block < 0 && errno == EINTR)
			continue;
		if (block <= 0)
			return offset ? : block;
		offset += block;
		count -= block;
	}
	return offset;
}

/* Log an error message, then exit... */

void log_fatal (const char * fmt, ... )

  va_end (list);

#ifndef DEBUG
  if (*mbuf)
	syslog (log_priority | LOG_ERR, "%s", mbuf);
#endif

  /* Also log it to stderr? */
  if (log_perror && *mbuf) {
	  IGNORE_RET(write_loop (STDERR_FILENO, mbuf, strlen (mbuf)));
	  IGNORE_RET(write_loop (STDERR_FILENO, "\n", 1));
  }

#if !defined (NOMINUM)
  log_error ("%s", "Please note the following before requesting help:");
  log_error ("%s", "");
  log_error ("%s", "This software is a part of the Internet Software Consortium's DHCP suite");
  log_error ("%s", "with modifications for ALT Linux.");
  log_error ("%s", "The ISC folks quite reasonably require that you do not bother them with");
  log_error ("%s", "questions on software that includes third-party modifications and might");
  log_error ("%s", "not be based off their latest code.  Hence, please direct any questions");
  log_error ("%s", "to the community@ mailing list instead; the subscription instructions");
  log_error ("%s", "are given at http://lists.altlinux.org/mailman/listinfo/community .");
  log_error ("mailing list, please read the section on the README about");
  log_error ("submitting bug reports and requests for help.");
  log_error ("%s", "");
  log_error ("%s", "Please also read the SUPPORT section on the README about");
  log_error ("%s", "submitting bug reports and requests for help.");
  log_error ("send them to the appropriate mailing list as described in");
  log_error ("the README file.");
  log_error ("%s", "");
  log_error ("%s", "exiting.");
#endif
  if (log_cleanup)
	  (*log_cleanup) ();

  va_end (list);

#ifndef DEBUG
  if (*mbuf)
	syslog (log_priority | LOG_ERR, "%s", mbuf);
#endif

  if (log_perror && *mbuf) {
	  IGNORE_RET(write_loop (STDERR_FILENO, mbuf, strlen (mbuf)));
	  IGNORE_RET(write_loop (STDERR_FILENO, "\n", 1));
  }

  return 0;

  va_end (list);

#ifndef DEBUG
  if (*mbuf)
	syslog (log_priority | LOG_INFO, "%s", mbuf);
#endif

  if (log_perror && *mbuf) {
	  IGNORE_RET(write_loop (STDERR_FILENO, mbuf, strlen (mbuf)));
	  IGNORE_RET(write_loop (STDERR_FILENO, "\n", 1));
  }

  return 0;

  va_end (list);

#ifndef DEBUG
  if (*mbuf)
	syslog (log_priority | LOG_DEBUG, "%s", mbuf);
#endif

  if (log_perror && *mbuf) {
	  IGNORE_RET(write_loop (STDERR_FILENO, mbuf, strlen (mbuf)));
	  IGNORE_RET(write_loop (STDERR_FILENO, "\n", 1));
  }

  return 0;

	static char errbuf [128];

	if (err < 0 || err >= sys_nerr) {
		snprintf (errbuf, sizeof(errbuf), "Error %d", err);
		return errbuf;
	}
	return sys_errlist [err];




						head = "";
					tmpui = tmpi;
				}
				snprintf(buf, sizeof(buf), "%u", tmpui);
				goto printint;
			case 'o':
				if (q)

					tmpui = va_arg(ap, long int);
				else
					tmpui = va_arg(ap, int);
				snprintf(buf, sizeof(buf), alt ? "%#o"
						 : "%o", tmpui);
				goto printint;
			case 'u':

					tmpui = va_arg(ap, unsigned long int);
				else
					tmpui = va_arg(ap, unsigned int);
				snprintf(buf, sizeof(buf), "%u", tmpui);
				goto printint;
			case 'x':
				if (q)

					if (precision > 2)
						precision -= 2;
				}
				snprintf(buf, sizeof(buf), "%x", tmpui);
				goto printint;
			case 'X':
				if (q)

					if (precision > 2)
						precision -= 2;
				}
				snprintf(buf, sizeof(buf), "%X", tmpui);
				goto printint;
			printint:
				if (precision != 0 || width != 0) {

			break;
		case 'p':
			v = va_arg(ap, void *);
			snprintf(buf, sizeof(buf), "%p", v);
			length = strlen(buf);
			if (precision > length)
				zeropad = precision - length;

			 */
			if (precision > 512)
				precision = 512;
			snprintf(fmt, sizeof(fmt), "%%%s%s.%lu%s%c", alt ? "#" : "",
				plus ? "+" : space ? " " : "",
				precision, l ? "L" : "", *format);
			switch (*format) {

#ifdef HAVE_LONG_DOUBLE
				if (l) {
					ldbl = va_arg(ap, long double);
					snprintf(buf, sizeof(buf), fmt, ldbl);
				} else
#endif
				{
					dbl = va_arg(ap, double);
					snprintf(buf, sizeof(buf), fmt, dbl);
				}
				length = strlen(buf);
				if (width > 0) {

Lines 114-119 const char *isc_result_totext (isc_result_t result) Link Here

(-)a/omapip/result.c (-1 / +1 lines)
114		114
115	if (result >= ISC_R_SUCCESS && result < ISC_R_NRESULTS)	115	if (result >= ISC_R_SUCCESS && result < ISC_R_NRESULTS)
116	return text [result];	116	return text [result];
117	sprintf(ebuf, "unknown error: %d", result);	117	snprintf(ebuf, sizeof(ebuf), "unknown error: %d", result);
118	return ebuf;	118	return ebuf;
119	}	119	}

Lines 83-88 dhcrelay.man8: dhcrelay.8 Link Here

(-)a/relay/Makefile.dist (-1 / +1 lines)
83	-e "s#RUNDIR#$(VARRUN)#" < dhcrelay.8 >dhcrelay.man8	83	-e "s#RUNDIR#$(VARRUN)#" < dhcrelay.8 >dhcrelay.man8
84		84
85	dhcrelay: dhcrelay.o $(DHCPLIB)	85	dhcrelay: dhcrelay.o $(DHCPLIB)
86	$(CC) $(LFLAGS) -o $(PROG) dhcrelay.o $(DHCPLIB) $(LIBS)	86	$(CC) -pie $(LFLAGS) -o $(PROG) dhcrelay.o $(DHCPLIB) $(LIBS) -lcap
87		87
88	# Dependencies (semi-automatically-generated)	88	# Dependencies (semi-automatically-generated)

Lines 77-82 dhcrelay - Dynamic Host Configuration Protocol Relay Agent Link Here

(-)a/relay/dhcrelay.8 (-2 / +20 lines)
77	\|	77	\|
78	.I discard	78	.I discard
79	]	79	]
		80	[
		81	.B -u
		82	.I user
		83	]
		84	[
		85	.B -j
		86	.I chroot-dir
		87	]
80	.I server0	88	.I server0
81	[	89	[
82	.I ...serverN	90	.I ...serverN
Lines 139-144 This can be unhelpful in a system startup script - to disable this Link Here
139	behaviour, specify the	147	behaviour, specify the
140	.B -q	148	.B -q
141	flag.	149	flag.
		150	.PP
		151	Upon startup, this version of dhcrelay will switch to a non-root
		152	pseudo-user and enter a chroot jail. The default username (\fIdhcrelay\fR)
		153	and the default chroot jail directory path (\fI/var/empty\fR)
		154	may be overridden with the \fB-u\fR and \fB-j\fR options, respectively.
142	.SH RELAY AGENT INFORMATION OPTIONS	155	.SH RELAY AGENT INFORMATION OPTIONS
143	If the	156	If the
144	.B -a	157	.B -a
Lines 239-245 has been written for Internet Systems Consortium Link Here
239	by Ted Lemon in cooperation with Vixie	252	by Ted Lemon in cooperation with Vixie
240	Enterprises. To learn more about Internet Systems Consortium,	253	Enterprises. To learn more about Internet Systems Consortium,
241	see	254	see
242	.B https://www.isc.org/isc.	255	.BR https://www.isc.org/isc .
243	To learn more about Vixie	256	To learn more about Vixie
244	Enterprises, see	257	Enterprises, see
245	.B http://www.vix.com.	258	.BR http://www.vix.com .
		259	.PP
		260	This version of dhcrelay has been modified for ALT Linux
		261	.RB ( http://www.altlinux.com/ ).
		262	In particular, the privilege reduction functionality and the \fB-u\fR
		263	and \fB-j\fR options are Openwall/ALT Linux extensions.

Lines 120-125 Link Here

(-)a/relay/dhcrelay.c (-10 / +28 lines)
120	int quiet = 0;	120	int quiet = 0;
121	isc_result_t status;	121	isc_result_t status;
122	char *s;	122	char *s;
		123	char *server_user = "dhcrelay";
		124	char *server_jail = "/var/empty";
123		125
124	/* Make sure that file descriptors 0 (stdin), 1, (stdout), and	126	/* Make sure that file descriptors 0 (stdin), 1, (stdout), and
125	2 (stderr) are open. To do this, we assume that when we	127	2 (stderr) are open. To do this, we assume that when we
Lines 129-138 Link Here
129	fd = open("/dev/null", O_RDWR);	131	fd = open("/dev/null", O_RDWR);
130	if (fd == 1)	132	if (fd == 1)
131	fd = open("/dev/null", O_RDWR);	133	fd = open("/dev/null", O_RDWR);
132	if (fd == 2)	134	if (fd == 2) {
		135	fd = open("/dev/null", O_RDWR);
133	log_perror = 0; /* No sense logging to /dev/null. */	136	log_perror = 0; /* No sense logging to /dev/null. */
134	else if (fd != -1)	137	}
135	close(fd);	138	if (fd < 0)
		139	log_fatal ("Can't open %s: %m", "/dev/null");
136		140
137	#ifdef SYSLOG_4_2	141	#ifdef SYSLOG_4_2
138	openlog ("dhcrelay", LOG_NDELAY);	142	openlog ("dhcrelay", LOG_NDELAY);
Lines 185-190 int main (argc, argv, envp) Link Here
185	log_fatal("%s: packet length exceeds "	190	log_fatal("%s: packet length exceeds "
186	"longest possible MTU\n",	191	"longest possible MTU\n",
187	argv[i]);	192	argv[i]);
		193	} else if (!strcmp (argv [i], "-u")) {
		194	if (++i == argc)
		195	usage ();
		196	server_user = argv[i];
		197	} else if (!strcmp (argv [i], "-j")) {
		198	if (++i == argc)
		199	usage ();
		200	server_jail = argv[i];
188	} else if (!strcmp (argv [i], "-m")) {	201	} else if (!strcmp (argv [i], "-m")) {
189	if (++i == argc)	202	if (++i == argc)
190	usage ();	203	usage ();
Lines 239-247 int main (argc, argv, envp) Link Here
239		252
240	if (!quiet) {	253	if (!quiet) {
241	log_info ("%s %s", message, DHCP_VERSION);	254	log_info ("%s %s", message, DHCP_VERSION);
242	log_info (copyright);	255	log_info ("%s", copyright);
243	log_info (arr);	256	log_info ("%s", arr);
244	log_info (url);	257	log_info ("%s", url);
245	} else {	258	} else {
246	quiet = 0;	259	quiet = 0;
247	log_perror = 0;	260	log_perror = 0;
Lines 310-321 int main (argc, argv, envp) Link Here
310	}	323	}
311	}	324	}
312		325
313	close (0);	326	if (dup2 (fd, 0) != 0 \|\|
314	close (1);	327	dup2 (fd, 1) != 1 \|\|
315	close (2);	328	dup2 (fd, 2) != 2)
		329	log_fatal("Can't daemonize: %m");
		330	close (fd);
		331	fd = -1;
316	pid = setsid ();	332	pid = setsid ();
317	}	333	}
318		334
		335	dhcpd_priv_drop(server_user, server_jail);
		336
319	/* Start dispatching packets and timeouts... */	337	/* Start dispatching packets and timeouts... */
320	dispatch ();	338	dispatch ();
321		339
Lines 455-464 void relay (ip, packet, length, from_port, from, hfrom) Link Here
455		473
456	static void usage ()	474	static void usage ()
457	{	475	{
458	log_fatal ("Usage: dhcrelay [-p <port>] [-d] [-D] [-i %s%s%s%s",	476	log_fatal ("Usage: dhcrelay [-p <port>] [-d] [-D] [-i %s%s%s%s%s",
459	"interface] [-q] [-a]\n ",	477	"interface] [-q] [-a]\n ",
460	"[-c count] [-A length] ",	478	"[-c count] [-A length] ",
461	"[-m append\|replace\|forward\|discard]\n",	479	"[-m append\|replace\|forward\|discard]\n",
		480	"[-u user] [-j chroot-dir]\n",
462	" [server1 [... serverN]]");	481	" [server1 [... serverN]]");
463	}	482	}
464		483

