|
|
7b69e54 |
diff -up dhcp-4.3.1b1/client/dhclient.c.dlTsyN dhcp-4.3.1b1/client/dhclient.c
|
|
|
7b69e54 |
--- dhcp-4.3.1b1/client/dhclient.c.dlTsyN 2014-07-10 17:49:49.882925843 +0200
|
|
|
7b69e54 |
+++ dhcp-4.3.1b1/client/dhclient.c 2014-07-10 17:50:26.922402550 +0200
|
|
|
7b69e54 |
@@ -1748,11 +1748,6 @@ int write_host (host)
|
|
|
58a3b6c |
return 0;
|
|
|
58a3b6c |
}
|
|
|
58a3b6c |
|
|
|
58a3b6c |
-void db_startup (testp)
|
|
|
58a3b6c |
- int testp;
|
|
|
58a3b6c |
-{
|
|
|
58a3b6c |
-}
|
|
|
58a3b6c |
-
|
|
|
58a3b6c |
void bootp (packet)
|
|
|
58a3b6c |
struct packet *packet;
|
|
|
58a3b6c |
{
|
|
|
7b69e54 |
diff -up dhcp-4.3.1b1/includes/dhcpd.h.dlTsyN dhcp-4.3.1b1/includes/dhcpd.h
|
|
|
7b69e54 |
--- dhcp-4.3.1b1/includes/dhcpd.h.dlTsyN 2014-07-10 17:48:03.798424601 +0200
|
|
|
7b69e54 |
+++ dhcp-4.3.1b1/includes/dhcpd.h 2014-07-10 17:50:26.923402536 +0200
|
|
|
7b69e54 |
@@ -2866,7 +2866,11 @@ void commit_leases_timeout (void *);
|
|
|
58a3b6c |
void commit_leases_readerdry(void *);
|
|
|
58a3b6c |
int commit_leases (void);
|
|
|
58a3b6c |
int commit_leases_timed (void);
|
|
|
58a3b6c |
+#if defined (PARANOIA)
|
|
|
58a3b6c |
+void db_startup (int, uid_t, gid_t);
|
|
|
58a3b6c |
+#else
|
|
|
58a3b6c |
void db_startup (int);
|
|
|
58a3b6c |
+#endif /* PARANOIA */
|
|
|
58a3b6c |
int new_lease_file (void);
|
|
|
58a3b6c |
int group_writer (struct group_object *);
|
|
|
58a3b6c |
int write_ia(const struct ia_xx *);
|
|
|
7b69e54 |
diff -up dhcp-4.3.1b1/server/confpars.c.dlTsyN dhcp-4.3.1b1/server/confpars.c
|
|
|
7b69e54 |
--- dhcp-4.3.1b1/server/confpars.c.dlTsyN 2014-07-10 17:39:25.801764596 +0200
|
|
|
7b69e54 |
+++ dhcp-4.3.1b1/server/confpars.c 2014-07-10 17:50:26.924402522 +0200
|
|
|
7b69e54 |
@@ -219,7 +219,11 @@ void trace_conf_input (trace_type_t *tty
|
|
|
58a3b6c |
}
|
|
|
58a3b6c |
|
|
|
58a3b6c |
if (!leaseconf_initialized && ttype == trace_readleases_type) {
|
|
|
58a3b6c |
+#if defined (PARANOIA)
|
|
|
58a3b6c |
+ db_startup (0, 0, 0);
|
|
|
58a3b6c |
+#else
|
|
|
58a3b6c |
db_startup (0);
|
|
|
58a3b6c |
+#endif /* PARANOIA */
|
|
|
58a3b6c |
leaseconf_initialized = 1;
|
|
|
58a3b6c |
postdb_startup ();
|
|
|
58a3b6c |
}
|
|
|
7b69e54 |
diff -up dhcp-4.3.1b1/server/db.c.dlTsyN dhcp-4.3.1b1/server/db.c
|
|
|
7b69e54 |
--- dhcp-4.3.1b1/server/db.c.dlTsyN 2014-07-10 17:39:25.801764596 +0200
|
|
|
7b69e54 |
+++ dhcp-4.3.1b1/server/db.c 2014-07-10 17:50:26.925402508 +0200
|
|
|
7b69e54 |
@@ -42,6 +42,10 @@ static int counting = 0;
|
|
|
58a3b6c |
static int count = 0;
|
|
|
58a3b6c |
TIME write_time;
|
|
|
58a3b6c |
int lease_file_is_corrupt = 0;
|
|
|
58a3b6c |
+#if defined (PARANOIA)
|
|
|
58a3b6c |
+uid_t global_set_uid = 0;
|
|
|
58a3b6c |
+gid_t global_set_gid = 0;
|
|
|
58a3b6c |
+#endif /* PARANOIA */
|
|
|
58a3b6c |
|
|
|
58a3b6c |
/* Write a single binding scope value in parsable format.
