Sync from SUSE:ALP:Source:Standard:1.0 dhcp revision ce631c21fbafd7dce70b6b065fa59e54

This commit is contained in:
Adrian Schröter 2023-11-27 11:56:55 +01:00
commit b8225540ab
46 changed files with 8478 additions and 0 deletions

23
.gitattributes vendored Normal file
View File

@ -0,0 +1,23 @@
## Default LFS
*.7z filter=lfs diff=lfs merge=lfs -text
*.bsp filter=lfs diff=lfs merge=lfs -text
*.bz2 filter=lfs diff=lfs merge=lfs -text
*.gem filter=lfs diff=lfs merge=lfs -text
*.gz filter=lfs diff=lfs merge=lfs -text
*.jar filter=lfs diff=lfs merge=lfs -text
*.lz filter=lfs diff=lfs merge=lfs -text
*.lzma filter=lfs diff=lfs merge=lfs -text
*.obscpio filter=lfs diff=lfs merge=lfs -text
*.oxt filter=lfs diff=lfs merge=lfs -text
*.pdf filter=lfs diff=lfs merge=lfs -text
*.png filter=lfs diff=lfs merge=lfs -text
*.rpm filter=lfs diff=lfs merge=lfs -text
*.tbz filter=lfs diff=lfs merge=lfs -text
*.tbz2 filter=lfs diff=lfs merge=lfs -text
*.tgz filter=lfs diff=lfs merge=lfs -text
*.ttf filter=lfs diff=lfs merge=lfs -text
*.txz filter=lfs diff=lfs merge=lfs -text
*.whl filter=lfs diff=lfs merge=lfs -text
*.xz filter=lfs diff=lfs merge=lfs -text
*.zip filter=lfs diff=lfs merge=lfs -text
*.zst filter=lfs diff=lfs merge=lfs -text

View File

@ -0,0 +1,44 @@
From b6ba495cc0b6f578a5cc444af39cab424f63d996 Mon Sep 17 00:00:00 2001
From: Marius Tomaschewski <mt@suse.de>
Date: Thu, 18 Aug 2011 09:50:30 +0200
Subject: [PATCH] dhcp-4.1.1-default-paths
---
includes/dhcpd.h | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/includes/dhcpd.h b/includes/dhcpd.h
index b0f73fb..5830bdb 100644
--- a/includes/dhcpd.h
+++ b/includes/dhcpd.h
@@ -1420,11 +1420,11 @@ typedef unsigned char option_mask [16];
#endif /* DEBUG */
#ifndef _PATH_DHCPD_DB
-#define _PATH_DHCPD_DB LOCALSTATEDIR"/db/dhcpd.leases"
+#define _PATH_DHCPD_DB LOCALSTATEDIR"/lib/dhcp/db/dhcpd.leases"
#endif
#ifndef _PATH_DHCPD6_DB
-#define _PATH_DHCPD6_DB LOCALSTATEDIR"/db/dhcpd6.leases"
+#define _PATH_DHCPD6_DB LOCALSTATEDIR"/lib/dhcp6/db/dhcpd6.leases"
#endif
#ifndef _PATH_DHCPD_PID
@@ -1454,11 +1454,11 @@ typedef unsigned char option_mask [16];
#endif
#ifndef _PATH_DHCLIENT_DB
-#define _PATH_DHCLIENT_DB LOCALSTATEDIR"/db/dhclient.leases"
+#define _PATH_DHCLIENT_DB LOCALSTATEDIR"/lib/dhcp/dhclient.leases"
#endif
#ifndef _PATH_DHCLIENT6_DB
-#define _PATH_DHCLIENT6_DB LOCALSTATEDIR"/db/dhclient6.leases"
+#define _PATH_DHCLIENT6_DB LOCALSTATEDIR"/lib/dhcp6/dhclient6.leases"
#endif
#ifndef _PATH_RESOLV_CONF
--
1.8.4

View File

@ -0,0 +1,75 @@
From 1561b8cb9bacabc5e6064b84ba7a187bfb97d0ad Mon Sep 17 00:00:00 2001
From: Marius Tomaschewski <mt@suse.de>
Date: Thu, 18 Aug 2011 09:53:00 +0200
Subject: [PATCH] dhcp-4.1.1-paranoia
---
server/dhcpd.c | 24 ++++++++++++++++++++----
1 file changed, 20 insertions(+), 4 deletions(-)
diff --git a/server/dhcpd.c b/server/dhcpd.c
index 7dc7dd2..b4c1bef 100644
--- a/server/dhcpd.c
+++ b/server/dhcpd.c
@@ -207,7 +207,11 @@ static void omapi_listener_start (void *foo)
#if defined (PARANOIA)
/* to be used in one of two possible scenarios */
static void setup_chroot (char *chroot_dir) {
- if (geteuid())
+ /*
+ ** getuid() instead of geteuid(), see
+ ** comment by thomas@suse.de bellow
+ */
+ if (getuid())
log_fatal ("you must be root to use chroot");
if (chroot(chroot_dir)) {
@@ -413,7 +417,7 @@ main(int argc, char **argv) {
log_fatal ("Insufficient memory to %s %s: %s",
"record interface", argv [i],
isc_result_totext (result));
- strcpy (tmp -> name, argv [i]);
+ strncpy (tmp -> name, argv [i], sizeof(tmp->name)-1);
if (interfaces) {
interface_reference (&tmp -> next,
interfaces, MDL);
@@ -499,7 +503,15 @@ main(int argc, char **argv) {
if (set_user) {
struct passwd *tmp_pwd;
- if (geteuid())
+ /*
+ ** I query for the real UID and not for the effective UID
+ ** just to force the user to run this server as root and
+ ** not setting it suid. It should be a paranoia patch and
+ ** not a teletubbie patch. *eg*
+ ** Note: That the user is still able to set it suid! *zitter*
+ ** thomas@suse.de
+ */
+ if (getuid())
log_fatal ("you must be root to set user");
if (!(tmp_pwd = getpwnam(set_user)))
@@ -517,7 +529,10 @@ main(int argc, char **argv) {
#define group real_group
struct group *tmp_grp;
- if (geteuid())
+ /*
+ ** getuid() instead of geteuid(), see above
+ */
+ if (getuid())
log_fatal ("you must be root to set group");
if (!(tmp_grp = getgrnam(set_group)))
@@ -771,6 +786,7 @@ main(int argc, char **argv) {
/* change uid to the specified one */
if (set_gid) {
+ /* setgroups is done, OK */
if (setgroups (0, (void *)0))
log_fatal ("setgroups: %m");
if (setgid (set_gid))
--
1.8.4

View File

@ -0,0 +1,41 @@
From 3c393c65c158048f55017e48aedcc304c9ebd075 Mon Sep 17 00:00:00 2001
From: Marius Tomaschewski <mt@suse.de>
Date: Thu, 18 Aug 2011 10:01:04 +0200
Subject: [PATCH] dhcp-4.2.2-man-includes
---
dhcpctl/dhcpctl.3 | 4 ++--
omapip/omapi.3 | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/dhcpctl/dhcpctl.3 b/dhcpctl/dhcpctl.3
index ae42a71..d699f4a 100644
--- a/dhcpctl/dhcpctl.3
+++ b/dhcpctl/dhcpctl.3
@@ -430,8 +430,8 @@ that most error checking has been omitted for brevity.
#include <netinet/in.h>
#include <arpa/inet.h>
-#include "omapip/result.h"
-#include "dhcpctl.h"
+#include <omapip/result.h>
+#include <dhcpctl/dhcpctl.h>
int main (int argc, char **argv) {
dhcpctl_data_string ipaddrstring = NULL;
diff --git a/omapip/omapi.3 b/omapip/omapi.3
index 8fa8105..a616fd3 100644
--- a/omapip/omapi.3
+++ b/omapip/omapi.3
@@ -88,7 +88,7 @@ the lease ends.
#include <stdio.h>
#include <netinet/in.h>
- #include <isc/result.h>
+ #include <omapip/result.h>
#include <dhcpctl/dhcpctl.h>
int main (int argc, char **argv) {
--
1.8.4

View File

@ -0,0 +1,37 @@
From 70f2683580a88180238804546dd24a6a41427282 Mon Sep 17 00:00:00 2001
From: Marius Tomaschewski <mt@suse.de>
Date: Thu, 18 Aug 2011 10:06:01 +0200
Subject: [PATCH] dhcp-4.1.1-tmpfile
Signed-off-by: Marius Tomaschewski <mt@suse.de>
diff --git a/server/db.c b/server/db.c
index 5238ed8..0c642ad 100644
--- a/server/db.c
+++ b/server/db.c
@@ -1116,15 +1116,19 @@ int new_lease_file ()
* either by malice or ignorance, we panic, since the potential
* for havoc is high.
*/
- if (snprintf (newfname, sizeof newfname, "%s.%d",
- path_dhcpd_db, (int)t) >= sizeof newfname)
+ if (snprintf (newfname, sizeof newfname, "%s.XXXXXX",
+ path_dhcpd_db) >= sizeof newfname)
log_fatal("new_lease_file: lease file path too long");
- db_fd = open (newfname, O_WRONLY | O_TRUNC | O_CREAT, 0664);
+ db_fd = mkstemp (newfname);
if (db_fd < 0) {
log_error ("Can't create new lease file: %m");
return 0;
}
+ if (fchmod(db_fd, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH) == -1) {
+ log_error ("Can't fchmod new lease file: %m");
+ goto fail;
+ }
#if defined (PARANOIA)
/*
--
2.1.4

View File

@ -0,0 +1,29 @@
From 92a611b4b05ef420e81c2c78f8c1eb3b38c31627 Mon Sep 17 00:00:00 2001
From: Marius Tomaschewski <mt@suse.de>
Date: Thu, 18 Aug 2011 10:28:04 +0200
Subject: [PATCH] dhcp-4.1.1-dhclient-exec-filedes
---
client/dhclient.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/client/dhclient.c b/client/dhclient.c
index 52121be..203d3d1 100644
--- a/client/dhclient.c
+++ b/client/dhclient.c
@@ -3369,6 +3369,12 @@ int script_go (client)
*/
if (leaseFile != NULL)
fclose(leaseFile);
+ if ((i = open("/dev/null", O_RDWR)) != -1) {
+ dup2(i, STDIN_FILENO);
+ dup2(i, STDOUT_FILENO);
+ if (i > STDERR_FILENO)
+ close(i);
+ }
execve (scriptName, argv, envp);
log_error ("execve (%s, ...): %m", scriptName);
exit (0);
--
1.8.4