Lines 103-108 dhcpd.leases.man5: dhcpd.leases.5 Link Here

(-)a/server/Makefile.dist (-1 / +1 lines)
103	-e "s#RUNDIR#$(VARRUN)#g" < dhcpd.leases.5 >dhcpd.leases.man5	103	-e "s#RUNDIR#$(VARRUN)#g" < dhcpd.leases.5 >dhcpd.leases.man5
104		104
105	dhcpd: $(OBJS) $(COBJ) $(DHCPLIB)	105	dhcpd: $(OBJS) $(COBJ) $(DHCPLIB)
106	$(CC) $(LFLAGS) -o dhcpd $(OBJS) $(DHCPLIB) $(LIBS)	106	$(CC) -pie $(LFLAGS) -o dhcpd $(OBJS) $(DHCPLIB) $(LIBS) -lcap
107		107
108	# Dependencies (semi-automatically-generated)	108	# Dependencies (semi-automatically-generated)

Lines 1013-1022 void parse_failover_peer (cfile, group, type) Link Here

(-)a/server/confpars.c (-2 / +5 lines)
1013	parse_warn (cfile, "peer address may not be omitted");	1013	parse_warn (cfile, "peer address may not be omitted");
1014		1014
1015	/* XXX - when/if we get a port number assigned, just set as default */	1015	/* XXX - when/if we get a port number assigned, just set as default */
		1016	/* See http://bugzilla.redhat.com/show_bug.cgi?id=167292
		1017	* IANA registration by Bernard Volz <volz at cisco.com>
		1018	*/
1016	if (!peer -> me.port)	1019	if (!peer -> me.port)
1017	parse_warn (cfile, "local port may not be omitted");	1020	peer -> me.port = 647;
1018	if (!peer -> partner.port)	1021	if (!peer -> partner.port)
1019	parse_warn (cfile, "peer port may not be omitted");	1022	peer -> partner.port = 847;
1020		1023
1021	if (peer -> i_am == primary) {	1024	if (peer -> i_am == primary) {
1022	if (!peer -> hba) {	1025	if (!peer -> hba) {

Lines 499-505 int ddns_updates (struct packet *packet, Link Here

(-)a/server/ddns.c (-2 / +2 lines)
499	ddns_rev_name.data = ddns_rev_name.buffer -> data;	499	ddns_rev_name.data = ddns_rev_name.buffer -> data;
500		500
501	/* %Audit% Cannot exceed 17 bytes. %2004.06.17,Safe% */	501	/* %Audit% Cannot exceed 17 bytes. %2004.06.17,Safe% */
502	sprintf ((char *)ddns_rev_name.buffer -> data,	502	snprintf ((char *)ddns_rev_name.buffer -> data, 17,
503	"%u.%u.%u.%u.",	503	"%u.%u.%u.%u.",
504	lease -> ip_addr . iabuf[3] & 0xff,	504	lease -> ip_addr . iabuf[3] & 0xff,
505	lease -> ip_addr . iabuf[2] & 0xff,	505	lease -> ip_addr . iabuf[2] & 0xff,
Lines 721-727 int ddns_removals (struct lease *lease) Link Here
721	try_rev:	721	try_rev:
722	if (find_bound_string (&ddns_rev_name,	722	if (find_bound_string (&ddns_rev_name,
723	lease -> scope, "ddns-rev-name")) {	723	lease -> scope, "ddns-rev-name")) {
724	if (ddns_remove_ptr(&ddns_rev_name) == NOERROR) {	724	if (ddns_remove_ptr(&ddns_rev_name) == (isc_result_t) NOERROR) {
725	unset (lease -> scope, "ddns-rev-name");	725	unset (lease -> scope, "ddns-rev-name");
726	if (client_updated)	726	if (client_updated)
727	unset (lease -> scope,	727	unset (lease -> scope,

Lines 81-87 void dhcp (packet) Link Here

(-)a/server/dhcp.c (-2 / +4 lines)
81	s = dhcp_type_names[packet->packet_type - 1];	81	s = dhcp_type_names[packet->packet_type - 1];
82	} else {	82	} else {
83	/* %Audit% Cannot exceed 28 bytes. %2004.06.17,Safe% */	83	/* %Audit% Cannot exceed 28 bytes. %2004.06.17,Safe% */
84	sprintf(typebuf, "type %d", packet->packet_type);	84	snprintf(typebuf, sizeof(typebuf), "type %d", packet->packet_type);
85	s = typebuf;	85	s = typebuf;
86	}	86	}
87		87
Lines 447-453 void dhcprequest (packet, ms_nulltp, ip_lease) Link Here
447	/* piaddr() should not return more than a 15 byte string.	447	/* piaddr() should not return more than a 15 byte string.
448	* safe.	448	* safe.
449	*/	449	*/
450	sprintf (smbuf, " (%s)", piaddr (sip));	450	snprintf (smbuf, sizeof(smbuf), " (%s)", piaddr (sip));
451	have_server_identifier = 1;	451	have_server_identifier = 1;
452	} else	452	} else
453	smbuf [0] = 0;	453	smbuf [0] = 0;
Lines 1800-1805 void ack_lease (packet, lease, offer, when, msg, ms_nulltp, hp) Link Here
1800	host_reference (&host, h, MDL);	1800	host_reference (&host, h, MDL);
1801	}	1801	}
1802	if (!host) {	1802	if (!host) {
		1803	if (hp)
		1804	host_dereference (&hp, MDL);
1803	find_hosts_by_haddr (&hp,	1805	find_hosts_by_haddr (&hp,
1804	packet -> raw -> htype,	1806	packet -> raw -> htype,
1805	packet -> raw -> chaddr,	1807	packet -> raw -> chaddr,

Lines 74-79 dhcpd - Dynamic Host Configuration Protocol Server Link Here

(-)a/server/dhcpd.8 (+19 lines)
74	.I trace-playback-file	74	.I trace-playback-file
75	]	75	]
76	[	76	[
		77	.B -u
		78	.I user
		79	]
		80	[
		81	.B -j
		82	.I chroot-dir
		83	]
		84	[
77	.I if0	85	.I if0
78	[	86	[
79	.I ...ifN	87	.I ...ifN
Lines 239-244 using the \fB-lf\fR switch, so that the DHCP server doesn't wipe out Link Here
239	your existing lease file with its test data. The DHCP server will	247	your existing lease file with its test data. The DHCP server will
240	refuse to operate in playback mode unless you specify an alternate	248	refuse to operate in playback mode unless you specify an alternate
241	lease file.	249	lease file.
		250	.PP
		251	Upon startup, this version of the DHCP server will switch to a non-root
		252	pseudo-user and enter a chroot jail. The default username (\fIdhcpd\fR)
		253	and the default chroot jail directory path (\fI/var/lib/dhcp/dhcpd\fR)
		254	may be overridden with the \fB-u\fR and \fB-j\fR options, respectively.
		255	.PP
242	.SH CONFIGURATION	256	.SH CONFIGURATION
243	The syntax of the dhcpd.conf(5) file is discussed separately. This	257	The syntax of the dhcpd.conf(5) file is discussed separately. This
244	section should be used as an overview of the configuration process,	258	section should be used as an overview of the configuration process,
Lines 746-748 Consortium. Version 3 of the DHCP server was funded by Nominum, Inc. Link Here
746	Information about Internet Systems Consortium is available at	760	Information about Internet Systems Consortium is available at
747	.B http://www.isc.org/\fR.	761	.B http://www.isc.org/\fR.
748	Information about Nominum can be found at \fBhttp://www.nominum.com/\fR.	762	Information about Nominum can be found at \fBhttp://www.nominum.com/\fR.
		763	.PP
		764	This version of dhcpd has been modified for ALT Linux
		765	.RB ( http://www.altlinux.com/ ).
		766	In particular, the privilege reduction functionality and the \fB-u\fR
		767	and \fB-j\fR options are Openwall/ALT Linux extensions.

