[dhcp/f16] Write lease file AFTER changing of the effective user/group ID.

Wed Oct 26 18:17:47 UTC 2011

commit 186ec91feb2703a1c1d21ef06158e2124e44752f
Author: Jiri Popelka <jpopelka at redhat.com>
Date:   Wed Oct 26 19:40:23 2011 +0200

    Write lease file AFTER changing of the effective user/group ID.

 dhcp-4.2.2-paranoia-pid.patch |   49 ------------------
 dhcp-4.2.3-paranoia.patch     |  110 +++++++++++++++++++++++++++++++++++++++++
 dhcp.spec                     |   18 ++++---
 3 files changed, 120 insertions(+), 57 deletions(-)
---

diff --git a/dhcp-4.2.3-paranoia.patch b/dhcp-4.2.3-paranoia.patch
new file mode 100644
index 0000000..4139ce9
--- /dev/null
+++ b/dhcp-4.2.3-paranoia.patch
@@ -0,0 +1,110 @@
+diff -up dhcp-4.2.3/server/dhcpd.c.paranoia dhcp-4.2.3/server/dhcpd.c
+--- dhcp-4.2.3/server/dhcpd.c.paranoia	2011-10-26 19:10:08.162925489 +0200
++++ dhcp-4.2.3/server/dhcpd.c	2011-10-26 19:12:34.541095509 +0200
+@@ -699,11 +699,11 @@ main(int argc, char **argv) {
+ 
+ 	group_write_hook = group_writer;
+ 
+-	/* Start up the database... */
+-	db_startup (lftest);
+-
+-	if (lftest)
++	if (lftest) {
++		/* Start up the database... */
++		db_startup (lftest);
+ 		exit (0);
++	}
+ 
+ 	/* Discover all the network interfaces and initialize them. */
+ 	discover_interfaces(DISCOVER_SERVER);
+@@ -743,24 +743,6 @@ main(int argc, char **argv) {
+ #if defined (TRACING)
+ 	trace_seed_stash (trace_srandom, seed + cur_time);
+ #endif
+-	postdb_startup ();
+-
+-#ifdef DHCPv6
+-	/*
+-	 * Set server DHCPv6 identifier.
+-	 * See dhcpv6.c for discussion of setting DUID.
+-	 */
+-	if (set_server_duid_from_option() == ISC_R_SUCCESS) {
+-		write_server_duid();
+-	} else {
+-		if (!server_duid_isset()) {
+-			if (generate_new_server_duid() != ISC_R_SUCCESS) {
+-				log_fatal("Unable to set server identifier.");
+-			}
+-			write_server_duid();
+-		}
+-	}
+-#endif /* DHCPv6 */
+ 
+ #ifndef DEBUG
+ 	if (daemon) {
+@@ -771,22 +753,6 @@ main(int argc, char **argv) {
+ 			exit (0);
+ 	}
+  
+-#if defined (PARANOIA)
+-	/* change uid to the specified one */
+-
+-	if (set_gid) {
+-		if (setgroups (0, (void *)0))
+-			log_fatal ("setgroups: %m");
+-		if (setgid (set_gid))
+-			log_fatal ("setgid(%d): %m", (int) set_gid);
+-	}	
+-
+-	if (set_uid) {
+-		if (setuid (set_uid))
+-			log_fatal ("setuid(%d): %m", (int) set_uid);
+-	}
+-#endif /* PARANOIA */
+-
+ 	/*
+ 	 * Deal with pid files.  If the user told us
+ 	 * not to write a file we don't read one either
+@@ -823,6 +789,42 @@ main(int argc, char **argv) {
+ 		}
+ 	}
+ 
++#if defined (PARANOIA)
++	/* change uid to the specified one */
++
++	if (set_gid) {
++		if (setgroups (0, (void *)0))
++			log_fatal ("setgroups: %m");
++		if (setgid (set_gid))
++			log_fatal ("setgid(%d): %m", (int) set_gid);
++	}	
++
++	if (set_uid) {
++		if (setuid (set_uid))
++			log_fatal ("setuid(%d): %m", (int) set_uid);
++	}
++#endif /* PARANOIA */
++
++	db_startup(lftest);
++	postdb_startup ();
++
++#ifdef DHCPv6
++	/*
++	 * Set server DHCPv6 identifier.
++	 * See dhcpv6.c for discussion of setting DUID.
++	 */
++	if (set_server_duid_from_option() == ISC_R_SUCCESS) {
++		write_server_duid();
++	} else {
++		if (!server_duid_isset()) {
++			if (generate_new_server_duid() != ISC_R_SUCCESS) {
++				log_fatal("Unable to set server identifier.");
++			}
++			write_server_duid();
++		}
++	}
++#endif /* DHCPv6 */
++
+ 	/* If we were requested to log to stdout on the command line,
+ 	   keep doing so; otherwise, stop. */
+ 	if (log_perror == -1)
diff --git a/dhcp.spec b/dhcp.spec
index deb720b..714c10f 100644
--- a/dhcp.spec
+++ b/dhcp.spec
@@ -19,7 +19,7 @@
 Summary:  Dynamic host configuration protocol software
 Name:     dhcp
 Version:  4.2.3
-Release:  1%{?dist}
+Release:  2%{?dist}
 # NEVER CHANGE THE EPOCH on this package.  The previous maintainer (prior to
 # dcantrell maintaining the package) made incorrect use of the epoch and
 # that's why it is at 12 now.  It should have never been used, but it was.
@@ -68,7 +68,7 @@ Patch28:  dhcp-4.2.0-noprefixavail.patch
 Patch29:  dhcp-4.2.2-remove-bind.patch
 Patch30:  dhcp-4.2.2-sharedlib.patch
 Patch31:  dhcp-4.2.0-PPP.patch
-Patch32:  dhcp-4.2.2-paranoia-pid.patch
+Patch32:  dhcp-4.2.3-paranoia.patch
 