View File

@ -0,0 +1,128 @@
From ec55fe43e597e5ea0f8dff5b8edef091c0911801 Mon Sep 17 00:00:00 2001
From: Marius Tomaschewski <mt@suse.de>
Date: Thu, 18 Aug 2011 10:49:07 +0200
Subject: [PATCH] dhcp-4.3.2-dhclient-send-hostname-or-fqdn
Signed-off-by: Marius Tomaschewski <mt@suse.de>
Index: dhcp-4.4.2/client/dhclient.8
===================================================================
--- dhcp-4.4.2.orig/client/dhclient.8
+++ dhcp-4.4.2/client/dhclient.8
@@ -73,6 +73,10 @@ dhclient - Dynamic Host Configuration Pr
.I LL|LLT
]
[
+.B -H
+.I hostname
+]
+[
.B -p
.I port-number
]
@@ -353,6 +357,11 @@ transmits these messages to 255.255.255.
address). Overriding this is mostly useful for debugging purposes. This
feature is not supported in DHCPv6 (\fB-6\fR) mode.
.TP
+.BI \-H \ hostname
+This flag may be used to specify a client hostname that should be sent to
+the DHCP server as host-name (ipv4 only) or fqdn to perform dns update.
+Note, that this option is a SUSE/Novell extension.
+.TP
.BI \-g \ relay
.\" mockup relay
Set the giaddr field of all packets to the \fIrelay\fR IP address
Index: dhcp-4.4.2/client/dhclient.c
===================================================================
--- dhcp-4.4.2.orig/client/dhclient.c
+++ dhcp-4.4.2/client/dhclient.c
@@ -185,6 +185,7 @@ static const char use_v6command[] = "Com
#endif
#define DHCLIENT_USAGEC \
+" [-H hostname]\n" \
" [-s server-addr] [-cf config-file]\n" \
" [-df duid-file] [-lf lease-file]\n" \
" [-pf pid-file] [--no-pid] [-e VAR=val]\n" \
@@ -235,6 +236,7 @@ main(int argc, char **argv) {
int no_dhclient_db = 0;
int no_dhclient_pid = 0;
int no_dhclient_script = 0;
+ char *dhclient_hostname = NULL;
#ifdef DHCPv6
int local_family_set = 0;
#ifdef DHCP4o6
@@ -434,6 +436,24 @@ main(int argc, char **argv) {
if (++i == argc)
usage(use_noarg, argv[i-1]);
mockup_relay = argv[i];
+ } else if (!strcmp (argv[i], "-H")) {
+ size_t len;
+ if (++i == argc || !argv[i] || *(argv[i]) == '\0')
+ usage(use_noarg, argv[i-1]);
+ len = strlen (argv[i]);
+ if (len > HOST_NAME_MAX) {
+ log_error("-H option hostname string \"%s\" is too long:"
+ "maximum length is %d characters",
+ argv[i], HOST_NAME_MAX);
+ exit(1);
+ } else if(check_domain_name(argv[i], len,
+ local_family == AF_INET6 ? 1 : 0) != 0) {
+ log_error("suspect %s in -H option: \"%s\"",
+ local_family == AF_INET6 ? "fqdn" : "hostname",
+ argv[i]);
+ exit(1);
+ }
+ dhclient_hostname = argv [i];
} else if (!strcmp(argv[i], "-nw")) {
nowait = 1;
} else if (!strcmp(argv[i], "-n")) {
@@ -759,6 +779,48 @@ main(int argc, char **argv) {
/* Parse the dhclient.conf file. */
read_client_conf();
+ /* If the user specified a hostname, send it here and now */
+ if ((dhclient_hostname != NULL) && (*dhclient_hostname != '\0') ) {
+ struct parse *cfile = NULL;
+ char buf[1024] = {'\0'};
+ int len;
+
+ if (strchr(dhclient_hostname, '.')) {
+ len = strlen(dhclient_hostname);
+ snprintf (buf, sizeof(buf),
+ "send fqdn.fqdn \"%s%s\";\n"
+ "send fqdn.encoded on;\n"
+ "send fqdn.server-update on;\n"
+ "also request %s;\n",
+ dhclient_hostname,
+ dhclient_hostname[len - 1] == '.' ? "" : ".",
+ local_family == AF_INET6 ? "dhcp6.fqdn" : "fqdn");
+ } else if (local_family == AF_INET) {
+ snprintf (buf, sizeof(buf),
+ "send host-name \"%s\";",
+ dhclient_hostname);
+ }
+ if ((len = strlen(buf))) {
+ status = new_parse (&cfile, -1, buf, len,
+ "hostname update options", 0);
+ if (status != ISC_R_SUCCESS)
+ log_fatal ("Cannot parse send host-name statement!");
+
+ for (;;) {
+ const char *val = NULL;
+ int token;
+
+ token = peek_token (&val, (unsigned *)0, cfile);
+ if (token == END_OF_FILE)
+ break;
+
+ parse_client_statement (cfile, NULL,
+ &top_level_config);
+ }
+ end_parse (&cfile);
+ }
+ }
+
/* Parse the lease database. */
read_client_leases();

View File

@ -0,0 +1,26 @@
From a9d31f9f8356fba3fc49ead5afdfd8cca5a4a535 Mon Sep 17 00:00:00 2001
From: Marius Tomaschewski <mt@suse.de>
Date: Tue, 12 Jun 2012 08:54:23 +0200
Subject: [PATCH] dhcp-4.1.1-P1-lpf-bind-msg-fix
References: bnc#617795
---
common/lpf.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/common/lpf.c b/common/lpf.c
index 44f5f54..82c8b76 100644
--- a/common/lpf.c
+++ b/common/lpf.c
@@ -94,7 +94,7 @@ int if_register_lpf (info)
if (errno == ENOPROTOOPT || errno == EPROTONOSUPPORT ||
errno == ESOCKTNOSUPPORT || errno == EPFNOSUPPORT ||
errno == EAFNOSUPPORT || errno == EINVAL) {
- log_error ("socket: %m - make sure");
+ log_error ("bind: %m - make sure");
log_error ("CONFIG_PACKET (Packet socket) %s",
"and CONFIG_FILTER");
log_error ("(Socket Filtering) are enabled %s",
--
1.8.4

View File

@ -0,0 +1,58 @@
From 48c1bbb9cbd6d6e71178e82fd45a7409efbb9d72 Mon Sep 17 00:00:00 2001
From: Marius Tomaschewski <mt@suse.de>
Date: Wed, 27 Apr 2011 13:56:47 +0200
Subject: [PATCH] dhcp-4.2.2-dhclient-option-checks
References: bnc#643845
---
client/dhclient.c | 6 +++---
common/options.c | 2 +-
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/client/dhclient.c b/client/dhclient.c
index b7a14fe..19a527b 100644
--- a/client/dhclient.c
+++ b/client/dhclient.c
@@ -3301,7 +3301,7 @@ void script_write_params (client, prefix, lease)
} else {
log_error("suspect value in %s "
"option - discarded",
- lease->filename);
+ "filename");
}
}
@@ -3314,7 +3314,7 @@ void script_write_params (client, prefix, lease)
} else {
log_error("suspect value in %s "
"option - discarded",
- lease->server_name);
+ "server-name");
}
}
@@ -4283,7 +4283,7 @@ static int check_domain_name(const char *ptr, size_t len, int dots)
const char *p;
/* not empty or complete length not over 255 characters */
- if ((len == 0) || (len > 256))
+ if ((len == 0) || (len >= 256))
return(-1);
/* consists of [[:alnum:]-]+ labels separated by [.] */
diff --git a/common/options.c b/common/options.c
index 56bb151..be44a70 100644
--- a/common/options.c
+++ b/common/options.c
@@ -3979,7 +3979,7 @@ pretty_escape(char **dst, char *dend, const unsigned char **src,
}
} else if (**src == '"' || **src == '\'' || **src == '$' ||
**src == '`' || **src == '\\' || **src == '|' ||
- **src == '&') {
+ **src == '&' || **src == ';') {
if (*dst + 2 > dend)
return -1;
--
1.8.4