Lines 226-231 Link Here

(-)a/server/dhcpd.c (-32 / +48 lines)
226	char traceinfile = (char )0;	226	char traceinfile = (char )0;
227	char traceoutfile = (char )0;	227	char traceoutfile = (char )0;
228	#endif	228	#endif
		229	char *server_user = "dhcpd";
		230	char *server_jail = "/var/lib/dhcp/dhcpd";
229		231
230	/* Make sure that file descriptors 0 (stdin), 1, (stdout), and	232	/* Make sure that file descriptors 0 (stdin), 1, (stdout), and
231	2 (stderr) are open. To do this, we assume that when we	233	2 (stderr) are open. To do this, we assume that when we
Lines 235-244 Link Here
235	fd = open("/dev/null", O_RDWR);	237	fd = open("/dev/null", O_RDWR);
236	if (fd == 1)	238	if (fd == 1)
237	fd = open("/dev/null", O_RDWR);	239	fd = open("/dev/null", O_RDWR);
238	if (fd == 2)	240	if (fd == 2) {
		241	fd = open ("/dev/null", O_RDWR);
239	log_perror = 0; /* No sense logging to /dev/null. */	242	log_perror = 0; /* No sense logging to /dev/null. */
240	else if (fd != -1)	243	}
241	close(fd);	244	if (fd < 0)
		245	log_fatal ("Can't open %s: %m", "/dev/null");
242		246
243	/* Set up the client classification system. */	247	/* Set up the client classification system. */
244	classification_setup ();	248	classification_setup ();
Lines 319-324 int main (argc, argv, envp) Link Here
319	} else if (!strcmp (argv [i], "-q")) {	324	} else if (!strcmp (argv [i], "-q")) {
320	quiet = 1;	325	quiet = 1;
321	quiet_interface_discovery = 1;	326	quiet_interface_discovery = 1;
		327	} else if (!strcmp (argv [i], "-u")) {
		328	if (++i == argc)
		329	usage();
		330	server_user = argv[i];
		331	} else if (!strcmp (argv [i], "-j")) {
		332	if (++i == argc)
		333	usage();
		334	server_jail = argv[i];
322	} else if (!strcmp (argv [i], "--version")) {	335	} else if (!strcmp (argv [i], "--version")) {
323	log_info ("isc-dhcpd-%s", DHCP_VERSION);	336	log_info ("isc-dhcpd-%s", DHCP_VERSION);
324	exit (0);	337	exit (0);
Lines 366-374 int main (argc, argv, envp) Link Here
366		379
367	if (!quiet) {	380	if (!quiet) {
368	log_info ("%s %s", message, DHCP_VERSION);	381	log_info ("%s %s", message, DHCP_VERSION);
369	log_info (copyright);	382	log_info ("%s", copyright);
370	log_info (arr);	383	log_info ("%s", arr);
371	log_info (url);	384	log_info ("%s", url);
372	} else {	385	} else {
373	quiet = 0;	386	quiet = 0;
374	log_perror = 0;	387	log_perror = 0;
Lines 498-509 int main (argc, argv, envp) Link Here
498		511
499	group_write_hook = group_writer;	512	group_write_hook = group_writer;
500		513
501	/* Start up the database... */
502	db_startup (lftest);
503
504	if (lftest)
505	exit (0);
506
507	/* Discover all the network interfaces and initialize them. */	514	/* Discover all the network interfaces and initialize them. */
508	discover_interfaces (DISCOVER_SERVER);	515	discover_interfaces (DISCOVER_SERVER);
509		516
Lines 524-530 int main (argc, argv, envp) Link Here
524	#if defined (TRACING)	531	#if defined (TRACING)
525	trace_seed_stash (trace_srandom, seed + cur_time);	532	trace_seed_stash (trace_srandom, seed + cur_time);
526	#endif	533	#endif
527	postdb_startup ();
528		534
529	#ifndef DEBUG	535	#ifndef DEBUG
530	if (daemon) {	536	if (daemon) {
Lines 555-568 int main (argc, argv, envp) Link Here
555		561
556	/* Write new pid file. */	562	/* Write new pid file. */
557	if ((i = open(path_dhcpd_pid, O_WRONLY\|O_CREAT\|O_TRUNC, 0644)) >= 0) {	563	if ((i = open(path_dhcpd_pid, O_WRONLY\|O_CREAT\|O_TRUNC, 0644)) >= 0) {
558	sprintf(pbuf, "%d\n", (int) getpid());	564	snprintf(pbuf, sizeof(pbuf), "%d\n", (int) getpid());
559	IGNORE_RET(write(i, pbuf, strlen(pbuf)));	565	if (write(i, pbuf, strlen(pbuf)) != strlen(pbuf))
		566	log_fatal("Error writing pid file: %s: %m",
		567	path_dhcpd_pid);
560	close(i);	568	close(i);
561	} else {	569	} else {
562	log_error("Can't create PID file %s: %m.", path_dhcpd_pid);	570	log_error("Can't create PID file %s: %m.", path_dhcpd_pid);
563	}	571	}
564		572
565		573
		574	dhcpd_priv_minimize (server_user, server_jail);
		575
566	/* If we were requested to log to stdout on the command line,	576	/* If we were requested to log to stdout on the command line,
567	keep doing so; otherwise, stop. */	577	keep doing so; otherwise, stop. */
568	if (log_perror == -1)	578	if (log_perror == -1)
Lines 569-587 Link Here
569		569
570	if (daemon) {	570	if (daemon) {
571	/* Become session leader and get pid... */	571	/* Become session leader and get pid... */
		572	if (dup2 (fd, 0) != 0 \|\|
		573	dup2 (fd, 1) != 1 \|\|
		574	dup2 (fd, 2) != 2)
		575	log_fatal("Can't daemonize: %m");
		576	close (fd);
		577	fd = -1;
572	pid = setsid();	578	pid = setsid();
573
574	/* Close standard I/O descriptors. */
575	close(0);
576	close(1);
577	close(2);
578
579	/* Reopen them on /dev/null. */
580	open("/dev/null", O_RDWR);
581	open("/dev/null", O_RDWR);
582	open("/dev/null", O_RDWR);
583	log_perror = 0; /* No sense logging to /dev/null. */
584	}	579	}
		580
		581	/* Start up the database... */
		582	db_startup (lftest);
		583
		584	if (lftest)
		585	exit (0);
		586
		587	postdb_startup ();
		588
		589	dhcpd_priv_drop (server_user, server_jail);
		590
585	#endif /* !DEBUG */	591	#endif /* !DEBUG */
586		592
587	#if defined (DEBUG_MEMORY_LEAKAGE) \|\| defined (DEBUG_MALLOC_POOL) \|\| \	593	#if defined (DEBUG_MEMORY_LEAKAGE) \|\| defined (DEBUG_MALLOC_POOL) \|\| \
Lines 788-796 void postconf_initialization (int quiet) Link Here
788	log_perror = 0;	812	log_perror = 0;
789	log_info ("%s %s",	813	log_info ("%s %s",
790	message, DHCP_VERSION);	814	message, DHCP_VERSION);
791	log_info (copyright);	815	log_info ("%s", copyright);
792	log_info (arr);	816	log_info ("%s", arr);
793	log_info (url);	817	log_info ("%s", url);
794	log_perror = tmp;	818	log_perror = tmp;
795	}	819	}
796	} else	820	} else
Lines 862-872 void postdb_startup (void) Link Here
862	static void usage ()	886	static void usage ()
863	{	887	{
864	log_info ("%s %s", message, DHCP_VERSION);	888	log_info ("%s %s", message, DHCP_VERSION);
865	log_info (copyright);	889	log_info ("%s", copyright);
866	log_info (arr);	890	log_info ("%s", arr);
867		891
868	log_fatal ("Usage: dhcpd [-p <UDP port #>] [-d] [-f]%s%s%s%s",	892	log_fatal ("Usage: dhcpd [-p <UDP port #>] [-d] [-f]%s%s%s%s%s",
869	"\n [-cf config-file] [-lf lease-file]",	893	"\n [-cf config-file] [-lf lease-file]",
		894	"\n [-u user] [-j chroot-dir]",
870	#if defined (TRACING)	895	#if defined (TRACING)
871	"\n [-tf trace-output-file]",	896	"\n [-tf trace-output-file]",
872	"\n [-play trace-input-file]",	897	"\n [-play trace-input-file]",




failover peer "foo" {
  primary;
  address anthrax.rc.vix.com;
  port 647;
  peer address trantor.rc.vix.com;
  peer port 847;
  max-response-delay 60;
  max-unacked-updates 10;
  mclt 3600;

.B port \fIport-number\fR\fB;\fR
.PP
The \fBport\fR statement declares the TCP port on which the server
should listen for connections from its failover peer.
may not currently be omitted, because the failover protocol does not
yet have a reserved TCP port number.
.RE
.PP
The 

.PP
The \fBpeer port\fR statement declares the TCP port to which the
server should connect to reach its failover peer for failover
messages.  The port number declared in the \fBpeer port\fR statement
may be the same as the port number declared in the \fBport\fR statement.
number declared in the \fBpeer port\fR statement may be the same as
the port number declared in the \fBport\fR statement.
.RE
.PP
The 

operating systems - consult the \fIsyslog.conf\fR manual page to be
sure.  To get syslog to start logging to the new file, you must first
create the file with correct ownership and permissions (usually, the
same owner and permissions of your /var/log/messages
file should be fine) and send a SIGHUP to syslogd.
Some systems support log rollover using a shell script or program
called newsyslog or logrotate, and you may be able to configure this
as well so that your log file doesn't grow uncontrollably.

The \fInext-server\fR statement is used to specify the host address of
the server from which the initial boot file (specified in the
\fIfilename\fR statement) is to be loaded.   \fIServer-name\fR should
be a numeric IP address or a domain name.  If no \fInext-server\fR
statement applies to a given client, the address 0.0.0.0 is used.
.RE
.PP
The




			val = va_arg (va, unsigned);
#if defined (DEBUG_FAILOVER_MESSAGES)
			/* %Audit% Cannot exceed 24 bytes. %2004.06.17,Safe% */
			snprintf (tbuf, sizeof(tbuf), " %d", val);
			failover_print (obuf, obufix, obufmax, tbuf);
#endif
			option.data [i + 4] = val;

				
#if defined (DEBUG_FAILOVER_MESSAGES)
			/*%Audit% Cannot exceed 17 bytes.  %2004.06.17,Safe%*/
			snprintf (tbuf, sizeof(tbuf), " %u.%u.%u.%u",
				  iaddr [0], iaddr [1], iaddr [2], iaddr [3]);
			failover_print (obuf, obufix, obufmax, tbuf);
#endif

			val = va_arg (va, unsigned);
#if defined (DEBUG_FAILOVER_MESSAGES)
			/*%Audit% Cannot exceed 24 bytes.  %2004.06.17,Safe%*/
			snprintf (tbuf, sizeof(tbuf), " %d", val);
			failover_print (obuf, obufix, obufmax, tbuf);
#endif
			putULong (&option.data [4 + i * 4], val);

#if defined (DEBUG_FAILOVER_MESSAGES)
		for (i = 0; i < count; i++) {
			/* 23 bytes plus nul, safe. */
			snprintf (tbuf, sizeof(tbuf), " %d", bval [i]);
			failover_print (obuf, obufix, obufmax, tbuf);
		}
#endif

#if defined (DEBUG_FAILOVER_MESSAGES)
		for (i = 4; i < size; i++) {
			/*%Audit% Cannot exceed 24 bytes. %2004.06.17,Safe%*/
			snprintf (tbuf, sizeof(tbuf), " %d", option.data [i]);
			failover_print (obuf, obufix, obufmax, tbuf);
		}
#endif

			val = va_arg (va, u_int32_t);
#if defined (DEBUG_FAILOVER_MESSAGES)
			/*%Audit% Cannot exceed 24 bytes. %2004.06.17,Safe%*/
			snprintf (tbuf, sizeof(tbuf), " %d", val);
			failover_print (obuf, obufix, obufmax, tbuf);
#endif
			putUShort (&option.data [4 + i * 2], val);

Lines 1186-1192 isc_result_t dhcp_host_signal_handler (omapi_object_t *h, Link Here

(-)a/server/omapi.c (-1 / +1 lines)
1186		1186
1187	if (!host -> name) {	1187	if (!host -> name) {
1188	char hnbuf [64];	1188	char hnbuf [64];
1189	sprintf (hnbuf, "nh%08lx%08lx",	1189	snprintf (hnbuf, sizeof(hnbuf), "nh%08lx%08lx",
1190	(unsigned long)cur_time, (unsigned long)host);	1190	(unsigned long)cur_time, (unsigned long)host);
1191	host -> name = dmalloc (strlen (hnbuf) + 1, MDL);	1191	host -> name = dmalloc (strlen (hnbuf) + 1, MDL);
1192	if (!host -> name)	1192	if (!host -> name)

