From 53d20015af6128eb5c828eb3e9185a28824bf085 Mon Sep 17 00:00:00 2001 From: Pavel Zhukov Date: May 25 2017 11:56:21 +0000 Subject: Don't listen on random port (#962950) --- diff --git a/dhcp-dhclient-ddns_lazy.patch b/dhcp-dhclient-ddns_lazy.patch new file mode 100644 index 0000000..6c8d031 --- /dev/null +++ b/dhcp-dhclient-ddns_lazy.patch @@ -0,0 +1,136 @@ +diff --git a/common/dns.c b/common/dns.c +index 0f8be80..37878bc 100644 +--- a/common/dns.c ++++ b/common/dns.c +@@ -2132,6 +2132,41 @@ void ddns_interlude(isc_task_t *taskp, + } + + /* ++ * Moved here from omapip/isclib.c, function dhcp_context_create. ++ * Create dnsclient only before the first use. ++ */ ++static isc_result_t ++dns_client_lazy() { ++ isc_result_t result; ++ if (dhcp_gbl_ctx.dnsclient == NULL){ ++ result = dns_client_createx2(dhcp_gbl_ctx.mctx, ++ dhcp_gbl_ctx.actx, ++ dhcp_gbl_ctx.taskmgr, ++ dhcp_gbl_ctx.socketmgr, ++ dhcp_gbl_ctx.timermgr, ++ 0, ++ &dhcp_gbl_ctx.dnsclient, ++ dhcp_gbl_ctx.local4_ptr, ++ dhcp_gbl_ctx.local6_ptr); ++ if (result != ISC_R_SUCCESS) ++ return result; ++ /* ++ * If we can't set up the servers we may not be able to ++ * do DDNS but we should continue to try and perform ++ * our basic functions and let the user sort it out. ++ */ ++ result = dhcp_dns_client_setservers(); ++ if (result != ISC_R_SUCCESS) { ++ log_error("Unable to set resolver from resolv.conf; " ++ "startup continuing but DDNS support " ++ "may be affected"); ++ } ++ }; ++ return ISC_R_SUCCESS; ++} ++ ++ ++/* + * This routine does the generic work for sending a ddns message to + * modify the forward record (A or AAAA) and calls one of a set of + * routines to build the specific message. +@@ -2154,6 +2189,10 @@ ddns_modify_fwd(dhcp_ddns_cb_t *ddns_cb, const char *file, int line) + /* Get a pointer to the clientname to make things easier. */ + clientname = (unsigned char *)ddns_cb->fwd_name.data; + ++ result = dns_client_lazy(); ++ if (result != ISC_R_SUCCESS) ++ return result; ++ + /* Extract and validate the type of the address. */ + if (ddns_cb->address.len == 4) { + ddns_cb->address_type = dns_rdatatype_a; +@@ -2359,6 +2398,10 @@ ddns_modify_ptr(dhcp_ddns_cb_t *ddns_cb, const char *file, int line) + unsigned char buf[256]; + int buflen; + ++ result = dns_client_lazy(); ++ if (result != ISC_R_SUCCESS) ++ return result; ++ + /* + * Try to lookup the zone in the zone cache. As with the forward + * case it's okay if we don't have one, the DNS code will try to +diff --git a/includes/omapip/isclib.h b/includes/omapip/isclib.h +index caa388a..7f2719b 100644 +--- a/includes/omapip/isclib.h ++++ b/includes/omapip/isclib.h +@@ -98,6 +98,8 @@ typedef struct dhcp_context { + isc_timermgr_t *timermgr; + #if defined (NSUPDATE) + dns_client_t *dnsclient; ++ isc_sockaddr_t *local4_ptr; ++ isc_sockaddr_t *local6_ptr; + #endif + } dhcp_context_t; + +diff --git a/omapip/isclib.c b/omapip/isclib.c +index 13f0d3e..36b399d 