View File

@ -0,0 +1,272 @@
From ecb183516cf0b51ebf0a02f3b46248479fa51e43 Mon Sep 17 00:00:00 2001
From: Marius Tomaschewski <mt@suse.de>
Date: Thu, 18 Aug 2011 14:09:06 +0200
Subject: [PATCH] dhcp-4.2.6-close-on-exec
Merged fixed close-on-exec patch (bnc#732910)
References: bnc#732910
Signed-off-by: Marius Tomaschewski <mt@suse.de>
Index: client/clparse.c
===================================================================
--- client/clparse.c.orig
+++ client/clparse.c
@@ -265,7 +265,7 @@ int read_client_conf_file (const char *n
int token;
isc_result_t status;
- if ((file = open (name, O_RDONLY)) < 0)
+ if ((file = open (name, O_RDONLY | O_CLOEXEC)) < 0)
return uerr2isc (errno);
cfile = NULL;
@@ -341,7 +341,7 @@ void read_client_leases ()
/* Open the lease file. If we can't open it, just return -
we can safely trust the server to remember our state. */
- if ((file = open (path_dhclient_db, O_RDONLY)) < 0)
+ if ((file = open (path_dhclient_db, O_RDONLY | O_CLOEXEC)) < 0)
return;
cfile = NULL;
Index: client/dhclient.c
===================================================================
--- client/dhclient.c.orig
+++ client/dhclient.c
@@ -683,7 +683,7 @@ main(int argc, char **argv) {
long temp;
int e;
- if ((pidfd = fopen(path_dhclient_pid, "r")) != NULL) {
+ if ((pidfd = fopen(path_dhclient_pid, "re")) != NULL) {
e = fscanf(pidfd, "%ld\n", &temp);
oldpid = (pid_t)temp;
@@ -3642,7 +3642,7 @@ void rewrite_client_leases ()
if (leaseFile != NULL)
fclose (leaseFile);
- leaseFile = fopen (path_dhclient_db, "w");
+ leaseFile = fopen (path_dhclient_db, "we");
if (leaseFile == NULL) {
log_error ("can't create %s: %m", path_dhclient_db);
return;
@@ -3837,7 +3837,7 @@ write_duid(struct data_string *duid)
return DHCP_R_INVALIDARG;
if (leaseFile == NULL) { /* XXX? */
- leaseFile = fopen(path_dhclient_db, "w");
+ leaseFile = fopen(path_dhclient_db, "we");
if (leaseFile == NULL) {
log_error("can't create %s: %m", path_dhclient_db);
return ISC_R_IOERROR;
@@ -3882,7 +3882,7 @@ write_client6_lease(struct client_state
return DHCP_R_INVALIDARG;
if (leaseFile == NULL) { /* XXX? */
- leaseFile = fopen(path_dhclient_db, "w");
+ leaseFile = fopen(path_dhclient_db, "we");
if (leaseFile == NULL) {
log_error("can't create %s: %m", path_dhclient_db);
return ISC_R_IOERROR;
@@ -4041,7 +4041,7 @@ int write_client_lease (client, lease, r
return 1;
if (leaseFile == NULL) { /* XXX */
- leaseFile = fopen (path_dhclient_db, "w");
+ leaseFile = fopen (path_dhclient_db, "we");
if (leaseFile == NULL) {
log_error ("can't create %s: %m", path_dhclient_db);
return 0;
Index: common/bpf.c
===================================================================
--- common/bpf.c.orig
+++ common/bpf.c
@@ -94,7 +94,7 @@ int if_register_bpf (info)
for (b = 0; 1; b++) {
/* %Audit% 31 bytes max. %2004.06.17,Safe% */
sprintf(filename, BPF_FORMAT, b);
- sock = open (filename, O_RDWR, 0);
+ sock = open (filename, O_RDWR | O_CLOEXEC, 0);
if (sock < 0) {
if (errno == EBUSY) {
continue;
Index: common/dlpi.c
===================================================================
--- common/dlpi.c.orig
+++ common/dlpi.c
@@ -817,7 +817,7 @@ dlpiopen(const char *ifname) {
}
*dp = '\0';
- return open (devname, O_RDWR, 0);
+ return open (devname, O_RDWR | O_CLOEXEC, 0);
}
/*
Index: common/nit.c
===================================================================
--- common/nit.c.orig
+++ common/nit.c
@@ -75,7 +75,7 @@ int if_register_nit (info)
struct strioctl sio;
/* Open a NIT device */
- sock = open ("/dev/nit", O_RDWR);
+ sock = open ("/dev/nit", O_RDWR | O_CLOEXEC);
if (sock < 0)
log_fatal ("Can't open NIT device for %s: %m", info -> name);
Index: common/resolv.c
===================================================================
--- common/resolv.c.orig
+++ common/resolv.c
@@ -43,7 +43,7 @@ void read_resolv_conf (parse_time)
struct domain_search_list *dp, *dl, *nd;
isc_result_t status;
- if ((file = open (path_resolv_conf, O_RDONLY)) < 0) {
+ if ((file = open (path_resolv_conf, O_RDONLY | O_CLOEXEC)) < 0) {
log_error ("Can't open %s: %m", path_resolv_conf);
return;
}
Index: common/upf.c
===================================================================
--- common/upf.c.orig
+++ common/upf.c
@@ -71,7 +71,7 @@ int if_register_upf (info)
/* %Audit% Cannot exceed 36 bytes. %2004.06.17,Safe% */
sprintf(filename, "/dev/pf/pfilt%d", b);
- sock = open (filename, O_RDWR, 0);
+ sock = open (filename, O_RDWR | O_CLOEXEC, 0);
if (sock < 0) {
if (errno == EBUSY) {
continue;
Index: omapip/trace.c
===================================================================
--- omapip/trace.c.orig
+++ omapip/trace.c
@@ -136,10 +136,10 @@ isc_result_t trace_begin (const char *fi
return DHCP_R_INVALIDARG;
}
- traceoutfile = open (filename, O_CREAT | O_WRONLY | O_EXCL, 0600);
+ traceoutfile = open (filename, O_CREAT | O_WRONLY | O_EXCL | O_CLOEXEC, 0600);
if (traceoutfile < 0 && errno == EEXIST) {
log_error ("WARNING: Overwriting trace file \"%s\"", filename);
- traceoutfile = open (filename, O_WRONLY | O_EXCL | O_TRUNC,
+ traceoutfile = open (filename, O_WRONLY | O_EXCL | O_TRUNC | O_CLOEXEC,
0600);
}
@@ -427,7 +427,7 @@ void trace_file_replay (const char *file
isc_result_t result;
int len;
- traceinfile = fopen (filename, "r");
+ traceinfile = fopen (filename, "re");
if (!traceinfile) {
log_error("Can't open tracefile %s: %m", filename);
return;
Index: relay/dhcrelay.c
===================================================================
--- relay/dhcrelay.c.orig
+++ relay/dhcrelay.c
@@ -783,13 +783,14 @@ main(int argc, char **argv) {
/* Create the pid file. */
if (no_pid_file == ISC_FALSE) {
pfdesc = open(path_dhcrelay_pid,
- O_CREAT | O_TRUNC | O_WRONLY, 0644);
+ O_CREAT | O_TRUNC | O_WRONLY |
+ O_CLOEXEC, 0644);
if (pfdesc < 0) {
log_error("Can't create %s: %m",
path_dhcrelay_pid);
} else {
- pf = fdopen(pfdesc, "w");
+ pf = fdopen(pfdesc, "we");
if (!pf)
log_error("Can't fdopen %s: %m",
path_dhcrelay_pid);
Index: server/confpars.c
===================================================================
--- server/confpars.c.orig
+++ server/confpars.c
@@ -118,7 +118,7 @@ isc_result_t read_conf_file (const char
}
#endif
- if ((file = open (filename, O_RDONLY)) < 0) {
+ if ((file = open (filename, O_RDONLY | O_CLOEXEC)) < 0) {
if (leasep) {
log_error ("Can't open lease database %s: %m --",
path_dhcpd_db);
Index: server/db.c
===================================================================
--- server/db.c.orig
+++ server/db.c
@@ -1105,7 +1105,7 @@ void db_startup (int test_mode)
* Therefore, in test mode we need to point db_file to a disposable
* file to protect the original lease file. */
current_db_path = (test_mode ? "/dev/null" : path_dhcpd_db);
- db_file = fopen (current_db_path, "a");
+ db_file = fopen (current_db_path, "ae");
if (!db_file) {
log_fatal ("Can't open %s for append.", current_db_path);
}
@@ -1154,7 +1154,7 @@ int new_lease_file (int test_mode)
path_dhcpd_db) >= sizeof newfname)
log_fatal("new_lease_file: lease file path too long");
- db_fd = mkstemp (newfname);
+ db_fd = mkostemp (newfname, O_CLOEXEC);
if (db_fd < 0) {
log_error ("Can't create new lease file: %m");
return 0;
@@ -1179,7 +1179,7 @@ int new_lease_file (int test_mode)
}
#endif /* PARANOIA */
- if ((new_db_file = fdopen(db_fd, "w")) == NULL) {
+ if ((new_db_file = fdopen(db_fd, "we")) == NULL) {
log_error("Can't fdopen new lease file: %m");
close(db_fd);
goto fdfail;
Index: server/dhcpd.c
===================================================================
--- server/dhcpd.c.orig
+++ server/dhcpd.c
@@ -880,7 +880,7 @@ main(int argc, char **argv) {
*/
if ((lftest == 0) && (no_pid_file == ISC_FALSE)) {
/*Read previous pid file. */
- if ((i = open(path_dhcpd_pid, O_RDONLY)) >= 0) {
+ if ((i = open(path_dhcpd_pid, O_RDONLY | O_CLOEXEC)) >= 0) {
status = read(i, pbuf, (sizeof pbuf) - 1);
close(i);
if (status > 0) {
@@ -990,7 +990,7 @@ main(int argc, char **argv) {
* appropriate.
*/
if (no_pid_file == ISC_FALSE) {
- i = open(path_dhcpd_pid, O_WRONLY|O_CREAT|O_TRUNC, 0644);
+ i = open(path_dhcpd_pid, O_WRONLY|O_CREAT|O_TRUNC|O_CLOEXEC, 0644);
if (i >= 0) {
sprintf(pbuf, "%d\n", (int) getpid());
IGNORE_RET(write(i, pbuf, strlen(pbuf)));
Index: server/ldap.c
===================================================================
--- server/ldap.c.orig
+++ server/ldap.c
@@ -1447,7 +1447,7 @@ ldap_start (void)
if (ldap_debug_file != NULL && ldap_debug_fd == -1)
{
- if ((ldap_debug_fd = open (ldap_debug_file, O_CREAT | O_TRUNC | O_WRONLY,
+ if ((ldap_debug_fd = open (ldap_debug_file, O_CREAT | O_TRUNC | O_WRONLY | O_CLOEXEC,
S_IRUSR | S_IWUSR)) < 0)
log_error ("Error opening debug LDAP log file %s: %s", ldap_debug_file,
strerror (errno));

View File

@ -0,0 +1,27 @@
From 61b4b713b630febf170c58c9ebbba2e01bb28eff Mon Sep 17 00:00:00 2001
From: Marius Tomaschewski <mt@suse.de>
Date: Thu, 18 Aug 2011 15:09:01 +0200
Subject: [PATCH] dhcp-4.2.2-quiet-dhclient
References: bnc#711420
---
client/dhclient.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/client/dhclient.c b/client/dhclient.c
index dbc6f38..65d9eeb 100644
--- a/client/dhclient.c
+++ b/client/dhclient.c
@@ -451,6 +451,9 @@ main(int argc, char **argv) {
} else {
log_perror = 0;
quiet_interface_discovery = 1;
+#if !defined(DEBUG)
+ setlogmask(LOG_UPTO(LOG_NOTICE));
+#endif
}
/* If we're given a relay agent address to insert, for testing
--
1.8.4

View File

@ -0,0 +1,38 @@
From 34e6100717f3de5a32ccb3234a949d017f789fdb Mon Sep 17 00:00:00 2001
From: Marius Tomaschewski <mt@suse.de>
Date: Tue, 10 Jun 2014 02:42:32 +0000
Subject: [PATCH] dhcp-4.2.x-chown-server-leases.bnc868253
Fixed dhcp server to chown leases to run user at start
References: bnc#868253
Signed-off-by: Marius Tomaschewski <mt@suse.de>
diff --git a/server/dhcpd.c b/server/dhcpd.c
index afef390..0f5c640 100644
--- a/server/dhcpd.c
+++ b/server/dhcpd.c
@@ -770,8 +770,19 @@ main(int argc, char **argv) {
}
#if defined (PARANOIA)
- /* change uid to the specified one */
+ /* ensure, the leases db is owned by the run user/group */
+ if (set_gid || set_uid) {
+ char backfname[512];
+
+ chown(path_dhcpd_db, set_uid ? set_uid : -1,
+ set_gid ? set_gid : -1);
+ snprintf (backfname, sizeof backfname, "%s~", path_dhcpd_db);
+ chown(backfname, set_uid ? set_uid : -1,
+ set_gid ? set_gid : -1);
+ }
+
+ /* change uid to the specified one */
if (set_gid) {
/* setgroups is done, OK */
if (setgroups (0, (void *)0))
--
2.1.4

View File

@ -0,0 +1,68 @@
From 9267da086dcbb39509eae05d1d60ba37596a3f89 Mon Sep 17 00:00:00 2001
From: Marius Tomaschewski <mt@suse.de>
Date: Wed, 29 Apr 2015 11:18:36 +0200
Subject: dhclient6: unsigned lifetimes for script (bsc#926159)
Address/IA lifetimes are all unsigned, don't turn into signed
(negative e.g. in infinite case) when passing them to scripts
and format timestamps as long to not break them on 64bit archs.
References: bsc#926159
--- client/dhc6.c.orig
+++ client/dhc6.c
@@ -4344,8 +4344,8 @@ dhc6_marshall_values(const char *prefix,
client_envadd(client, prefix,
"ip6_type", "temporary");
}
- client_envadd(client, prefix, "life_starts", "%d",
- (int)(addr->starts));
+ client_envadd(client, prefix, "life_starts", "%ld",
+ (long)(addr->starts));
client_envadd(client, prefix, "preferred_life", "%u",
addr->preferred_life);
client_envadd(client, prefix, "max_life", "%u",
@@ -4356,8 +4356,8 @@ dhc6_marshall_values(const char *prefix,
if (ia != NULL) {
client_envadd(client, prefix, "iaid", "%s",
print_hex_1(4, ia->iaid, 12));
- client_envadd(client, prefix, "starts", "%d",
- (int)(ia->starts));
+ client_envadd(client, prefix, "starts", "%ld",
+ (long)(ia->starts));
client_envadd(client, prefix, "renew", "%u", ia->renew);
client_envadd(client, prefix, "rebind", "%u", ia->rebind);
}
--- client/dhclient.c.orig
+++ client/dhclient.c
@@ -3708,13 +3708,13 @@ write_client6_lease(struct client_state
return ISC_R_IOERROR;
if (ia->ia_type != D6O_IA_TA)
- stat = fprintf(leaseFile, " starts %d;\n"
+ stat = fprintf(leaseFile, " starts %ld;\n"
" renew %u;\n"
" rebind %u;\n",
- (int)ia->starts, ia->renew, ia->rebind);
+ (long)ia->starts, ia->renew, ia->rebind);
else
- stat = fprintf(leaseFile, " starts %d;\n",
- (int)ia->starts);
+ stat = fprintf(leaseFile, " starts %ld;\n",
+ (long)ia->starts);
if (stat <= 0)
return ISC_R_IOERROR;
@@ -3731,10 +3731,10 @@ write_client6_lease(struct client_state
if (stat <= 0)
return ISC_R_IOERROR;
- stat = fprintf(leaseFile, " starts %d;\n"
+ stat = fprintf(leaseFile, " starts %ld;\n"
" preferred-life %u;\n"
" max-life %u;\n",
- (int)addr->starts, addr->preferred_life,
+ (long)addr->starts, addr->preferred_life,
addr->max_life);
if (stat <= 0)
return ISC_R_IOERROR;