Return to bug 26309

Lines 4798-4803 int parse_X (cfile, buf, max) Link Here

(-)a/common/parse.c (-6 / +25 lines)
4798	return len;	4798	return len;
4799	}	4799	}
4800		4800
		4801	static ssize_t
		4802	write_loop (int fd, const char *buffer, size_t count)
		4803	{
		4804	ssize_t offset = 0;
		4805
		4806	while (count > 0)
		4807	{
		4808	ssize_t block = write (fd, &buffer[offset], count);
		4809
		4810	if (block < 0 && errno == EINTR)
		4811	continue;
		4812	if (block <= 0)
		4813	return offset ? : block;
		4814	offset += block;
		4815	count -= block;
		4816	}
		4817	return offset;
		4818	}
		4819
4801	int parse_warn (struct parse cfile, const char fmt, ...)	4820	int parse_warn (struct parse cfile, const char fmt, ...)
4802	{	4821	{
4803	va_list list;	4822	va_list list;
Lines 4838-4851 int parse_warn (struct parse cfile, const char fmt, ...) Link Here
4838	#endif	4857	#endif
4839		4858
4840	if (log_perror) {	4859	if (log_perror) {
4841	IGNORE_RET(write(STDERR_FILENO, mbuf, strlen (mbuf)));	4860	IGNORE_RET(write_loop (STDERR_FILENO, mbuf, strlen (mbuf)));
4842	IGNORE_RET(write(STDERR_FILENO, "\n", 1));	4861	IGNORE_RET(write_loop (STDERR_FILENO, "\n", 1));
4843	IGNORE_RET(write(STDERR_FILENO, cfile -> token_line,	4862	IGNORE_RET(write_loop (STDERR_FILENO, cfile -> token_line,
4844	strlen (cfile -> token_line)));	4863	strlen (cfile -> token_line)));
4845	IGNORE_RET(write(STDERR_FILENO, "\n", 1));	4864	IGNORE_RET(write_loop (STDERR_FILENO, "\n", 1));
4846	if (cfile -> lexchar < 81)	4865	if (cfile -> lexchar < 81)
4847	IGNORE_RET(write(STDERR_FILENO, lexbuf, lix));	4866	IGNORE_RET(write_loop (STDERR_FILENO, lexbuf, lix));
4848	IGNORE_RET(write(STDERR_FILENO, "^\n", 2));	4867	IGNORE_RET(write_loop (STDERR_FILENO, "^\n", 2));
4849	}	4868	}
4850		4869
4851	cfile -> warnings_occurred = 1;	4870	cfile -> warnings_occurred = 1;

Lines 738-745 int evaluate_dns_expression (result, packet, lease, client_state, in_options, Link Here

(-)a/common/tree.c (-9 / +9 lines)
738	(*result) -> r_data =	738	(*result) -> r_data =
739	(*result) -> r_data_ephem;	739	(*result) -> r_data_ephem;
740	/%Audit% 16 bytes max. %2004.06.17,Safe%/	740	/%Audit% 16 bytes max. %2004.06.17,Safe%/
741	sprintf ((char )(result) -> r_data_ephem,	741	snprintf ((char )(result) -> r_data_ephem,
742	"%u.%u.%u.%u",	742	16, "%u.%u.%u.%u",
743	data.data [0] & 0xff,	743	data.data [0] & 0xff,
744	data.data [1] & 0xff,	744	data.data [1] & 0xff,
745	data.data [2] & 0xff,	745	data.data [2] & 0xff,
Lines 3428-3434 int write_expression (file, expr, col, indent, firstp) Link Here
3428	col = write_expression (file, expr -> data.extract_int,	3428	col = write_expression (file, expr -> data.extract_int,
3429	col, indent, 1);	3429	col, indent, 1);
3430	col = token_print_indent (file, col, scol, "", " ", ",");	3430	col = token_print_indent (file, col, scol, "", " ", ",");
3431	sprintf (obuf, "%d", width);	3431	snprintf (obuf, sizeof(obuf), "%d", width);
3432	col = token_print_indent (file, col, scol, " ", "", obuf);	3432	col = token_print_indent (file, col, scol, " ", "", obuf);
3433	col = token_print_indent (file, col, indent, "", "", ")");	3433	col = token_print_indent (file, col, indent, "", "", ")");
3434	break;	3434	break;
Lines 3451-3457 int write_expression (file, expr, col, indent, firstp) Link Here
3451	col = write_expression (file, expr -> data.extract_int,	3451	col = write_expression (file, expr -> data.extract_int,
3452	col, indent, 1);	3452	col, indent, 1);
3453	col = token_print_indent (file, col, scol, "", " ", ",");	3453	col = token_print_indent (file, col, scol, "", " ", ",");
3454	sprintf (obuf, "%d", width);	3454	snprintf (obuf, sizeof(obuf), "%d", width);
3455	col = token_print_indent (file, col, scol, " ", "", obuf);	3455	col = token_print_indent (file, col, scol, " ", "", obuf);
3456	col = token_print_indent (file, col, indent, "", "",	3456	col = token_print_indent (file, col, indent, "", "",
3457	")");	3457	")");
Lines 3466-3472 int write_expression (file, expr, col, indent, firstp) Link Here
3466	goto encode_int;	3466	goto encode_int;
3467		3467
3468	case expr_const_int:	3468	case expr_const_int:
3469	sprintf (obuf, "%lu", expr -> data.const_int);	3469	snprintf (obuf, sizeof(obuf), "%lu", expr -> data.const_int);
3470	col = token_print_indent (file, col, indent, "", "", obuf);	3470	col = token_print_indent (file, col, indent, "", "", obuf);
3471	break;	3471	break;
3472		3472
Lines 3615-3625 int write_expression (file, expr, col, indent, firstp) Link Here
3615	col = token_print_indent (file, col, indent, " ", "",	3615	col = token_print_indent (file, col, indent, " ", "",
3616	"(");	3616	"(");
3617	scol = col;	3617	scol = col;
3618	sprintf (obuf, "%d", expr -> data.ns_add.rrclass);	3618	snprintf (obuf, sizeof(obuf), "%d", expr -> data.ns_add.rrclass);
3619	col = token_print_indent (file, col, scol, "", "", obuf);	3619	col = token_print_indent (file, col, scol, "", "", obuf);
3620	col = token_print_indent (file, col, scol, "", " ",	3620	col = token_print_indent (file, col, scol, "", " ",
3621	",");	3621	",");
3622	sprintf (obuf, "%d", expr -> data.ns_add.rrtype);	3622	snprintf (obuf, sizeof(obuf), "%d", expr -> data.ns_add.rrtype);
3623	col = token_print_indent (file, col, scol, "", "", obuf);	3623	col = token_print_indent (file, col, scol, "", "", obuf);
3624	col = token_print_indent (file, col, scol, "", " ",	3624	col = token_print_indent (file, col, scol, "", " ",
3625	",");	3625	",");
Lines 3644-3654 int write_expression (file, expr, col, indent, firstp) Link Here
3644	"(");	3644	"(");
3645	finish_ns_small:	3645	finish_ns_small:
3646	scol = col;	3646	scol = col;
3647	sprintf (obuf, "%d", expr -> data.ns_add.rrclass);	3647	snprintf (obuf, sizeof(obuf), "%d", expr -> data.ns_add.rrclass);
3648	col = token_print_indent (file, col, scol, "", "", obuf);	3648	col = token_print_indent (file, col, scol, "", "", obuf);
3649	col = token_print_indent (file, col, scol, "", " ",	3649	col = token_print_indent (file, col, scol, "", " ",
3650	",");	3650	",");
3651	sprintf (obuf, "%d", expr -> data.ns_add.rrtype);	3651	snprintf (obuf, sizeof(obuf), "%d", expr -> data.ns_add.rrtype);
3652	col = token_print_indent (file, col, scol, "", "", obuf);	3652	col = token_print_indent (file, col, scol, "", "", obuf);
3653	col = token_print_indent (file, col, scol, "", " ",	3653	col = token_print_indent (file, col, scol, "", " ",
3654	",");	3654	",");

Lines 1113-1126 cgetprotobynumber(int proto) { /* Host byte order. */ Link Here

(-)a/minires/res_mkupdate.c (-4 / +4 lines)
1113		1113
1114	const char *	1114	const char *
1115	res_protocolname(int num) {	1115	res_protocolname(int num) {
1116	static char number[8];	1116	static char number[2 + sizeof(num) * 3];
1117	struct protoent *pp;	1117	struct protoent *pp;
1118		1118
1119	if (protolist == (struct valuelist *)0)	1119	if (protolist == (struct valuelist *)0)
1120	res_buildprotolist();	1120	res_buildprotolist();
1121	pp = cgetprotobynumber(num);	1121	pp = cgetprotobynumber(num);
1122	if (pp == 0) {	1122	if (pp == 0) {
1123	(void) sprintf(number, "%d", num);	1123	(void) snprintf(number, sizeof(number), "%d", num);
1124	return (number);	1124	return (number);
1125	}	1125	}
1126	return (pp->p_name);	1126	return (pp->p_name);
Lines 1128-1141 res_protocolname(int num) { Link Here
1128		1128
1129	const char *	1129	const char *
1130	res_servicename(u_int16_t port, const char proto) { / Host byte order. */	1130	res_servicename(u_int16_t port, const char proto) { / Host byte order. */
1131	static char number[8];	1131	static char number[2 + sizeof(port) * 3];
1132	struct servent *ss;	1132	struct servent *ss;
1133		1133
1134	if (servicelist == (struct valuelist *)0)	1134	if (servicelist == (struct valuelist *)0)
1135	res_buildservicelist();	1135	res_buildservicelist();
1136	ss = cgetservbyport(htons(port), proto);	1136	ss = cgetservbyport(htons(port), proto);
1137	if (ss == 0) {	1137	if (ss == 0) {
1138	(void) sprintf(number, "%d", port);	1138	(void) snprintf(number, sizeof(number), "%d", port);
1139	return (number);	1139	return (number);
1140	}	1140	}
1141	return (ss->s_name);	1141	return (ss->s_name);

Lines 3615-3621 failover_option_t *dhcp_failover_make_option (unsigned code, Link Here