|
|
|
58a3b6c |
*/
|
|
|
7b69e54 |
@@ -1046,8 +1050,11 @@ int commit_leases_timed()
|
|
|
58a3b6c |
return (1);
|
|
|
58a3b6c |
}
|
|
|
58a3b6c |
|
|
|
58a3b6c |
-void db_startup (testp)
|
|
|
58a3b6c |
- int testp;
|
|
|
58a3b6c |
+#if defined (PARANOIA)
|
|
|
58a3b6c |
+void db_startup (int testp, uid_t set_uid, gid_t set_gid)
|
|
|
58a3b6c |
+#else
|
|
|
58a3b6c |
+void db_startup (int testp)
|
|
|
58a3b6c |
+#endif /* PARANOIA */
|
|
|
58a3b6c |
{
|
|
|
58a3b6c |
isc_result_t status;
|
|
|
58a3b6c |
|
|
|
7b69e54 |
@@ -1066,6 +1073,11 @@ void db_startup (testp)
|
|
|
58a3b6c |
}
|
|
|
58a3b6c |
#endif
|
|
|
58a3b6c |
|
|
|
58a3b6c |
+#if defined (PARANOIA)
|
|
|
58a3b6c |
+ global_set_uid = set_uid;
|
|
|
58a3b6c |
+ global_set_gid = set_gid;
|
|
|
58a3b6c |
+#endif /* PARANOIA */
|
|
|
58a3b6c |
+
|
|
|
58a3b6c |
#if defined (TRACING)
|
|
|
58a3b6c |
/* If we're playing back, there is no lease file, so we can't
|
|
|
58a3b6c |
append it, so we create one immediately (maybe this isn't
|
|
|
7b69e54 |
@@ -1128,6 +1140,17 @@ int new_lease_file ()
|
|
|
58a3b6c |
log_error ("Can't create new lease file: %m");
|
|
|
58a3b6c |
return 0;
|
|
|
58a3b6c |
}
|
|
|
58a3b6c |
+
|
|
|
58a3b6c |
+#if defined (PARANOIA)
|
|
|
58a3b6c |
+ if (global_set_uid && !geteuid() &&
|
|
|
58a3b6c |
+ global_set_gid && !getegid())
|
|
|
58a3b6c |
+ if (fchown(db_fd, global_set_uid, global_set_gid)) {
|
|
|
58a3b6c |
+ log_fatal ("Can't chown new lease file: %m");
|
|
|
58a3b6c |
+ close(db_fd);
|
|
|
58a3b6c |
+ goto fdfail;
|
|
|
58a3b6c |
+ }
|
|
|
58a3b6c |
+#endif /* PARANOIA */
|
|
|
58a3b6c |
+
|
|
|
58a3b6c |
if ((new_db_file = fdopen(db_fd, "we")) == NULL) {
|
|
|
58a3b6c |
log_error("Can't fdopen new lease file: %m");
|
|
|
58a3b6c |
close(db_fd);
|
|
|
7b69e54 |
diff -up dhcp-4.3.1b1/server/dhcpd.8.dlTsyN dhcp-4.3.1b1/server/dhcpd.8
|
|
|
7b69e54 |
--- dhcp-4.3.1b1/server/dhcpd.8.dlTsyN 2014-07-02 19:58:39.000000000 +0200
|
|
|
7b69e54 |
+++ dhcp-4.3.1b1/server/dhcpd.8 2014-07-10 17:50:26.925402508 +0200
|
|
|
4a364d1 |