View File

@ -0,0 +1,69 @@
From 5fd4d0595760acd3e4c2524c9747dc5c0042e173 Mon Sep 17 00:00:00 2001
From: Tomas Hozza <thozza@redhat.com>
Date: Fri, 29 May 2015 13:56:58 +0200
Subject: Expose next-server DHCPv4 option to dhclient script
Currently dhclient does not exposes next-server option
to the dhclient script. this patch fixes this.
Signed-off-by: Tomas Hozza <thozza@redhat.com>
References: bsc#928390
diff --git a/client/dhclient.c b/client/dhclient.c
index 4d7394d..0c77ae2 100644
--- a/client/dhclient.c
+++ b/client/dhclient.c
@@ -1104,7 +1104,7 @@ void state_selecting (cpp)
client -> state = S_REQUESTING;
/* Bind to the address we received. */
- bind_lease (client);
+ bind_lease (client, NULL);
return;
}
@@ -1294,11 +1294,12 @@ void dhcpack (packet)
if (client -> new -> rebind < cur_time)
client -> new -> rebind = TIME_MAX;
- bind_lease (client);
+ bind_lease (client, &packet -> raw -> siaddr);
}
-void bind_lease (client)
+void bind_lease (client, siaddr)
struct client_state *client;
+ struct in_addr *siaddr;
{
struct timeval tv;
@@ -1318,6 +1319,13 @@ void bind_lease (client)
if (client->alias)
script_write_params(client, "alias_", client->alias);
+ if (siaddr) {
+ char buf[INET_ADDRSTRLEN];
+
+ if (inet_ntop (AF_INET, (void *) siaddr, buf, sizeof (buf)))
+ client_envadd (client, "new_", "next_server", "%s", buf);
+ }
+
/* If the BOUND/RENEW code detects another machine using the
offered address, it exits nonzero. We need to send a
DHCPDECLINE and toss the lease. */
diff --git a/includes/dhcpd.h b/includes/dhcpd.h
index 86d0afe..f0f4b20 100644
--- a/includes/dhcpd.h
+++ b/includes/dhcpd.h
@@ -2891,7 +2891,7 @@ void state_bound (void *);
void state_stop (void *);
void state_panic (void *);
-void bind_lease (struct client_state *);
+void bind_lease (struct client_state *, struct in_addr *);
void make_client_options (struct client_state *,
struct client_lease *, u_int8_t *,
--
2.1.4

File diff suppressed because it is too large Load Diff

View File

@ -0,0 +1,98 @@
From ce15607bca2509bc2abd440000d25498ad589e27 Mon Sep 17 00:00:00 2001
From: Marius Tomaschewski <mt@suse.de>
Date: Mon, 14 Sep 2015 15:31:37 +0200
Subject: [PATCH] server: no success report before send (bsc#919959)
References: bsc#919959
diff --git a/server/dhcp.c b/server/dhcp.c
index effa9b1..18297a6 100644
--- a/server/dhcp.c
+++ b/server/dhcp.c
@@ -3859,22 +3859,6 @@ void dhcp_reply (lease)
}
#endif
- /* Say what we're doing... */
- log_info ("%s on %s to %s %s%s%svia %s",
- (state -> offer
- ? (state -> offer == DHCPACK ? "DHCPACK" : "DHCPOFFER")
- : "BOOTREPLY"),
- piaddr (lease -> ip_addr),
- (lease -> hardware_addr.hlen
- ? print_hw_addr (lease -> hardware_addr.hbuf [0],
- lease -> hardware_addr.hlen - 1,
- &lease -> hardware_addr.hbuf [1])
- : print_hex_1(lease->uid_len, lease->uid, 60)),
- s ? "(" : "", s ? s : "", s ? ") " : "",
- (state -> giaddr.s_addr
- ? inet_ntoa (state -> giaddr)
- : state -> ip -> name));
-
#ifdef DEBUG_PACKET
dump_raw ((unsigned char *)&raw, packet_length);
#endif
@@ -3906,12 +3890,13 @@ void dhcp_reply (lease)
"packet over %s interface.", MDL,
packet_length,
fallback_interface->name);
- }
+ free_lease_state (state, MDL);
+ lease -> state = (struct lease_state *)0;
+ return;
+ }
- free_lease_state (state, MDL);
- lease -> state = (struct lease_state *)0;
- return;
+ goto report;
}
/* If the client is RENEWING, unicast to the client using the
@@ -3944,11 +3929,13 @@ void dhcp_reply (lease)
" packet over %s interface.", MDL,
packet_length,
fallback_interface->name);
+
+ free_lease_state (state, MDL);
+ lease -> state = (struct lease_state *)0;
+ return;
}
- free_lease_state (state, MDL);
- lease -> state = (struct lease_state *)0;
- return;
+ goto report;
}
/* If it comes from a client that already knows its address
@@ -3976,8 +3963,28 @@ void dhcp_reply (lease)
log_error ("%s:%d: Failed to send %d byte long "
"packet over %s interface.", MDL,
packet_length, state->ip->name);
+
+ free_lease_state (state, MDL);
+ lease -> state = (struct lease_state *)0;
+ return;
}
+report:
+ /* Say what we're doing... */
+ log_info ("%s on %s to %s %s%s%svia %s",
+ (state -> offer
+ ? (state -> offer == DHCPACK ? "DHCPACK" : "DHCPOFFER")
+ : "BOOTREPLY"),
+ piaddr (lease -> ip_addr),
+ (lease -> hardware_addr.hlen
+ ? print_hw_addr (lease -> hardware_addr.hbuf [0],
+ lease -> hardware_addr.hlen - 1,
+ &lease -> hardware_addr.hbuf [1])
+ : print_hex_1(lease->uid_len, lease->uid, 60)),
+ s ? "(" : "", s ? s : "", s ? ") " : "",
+ (state -> giaddr.s_addr
+ ? inet_ntoa (state -> giaddr)
+ : state -> ip -> name));
/* Free all of the entries in the option_state structure
now that we're done with them. */

View File

@ -0,0 +1,47 @@
From 937561ef8c09e3281caba3c859e80ce2fcf23ce4 Mon Sep 17 00:00:00 2001
From: Marius Tomaschewski <mt@suse.de>
Date: Mon, 14 Sep 2015 18:53:34 +0200
Subject: [PATCH] client: fail on script pre-init error (bsc#912098)
References: bsc#912098
Index: dhcp-4.4.2/client/dhclient.c
===================================================================
--- dhcp-4.4.2.orig/client/dhclient.c
+++ dhcp-4.4.2/client/dhclient.c
@@ -882,7 +882,8 @@ main(int argc, char **argv) {
* in case somebody cares.
*/
script_init(NULL, "NBI", NULL);
- script_go(NULL);
+ if (script_go(NULL))
+ log_fatal("dhclient-script was unable to pre-init");
/*
* If we haven't been asked to persist, waiting for new
@@ -894,6 +895,8 @@ main(int argc, char **argv) {
finish(0);
}
} else if (!release_mode && !exit_mode) {
+ unsigned int failed = 0;
+
/* Call the script with the list of interfaces. */
for (ip = interfaces; ip; ip = ip->next) {
/*
@@ -915,7 +918,16 @@ main(int argc, char **argv) {
"alias_",
ip->client->alias);
}
- script_go(ip->client);
+ if (script_go(ip->client)) {
+ log_info("%s: unable to pre-init requested interface %s",
+ path_dhclient_script, ip->name);
+ ip->flags &= ~(INTERFACE_REQUESTED|INTERFACE_AUTOMATIC);
+ failed++;
+ }
+ }
+ if (failed) {
+ log_fatal("%s: unable to pre-init requested interfaces -- see log messages",
+ path_dhclient_script);
}
}

View File

@ -0,0 +1,67 @@
From: Marius Tomaschewski <mt@suse.de>
Date: Tue, 12 Jan 2016 15:42:22 +0100
Subject: [PATCH] fixed improper lease duration checking.
References: bsc#936923, bsc#880984
year 2038 is EOT only for 32 bit machine. This patch checks
wordsize and do a proper EOT checking on lease duration. It
also fixes integer overflows in the date and time handling code.
--- common/parse.c.orig
+++ common/parse.c
@@ -939,7 +939,7 @@ TIME
parse_date_core(cfile)
struct parse *cfile;
{
- int guess;
+ long guess;
int tzoff, year, mon, mday, hour, min, sec;
const char *val;
enum dhcp_token token;
@@ -966,7 +966,7 @@ parse_date_core(cfile)
}
skip_token(&val, NULL, cfile); /* consume number */
- guess = atoi(val);
+ guess = atol(val);
return((TIME)guess);
}
@@ -1113,11 +1113,22 @@ parse_date_core(cfile)
* overflow issues. We could try and be more precise but there
* doesn't seem to be a good reason to worry about it and waste
* the cpu looking at the rest of the date. */
- if (year >= 138)
- return(MAX_TIME);
-
+ if (sizeof(time_t) == 8) {
+ /* 2038 is not an issue on 64bit. time calculations
+ * start to fail at almost INT_MAX (- some guard) */
+ if (year > 0x7fff0000)
+ return(MAX_TIME);
+ } else {
+ /* assume 32bit with end in 2038 */
+ if (year >= 138)
+ return(MAX_TIME);
+ }
+ /* I don't think we need to care about lease starts before 1900 */
+ if (year < 0)
+ return((TIME)0);
+
/* Guess the time value... */
- guess = ((((((365 * (year - 70) + /* Days in years since '70 */
+ guess = ((((((365 * ((long)year - 70) + /* Days in years since '70 */
(year - 69) / 4 + /* Leap days since '70 */
(mon /* Days in months this year */
? months [mon - 1]
--- includes/dhcpd.h.orig
+++ includes/dhcpd.h
@@ -1588,7 +1588,7 @@ typedef unsigned char option_mask [16];
#endif
#define INFINITE_TIME 0xffffffff
-#define MAX_TIME 0x7fffffff
+#define MAX_TIME LONG_MAX
#define MIN_TIME 0
#ifdef USE_LOG_PID

View File

@ -0,0 +1,67 @@
Index: client/dhclient.c
===================================================================
--- client/dhclient.c.orig
+++ client/dhclient.c
@@ -284,6 +284,18 @@ main(int argc, char **argv) {
#else
progname = argv[0];
#endif
+
+#ifdef DHCPv6
+ /* Support being called using `dhclient4` or `dhclient6` symlinks */
+ if (argv[0][strlen(argv[0]) - 1] == '4') {
+ local_family_set = 1;
+ local_family = AF_INET;
+ } else if (argv[0][strlen(argv[0]) - 1] == '6') {
+ local_family_set = 1;
+ local_family = AF_INET6;
+ }
+#endif /* DHCPv6 */
+
/* Initialize client globals. */
memset(&default_duid, 0, sizeof(default_duid));
Index: relay/dhcrelay.c
===================================================================
--- relay/dhcrelay.c.orig
+++ relay/dhcrelay.c
@@ -300,6 +300,17 @@ main(int argc, char **argv) {
progname = argv[0];
#endif
+#ifdef DHCPv6
+ /* Support being called using `dhcrelay4` or `dhcrelay6` symlinks */
+ if (argv[0][strlen(argv[0]) - 1] == '4') {
+ local_family_set = 1;
+ local_family = AF_INET;
+ } else if (argv[0][strlen(argv[0]) - 1] == '6') {
+ local_family_set = 1;
+ local_family = AF_INET6;
+ }
+#endif /* DHCPv6 */
+
/* Make sure that file descriptors 0(stdin), 1,(stdout), and
2(stderr) are open. To do this, we assume that when we
open a file the lowest available file descriptor is used. */
Index: server/dhcpd.c
===================================================================
--- server/dhcpd.c.orig
+++ server/dhcpd.c
@@ -301,6 +301,17 @@ main(int argc, char **argv) {
progname = argv[0];
#endif
+#ifdef DHCPv6
+ /* Support being called using `dhcpd4` or `dhcpd6` symlinks */
+ if (argv[0][strlen(argv[0]) - 1] == '4') {
+ local_family_set = 1;
+ local_family = AF_INET;
+ } else if (argv[0][strlen(argv[0]) - 1] == '6') {
+ local_family_set = 1;
+ local_family = AF_INET6;
+ }
+#endif /* DHCPv6 */
+
/* Make sure that file descriptors 0 (stdin), 1, (stdout), and
2 (stderr) are open. To do this, we assume that when we
open a file the lowest available file descriptor is used. */