 BuildRequires: autoconf
 BuildRequires: automake
@@ -106,8 +106,7 @@ DHCP (Dynamic Host Configuration Protocol) is a protocol which allows
 individual devices on an IP network to get their own network
 configuration information (IP address, subnetmask, broadcast address,
 etc.) from a DHCP server. The overall purpose of DHCP is to make it
-easier to administer a large network.  The dhcp package includes the
-ISC DHCP service and relay agent.
+easier to administer a large network.
 
 To use DHCP on your network, install a DHCP service (or relay agent),
 and on clients run a DHCP client daemon.  The dhcp package provides
@@ -304,9 +303,10 @@ rm bind/bind.tar.gz
 # DHCPv6 over PPP support (#626514)
 %patch31 -p1 -b .PPP
 
-# Move changing of the effective user/group ID after writing new PID file.
+# Write PID file BEFORE changing of the effective user/group ID.
 # (Submitted to dhcp-bugs at isc.org - [ISC-Bugs #25806])
-%patch32 -p1 -b .paranoia-pid
+# Write lease file AFTER changing of the effective user/group ID.
+%patch32 -p1 -b .paranoia
 
 # Copy in the Fedora/RHEL dhclient script
 %{__install} -p -m 0755 %{SOURCE4} client/scripts/linux
@@ -438,7 +438,6 @@ EOF
 # DHCPv6 Server Configuration file.
 #   see /usr/share/doc/dhcp*/dhcpd6.conf.sample
 #   see dhcpd.conf(5) man page
-#   run 'service dhcpd6 start' or 'dhcpd -6 -cf /etc/dhcp/dhcpd6.conf'
 #
 EOF
 
@@ -642,6 +641,9 @@ fi
 %{_initddir}/dhcrelay
 
 %changelog
+* Wed Oct 26 2011 Jiri Popelka <jpopelka at redhat.com> - 12:4.2.3-2
+- Write lease file AFTER changing of the effective user/group ID.
+
 * Thu Oct 20 2011 Jiri Popelka <jpopelka at redhat.com> - 12:4.2.3-1
 - 4.2.3
 
@@ -657,7 +659,7 @@ fi
 - Hopefully last tweak of adding of user and group (#699713)
 
 * Fri Sep 09 2011 Jiri Popelka <jpopelka at redhat.com> - 12:4.2.2-7
-- Move changing of the effective user/group ID after writing new PID file.
+- Write PID file BEFORE changing of the effective user/group ID.
 
 * Fri Sep 09 2011 Jiri Popelka <jpopelka at redhat.com> - 12:4.2.2-6
 - PIE-RELRO.patch is not needed anymore, defining _hardened_build does the same