@@ -82,6 +82,18 @@ dhcpd - Dynamic Host Configuration Proto
|
|
|
4a364d1 |
.I trace-output-file
|
|
|
4a364d1 |
]
|
|
|
4a364d1 |
[
|
|
|
4a364d1 |
+.B -user
|
|
|
4a364d1 |
+.I user
|
|
|
4a364d1 |
+]
|
|
|
4a364d1 |
+[
|
|
|
4a364d1 |
+.B -group
|
|
|
4a364d1 |
+.I group
|
|
|
4a364d1 |
+]
|
|
|
4a364d1 |
+[
|
|
|
4a364d1 |
+.B -chroot
|
|
|
4a364d1 |
+.I dir
|
|
|
4a364d1 |
+]
|
|
|
4a364d1 |
+[
|
|
|
4a364d1 |
.B -play
|
|
|
4a364d1 |
.I trace-playback-file
|
|
|
4a364d1 |
]
|
|
|
4a364d1 |
@@ -269,6 +281,15 @@ lease file.
|
|
|
4a364d1 |
.TP
|
|
|
4a364d1 |
.BI --version
|
|
|
4a364d1 |
Print version number and exit.
|
|
|
4a364d1 |
+.TP
|
|
|
4a364d1 |
+.BI \-user \ user
|
|
|
4a364d1 |
+Setuid to user after completing privileged operations, such as creating sockets that listen on privileged ports.
|
|
|
4a364d1 |
+.TP
|
|
|
4a364d1 |
+.BI \-group \ group
|
|
|
4a364d1 |
+Setgid to group after completing privileged operations, such as creating sockets that listen on privileged ports.
|
|
|
4a364d1 |
+.TP
|
|
|
4a364d1 |
+.BI \-chroot \ dir
|
|
|
4a364d1 |
+Chroot to directory after processing the command line arguments, but before reading the configuration file.
|
|
|
4a364d1 |
.PP
|
|
|
4a364d1 |
.I Modifying default file locations:
|
|
|
4a364d1 |
The following options can be used to modify the locations
|
|
|
7b69e54 |
diff -up dhcp-4.3.1b1/server/dhcpd.c.dlTsyN dhcp-4.3.1b1/server/dhcpd.c
|
|
|
7b69e54 |
--- dhcp-4.3.1b1/server/dhcpd.c.dlTsyN 2014-07-10 17:39:25.802764582 +0200
|
|
|
7b69e54 |
+++ dhcp-4.3.1b1/server/dhcpd.c 2014-07-10 17:52:35.341588248 +0200
|
|
|
7b69e54 |
@@ -628,7 +628,11 @@ main(int argc, char **argv) {
|
|
|
58a3b6c |
group_write_hook = group_writer;
|
|
|
58a3b6c |
|
|
|
58a3b6c |
/* Start up the database... */
|
|
|
58a3b6c |
+#if defined (PARANOIA)
|
|
|
58a3b6c |
+ db_startup (lftest, set_uid, set_gid);
|
|
|
58a3b6c |
+#else
|
|
|
58a3b6c |
db_startup (lftest);
|
|
|
58a3b6c |
+#endif /* PARANOIA */
|
|
|
58a3b6c |
|
|
|
58a3b6c |
if (lftest)
|
|
|
58a3b6c |
exit (0);
|