120
DDNS-howto.txt Normal file
View File

@ -0,0 +1,120 @@
The ISC DHCP server v3 supports dynamical DNS updates (DDNS), as do BIND8/9.
There are several standards in the works; for now the best way to do it seems
to be updates done by the DHCP server only (not by the clients themselves).
Short outline of how things work together:
- DHCP clients send their preferred hostname along the request
- dhcpd acknowledges the lease
- dhcpd contacts named, asking it to update the zone, using an HMAC-MD5 key
(TSIG, short for transaction signature) for authentication
- named updates the zone (and rewrites the zone files periodically)
- when the lease times out or is freed, named will remove it
The following instructions should get you started.
They are basically taken from the dnskeygen and dhcpd.conf man pages.
1. Make a key to be used by dhcpd to authenticate for DNS updates.
You can use the script /usr/bin/genDDNSkey which essentially runs BIND's key
generating utility, extracts the secret from the K*.private key file and puts
it into the file /etc/named.keys. File name and key name can be specified on
the commandline, or via shell environment. Install the bind-utils package if
you don't have the script, or get it here: <http://www.suse.com/~poeml/genDDNSkey>.
Call genDDNSkey --help for usage info.
The simplest example to use it is:
genDDNSkey
which is equivalent to
genDDNSkey --key-file /etc/named.keys --key-name DHCP_UPDATER
thereby using the defaults that fit the rest of this readme.
The script works both for BIND8 and BIND9 (some subtle difference in the syntax).
2. Configure dhcpd:
/etc/dhcpd.conf needs these additional lines:
-------------------->
ddns-updates on;
ddns-update-style interim;
ignore client-updates;
include "/etc/named.keys";
<--------------------
and in the subnet declaration:
-------------------->
subnet 192.168.0.0 netmask 255.255.255.0 {
range dynamic-bootp 192.168.0.201 192.168.0.219;
zone whirl. { primary 127.0.0.1; key DHCP_UPDATER; }
zone 0.168.192.in-addr.arpa. { primary 127.0.0.1; key DHCP_UPDATER; }
}
<--------------------
Note that this setup implies that the DNS server runs on the same machine
(127.0.0.1), but you can easily change that.
Since the DHCP server runs in a chroot jail by default, the key file needs to
be copied into the jail because dhcpd cannot files outside it (thanks Andrew
Beames for pointing this out!). This can easily be achieved by adding
/etc/named.keys
to the value of DHCPD_CONF_INCLUDE_FILES in /etc/sysconfig/dhcpd, which can be
done via YaST, or via any editor.
3. Configure named:
Append something along these lines to /etc/named.conf:
-------------------->
include "/etc/named.keys";
zone "whirl" in {
type master;
file "dyn/whirl.zone";
allow-update { key DHCP_UPDATER; };
};
zone "0.168.192.in-addr.arpa" in {
type master;
file "dyn/0.168.192.zone";
allow-update { key DHCP_UPDATER; };
};
<--------------------
Since named runs, by default, in a chroot directory since SuSE 8.2, we need to add
/etc/named.keys
to the value of NAMED_CONF_INCLUDE_FILES in /etc/sysconfig/named, just as we
did it with dhcpd.
Since named runs, by default, as user "named" since SuSE 8.2, there is another
issue to be sorted out: named needs to create its .jnl files somewhere, but it
isn't allowed to do that in its working directory (/var/lib/named) for security
reasons. See /usr/share/doc/packages/bind9/README.SuSE for a solution.
if you got this far, there is a reasonable chance that you've got DDNS working.
Obviously, you need some zone files :) One further note: if you provide dummy
hostnames like d1, d2, d3,... for the dynamical clients they will have a
hostname even if they don't send a hostname (and no DDNS update is done).
If it doesn't work, closely watch /var/log/messages. In almost all cases the
messages give the right clues.
Feedback is appreciated.
Have fun,
Peter
--
Thought is limitation. Free your mind.

BIN
contrib.tar.gz (Stored with Git LFS) Normal file

Binary file not shown.

58
dhclient.conf Normal file
View File

@ -0,0 +1,58 @@
#
# /etc/dhclient.conf -- dhclient configuration file
# See "man dhclient.conf" for further details
#
######################################################
# Sometimes, a special configuration is required for
# e.g. Cable Modem providers (@Home -- TCI).
# For example, it may be required to send out a special
# dhcp-client-identifier or to override some settings.
#
# Uncomment and fill in the appropriate settings:
#
#send dhcp-client-identifier "c32423-a"
# or as hex octets
#send dhcp-client-identifier 1:0:a0:24:ab:fb:9c;
#
# Note, that hostname is usually send using -H option.
#send host-name "andare.fugue.com";
#
#supersede domain-name "fugue.com home.vix.com";
#prepend domain-name-servers 127.0.0.1;
#
#####################################################
# uncomment to request a specific lease time, otherwise
# the dhcp server will provide its default lease time:
#send dhcp-lease-time 3600;
#
# Define RFC 3442 classless static route option
#
option rfc3442-classless-static-routes code 121 = array of unsigned integer 8;
#
# Define RFC 4833 timezone options
#
option rfc4833-tz-posix-string code 100 = string;
option rfc4833-tz-name code 101 = string;
# Request several well known/usefull dhcp options.
request subnet-mask, broadcast-address, routers, rfc3442-classless-static-routes, interface-mtu, host-name, domain-name, domain-search, domain-name-servers, nis-domain, nis-servers, nds-context, nds-servers, nds-tree-name, netbios-name-servers, netbios-dd-server, netbios-node-type, netbios-scope, ntp-servers;
# rfc4833-tz-posix-string, rfc4833-tz-name;
# We request above options, require only the IP configuration:
require subnet-mask;
# All another options (DNS, NTP, NIS, ...) are applied using
# netconfig(8) modules.
# To enforce the availability of the dns server list, set to:
#require subnet-mask, domain-name-servers;
timeout 60;
retry 60;
reboot 10;
select-timeout 5;
initial-interval 2;

22
dhclient6.conf Normal file
View File

@ -0,0 +1,22 @@
# Client configuration file example for DHCPv6
# Define RFC 4833 timezone options:
option dhcp6.rfc4833-tz-posix-string code 41 = string;
option dhcp6.rfc4833-tz-name code 42 = string;
# You may add the options you've declared now to the request,
# but it is still needed to use them in a netconfig module or
# dhclient-script. I didn't found the time to implement it
# yet -- feel free to provide a module / patch.
# dhcp6.rfc4833-tz-posix-string, dhcp6.rfc4833-tz-name;
# The client side command to enable rapid-commit (2 packet exchange)
send dhcp6.rapid-commit;
# The name-servers and domain-search are requested by default.
#
# We request also sntp-servers, see dhcp-options(5) for more,
# but make sure, the underlying software using it supports IPv6
# (e.g. ypbind <= 1.35 doesn't, don't add nis-servers/domain!)
#
also request dhcp6.sntp-servers;

BIN
dhcp-4.4.2-P1.tar.gz (Stored with Git LFS) Normal file

Binary file not shown.

16
dhcp-4.4.2-P1.tar.gz.asc Normal file
View File

@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABAgAdFiEEJFV3TUL9/mucOD64/hACvFlwgR8FAmClcL0ACgkQ/hACvFlw
gR8x7g/8CWUqsUBmN9aMsoqsZKvcR4Yqi+vl+VvpkUVdJxLWKBonTnQ544U8b4qq
GDwfht5LKCUSjF15fNxfbztkTFnxW3CnWmE25HsZwfVOGrBfPRHwO/BvmerqTBui
JPWOVsauwSp1KbEsxJUZERUZO1CncHdrxJ5bk8lPD25/QgxHVQzdxRwkml1uBlI4
6wF9in05HK+GwZi5G5E7YrNDZKnCk2qtndCeAhlpl0zLUiImVP7EbDZRRpczyQqK
ZpWRpsFLeGCPWAWeomj0EG+S9nxS6UjVq0BS6kMrVTcwfIK1U9OkZRgYLMIkEV5y
vpu1tjXDZxU4lnGtUkQgjnGxWvnldMohvKDYUvKBOyomnYOpMZhMtLTmZRUk0oBz
8vLPK59BQGFsrQw/gA46+jM7oahrZp/uVx4WJkyzjuoZ41N3y61fOgZzMkFwt9wc
F08k66S4fTxxVpnAwMNVn7C7D7IMlCpuVG7/jB50Go9NsaY8Q8FcDxnqrNETNfPC
PZzgM+IkhPOaZezP36UPv9v/ME0sz9YEzslxKtsf2rsoXT0iS/vTuHryyZpfuvks
F7JZk9JlHkG+eoY1h/g05RtC+z+n3U5dn+pIETd9o3OgBYlJXaxA4E1LbkzrfqJC
icxx7sx4/e93/wUd7xppTwk3/+F9Yzp6qrIZDNWIzNWCxKytvdE=
=bHZP
-----END PGP SIGNATURE-----

100
dhcp-CVE-2022-2928.patch Normal file
View File

@ -0,0 +1,100 @@
--- common/options.c.orig
+++ common/options.c
@@ -4452,6 +4452,8 @@ add_option(struct option_state *options,
if (!option_cache_allocate(&oc, MDL)) {
log_error("No memory for option cache adding %s (option %d).",
option->name, option_num);
+ /* Get rid of reference created during hash lookup. */
+ option_dereference(&option, MDL);
return 0;
}
@@ -4463,6 +4465,8 @@ add_option(struct option_state *options,
MDL)) {
log_error("No memory for constant data adding %s (option %d).",
option->name, option_num);
+ /* Get rid of reference created during hash lookup. */
+ option_dereference(&option, MDL);
option_cache_dereference(&oc, MDL);
return 0;
}
@@ -4471,6 +4475,9 @@ add_option(struct option_state *options,
save_option(&dhcp_universe, options, oc);
option_cache_dereference(&oc, MDL);
+ /* Get rid of reference created during hash lookup. */
+ option_dereference(&option, MDL);
+
return 1;
}
--- common/tests/option_unittest.c.orig
+++ common/tests/option_unittest.c
@@ -213,6 +213,59 @@ ATF_TC_BODY(parse_X, tc)
}
}
+ATF_TC(add_option_ref_cnt);
+
+ATF_TC_HEAD(add_option_ref_cnt, tc)
+{
+ atf_tc_set_md_var(tc, "descr",
+ "Verify add_option() does not leak option ref counts.");
+}
+
+ATF_TC_BODY(add_option_ref_cnt, tc)
+{
+ struct option_state *options = NULL;
+ struct option *option = NULL;
+ unsigned int cid_code = DHO_DHCP_CLIENT_IDENTIFIER;
+ char *cid_str = "1234";
+ int refcnt_before = 0;
+
+ // Look up the option we're going to add.
+ initialize_common_option_spaces();
+ if (!option_code_hash_lookup(&option, dhcp_universe.code_hash,
+ &cid_code, 0, MDL)) {
+ atf_tc_fail("cannot find option definition?");
+ }
+
+ // Get the option's reference count before we call add_options.
+ refcnt_before = option->refcnt;
+
+ // Allocate a option_state to which to add an option.
+ if (!option_state_allocate(&options, MDL)) {
+ atf_tc_fail("cannot allocat options state");
+ }
+
+ // Call add_option() to add the option to the option state.
+ if (!add_option(options, cid_code, cid_str, strlen(cid_str))) {
+ atf_tc_fail("add_option returned 0");
+ }
+
+ // Verify that calling add_option() only adds 1 to the option ref count.
+ if (option->refcnt != (refcnt_before + 1)) {
+ atf_tc_fail("after add_option(), count is wrong, before %d, after: %d",
+ refcnt_before, option->refcnt);
+ }
+
+ // Derefrence the option_state, this should reduce the ref count to
+ // it's starting value.
+ option_state_dereference(&options, MDL);
+
+ // Verify that dereferencing option_state restores option ref count.
+ if (option->refcnt != refcnt_before) {
+ atf_tc_fail("after state deref, count is wrong, before %d, after: %d",
+ refcnt_before, option->refcnt);
+ }
+}
+
/* This macro defines main() method that will call specified
test cases. tp and simple_test_case names can be whatever you want
as long as it is a valid variable identifier. */
@@ -221,6 +274,7 @@ ATF_TP_ADD_TCS(tp)
ATF_TP_ADD_TC(tp, option_refcnt);
ATF_TP_ADD_TC(tp, pretty_print_option);
ATF_TP_ADD_TC(tp, parse_X);
+ ATF_TP_ADD_TC(tp, add_option_ref_cnt);
return (atf_no_error());
}