(-)a/server/failover.c (-6 / +6 lines)
3615	val = va_arg (va, unsigned);	3615	val = va_arg (va, unsigned);
3616	#if defined (DEBUG_FAILOVER_MESSAGES)	3616	#if defined (DEBUG_FAILOVER_MESSAGES)
3617	/* %Audit% Cannot exceed 24 bytes. %2004.06.17,Safe% */	3617	/* %Audit% Cannot exceed 24 bytes. %2004.06.17,Safe% */
3618	sprintf (tbuf, " %d", val);	3618	snprintf (tbuf, sizeof(tbuf), " %d", val);
3619	failover_print (obuf, obufix, obufmax, tbuf);	3619	failover_print (obuf, obufix, obufmax, tbuf);
3620	#endif	3620	#endif
3621	option.data [i + 4] = val;	3621	option.data [i + 4] = val;
Lines 3635-3641 failover_option_t *dhcp_failover_make_option (unsigned code, Link Here
3635		3635
3636	#if defined (DEBUG_FAILOVER_MESSAGES)	3636	#if defined (DEBUG_FAILOVER_MESSAGES)
3637	/%Audit% Cannot exceed 17 bytes. %2004.06.17,Safe%/	3637	/%Audit% Cannot exceed 17 bytes. %2004.06.17,Safe%/
3638	sprintf (tbuf, " %u.%u.%u.%u",	3638	snprintf (tbuf, sizeof(tbuf), " %u.%u.%u.%u",
3639	iaddr [0], iaddr [1], iaddr [2], iaddr [3]);	3639	iaddr [0], iaddr [1], iaddr [2], iaddr [3]);
3640	failover_print (obuf, obufix, obufmax, tbuf);	3640	failover_print (obuf, obufix, obufmax, tbuf);
3641	#endif	3641	#endif
Lines 3648-3654 failover_option_t *dhcp_failover_make_option (unsigned code, Link Here
3648	val = va_arg (va, unsigned);	3648	val = va_arg (va, unsigned);
3649	#if defined (DEBUG_FAILOVER_MESSAGES)	3649	#if defined (DEBUG_FAILOVER_MESSAGES)
3650	/%Audit% Cannot exceed 24 bytes. %2004.06.17,Safe%/	3650	/%Audit% Cannot exceed 24 bytes. %2004.06.17,Safe%/
3651	sprintf (tbuf, " %d", val);	3651	snprintf (tbuf, sizeof(tbuf), " %d", val);
3652	failover_print (obuf, obufix, obufmax, tbuf);	3652	failover_print (obuf, obufix, obufmax, tbuf);
3653	#endif	3653	#endif
3654	putULong (&option.data [4 + i * 4], val);	3654	putULong (&option.data [4 + i * 4], val);
Lines 3661-3667 failover_option_t *dhcp_failover_make_option (unsigned code, Link Here
3661	#if defined (DEBUG_FAILOVER_MESSAGES)	3661	#if defined (DEBUG_FAILOVER_MESSAGES)
3662	for (i = 0; i < count; i++) {	3662	for (i = 0; i < count; i++) {
3663	/* 23 bytes plus nul, safe. */	3663	/* 23 bytes plus nul, safe. */
3664	sprintf (tbuf, " %d", bval [i]);	3664	snprintf (tbuf, sizeof(tbuf), " %d", bval [i]);
3665	failover_print (obuf, obufix, obufmax, tbuf);	3665	failover_print (obuf, obufix, obufmax, tbuf);
3666	}	3666	}
3667	#endif	3667	#endif
Lines 3699-3705 failover_option_t *dhcp_failover_make_option (unsigned code, Link Here
3699	#if defined (DEBUG_FAILOVER_MESSAGES)	3699	#if defined (DEBUG_FAILOVER_MESSAGES)
3700	for (i = 4; i < size; i++) {	3700	for (i = 4; i < size; i++) {
3701	/%Audit% Cannot exceed 24 bytes. %2004.06.17,Safe%/	3701	/%Audit% Cannot exceed 24 bytes. %2004.06.17,Safe%/
3702	sprintf (tbuf, " %d", option.data [i]);	3702	snprintf (tbuf, sizeof(tbuf), " %d", option.data [i]);
3703	failover_print (obuf, obufix, obufmax, tbuf);	3703	failover_print (obuf, obufix, obufmax, tbuf);
3704	}	3704	}
3705	#endif	3705	#endif
Lines 3710-3716 failover_option_t *dhcp_failover_make_option (unsigned code, Link Here
3710	val = va_arg (va, u_int32_t);	3710	val = va_arg (va, u_int32_t);
3711	#if defined (DEBUG_FAILOVER_MESSAGES)	3711	#if defined (DEBUG_FAILOVER_MESSAGES)
3712	/%Audit% Cannot exceed 24 bytes. %2004.06.17,Safe%/	3712	/%Audit% Cannot exceed 24 bytes. %2004.06.17,Safe%/
3713	sprintf (tbuf, " %d", val);	3713	snprintf (tbuf, sizeof(tbuf), " %d", val);
3714	failover_print (obuf, obufix, obufmax, tbuf);	3714	failover_print (obuf, obufix, obufmax, tbuf);
3715	#endif	3715	#endif
3716	putUShort (&option.data [4 + i * 2], val);	3716	putUShort (&option.data [4 + i * 2], val);

Lines 33-39 all: Link Here

(-)a/Makefile (-7 / +7 lines)
33	if [ ! -d work.$$sysname ]; then \	33	if [ ! -d work.$$sysname ]; then \
34	echo No build directory for $$sysname - please run ./configure.; \	34	echo No build directory for $$sysname - please run ./configure.; \
35	else \	35	else \
36	(cd work.$$sysname; make all); \	36	$(MAKE) -C work.$$sysname all; \
37	fi	37	fi
38		38
39	install:	39	install:
Lines 41-47 install: Link Here
41	if [ ! -d work.$$sysname ]; then \	41	if [ ! -d work.$$sysname ]; then \
42	echo No build directory for $$sysname - please run ./configure.; \	42	echo No build directory for $$sysname - please run ./configure.; \
43	else \	43	else \
44	(cd work.$$sysname; make install); \	44	$(MAKE) -C work.$$sysname install; \
45	fi	45	fi
46		46
47	depend:	47	depend:
Lines 49-55 depend: Link Here
49	if [ ! -d work.$$sysname ]; then \	49	if [ ! -d work.$$sysname ]; then \
50	echo No build directory for $$sysname - please run ./configure.; \	50	echo No build directory for $$sysname - please run ./configure.; \
51	else \	51	else \
52	(cd work.$$sysname; make depend); \	52	$(MAKE) -C work.$$sysname depend; \
53	fi	53	fi
54		54
55	clean:	55	clean:
Lines 57-63 clean: Link Here
57	if [ ! -d work.$$sysname ]; then \	57	if [ ! -d work.$$sysname ]; then \
58	echo No build directory for $$sysname - please run ./configure.; \	58	echo No build directory for $$sysname - please run ./configure.; \
59	else \	59	else \
60	(cd work.$$sysname; make clean); \	60	$(MAKE) -C work.$$sysname clean; \
61	fi	61	fi
62		62
63	realclean:	63	realclean:
Lines 65-71 realclean: Link Here
65	if [ ! -d work.$$sysname ]; then \	65	if [ ! -d work.$$sysname ]; then \
66	echo No build directory for $$sysname - please run ./configure.; \	66	echo No build directory for $$sysname - please run ./configure.; \
67	else \	67	else \
68	(cd work.$$sysname; make realclean); \	68	$(MAKE) -C work.$$sysname realclean; \
69	fi	69	fi
70		70
71	distclean:	71	distclean:
Lines 73-79 distclean: Link Here
73	if [ ! -d work.$$sysname ]; then \	73	if [ ! -d work.$$sysname ]; then \
74	echo No build directory for $$sysname - please run ./configure.; \	74	echo No build directory for $$sysname - please run ./configure.; \
75	else \	75	else \
76	(cd work.$$sysname; make distclean); \	76	$(MAKE) -C work.$$sysname distclean; \
77	fi	77	fi
78		78
79	links:	79	links:
Lines 81-86 links: Link Here
81	if [ ! -d work.$$sysname ]; then \	81	if [ ! -d work.$$sysname ]; then \
82	echo No build directory for $$sysname - please run ./configure.; \	82	echo No build directory for $$sysname - please run ./configure.; \
83	else \	83	else \
84	(cd work.$$sysname; make links); \	84	$(MAKE) -C work.$$sysname links; \
85	fi	85	fi
86		86

Lines 1-6 Link Here

(-)a/README (+16 lines)
1	Internet Systems Consortium DHCP Distribution	1	Internet Systems Consortium DHCP Distribution
2	Version 3.1-ESV-R3	2	Version 3.1-ESV-R3
3	July 27, 2011	3	July 27, 2011
		4	(with modifications for ALT Linux)
4		5
5	README FILE	6	README FILE
6		7
Lines 458-463 for AIX would be welcome. Link Here
458		459
459	SUPPORT	460	SUPPORT
460		461
		462	Please note the following before requesting help:
		463
		464	This software is a part of the Internet Software Consortium's DHCP suite
		465	with modifications for ALT Linux.
		466	The ISC folks quite reasonably require that you do not bother them with
		467	questions on software that includes third-party modifications and might
		468	not be based off their latest code. Hence, please direct any questions
		469	to the community@ mailing list instead; the subscription instructions
		470	are given at http://lists.altlinux.org/mailman/listinfo/community .
		471
		472	The rest of this section describes the ISC's original guidelines on
		473	requesting support and/or reporting bugs. These will only apply to
		474	you if you reproduce your problem on the latest version of ISC's DHCP
		475	suite as available from ftp://ftp.isc.org .
		476
461	The Internet Systems Consortium DHCP server is developed and distributed	477	The Internet Systems Consortium DHCP server is developed and distributed
462	by ISC in the public trust, thanks to the generous donations of its	478	by ISC in the public trust, thanks to the generous donations of its
463	sponsors. ISC now also offers commercial quality support contracts for	479	sponsors. ISC now also offers commercial quality support contracts for

Lines 262-270 int main (argc, argv, envp) Link Here

(-)a/client/dhclient.c (-8 / +14 lines)
262		262
263	if (!quiet) {	263	if (!quiet) {
264	log_info ("%s %s", message, DHCP_VERSION);	264	log_info ("%s %s", message, DHCP_VERSION);
265	log_info (copyright);	265	log_info ("%s", copyright);
266	log_info (arr);	266	log_info ("%s", arr);
267	log_info (url);	267	log_info ("%s", url);
268	log_info ("%s", "");	268	log_info ("%s", "");
269	} else	269	} else
270	log_perror = 0;	270	log_perror = 0;
Lines 470-478 int main (argc, argv, envp) Link Here
470	static void usage ()	470	static void usage ()
471	{	471	{
472	log_info ("%s %s", message, DHCP_VERSION);	472	log_info ("%s %s", message, DHCP_VERSION);
473	log_info (copyright);	473	log_info ("%s", copyright);
474	log_info (arr);	474	log_info ("%s", arr);
475	log_info (url);	475	log_info ("%s", url);
476		476
477	log_error ("Usage: dhclient [-1dqr] [-nw] [-p <port>] %s",	477	log_error ("Usage: dhclient [-1dqr] [-nw] [-p <port>] %s",
478	"[-s server]");	478	"[-s server]");
Lines 1092-1098 void dhcpoffer (packet) Link Here
1092	return;	1092	return;
1093	}	1093	}
1094		1094
1095	sprintf (obuf, "%s from %s", name, piaddr (packet -> client_addr));	1095	snprintf (obuf, sizeof(obuf),
		1096	"%s from %s", name, piaddr (packet -> client_addr));
1096		1097
1097		1098
1098	/* If this lease doesn't supply the minimum required parameters,	1099	/* If this lease doesn't supply the minimum required parameters,
Lines 2648-2654 void client_envadd (struct client_state *client, Link Here
2648	{	2656	{
2649	char spbuf [1024];	2657	char spbuf [1024];
2650	char *s;	2658	char *s;
2651	unsigned len, i;	2659	int len;
2652	struct string_list *val;	2660	struct string_list *val;
2653	va_list list;	2661	va_list list;
2654		2662
Lines 2656-2661 void client_envadd (struct client_state *client, Link Here
2656	len = vsnprintf (spbuf, sizeof spbuf, fmt, list);	2664	len = vsnprintf (spbuf, sizeof spbuf, fmt, list);
2657	va_end (list);	2665	va_end (list);
2658		2666
		2667	/* Handle truncation on glibc 2.0.x or possible unexpected errors on others;
		2668	* avoid integer overflow in the addition below. */
		2669	if (len < 0 \|\| len > 0x3fffffff)
		2670	return;
		2671
2659	val = dmalloc (strlen (prefix) + strlen (name) + 1 /* = */ +	2672	val = dmalloc (strlen (prefix) + strlen (name) + 1 /* = */ +
2660	len + sizeof *val, MDL);	2673	len + sizeof *val, MDL);
2661	if (!val)	2674	if (!val)

