[dhcp] Write lease file AFTER changing of the effective user/group ID.
Jiří Popelka
jpopelka at fedoraproject.org
Wed Oct 26 18:17:31 UTC 2011
commit 6e67a560a85c00ceb725d8f204ebbb7538267375
Author: Jiri Popelka <jpopelka at redhat.com>
Date: Wed Oct 26 19:40:23 2011 +0200
Write lease file AFTER changing of the effective user/group ID.
Move omshell from dhcp-common to main package (where it originally was).
dhcp-4.2.2-paranoia-pid.patch | 49 ------------------
dhcp-4.2.3-paranoia.patch | 110 +++++++++++++++++++++++++++++++++++++++++
dhcp.spec | 25 +++++----
3 files changed, 124 insertions(+), 60 deletions(-)
---
diff --git a/dhcp-4.2.3-paranoia.patch b/dhcp-4.2.3-paranoia.patch
new file mode 100644
index 0000000..4139ce9
--- /dev/null
+++ b/dhcp-4.2.3-paranoia.patch
@@ -0,0 +1,110 @@
+diff -up dhcp-4.2.3/server/dhcpd.c.paranoia dhcp-4.2.3/server/dhcpd.c
+--- dhcp-4.2.3/server/dhcpd.c.paranoia 2011-10-26 19:10:08.162925489 +0200
++++ dhcp-4.2.3/server/dhcpd.c 2011-10-26 19:12:34.541095509 +0200
+@@ -699,11 +699,11 @@ main(int argc, char **argv) {
+
+ group_write_hook = group_writer;
+
+- /* Start up the database... */
+- db_startup (lftest);
+-
+- if (lftest)
++ if (lftest) {
++ /* Start up the database... */
++ db_startup (lftest);
+ exit (0);
++ }
+
+ /* Discover all the network interfaces and initialize them. */
+ discover_interfaces(DISCOVER_SERVER);
+@@ -743,24 +743,6 @@ main(int argc, char **argv) {
+ #if defined (TRACING)
+ trace_seed_stash (trace_srandom, seed + cur_time);
+ #endif
+- postdb_startup ();
+-
+-#ifdef DHCPv6
+- /*
+- * Set server DHCPv6 identifier.
+- * See dhcpv6.c for discussion of setting DUID.
+- */
+- if (set_server_duid_from_option() == ISC_R_SUCCESS) {
+- write_server_duid();
+- } else {
+- if (!server_duid_isset()) {
+- if (generate_new_server_duid() != ISC_R_SUCCESS) {
+- log_fatal("Unable to set server identifier.");
+- }
+- write_server_duid();
+- }
+- }
+-#endif /* DHCPv6 */
+
+ #ifndef DEBUG
+ if (daemon) {
+@@ -771,22 +753,6 @@ main(int argc, char **argv) {
+ exit (0);
+ }
+
+-#if defined (PARANOIA)
+- /* change uid to the specified one */
+-
+- if (set_gid) {
+- if (setgroups (0, (void *)0))
+- log_fatal ("setgroups: %m");
+- if (setgid (set_gid))
+- log_fatal ("setgid(%d): %m", (int) set_gid);
+- }
+-
+- if (set_uid) {
+- if (setuid (set_uid))
+- log_fatal ("setuid(%d): %m", (int) set_uid);
+- }
+-#endif /* PARANOIA */
+-
+ /*
+ * Deal with pid files. If the user told us
+ * not to write a file we don't read one either
+@@ -823,6 +789,42 @@ main(int argc, char **argv) {
+ }
+ }
+
++#if defined (PARANOIA)
++ /* change uid to the specified one */
++
++ if (set_gid) {
++ if (setgroups (0, (void *)0))
++ log_fatal ("setgroups: %m");
++ if (setgid (set_gid))
++ log_fatal ("setgid(%d): %m", (int) set_gid);
++ }
++
++ if (set_uid) {
++ if (setuid (set_uid))
++ log_fatal ("setuid(%d): %m", (int) set_uid);
++ }
++#endif /* PARANOIA */
++
++ db_startup(lftest);
++ postdb_startup ();
++
++#ifdef DHCPv6
++ /*
++ * Set server DHCPv6 identifier.
++ * See dhcpv6.c for discussion of setting DUID.