23
dhcp-CVE-2022-2929.patch Normal file
View File

@ -0,0 +1,23 @@
--- common/options.c.orig
+++ common/options.c
@@ -454,16 +454,16 @@ int fqdn_universe_decode (struct option_
while (s < &bp -> data[0] + length + 2) {
len = *s;
if (len > 63) {
- log_info ("fancy bits in fqdn option");
- return 0;
+ log_info ("label length exceeds 63 in fqdn option");
+ goto bad;
}
if (len == 0) {
terminated = 1;
break;
}
if (s + len > &bp -> data [0] + length + 3) {
- log_info ("fqdn tag longer than buffer");
- return 0;
+ log_info ("fqdn label longer than buffer");
+ goto bad;
}
if (first_len == 0) {

2
dhcp-user.conf Normal file
View File

@ -0,0 +1,2 @@
# Type Name ID GECOS [HOME]
u dhcpd - "DHCP server daemon" /var/lib/dhcp

62
dhcp.README Normal file
View File

@ -0,0 +1,62 @@
/* README.SUSE for the ISC DHCP server */
Before you can run dhcpd, you have to configure it via
- /etc/sysconfig/dhcpd (general settings)
and
- /etc/dhcpd.conf (DHCPv4 configuration file)
- /etc/dhcpd6.conf (DHCPv6 configuration file)
See /usr/share/doc/packages/dhcp-server for example configurations.
Option 119 (domain-search) vs. option 15 (domain-name)
======================================================
The domain-name option supports only one, signgle domain (default domain).
The domain-search option supports a list of domain names. Please do not
abuse the domain-name option to provide a list -- it may be discarded by
dhcp clients.
Chroot Jail
===========
Our version of the ISC dhcp server contains a modified "(non-root/chroot)"
patch by Ari Edelkind. This allows dhcpd to
- run as unprivileged user
- run in a chroot environment (/var/lib/dhcp)
which, in this combination, is the safest possible way of running dhcpd.
In order to be found by dhcpd in the chroot jail, the configuration file
will automatically copied to /var/lib/dhcp/etc/ when the server is started.
Further conf files (include files) can be listed in DHCPD_CONF_INCLUDE_FILES
or DHCPD6_CONF_INCLUDE_FILES in /etc/sysconfig/dhcpd.
The /var/lib/dhcp/dev/log syslog socked is automatically provided in the
chroot environment as soon as it is initially set up.
NOTE:
In the chroot jail, dhcpd can't resolve hostnames unless it can find
the following files:
/etc/localtime
/etc/host.conf
/etc/hosts
/etc/resolv.conf
/lib/libresolv.so.2
/lib/libnss_dns.so.2
/lib/libnss_dns6.so.2
....
Thererore, these files (about 100 kB) will automatically copied to the chroot
jail when the server is started. (You might have to keep these current if
they are modified dynamically by other programs (e.g./etc/ppp/ip-up) while
dhcpd is running.) This is not a problem at all when you use IP addresses
instead of host names in the config file.
In case of trouble, you can also disable the chroot feature by setting
DHCPD_RUN_CHROOTED/DHCPD6_RUN_CHROOTED in /etc/sysconfig/dhcpd to "no".
Have a lot of fun!
Your SUSE Linux Team