Lines 1-8 Link Here

(-)a/client/scripts/linux (-29 / +34 lines)
1	#!/bin/bash	1	#!/bin/bash
2	# dhclient-script for Linux. Dan Halbert, March, 1997.	2	# dhclient-script for Linux. Dan Halbert, March, 1997.
3	# Updated for Linux 2.[12] by Brian J. Murrell, January 1999.	3	# Updated for Linux 2.[12] by Brian J. Murrell, January 1999.
4	# No guarantees about this. I'm a novice at the details of Linux
5	# networking.
6		4
7	# Notes:	5	# Notes:
8		6
Lines 19-44 Link Here
19	# address if it is not supplied. This might be much more easily done	19	# address if it is not supplied. This might be much more easily done
20	# by the dhclient C code, and passed on.	20	# by the dhclient C code, and passed on.
21		21
22	# 4. TIMEOUT not tested. ping has a flag I don't know, and I'm suspicious
23	# of the $1 in its args.
24
25	make_resolv_conf() {	22	make_resolv_conf() {
26	if [ x"$new_domain_name_servers" != x ]; then	23	if [ -n "$new_domain_name" ] \|\| [ -n "$new_domain_name_servers" ]; then
27	cat /dev/null > /etc/resolv.conf.dhclient	24	echo '; generated by /sbin/dhclient-script' > /etc/resolv.conf
28	chmod 644 /etc/resolv.conf.dhclient	25	chmod 644 /etc/resolv.conf
29	if [ x"$new_domain_search" != x ]; then	26	if [ -n "$new_domain_name" ]; then
30	echo search $new_domain_search >> /etc/resolv.conf.dhclient	27	echo search $new_domain_name >> /etc/resolv.conf
31	elif [ x"$new_domain_name" != x ]; then
32	# Note that the DHCP 'Domain Name Option' is really just a domain
33	# name, and that this practice of using the domain name option as
34	# a search path is both nonstandard and deprecated.
35	echo search $new_domain_name >> /etc/resolv.conf.dhclient
36	fi	28	fi
37	for nameserver in $new_domain_name_servers; do	29	for nameserver in $new_domain_name_servers; do
38	echo nameserver $nameserver >>/etc/resolv.conf.dhclient	30	echo nameserver $nameserver >>/etc/resolv.conf
39	done	31	done
40
41	mv /etc/resolv.conf.dhclient /etc/resolv.conf
42	fi	32	fi
43	}	33	}
44		34
Lines 53-58 if [ -f /etc/dhclient-enter-hooks ]; then Link Here
53	fi	51	fi
54	fi	52	fi
55		53
		54	cd /etc/sysconfig/network-scripts
		55	. /etc/sysconfig/network-scripts/network-functions
		56	. /etc/rc.d/init.d/functions
		57
		58	[ -f ../network ] && . ../network
		59	[ -f ../networking/network ] && . ../networking/network
		60
		61	CONFIG="ifcfg-$interface"
		62
		63	[ -f "${CONFIG}" ] \|\| {
		64	echo $"$0: configuration for $interface not found." >&2
		65	exit_with_hooks 1
		66	}
		67
		68	source_config
		69
56	release=`uname -r`	70	release=`uname -r`
57	release=`expr $release : '\(.\)\..'`	71	release=`expr $release : '\(.\)\..'`
58	relminor=`echo $release \|sed -e 's/[0-9]\.\([0-9][0-9]\)\(\..\)$/\1/'`	72	relminor=`echo $release \|sed -e 's/[0-9]\.\([0-9][0-9]\)\(\..\)$/\1/'`
Lines 122-135 Link Here
122		122
123	if [ x$reason = xBOUND ] \|\| [ x$reason = xRENEW ] \|\| \	123	if [ x$reason = xBOUND ] \|\| [ x$reason = xRENEW ] \|\| \
124	[ x$reason = xREBIND ] \|\| [ x$reason = xREBOOT ]; then	124	[ x$reason = xREBIND ] \|\| [ x$reason = xREBOOT ]; then
125	current_hostname=`hostname`	125	if [ -n "$new_host_name" ] && need_hostname; then
126	if [ x$current_hostname = x ] \|\| \	126	if need_hostname \|\| [ "`hostname`" != "$new_host_name" ]; then
127	[ x$current_hostname = "x(none)" ] \|\| \	127	hostname $new_host_name
128	[ x$current_hostname = xlocalhost ] \|\| \	128	fi
129	[ x$current_hostname = x$old_host_name ]; then
130	if [ x$new_host_name != x$old_host_name ]; then
131	hostname "$new_host_name"
132	fi
133	fi	129	fi
134		130
135	if [ x$old_ip_address != x ] && [ x$alias_ip_address != x ] && \	131	if [ x$old_ip_address != x ] && [ x$alias_ip_address != x ] && \
Lines 146-152 if [ x$reason = xBOUND ] \|\| [ x$reason = xRENEW ] \|\| \ Link Here
146	ifconfig $interface:0 inet $alias_ip_address $alias_subnet_arg	157	ifconfig $interface:0 inet $alias_ip_address $alias_subnet_arg
147	route add -host $alias_ip_address $interface:0	158	route add -host $alias_ip_address $interface:0
148	fi	159	fi
149	make_resolv_conf	160	if [ "${PEERDNS}" != "no" ]; then
		161	make_resolv_conf
		162	fi
		163
150	exit_with_hooks 0	164	exit_with_hooks 0
151	fi	165	fi
152		166
Lines 174-180 if [ x$reason = xTIMEOUT ]; then Link Here
174	ifconfig $interface inet $new_ip_address $new_subnet_arg \	188	ifconfig $interface inet $new_ip_address $new_subnet_arg \
175	$new_broadcast_arg $mtu_arg	189	$new_broadcast_arg $mtu_arg
176	set $new_routers	190	set $new_routers
177	if ping -q -c 1 $1; then	191	if ping -q -c 1 -w 10 $1; then
178	if [ x$new_ip_address != x$alias_ip_address ] && \	192	if [ x$new_ip_address != x$alias_ip_address ] && \
179	[ x$alias_ip_address != x ]; then	193	[ x$alias_ip_address != x ]; then
180	ifconfig $interface:0 inet $alias_ip_address $alias_subnet_arg	194	ifconfig $interface:0 inet $alias_ip_address $alias_subnet_arg
Lines 188-194 if [ x$reason = xTIMEOUT ]; then Link Here
188	for router in $new_routers; do	201	for router in $new_routers; do
189	route add default gw $router	202	route add default gw $router
190	done	203	done
191	make_resolv_conf	204	if [ "${PEERDNS}" != "no" ]; then
		205	make_resolv_conf
		206	fi
192	exit_with_hooks 0	207	exit_with_hooks 0
193	fi	208	fi
194	ifconfig $interface inet 0 down	209	ifconfig $interface inet 0 down

Line 0 Link Here

(-)a/common/droproot.c (+121 lines)
		1	#include "dhcpd.h"
		2	#include <unistd.h>
		3	#include <time.h>
		4	#include <pwd.h>
		5	#define group real_group
		6	#include <grp.h>
		7	#undef group
		8
		9	#include <sys/capability.h>
		10	#include <sys/prctl.h>
		11
		12	static int minimized = 0;
		13
		14	void
		15	dhcpd_priv_minimize(const char user, const char dir)
		16	{
		17	struct passwd *pw;
		18	uid_t uid;
		19	gid_t gid;
		20
		21	if (!*user)
		22	return;
		23
		24	if (!(pw = getpwnam(user)))
		25	log_fatal("Failed to lower privileges: getpwnam: %s", user);
		26
		27	uid = pw->pw_uid;
		28	gid = pw->pw_gid;
		29
		30	tzset();
		31
		32	if (initgroups(user, gid))
		33	log_fatal("Failed to lower privileges: initgroups: %s/%u: %m",
		34	user, (unsigned) gid);
		35
		36	endpwent();
		37
		38	if (*dir && (chdir(dir) \|\| chroot(".")))
		39	log_fatal("Failed to lower privileges: chroot: %s: %m", dir);
		40
		41	if (setgid(gid))
		42	log_fatal("Failed to lower privileges: setgid: %s/%u: %m",
		43	user, (unsigned) gid);
		44
		45	if (prctl(PR_SET_KEEPCAPS, 1))
		46	log_fatal("Failed to lower privileges: prctl: %m");
		47
		48	if (setreuid(uid, uid))
		49	log_fatal("Failed to lower privileges: setreuid: %s/%u: %m",
		50	user, (unsigned) uid);
		51
		52	cap_t caps = cap_from_text("cap_net_bind_service=ep");
		53
		54	if (!caps)
		55	log_fatal("Failed to lower privileges: cap_from_text: %m");
		56
		57	if (cap_set_proc(caps) < 0)
		58	log_fatal("Failed to lower privileges: cap_set_proc: %m");
		59
		60	cap_free(caps);
		61	minimized = 1;
		62	}
		63
		64	static void
65	drop_minimized(void)
66	{
67	cap_t caps = cap_from_text("all-ep");
68	if (!caps)
69	log_fatal("Failed to lower privileges: cap_from_text: %m");
70
71	if (cap_set_proc(caps) < 0)
72	log_fatal("Failed to lower privileges: cap_set_proc: %m");
73
74	cap_free(caps);
75	}
76
77	static void
78	drop_all(const char user, const char dir)
79	{
80	struct passwd *pw;
81	uid_t uid;
82	gid_t gid;
83
84	if (!(pw = getpwnam(user)))
85	log_fatal("Failed to lower privileges: getpwnam: %s", user);
86
87	uid = pw->pw_uid;
88	gid = pw->pw_gid;
89
90	tzset();
91
92	if (initgroups(user, gid))
93	log_fatal("Failed to lower privileges: initgroups: %s/%u: %m",
94	user, (unsigned) gid);
95
96	endpwent();
97
98	if (*dir && (chdir(dir) \|\| chroot(".")))
99	log_fatal("Failed to lower privileges: chroot: %s: %m", dir);
100
101	if (setgid(gid))
102	log_fatal("Failed to lower privileges: setgid: %s/%u: %m",
103	user, (unsigned) gid);
104
105	if (setuid(uid))
106	log_fatal("Failed to lower privileges: setuid: %s/%u: %m",
107	user, (unsigned) uid);
108	}
109
110
111	void
112	dhcpd_priv_drop(const char user, const char dir)
113	{
114	if (!*user)
115	return;
116
117	if (minimized)
118	drop_minimized();
119	else
120	drop_all(user, dir);
121	}