++ */
++ if (set_server_duid_from_option() == ISC_R_SUCCESS) {
++ write_server_duid();
++ } else {
++ if (!server_duid_isset()) {
++ if (generate_new_server_duid() != ISC_R_SUCCESS) {
++ log_fatal("Unable to set server identifier.");
++ }
++ write_server_duid();
++ }
++ }
++#endif /* DHCPv6 */
++
+ /* If we were requested to log to stdout on the command line,
+ keep doing so; otherwise, stop. */
+ if (log_perror == -1)
diff --git a/dhcp.spec b/dhcp.spec
index 23f97f7..89e4e8e 100644
--- a/dhcp.spec
+++ b/dhcp.spec
@@ -22,7 +22,7 @@
Summary: Dynamic host configuration protocol software
Name: dhcp
Version: 4.2.3
-Release: 2%{?dist}
+Release: 3%{?dist}
# NEVER CHANGE THE EPOCH on this package. The previous maintainer (prior to
# dcantrell maintaining the package) made incorrect use of the epoch and
# that's why it is at 12 now. It should have never been used, but it was.
@@ -71,7 +71,7 @@ Patch28: dhcp-4.2.0-noprefixavail.patch
Patch29: dhcp-4.2.2-remove-bind.patch
Patch30: dhcp-4.2.2-sharedlib.patch
Patch31: dhcp-4.2.0-PPP.patch
-Patch32: dhcp-4.2.2-paranoia-pid.patch
+Patch32: dhcp-4.2.3-paranoia.patch
Patch33: dhcp-4.2.2-lpf-ib.patch
Patch34: dhcp-4.2.2-improved-xid.patch
Patch35: dhcp-4.2.2-gpxe-cid.patch
@@ -117,8 +117,7 @@ DHCP (Dynamic Host Configuration Protocol) is a protocol which allows
individual devices on an IP network to get their own network
configuration information (IP address, subnetmask, broadcast address,
etc.) from a DHCP server. The overall purpose of DHCP is to make it
-easier to administer a large network. The dhcp package includes the
-ISC DHCP service and relay agent.
+easier to administer a large network.
To use DHCP on your network, install a DHCP service (or relay agent),
and on clients run a DHCP client daemon. The dhcp package provides
@@ -315,9 +314,10 @@ rm bind/bind.tar.gz
# DHCPv6 over PPP support (#626514)
%patch31 -p1 -b .PPP
-# Move changing of the effective user/group ID after writing new PID file.
+# Write PID file BEFORE changing of the effective user/group ID.
# (Submitted to dhcp-bugs at isc.org - [ISC-Bugs #25806])
-%patch32 -p1 -b .paranoia-pid
+# Write lease file AFTER changing of the effective user/group ID.
+%patch32 -p1 -b .paranoia
# IPoIB support (#660681)
# (Submitted to dhcp-bugs at isc.org - [ISC-Bugs #24249])
@@ -364,7 +364,7 @@ for page in server/dhcpd.conf.5 server/dhcpd.leases.5 server/dhcpd.8 ; do
done
%build
-libtoolize --copy --force
+#libtoolize --copy --force
autoreconf --verbose --force --install
CFLAGS="%{optflags} -fno-strict-aliasing -D_GNU_SOURCE" \
@@ -462,7 +462,6 @@ EOF
# DHCPv6 Server Configuration file.
# see /usr/share/doc/dhcp*/dhcpd6.conf.sample
# see dhcpd.conf(5) man page
-# run 'service dhcpd6 start' or 'dhcpd -6 -cf /etc/dhcp/dhcpd6.conf'
#
EOF
@@ -617,6 +616,8 @@ fi
%attr(0644,root,root) %{_unitdir}/dhcrelay.service
%{_sbindir}/dhcpd
%{_sbindir}/dhcrelay
+%{_bindir}/omshell
+%attr(0644,root,root) %{_mandir}/man1/omshell.1.gz
%attr(0644,root,root) %{_mandir}/man5/dhcpd.conf.5.gz
%attr(0644,root,root) %{_mandir}/man5/dhcpd.leases.5.gz
%attr(0644,root,root) %{_mandir}/man8/dhcpd.8.gz
@@ -643,8 +644,6 @@ fi
%files common
%doc LICENSE README RELNOTES doc/References.txt
-%{_bindir}/omshell
-%attr(0644,root,root) %{_mandir}/man1/omshell.1.gz
%attr(0644,root,root) %{_mandir}/man5/dhcp-options.5.gz
%attr(0644,root,root) %{_mandir}/man5/dhcp-eval.5.gz
@@ -670,8 +669,12 @@ fi
%{_initddir}/dhcrelay
%changelog
+* Wed Oct 26 2011 Jiri Popelka <jpopelka at redhat.com> - 12:4.2.3-3
+- Write lease file AFTER changing of the effective user/group ID.
+- Move omshell from dhcp-common to main package (where it originally was).
+
* Thu Oct 20 2011 Jiri Popelka <jpopelka at redhat.com> - 12:4.2.3-2
-- Move changing of the effective user/group ID after writing new PID file.
+- Write PID file BEFORE changing of the effective user/group ID.
- Really define _hardened_build this time
* Thu Oct 20 2011 Jiri Popelka <jpopelka at redhat.com> - 12:4.2.3-1
More information about the scm-commits
mailing list