3366
dhcp.changes Normal file

File diff suppressed because it is too large Load Diff

324
dhcp.keyring Normal file
View File

@ -0,0 +1,324 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
Comment: GPGTools - http://gpgtools.org
mQINBF/u5KMBEAC0hPiTonjYEe5FqNzFn73KmcN8KGD2wzujmWWLnFXGEVDEpFcS
ULQDshhCclwNeXUArUey4nficwpqUe+Xl2h4dP4z7yh3WiL5nA5JRjJjw8KJQGVW
AkgiZTnJHH8DrzNt9LnDL516qMDJarTHemDUUUZLNxnuv0RDEhDxsXWiVCQZZcw/
41yIY97uCf30dsDwnckVl3iEmYaGTYavWbKP60S8WaxO0YG57RI1etmlIQ0nMmka
4bvFnwwb9Jdnwle4LIiRMCGymsheaKCKrEZgIJY+idyBuExLLykiL8iNBj2Pzi7z
XSCniH9qcEwfqgZlP/KZwujLhGOc4c4peNwpuDGcmYZoAsUD8CZ8H/LU1FIR2A1u
/UrRREtC8nNTDGxCckSMEquHNURfMk1QmDbJ9gaa9aOk0AArxuTxyj6Cn+KQd5l5
0mN0R1sDVQq9xWdvnB7N0d3MDhnV7f19iUhi3KYvjVTkCMXjhNXjDH/KXFKoFhKa
9SkxYGfW25inwSQoqbP1TE5+rESf57bo+XFxfVQuYfVJ5BlZobz+sRl2iDQyBJDM
uDFyXE/t+E76BmwyHeOI1weqUMYebqHgu0x76dTYj9yWgWdQAC1pXi15/MTIaOtQ
hWezb5rkI2yZqaZLaRBOIRBIPM5C5AOjL2XbfwUuSr2W4+TvxLocxi48DwARAQAB
tE1JbnRlcm5ldCBTeXN0ZW1zIENvbnNvcnRpdW0sIEluYy4gKFNpZ25pbmcga2V5
LCAyMDIxLTIwMjIpIDxjb2Rlc2lnbkBpc2Mub3JnPokCVAQTAQgAPhYhBH4ckayA
MKWlnR76uXUPPIdyPkASBQJf7uSjAhsPBQkD60WABQsJCAcCBhUKCQgLAgQWAgMB
Ah4BAheAAAoJEHUPPIdyPkAS0lMP/2IgMErScBUaXrZXqYXoluR8xU0p9DyZEBx+
ZGNAcJ2CTPAbn3FrkNGNpK4SOCLXEZPKOQ09umaIxl8H6uEGaTut1JLj1qGaZ8ID
4gAeQcTIN9OQA5ElQo+ci20XE9JSvzqY1zb04EkMuVL678xPCYJhUSLS0MAQkcDJ
JQLN17SwNi4vGqzVhnwKUviQU9/s+LRUkThsTg4qT0fNnmGoVJXqrshxJa2ZWM6J
QtOWBgJiC6xZ+zRiZS898L0tekU4o9yxtnnDWry2bI+mJbxAp94ZAXgKahOU7LKV
3SPxkx7TAng24nOWi1EaP51pe7usTFH1BR3CUHZdoIQ4xruZGkt/qPumskofzl+1
8bw1bEFbq8S6jC+twT3JUcE02HbEIbrd6l2T8pYBXaojFggGjUTSv9d5YUN5N9U/
/Qy0o3xZwHNdXLx6xSrUO+NT5JU1Nh/0sutEH7ru/YqFZof9vfCbV86y8fIOPgk8
LkJNUSu4QCJ1PHKB+fJp7yAhlPkOXNG1b9+W/hVp96rdkovpCUkLD83s+suQyJGk
QB7Qpem7nS4zp7/Naui+g3M3p/uRSzZgELTnXNyY//bw9fOqx5SDLjSUslUMz+TH
sFTwfo/Mot70MPHMe6aE6tdTDoJTcv4Iim/8MDhJ6yqKt8sxprataZoWwFi6zAF9
BzWkJcrbiQEzBBABCAAdFiEEFcm6uMUTPAcGawLtlumWUDlMmawFAmAGsmYACgkQ
lumWUDlMmazJ/wgAg3ESpvkvg1cCkWzPeWIMARuW1exngZPQiZ7heZkklzKJHdMh
4HitpF3/FLyJKx6cPInOud1TmuLLK6en5BCX8fVb1GLH7kpkrchkIBMXi9NxQlfQ
O6/0Qb+wwDgpk3LdmfR9GIQ2G62Ub0J9H8NYUvwwINSTuaxAjErUpUV2tHV82EQL
JqE3z5KRyMMdx2FGk4VJglf5vmhlCPF+UsX5LvEHuZOQBLN8ifCnBSHl4ztnE1tn
iawI+KwuL+1+695Aog4ZzdKLhLc1wHJwhoyFv0gUHIzrDZjU80CPBz11gGOmJxr4
aHUFBgWEs9+YtRUD3nxAWqTDU0iFGDsJLewTvokBMwQQAQgAHRYhBHpqR7X54SM6
0lUrXL2X3GOe6MR7BQJgBrKdAAoJEL2X3GOe6MR7yEEH/jYIvcupbj11VJN5Cpxw
MrPbGhDGP0uS7a5afFaPkzsmu/bjopnkzFb2cK928LOqKurlZAOae9NFUDxTEvO7
2kvYb3ksPROQ63LCr6IT+lVoS11AAbD51cup2asRB/Xz1cmciGDEcsHZIiVPrvWM
pSJdCuVmgFUDPpV9S63tX1ZBkmbSIaM2/teJJqkt0qlgaonHhOaHD/GdlPxd4LgJ
eL3DuxSQ1MMDxs0yrouD9Gfq7Yr2udAyAbMaHs0yI1smotLZHMnhfN+6sofEcQrR
JT2GvaCQFCysUnHL0CovPiAdRyPn+/PbUjyqaPatz4+ewt4OcLM6JkkLhWOj6Dgh
iNm5Ag0EX+7k/gEQAKyjyIvMUn4zXCpywIO6n4a1EzO17TgICUuZouDLN8vfHEGj
gBSBfpRtQIbJwbzvwlWfnZLo2yXoWVqybIfTQwaNm3UK43PiG19KYsZwEyMjBC/U
JhHxub0Q/BHXk1pZ2DMkdKEJ24we/gd1+pJrpRB/M78/ybCKgRHX1+QNBIRTUqxj
TKX/+KlaJbdkkZKEYcuefhhvGiBC2xE8RIpSxD0y3O4y3d6Ea2Q3hGC45cLqkJY/
wngX2WCNJn64s5ApXiualtIxee04mLae77XhmPfp6dbzHIBc7/DnP/ByLYYs39pr
+/ZrcYzdYlCw83OkPAH6mvWfQqn7AroruyJWYOhX5Z5wPYo02A65LJS97uEGNZEz
1bXcuyAsaEokDzJSk++FeT3W8tFSHAUnYZSKvEs8uzZNJOMeUe+Fw/LppfYfFseR
w63nefaHTPHue2XU3tcejMxaYemE+xK85nlK25BEAW98TrcTJ9HzgpQ8htmS9+1s
Ak8oIkLxboaqF85HNhmqV0M029rmJgcXU4i0Xv1ksYjnp2I2wFX1I5UqTh1/1Cnq
6tg5371EZAaYJC179ZIVpT3P1Bg8QaXU2WYYBa3sorIHpBdkfWgQzBe093zgZBfd
ca3KCASnoEbCQUVZFDMXURnSZpE+uk3hulCotdImKpDGxf4UBw6SGmjpftvxABEB
AAGJBHIEGAEIACYWIQR+HJGsgDClpZ0e+rl1DzyHcj5AEgUCX+7k/gIbAgUJA+tF
gAJACRB1DzyHcj5AEsF0IAQZAQgAHRYhBOmrbnkjPAQW6Jk/RQwDr6kKWWfEBQJf
7uT+AAoJEAwDr6kKWWfEO2YP/RgJRxyYq51b0+JDDuYjUdK7AvppL4yUbr8snv2e
aLpNOl7zs0NwS/ZsGlVZhxArzuyYLEhjK6PhIJm4FCK+PK55yKlGgbXg9SEpTxSK
p0X68oO9QADuG44GVHh2Cvv8q+OKudvA7eYai7BmzMM4u9oe47jTf5M+bVuYm0QD
3LpZuT/49O18/KZDCdqImQ+FDpDtlvJqxEiKw7cxE9pxSO3YNcWLlVX8zJryjk9p
7fNj7lKMzITayI+dUTj+fOnjbiMPNKrgMYRSKn/H5BgcXDGEImZ1mVEgWae9IIAZ
cGnI9VtyQLQbDyRnwewbM1sxvH9WMMbcsVPxNHYOOyH33/qJw7Un6MOQ82cgUSxi
MDDtOizkg+EhPVeRIJbzgqoEbmkYjmHt8nN/X2xHsqLpfIV7pVi+CB5AhLtU3UhK
Xe1E392TQZusqRQqvQ5V9pEPTBdAdPNt5zwWzjcbTP8MqgW60YH8nfKMCbAg5w/l
HquqOFWngA9CmwHnVcJpqoRdpdnIxasogts8iOUToUd6HWp37N0iO6WWcXZhm/z0
dT10hfEqvfkIzx/cFabgPhxGOxQ5agaEw3B0fMdg53KzpPvYoEr0PaKvPwIvRvJy
M35Iil179q6j51AqooPf+Kmvh3IonI5SyWz1zKHGQWnTfVxnmtZtdwsnz+zUF5U+
MUKeCo8P/2swoDqQJKdOj6tKplHGj1GVDDLgrrF8890dm8GLcDhRgKy6uCWou0W0
YbxIxaKCZRlYtPq6GyLSitHnB8bu/NqMXQdx3zK5ZrjMZ67SsUleAbrg/KOcke2/
ZPOLwM1jlj7yZ9epR7DIRRdAvGcuqkaU+M1QAkq+ObhKy01p17CBZ5voXzFRAlzy
jAaYrn7JlDktmPpuO30OvdIIzc6D+JLlcrk84ZQmC2Bctene7Lun1LOwnveqGsMg
j9ipLBOgy7y1S/jEQbHJx5U8Ob7LB17lJdia28xiurkMF2VqVn2QGULl/JwgjMqg
g46Qoqlr9gDIp0tOTxkHKMOTVGt1w7I/hU2kK/KKx/ok/BZ8p0zmbF/juFuzvOKh
QfuaJQYDqLlM2LV74NTaYv3awnBDRaQfDoppR7PZj0JoPyFmdDD+H8lw2rqdvzLQ
ZHyHupaazcrSu1KzxK4NdSx1msUB5RGK9xyaiFd1223QUPOSF4oZezbtJKXyg4KH
6OX+ERTPPaYkYXBEGjQUjmKk3nUh+OEwnzPNKa9+u13BPZO7rBJj0MuxhHvS1YY5
zYcDqjuR1wLVXSnaO9By3bzUWsL11NcWBwO4ZQFiHMRl5bCO5hBcHMyq4Xp6uxWc
+j9nmXVKeQr7BUFBt/iKAc5qhuXQBDGdvzpbgJcFNncK9Grqjy9ZuQINBF/u5SUB
EADuhOVVleF1WU+dJCWcjknCi8baMQitGJ+lvJq+WGWixf6uC1DkQgufQNI8nfkI
184B45wtB5GskBmPrD/H0UdZ8pEAdR6JNOxUPNOsPIkEJW4LjRyTnzspVRwa4He9
57Tf/LyoBzOPlNk1oN2X7ioDM4VC5XgyPAk7Hl+xdnDd1QBLunDWZOQBhOGfPnnt
u5zwkkLGt5tPoW83xu6CTssnxJiYjXnhDnAJ1cHpDjax1IwWUoo9hFGYi9e8jhi2
X8nfm/jeAIttdxxNZCkFf6trvmyd1LaFgZCFwL5Z0223hMeBTpJvsSukkrvsDWvV
Z/RZKKhDZVaNPRBtQT7ohcPUnx26HpmDO6qmkybXdoN0wNkbB1zGUXD6+Whsz4gB
f5CDM+OyUzcUdW+98IuRr5y0w76UvRvPUbieM0RdwgAguGaipEjgi1Ufs2VkjekB
8ssHipuFMpMiJL64igDzZFTzqjOvmglkKwlrk3kSkmdjGeO/a1iFTjZ6H6OHIz7m
trV1e294q8vlKRW5FSU9m+A67BDXhCePqy/wKa0GnJWm6keZjZFs20tUt0cjHeXJ
BuBWj2IwkiheI9eZxFYKAuA564ROMVewRwUvG434PQzLR23BZyD7bvW+0+fSitM5
vGRy0Ur5XfYHIljFW/K00JbbjlsgKnEKJzGaHmRgSZAKcwARAQABiQRyBBgBCAAm
FiEEfhyRrIAwpaWdHvq5dQ88h3I+QBIFAl/u5SUCGwIFCQPrRYACQAkQdQ88h3I+
QBLBdCAEGQEIAB0WIQSq27pQdPFAL3tp1WvFtO6TGp+d/QUCX+7lJQAKCRDFtO6T
Gp+d/Zp6D/9mykivgRNV/dqLR1cKbY9/qCkztBR8j189QfKa8GE2s2F9mo0AOnNs
l5/MuJ/xqzuRSv3TjNNzkmx7lrQzMKszITBMMigIoO/aS0urUvbRvB+Vmz6g/bsJ
gLkWQliAtg+tBn/uFELwRaOCfq/ex4m0SjwbveSJUQE6fFUR8ZnzPGZfUKlo5Z+G
IVgKaQR7oKT2Eb45pa3v5ZbTBZPVQWKW7NFEAQxE5wJS3IHkg8KoIf9HP+b9sTob
6Udmjo5j/Bjar+hbZ/0kH/hDIl5Ij5+SNj/AON81COI8wt9ly2/bkh5lhVhm8gqt
2eNvNF74bBguDkb9JulI4Rvk7nk+zyY1SlgVowJ959b4MbjxrhbJQbMWvnYEwq8c
q1zpzs/f6a4ECpw1ljFGrIshCJiJX0IKOkhXVaBR552ugdRe8kX9IC81W8FlHTQj
8PaGwP0EWHcHUURhvDsa5i4bbtnp+BGiU5BR5NpuNAsjfzpJXcjFnUoXCbgZTwFN
tQDbPBPeG78FpoIjmNNIvIGl2jXRvXCAwSeqZcboBs13EVURbAT4IT74EdbRgGEq
nx+CEfDA3V/BMJX5DIDhCfoQFUOROtQ8qpN4KYfO3cBCHxZWuyauh3Kvlinr0uhG
eWQtwYmI4Iow6aSin1nfZyQaJ5geuXbgPDqGZRJYMb6kGfR7NtI+K3cWEACoPbLV
XOrGxoI4Prfgu2rwBu+mE/xdk+uuwLcMgDfohNoJANrkKfuZp0sJfL+4/o362iO3
Nd/i1TO6bAYkYUu10xc2a4S5euP742tTXFyxxu8Ofk7g0Mxp3AjUQOVCjvC5Yr2N