Lines 437-443 char *print_dec_1 (val) Link Here

(-)a/common/print.c (-9 / +10 lines)
437	unsigned long val;	437	unsigned long val;
438	{	438	{
439	static char vbuf [32];	439	static char vbuf [32];
440	sprintf (vbuf, "%lu", val);	440	snprintf (vbuf, sizeof(vbuf), "%lu", val);
441	return vbuf;	441	return vbuf;
442	}	442	}
443		443
Lines 445-451 char *print_dec_2 (val) Link Here
445	unsigned long val;	445	unsigned long val;
446	{	446	{
447	static char vbuf [32];	447	static char vbuf [32];
448	sprintf (vbuf, "%lu", val);	448	snprintf (vbuf, sizeof(vbuf), "%lu", val);
449	return vbuf;	449	return vbuf;
450	}	450	}
451		451
Lines 478-484 static unsigned print_subexpression (expr, buf, len) Link Here
478	case expr_check:	478	case expr_check:
479	rv = 10 + strlen (expr -> data.check -> name);	479	rv = 10 + strlen (expr -> data.check -> name);
480	if (len > rv) {	480	if (len > rv) {
481	sprintf (buf, "(check %s)",	481	snprintf (buf, len, "(check %s)",
482	expr -> data.check -> name);	482	expr -> data.check -> name);
483	return rv;	483	return rv;
484	}	484	}
Lines 585-591 static unsigned print_subexpression (expr, buf, len) Link Here
585	case expr_host_lookup:	585	case expr_host_lookup:
586	rv = 15 + strlen (expr -> data.host_lookup -> hostname);	586	rv = 15 + strlen (expr -> data.host_lookup -> hostname);
587	if (len > rv) {	587	if (len > rv) {
588	sprintf (buf, "(dns-lookup %s)",	588	snprintf (buf, len, "(dns-lookup %s)",
589	expr -> data.host_lookup -> hostname);	589	expr -> data.host_lookup -> hostname);
590	return rv;	590	return rv;
591	}	591	}
Lines 669-675 static unsigned print_subexpression (expr, buf, len) Link Here
669	rv = strlen (s) + 2 + (strlen (expr -> data.option -> name) +	669	rv = strlen (s) + 2 + (strlen (expr -> data.option -> name) +
670	strlen (expr -> data.option -> universe -> name));	670	strlen (expr -> data.option -> universe -> name));
671	if (len > rv) {	671	if (len > rv) {
672	sprintf (buf, "(option %s.%s)",	672	snprintf (buf, len, "(option %s.%s)",
673	expr -> data.option -> universe -> name,	673	expr -> data.option -> universe -> name,
674	expr -> data.option -> name);	674	expr -> data.option -> name);
675	return rv;	675	return rv;
Lines 805-811 static unsigned print_subexpression (expr, buf, len) Link Here
805	rv = 10 + (strlen (expr -> data.option -> name) +	805	rv = 10 + (strlen (expr -> data.option -> name) +
806	strlen (expr -> data.option -> universe -> name));	806	strlen (expr -> data.option -> universe -> name));
807	if (len > rv) {	807	if (len > rv) {
808	sprintf (buf, "(exists %s.%s)",	808	snprintf (buf, len, "(exists %s.%s)",
809	expr -> data.option -> universe -> name,	809	expr -> data.option -> universe -> name,
810	expr -> data.option -> name);	810	expr -> data.option -> name);
811	return rv;	811	return rv;
Lines 815-821 static unsigned print_subexpression (expr, buf, len) Link Here
815	case expr_variable_exists:	815	case expr_variable_exists:
816	rv = 10 + strlen (expr -> data.variable);	816	rv = 10 + strlen (expr -> data.variable);
817	if (len > rv) {	817	if (len > rv) {
818	sprintf (buf, "(defined %s)", expr -> data.variable);	818	snprintf (buf, len,
		819	"(defined %s)", expr -> data.variable);
819	return rv;	820	return rv;
820	}	821	}
821	break;	822	break;
Lines 823-829 static unsigned print_subexpression (expr, buf, len) Link Here
823	case expr_variable_reference:	824	case expr_variable_reference:
824	rv = strlen (expr -> data.variable);	825	rv = strlen (expr -> data.variable);
825	if (len > rv) {	826	if (len > rv) {
826	sprintf (buf, "%s", expr -> data.variable);	827	snprintf (buf, len, "%s", expr -> data.variable);
827	return rv;	828	return rv;
828	}	829	}
829	break;	830	break;
Lines 1106-1112 int token_indent_data_string (FILE *file, int col, int indent, Link Here
1106	}	1107	}
1107		1108
1108	for (i = 0; i < data -> len; i++) {	1109	for (i = 0; i < data -> len; i++) {
1109	sprintf (obuf, "%2.2x", data -> data [i]);	1110	snprintf (obuf, sizeof(obuf), "%2.2x", data -> data [i]);
1110	col = token_print_indent (file, col, indent,	1111	col = token_print_indent (file, col, indent,
1111	i == 0 ? prefix : "",	1112	i == 0 ? prefix : "",
1112	(i + 1 == data -> len	1113	(i + 1 == data -> len

Lines 440-445 dst_s_write_private_key(const DST_KEY *key) Link Here

(-)a/dst/dst_api.c (+5 lines)
440	if ((nn = fwrite(encoded_block, 1, len, fp)) != len) {	440	if ((nn = fwrite(encoded_block, 1, len, fp)) != len) {
441	EREPORT(("dst_write_private_key(): Write failure on %s %d != %d errno=%d\n",	441	EREPORT(("dst_write_private_key(): Write failure on %s %d != %d errno=%d\n",
442	file, out_len, nn, errno));	442	file, out_len, nn, errno));
		443	fclose(fp);
443	return (-5);	444	return (-5);
444	}	445	}
445	fclose(fp);	446	fclose(fp);
Lines 526-531 dst_s_read_public_key(const char *in_name, const unsigned in_id, int in_alg) Link Here
526	/* Locate and skip "KEY" */	527	/* Locate and skip "KEY" */
527	if (c != 'K' && c != 'k') {	528	if (c != 'K' && c != 'k') {
528	EREPORT(("\"KEY\" doesn't appear in file: %s", name));	529	EREPORT(("\"KEY\" doesn't appear in file: %s", name));
		530	fclose(fp);
529	return NULL;	531	return NULL;
530	}	532	}
531	while ((c = getc(fp)) != EOF)	533	while ((c = getc(fp)) != EOF)
Lines 542-553 Link Here
542	if (fscanf(fp, "%d %d %d", &flags, &proto, &alg) != 3) {	542	if (fscanf(fp, "%d %d %d", &flags, &proto, &alg) != 3) {
543	EREPORT(("dst_read_public_key(): Can not read flag/proto/alg field from %s\n"	543	EREPORT(("dst_read_public_key(): Can not read flag/proto/alg field from %s\n"
544	,name));	544	,name));
		545	fclose(fp);
545	return (NULL);	546	return (NULL);
546	}	547	}
547	/* read in the key string */	548	/* read in the key string */
548	if ((fgets(enckey, sizeof(enckey), fp) == NULL) &&	549	if ((fgets(enckey, sizeof(enckey), fp) == NULL) &&
549	(ferror(fp) != 0)) {	550	(ferror(fp) != 0)) {
550	EREPORT(("dst_read_public_kety(): Error reading key\n"));	551	EREPORT(("dst_read_public_kety(): Error reading key\n"));
		552	fclose(fp);
551	return (NULL);	553	return (NULL);
552	}	554	}
553		555
Lines 551-556 dst_s_read_public_key(const char *in_name, const unsigned in_id, int in_alg) Link Here
551	break;	558	break;
552	if (!feof(fp)) {	559	if (!feof(fp)) {
553	EREPORT(("Key too long in file: %s", name));	560	EREPORT(("Key too long in file: %s", name));
		561	fclose(fp);
554	return NULL;	562	return NULL;
555	}	563	}
556	fclose(fp);	564	fclose(fp);

Lines 51-56 void (*log_cleanup) (void); Link Here

(-)a/omapip/errwarn.c (-31 / +51 lines)
51	static char mbuf [CVT_BUF_MAX + 1];	51	static char mbuf [CVT_BUF_MAX + 1];
52	static char fbuf [CVT_BUF_MAX + 1];	52	static char fbuf [CVT_BUF_MAX + 1];
53		53
		54	static ssize_t
		55	write_loop (int fd, const char *buffer, size_t count)
		56	{
		57	ssize_t offset = 0;
		58
		59	while (count > 0)
		60	{
		61	ssize_t block = write (fd, &buffer[offset], count);
		62
		63	if (block < 0 && errno == EINTR)
		64	continue;
		65	if (block <= 0)
		66	return offset ? : block;
		67	offset += block;
		68	count -= block;
		69	}
		70	return offset;
		71	}
		72
54	/* Log an error message, then exit... */	73	/* Log an error message, then exit... */
55		74
56	void log_fatal (const char * fmt, ... )	75	void log_fatal (const char * fmt, ... )
Lines 67-99 void log_fatal (const char * fmt, ... ) Link Here
67	va_end (list);	86	va_end (list);
68		87
69	#ifndef DEBUG	88	#ifndef DEBUG
70	syslog (log_priority \| LOG_ERR, "%s", mbuf);	89	if (*mbuf)
		90	syslog (log_priority \| LOG_ERR, "%s", mbuf);
71	#endif	91	#endif
72		92
73	/* Also log it to stderr? */	93	/* Also log it to stderr? */
74	if (log_perror) {	94	if (log_perror && *mbuf) {
75	IGNORE_RET(write(STDERR_FILENO, mbuf, strlen (mbuf)));	95	IGNORE_RET(write_loop (STDERR_FILENO, mbuf, strlen (mbuf)));
76	IGNORE_RET(write(STDERR_FILENO, "\n", 1));	96	IGNORE_RET(write_loop (STDERR_FILENO, "\n", 1));
77	}	97	}
78		98
79	#if !defined (NOMINUM)	99	#if !defined (NOMINUM)
		100	log_error ("%s", "Please note the following before requesting help:");
80	log_error ("%s", "");	101	log_error ("%s", "");
81	log_error ("If you did not get this software from ftp.isc.org, please");	102	log_error ("%s", "This software is a part of the Internet Software Consortium's DHCP suite");
82	log_error ("get the latest from ftp.isc.org and install that before");	103	log_error ("%s", "with modifications for ALT Linux.");
83	log_error ("requesting help.");	104	log_error ("%s", "The ISC folks quite reasonably require that you do not bother them with");
84	log_error ("%s", "");	105	log_error ("%s", "questions on software that includes third-party modifications and might");
85	log_error ("If you did get this software from ftp.isc.org and have not");	106	log_error ("%s", "not be based off their latest code. Hence, please direct any questions");
86	log_error ("yet read the README, please read it before requesting help.");	107	log_error ("%s", "to the community@ mailing list instead; the subscription instructions");
87	log_error ("If you intend to request help from the dhcp-server@isc.org");	108	log_error ("%s", "are given at http://lists.altlinux.org/mailman/listinfo/community .");
88	log_error ("mailing list, please read the section on the README about");
89	log_error ("submitting bug reports and requests for help.");
90	log_error ("%s", "");	109	log_error ("%s", "");
91	log_error ("Please do not under any circumstances send requests for");	110	log_error ("%s", "Please also read the SUPPORT section on the README about");
92	log_error ("help directly to the authors of this software - please");	111	log_error ("%s", "submitting bug reports and requests for help.");
93	log_error ("send them to the appropriate mailing list as described in");
94	log_error ("the README file.");
95	log_error ("%s", "");	112	log_error ("%s", "");
96	log_error ("exiting.");	113	log_error ("%s", "exiting.");
97	#endif	114	#endif
98	if (log_cleanup)	115	if (log_cleanup)
99	(*log_cleanup) ();	116	(*log_cleanup) ();
Lines 116-127 int log_error (const char * fmt, ...) Link Here
116	va_end (list);	133	va_end (list);
117		134
118	#ifndef DEBUG	135	#ifndef DEBUG
119	syslog (log_priority \| LOG_ERR, "%s", mbuf);	136	if (*mbuf)
		137	syslog (log_priority \| LOG_ERR, "%s", mbuf);
120	#endif	138	#endif
121		139
122	if (log_perror) {	140	if (log_perror && *mbuf) {
123	IGNORE_RET(write(STDERR_FILENO, mbuf, strlen (mbuf)));	141	IGNORE_RET(write_loop (STDERR_FILENO, mbuf, strlen (mbuf)));
124	IGNORE_RET(write(STDERR_FILENO, "\n", 1));	142	IGNORE_RET(write_loop (STDERR_FILENO, "\n", 1));
125	}	143	}
126		144
127	return 0;	145	return 0;
Lines 143-154 int log_info (const char *fmt, ...) Link Here
143	va_end (list);	161	va_end (list);
144		162
145	#ifndef DEBUG	163	#ifndef DEBUG
146	syslog (log_priority \| LOG_INFO, "%s", mbuf);	164	if (*mbuf)
		165	syslog (log_priority \| LOG_INFO, "%s", mbuf);
147	#endif	166	#endif
148		167
149	if (log_perror) {	168	if (log_perror && *mbuf) {
150	IGNORE_RET(write(STDERR_FILENO, mbuf, strlen (mbuf)));	169	IGNORE_RET(write_loop (STDERR_FILENO, mbuf, strlen (mbuf)));
151	IGNORE_RET(write(STDERR_FILENO, "\n", 1));	170	IGNORE_RET(write_loop (STDERR_FILENO, "\n", 1));
152	}	171	}
153		172
154	return 0;	173	return 0;
Lines 170-181 int log_debug (const char *fmt, ...) Link Here
170	va_end (list);	189	va_end (list);
171		190
172	#ifndef DEBUG	191	#ifndef DEBUG
173	syslog (log_priority \| LOG_DEBUG, "%s", mbuf);	192	if (*mbuf)
		193	syslog (log_priority \| LOG_DEBUG, "%s", mbuf);
174	#endif	194	#endif
175		195
176	if (log_perror) {	196	if (log_perror && *mbuf) {
177	IGNORE_RET(write(STDERR_FILENO, mbuf, strlen (mbuf)));	197	IGNORE_RET(write_loop (STDERR_FILENO, mbuf, strlen (mbuf)));
178	IGNORE_RET(write(STDERR_FILENO, "\n", 1));	198	IGNORE_RET(write_loop (STDERR_FILENO, "\n", 1));
179	}	199	}
180		200
181	return 0;	201	return 0;
Lines 236-242 char *strerror (err) Link Here
236	static char errbuf [128];	256	static char errbuf [128];
237		257
238	if (err < 0 \|\| err >= sys_nerr) {	258	if (err < 0 \|\| err >= sys_nerr) {
239	sprintf (errbuf, "Error %d", err);	259	snprintf (errbuf, sizeof(errbuf), "Error %d", err);
240	return errbuf;	260	return errbuf;
241	}	261	}
242	return sys_errlist [err];	262	return sys_errlist [err];