100644 +--- a/omapip/isclib.c ++++ b/omapip/isclib.c +@@ -220,40 +220,22 @@ dhcp_context_create(int flags, + } + + #if defined (NSUPDATE) ++ /* ++ * Setting addresses only. ++ * All real work will be done later on if needed to avoid listening ++ * on ddns port if client/server was compiled with ddns support ++ * but not using it. ++ */ + if ((flags & DHCP_CONTEXT_POST_DB) != 0) { +- isc_sockaddr_t localaddr4, *localaddr4_ptr = NULL; +- isc_sockaddr_t localaddr6, *localaddr6_ptr = NULL; ++ isc_sockaddr_t localaddr4; ++ isc_sockaddr_t localaddr6; + if (local4 != NULL) { + isc_sockaddr_fromin(&localaddr4, local4, 0); +- localaddr4_ptr = &localaddr4; ++ dhcp_gbl_ctx.local4_ptr = &localaddr4; + } + if (local6 != NULL) { + isc_sockaddr_fromin6(&localaddr6, local6, 0); +- localaddr6_ptr = &localaddr6; +- } +- +- result = dns_client_createx2(dhcp_gbl_ctx.mctx, +- dhcp_gbl_ctx.actx, +- dhcp_gbl_ctx.taskmgr, +- dhcp_gbl_ctx.socketmgr, +- dhcp_gbl_ctx.timermgr, +- 0, +- &dhcp_gbl_ctx.dnsclient, +- localaddr4_ptr, +- localaddr6_ptr); +- if (result != ISC_R_SUCCESS) +- goto cleanup; +- +- /* +- * If we can't set up the servers we may not be able to +- * do DDNS but we should continue to try and perform +- * our basic functions and let the user sort it out. +- */ +- result = dhcp_dns_client_setservers(); +- if (result != ISC_R_SUCCESS) { +- log_error("Unable to set resolver from resolv.conf; " +- "startup continuing but DDNS support " +- "may be affected"); ++ dhcp_gbl_ctx.local6_ptr = &localaddr6; + } + } + #endif diff --git a/dhcp.spec b/dhcp.spec index e74dacc..731176c 100644 --- a/dhcp.spec +++ b/dhcp.spec @@ -19,7 +19,7 @@ Summary: Dynamic host configuration protocol software Name: dhcp Version: 4.3.5 -Release: 5%{?dist} +Release: 7%{?dist} # NEVER CHANGE THE EPOCH on this package. The previous maintainer (prior to # dcantrell maintaining the package) made incorrect use of the epoch and # that's why it is at 12 now. It should have never been used, but it was. @@ -77,6 +77,9 @@ Patch34: dhcp-sd_notify.patch Patch36: dhcp-option97-pxe-client-id.patch Patch37: dhcp-stateless-DUID-LLT.patch Patch38: dhcp-dhclient-preinit6s.patch +Patch39: dhcp-dhclient-ddns_lazy.patch + + BuildRequires: autoconf BuildRequires: automake @@ -343,6 +346,9 @@ rm bind/bind.tar.gz # dhclient: make sure link-local address is ready in stateless mode (#1263466) %patch38 -p1 -b .preinit6s +# [ISC-BUGS] #33377. +%patch39 -p1 -b .ddnsport + # DHCLIENT_DEFAULT_PREFIX_LEN 64 -> 128 # https://bugzilla.gnome.org/show_bug.cgi?id=656610 sed -i -e 's|DHCLIENT_DEFAULT_PREFIX_LEN 64|DHCLIENT_DEFAULT_PREFIX_LEN 128|g' includes/site.h @@ -670,6 +676,9 @@ done %endif %changelog +* Tue May 23 2017 Pavel Zhukov - 12:4.3.5-7 +- Don't open ddns port until it's needed. Credits to Petr Menšík for the original idea + * Wed Apr 19 2017 Dominika Hodovska - 12:4.3.5-5 - don't build doxygen documentation during modular build