Lines 230-236 isc_print_vsnprintf(char str, size_t size, const char format, va_list ap) { Link Here

(-)a/omapip/iscprint.c (-9 / +9 lines)
230	head = "";	230	head = "";
231	tmpui = tmpi;	231	tmpui = tmpi;
232	}	232	}
233	sprintf(buf, "%u", tmpui);	233	snprintf(buf, sizeof(buf), "%u", tmpui);
234	goto printint;	234	goto printint;
235	case 'o':	235	case 'o':
236	if (q)	236	if (q)
Lines 239-245 isc_print_vsnprintf(char str, size_t size, const char format, va_list ap) { Link Here
239	tmpui = va_arg(ap, long int);	239	tmpui = va_arg(ap, long int);
240	else	240	else
241	tmpui = va_arg(ap, int);	241	tmpui = va_arg(ap, int);
242	sprintf(buf, alt ? "%#o"	242	snprintf(buf, sizeof(buf), alt ? "%#o"
243	: "%o", tmpui);	243	: "%o", tmpui);
244	goto printint;	244	goto printint;
245	case 'u':	245	case 'u':
Lines 249-255 isc_print_vsnprintf(char str, size_t size, const char format, va_list ap) { Link Here
249	tmpui = va_arg(ap, unsigned long int);	249	tmpui = va_arg(ap, unsigned long int);
250	else	250	else
251	tmpui = va_arg(ap, unsigned int);	251	tmpui = va_arg(ap, unsigned int);
252	sprintf(buf, "%u", tmpui);	252	snprintf(buf, sizeof(buf), "%u", tmpui);
253	goto printint;	253	goto printint;
254	case 'x':	254	case 'x':
255	if (q)	255	if (q)
Lines 263-269 isc_print_vsnprintf(char str, size_t size, const char format, va_list ap) { Link Here
263	if (precision > 2)	263	if (precision > 2)
264	precision -= 2;	264	precision -= 2;
265	}	265	}
266	sprintf(buf, "%x", tmpui);	266	snprintf(buf, sizeof(buf), "%x", tmpui);
267	goto printint;	267	goto printint;
268	case 'X':	268	case 'X':
269	if (q)	269	if (q)
Lines 277-283 isc_print_vsnprintf(char str, size_t size, const char format, va_list ap) { Link Here
277	if (precision > 2)	277	if (precision > 2)
278	precision -= 2;	278	precision -= 2;
279	}	279	}
280	sprintf(buf, "%X", tmpui);	280	snprintf(buf, sizeof(buf), "%X", tmpui);
281	goto printint;	281	goto printint;
282	printint:	282	printint:
283	if (precision != 0 \|\| width != 0) {	283	if (precision != 0 \|\| width != 0) {
Lines 403-409 isc_print_vsnprintf(char str, size_t size, const char format, va_list ap) { Link Here
403	break;	403	break;
404	case 'p':	404	case 'p':
405	v = va_arg(ap, void *);	405	v = va_arg(ap, void *);
406	sprintf(buf, "%p", v);	406	snprintf(buf, sizeof(buf), "%p", v);
407	length = strlen(buf);	407	length = strlen(buf);
408	if (precision > length)	408	if (precision > length)
409	zeropad = precision - length;	409	zeropad = precision - length;
Lines 479-485 isc_print_vsnprintf(char str, size_t size, const char format, va_list ap) { Link Here
479	*/	479	*/
480	if (precision > 512)	480	if (precision > 512)
481	precision = 512;	481	precision = 512;
482	sprintf(fmt, "%%%s%s.%lu%s%c", alt ? "#" : "",	482	snprintf(fmt, sizeof(fmt), "%%%s%s.%lu%s%c", alt ? "#" : "",
483	plus ? "+" : space ? " " : "",	483	plus ? "+" : space ? " " : "",
484	precision, l ? "L" : "", *format);	484	precision, l ? "L" : "", *format);
485	switch (*format) {	485	switch (*format) {
Lines 491-502 isc_print_vsnprintf(char str, size_t size, const char format, va_list ap) { Link Here
491	#ifdef HAVE_LONG_DOUBLE	491	#ifdef HAVE_LONG_DOUBLE
492	if (l) {	492	if (l) {
493	ldbl = va_arg(ap, long double);	493	ldbl = va_arg(ap, long double);
494	sprintf(buf, fmt, ldbl);	494	snprintf(buf, sizeof(buf), fmt, ldbl);
495	} else	495	} else
496	#endif	496	#endif
497	{	497	{
498	dbl = va_arg(ap, double);	498	dbl = va_arg(ap, double);
499	sprintf(buf, fmt, dbl);	499	snprintf(buf, sizeof(buf), fmt, dbl);
500	}	500	}
501	length = strlen(buf);	501	length = strlen(buf);
502	if (width > 0) {	502	if (width > 0) {

Lines 531-539 primary server might look like this: Link Here

(-)a/server/dhcpd.conf.5 (-12 / +9 lines)
531	failover peer "foo" {	531	failover peer "foo" {
532	primary;	532	primary;
533	address anthrax.rc.vix.com;	533	address anthrax.rc.vix.com;
534	port 519;	534	port 647;
535	peer address trantor.rc.vix.com;	535	peer address trantor.rc.vix.com;
536	peer port 520;	536	peer port 847;
537	max-response-delay 60;	537	max-response-delay 60;
538	max-unacked-updates 10;	538	max-unacked-updates 10;
539	mclt 3600;	539	mclt 3600;
Lines 592-600 statement Link Here
592	.B port \fIport-number\fR\fB;\fR	592	.B port \fIport-number\fR\fB;\fR
593	.PP	593	.PP
594	The \fBport\fR statement declares the TCP port on which the server	594	The \fBport\fR statement declares the TCP port on which the server
595	should listen for connections from its failover peer. This statement	595	should listen for connections from its failover peer.
596	may not currently be omitted, because the failover protocol does not
597	yet have a reserved TCP port number.
598	.RE	596	.RE
599	.PP	597	.PP
600	The	598	The
Lines 606-615 statement Link Here
606	.PP	604	.PP
607	The \fBpeer port\fR statement declares the TCP port to which the	605	The \fBpeer port\fR statement declares the TCP port to which the
608	server should connect to reach its failover peer for failover	606	server should connect to reach its failover peer for failover
609	messages. This statement may not be omitted because the failover	607	messages. The port number declared in the \fBpeer port\fR statement
610	protocol does not yet have a reserved TCP port number. The port	608	may be the same as the port number declared in the \fBport\fR statement.
611	number declared in the \fBpeer port\fR statement may be the same as
612	the port number declared in the \fBport\fR statement.
613	.RE	609	.RE
614	.PP	610	.PP
615	The	611	The
Lines 2038-2045 The syntax of the \fIsyslog.conf\fR file may be different on some Link Here
2038	operating systems - consult the \fIsyslog.conf\fR manual page to be	2034	operating systems - consult the \fIsyslog.conf\fR manual page to be
2039	sure. To get syslog to start logging to the new file, you must first	2035	sure. To get syslog to start logging to the new file, you must first
2040	create the file with correct ownership and permissions (usually, the	2036	create the file with correct ownership and permissions (usually, the
2041	same owner and permissions of your /var/log/messages or	2037	same owner and permissions of your /var/log/messages
2042	/usr/adm/messages file should be fine) and send a SIGHUP to syslogd.	2038	file should be fine) and send a SIGHUP to syslogd.
2043	Some systems support log rollover using a shell script or program	2039	Some systems support log rollover using a shell script or program
2044	called newsyslog or logrotate, and you may be able to configure this	2040	called newsyslog or logrotate, and you may be able to configure this
2045	as well so that your log file doesn't grow uncontrollably.	2041	as well so that your log file doesn't grow uncontrollably.
Lines 2114-2120 statement Link Here
2114	The \fInext-server\fR statement is used to specify the host address of	2110	The \fInext-server\fR statement is used to specify the host address of
2115	the server from which the initial boot file (specified in the	2111	the server from which the initial boot file (specified in the
2116	\fIfilename\fR statement) is to be loaded. \fIServer-name\fR should	2112	\fIfilename\fR statement) is to be loaded. \fIServer-name\fR should
2117	be a numeric IP address or a domain name.	2113	be a numeric IP address or a domain name. If no \fInext-server\fR
		2114	statement applies to a given client, the address 0.0.0.0 is used.
2118	.RE	2115	.RE
2119	.PP	2116	.PP
2120	The	2117	The