pABWEXuIMQERrNl7bqSdAXELSbLhLI7W5BoSDcEoePrPt2QCPNYlpBmHOqXKtHNs
KJVRQjxmSuAz/7/o0miFQb+Fp3oOh5+Arofz/KOBXHVa3H5cC4FDZy9yWFxMCYez
Xbx1Z240fEjZjH64ziS4dik8oHB0SH3Vk142q0ElRF9JWMEKMqRNiJLuSK9fK9A4
F1lV5JWmP9CgB9pSVCgFWbtoXrF/sa1iVXOMywth2mNeHLhltBBVS48j7V/IWTDw
+kBJneC87opDhXbDeE5gDFhDWRLBO1oDv7XyfK/rlWiVOYCi2Yu6f3hQqfvOOikH
IGcL9cSqxTe2JuD0DvFDYpSlaSmYbfl/hlH1oQjFJ7Ymab5J7Ql+ICrpLN93Ja+v
9PNpL8FkvhYQ+TZXD+bNYQ9k6xykiQEUYr5SXvK5e9utvCv7OYCKQeZNvVVd89v1
4GfAMO5EeEsHKbgUys+PN7OIDHGRJxN8ONarqu8yZoR7UJf52PqV3H0mn12JSeCi
Xz15KABA62m2NyK3mjRjQy79EXoogEbz2CEWXLkCDQRf7uVUARAAoXHlqwpbsD0E
0o+RpeDKbQCVbazNBHWfDGLcA8tUtLQCX1j/eacFtjI7zgcOvzYC0xJZIxhRkgq2
RSPaxWpRv7Ec4+Rj8x6fKgGsKXappNUnz2edYxSO2tfaqTQ7T34HKhhdOK0FU8Ah
n+pl8Y0H4OynWFo0pF2jCR/pZeTDsD10cHmKxWZoz9nRMc0lEfBzqZypsRUzh8Mv
44LHqbYpAdMeKuT44T03CtqXzYgiqPd3lQEeaMcBtA1dMPNltaDq1hss3cgRjFJF
CmQlkhWF7IGZYVm6K+biEINnEmVnWyDFB4hmTrBHYsFHpxxNbo8fXU+Eimvo7xpC
HwlQyD79okrZ5Bcg2jNh2M5NSOdYBR5Sowvs+D+8RFECAdc71n41MgRYQ6gR77xY
4WauZ+Nv1TPbsO3KaFSM6XSvKIboXVv3S3Wtm9UpZHY5oJSEgKbzyjcwKBscV46H
u/e2dBvZSi3uRjWGByHqPUw1hYZvwuPChMCbH2iQS/2aHXX2T5J1Uk/rCxdm0vjz
rS9N9PDpFAzuuRkHNPJ/ioK9Tm5FJ3a7omq1SHDib+CQpDJbyMsSSpfslpP6IQGA
/OMAu99JYNsOCy3SzOpTmOW1imCMbc6fv9kYUUmuQHTqitS+i/EtOFZa+bWK6DDj
9q/efriGX/J/G8pActADcp+SOPNzeg8AEQEAAYkEcgQYAQgAJhYhBH4ckayAMKWl
nR76uXUPPIdyPkASBQJf7uVUAhsCBQkD60WAAkAJEHUPPIdyPkASwXQgBBkBCAAd
FiEEYU+FZy4le11CfpkGIZkHOteCtLgFAl/u5VQACgkQIZkHOteCtLiN+Q/8Clhk
hGcEv4t1M9h1tkNhei2QTpE7pmw91xXUbqdrmMnuKB1W6+jPmc/etf6hCgfqT0PK
xDPKH9KRdE+ds47K9Cwjtq2YftKSE2fuR7zOYQkvMCkcDRkwZe0EkdCRnADksNYh
Bvwdu0lMGvYPIlxB2lGY/eEcODJiDCDQBQb/YkTBiqmz7+mokKstI/4Ys4CJr7BE
f3HC/VWXaAjFZeoQ7pTem6pSD7TPUC/gaP/HO7DUXd4us5+CSWGkBJzxC0Lz2THW
eEVL47JtB9EAftg30MoTkvWQnFDi365bxOJd/2v4x1xUwQjcsBNlG2CjAVzj3eDs
SROmmappsWez05qbLFd0jMsAqgq/KSvsc8IFZSdmfYjZGtwZCW1EFCVHQxuM76wW
Lz1ecU/BcjD+3/3OirVtcIZO3sflG2t/ELXBNheosR1X2mm02PuPmaV9/2AMzDW/
cx9TFvP2AgPOzsA2fDdKRaL53S/Rstp1Z0i2SrZYq++AHnw0m0o9zwnCKWGc7tbf
VT+S/wVH0lwVfNL35jp6MgKUXgUDCvm0rTs3/FIUAoSzmTIBgQrE/q8jn2bmH607
xzCz6mLiCp9Zre3dv51XMqX0AiRYBiOr0W9t+KpmApOVO+JJQymYrmolWV3vb42K
iVRWeIlvD1nXSmzgbjOZdKXVnHIqd6FTNwrI+J4QSw//X+1y1DHUuFW7RMlEu1as
TnbeGrGmoN0Xz9Cs2n11fdhWgSQxBbdhiKvagRG1qixZeZGOV2rl01+C3ByWEb78
I/mvE14ImUj5vrikL/JAwKtvP9XvhoCKm6/tlkx+WCvtkPmLePIz/v8C6dKo5Q/C
QquN600Xzl6Jt47tzRj38eEguQtDwSg18myF1zT+xzAxkSksdMwAdKvEIBUW6Euw
X16l6cDohu24yynjdpLGyFfTlEfsX3i6PhUIxRKz/3S+IHmeMi2k91kKpQd5dK8t
KPGqyZLhPP0Of65a/GV4EtFFylnKS40saDBVdp9Z+1ZsD5T0pomcNYV3OMn6ACxZ
8d8UE5rVF9dg/7575Ul+VwdoRnhvIsbll/UeoC+9xpKEBW4xdjWGhgmKe+G6TXMl
Fb10/tqlnHsFdbFtZyfwsxHkYV+6eX8zaI0BKaSrEn2C/LpMFFYm7ZB41s3kqzT8
YNRrBCq+GYzdXrMVBZWw/Boem58hoaqcoLaBdogdc8/SV3Jd0tfCBn7oDsMgSodA
HYENuIm2i+ToZorw9QIQdOIOZEX+YHOWkEk6f4dzkQu5+Cv0TaWSsonMVqAIEK5w
2FURpR50WvJzF9IAuKeDsMk9Zvlyhu70r7dP0veTnteDFICP6Dq87Ee7Ecu97Ug+
F4JZ+Qqkkfl9oUNYqklhg9q5Ag0EX+7lgAEQAOBZNLvAUDf1e+lY0dJ8ABHb+eUZ
a5O8PvOiKvNTA53b4jZdjCCX3XQqzOeGWoOsdmWoq4ZGNCVunJNuw4fY3mQgT7S4
ReJ1TeLCyVJnfdEsvSH35zMOeWCKNhcsKDlJyzAEQLUT+RdfrzkBQJM9facPX5ib
HGCi/cC8i1XEoN3c3kRGzLqFhY8rgAJe3juEkWo98+2dB7Yh0WRGbds65f9fv0pv
k3pwChqjrlOmyLHWmbq1M3DDT5MfMhbMr/KGLX+1Q6/9AkwRUDF4EA+v4+aa+Me+
wj1E1C3tWegdWSomE8PHJBlHYg5VBe+VjIK2Q8DhZCXLEvNYzbhMbzGEPW/NnMDy
qz/+j1Ajw4uDZljGmULiVboYRmTcaetNezttbodSr5GVrIhsPDugyzfSMC9jIN1C
lmti5m+xYpsq77rliLczmRbS/3otPe54wlov9Fqcv0mEBa4SrJ7N9+wFnlrzz+LS
f0UnxxDV9mrb8Yur+Y3Ylnd78dJbKdOeWaT6oaTZurRxEUk0cCzYc0CbQh2mNIUI
+Z6T2PfTCnZzaScwv5KxLDmHrnvSbAgu4rAWvqLaHIWU+Tgfuc/Ti89Dw/Y+7k78
J+D2s9IGMiL0Ww1Lz9rb2xK46axIYdmcytVSkbD6IqbH+NV6M62p7qFjJ24xJC0h
Tn0TZ+rlMzi25vqrABEBAAGJBHIEGAEIACYWIQR+HJGsgDClpZ0e+rl1DzyHcj5A
EgUCX+7lgAIbAgUJA+tFgAJACRB1DzyHcj5AEsF0IAQZAQgAHRYhBCOhQZpgfPJX
JlY3dSxN985XgQuUBQJf7uWAAAoJECxN985XgQuUN6sQAIE/2QAfXsYeWgtcmN3U
ge21FZTZCz9VXQfXiDXiGBHPb9BrspFHiYatc8pL9y0yQNfCW+zgc9RN47gwxPfy
HDG/ngCNbsK0XwNHcRAVcpHnWuggJCiCe+qk97Vq40RF0vMB1yf42gcRAHt7I+qN
Azc4YarRJVHA2e/vvuj4p3w1y//h9HXG8DbQOz3gbm8JikcHon6U89VcGbOs5hJ/
5BlaxeMBl2cABiSkSN8mE2uq+pKhHFnR3B4KqJ56ebw3O3+90v2dPf7gAbLmGZoA
bYQ2PkCEjX3iC2AAK8rAKXmEXRUoyG2bl31JZL7Wq4fOCfdQWHdVmt+M+J0JHriY
i7dGll7sRxH6UyXuAInF0WUdUPfPWVvPZXq77EfhmwutNj6/yQPHNjyiMz/MNueU
Qr7HMD1qSGVoPcPfApdFW5KWvF8RW/XibAo3kBgc3tssvduM6j1Zi0vOcfoC/gap
dJD4s6XT7pssqYPrz83SrYiJnBRI6zFMTV9R1g8Xx6I3wv7flC3SPDJuJ5Rrcli2
Y7wRbhkSaMkbAqDKt/56KAk3b/QB4HBwnJTDVh/NqqpLfk03Kfl4oA3IVDZmEiO5
dHIE6hQwEDHZNKbsUZ4U4jD5pCBqnoe4ZtnQRkHPqGv2iA0L0VVcI8Q0qj4Z1Mag
gSzSfqAY48/myynvFQrfjbQAzccQAJKZho0LUZ+rZ3zV8jRMEn0BMJE+jXgyMkaJ
ZoVpehWn+VB46+VfYnIEbYjp+EwY8Yqe0J9f78wREs0CJqFCA6O+c4JB2UuFur7q
WhDV5JNfYBelGVCm/LEu55tsz4dfc3/2aoCSyBB2WOaqglBuIT8epeqOYp7XrKVT
dGNpvJzan/fWnuGbQgn/fKoOwzToVQEnXTxIAtDJW8qpEDqrW3851vfGC3aKxsIS
C+EnyRjPctCS9NbvmtJrVwzndR13WtvKjW3Q9o5IZ5RnDvf+djX7ou1QSDtDTHii
EvVQTvPv7XiYC2fg68YO5kmKXst/hw+zN/RIWgc+zyJQWlKisHCfe77lldY1gVuU
9TZYrc7napmqyO5Aj+Aru5CFeMk7mcDkzxi/ttWtssw6PriF06k1t3nphxyrBhsd
kvdbJEA3tM2DlmUeAhVpzbZK1rCNeIdYMZoBekJocmfyvIzctj4tPPXpHYxuL4dV
rD7R9j1/+Yhw51PoDIOD5XbTQaQZcvprDQtmQFmYOKf44yYvsBLxNnh29m3OP6zK
RxPwOxoWPkC7rMcmgKey5KEyq4c4D+9xSSGh7z8TZjZB2JfvPAMzy8Uzy1cO6MUs
08hm4i1xUSkTfKwVXZl9WAFejFOVlRDF2AkFDTODoTPusNgQCFWqjaBj2yRe03zR
f+6eyMZJuQINBF/u5aIBEADeLum7z9C+6R4gGgiTVXQYcY+Nf4Z5Xd9Hh+5yJiDH
40pNdP+gn/z0pV561PgJKcYRlwSkC+wEveGyJuUljItWZ6gKeIWVT6sx6bjNg/Y+
cRfvRDnp3pKMECuzcrUVkrblLmqq/lx4zXQ1VHA+59XVEi66LqZAubZnCVgnLIA1
llcyscwl1oekr2YwFJIXjYwVBmFxq5AKuEyFymZkqfQPb4+lG95jBKvjdCKoFZHY
g1MOaP9XcREy+ITu8tqNZByYN1ysGni7eaIAlwlKfddHlKK4vlbvuMUTOAnNHzJM
LiFYTrSdYk6TxSsRukvKvuYETROvv7UgEyBVeHxYfLMsTYQ1EQW+2nwqVJLLjsrL
2f7lqo8jgzt6kw3BT9kZCcLyjfJfTNkvW0qrR9MDDUvLg0YTWBFubOtBwKGpQeD8
ngoVgEyDx4IDO4+ngJGTzBTO7h9Fas6tqjP/tu+EfyKWA+7W14ssrMN053FABqLP
+cbLTQgI1tiqJ9Hmbvcr+sN2O0iqCwyn0DPSYSmBU2rxI/MzmCuoCc/+LDBDHAV+
2Jer+kQ/Z3yufrl7w2KQ3jZDbw8fUP+4Fic65V1lS+NT3DDLCZ/Kv41kxodf2w3x
HcqT33Rb1XHB05MhOkCPPSoy2kTuL8bA8S2lk9Mh+Xnj5xUq/JSMG5NeRae9c37o
yQARAQABiQRyBBgBCAAmFiEEfhyRrIAwpaWdHvq5dQ88h3I+QBIFAl/u5aICGwIF
CQPrRYACQAkQdQ88h3I+QBLBdCAEGQEIAB0WIQQGMSq9VqJhvqwrEBOTVpBqq9CL
gwUCX+7logAKCRCTVpBqq9CLg/YyD/0Vd+whkCA838Or3nLV8cbyOw9cShhU1jVy
h3HEBo2q8FdmR8lsXBJiktjfEhvLEe4a460L02kjL0zX49HsyzG1kC9KM/5+U//X
bH7qc/Yfc1Y4gKmxjW006dB7ZKMonFlccWcOoMGAqm/dB8pQeZgR0TEl7ek1CuNk
CCZ1sQd6iP4/ZVXm+pGsmio1X+lRsz1zN8Qd4xUyb+bBY06L+loKHXL8/FkySPZu
osxEV8wv07/tA4lHG7fBDCXqMkePijoIeSzq3bfsVIH6pmGFA/69HYJmXnCVDi2v
DTCk2BtlEgyVTe1R8VD4p0WwztSrDPCtWBYW6vmvsqsXMk3zwQpKmWshjSqx7pLl
vnwftPDWO1+Nv/EXqNDPlqhn3F6Z3yugtF5Gko+rvSjZ4g/UeSMK2qZ3ldxFBpUR
S+W/fhZlDnDZ4DVsQERKNusqFf4fRSfSaxRLQmmel6BE1mpbcF516izS6zIyx+ox
iZkRxlveHDnVedJvwH9aGRKZygS4QJHF4K7W3DSmfujgZ6YB6pPmeDwtd4REmGtR
OUIjJFpvxMhBm+Z/peOd5PSy1ksoKhlRc77sUfsXuc+x7DV1T5YUhq5BfvU+RmnY
kxPtbnsco+4SKWUXy/n4fWT0mr/aT5l2CZPUZ3bucAsE5zuryuvTQt/oFTcr5ex9
aj6nTwJcq519D/4kXPOnIp5fmdWqKpvGpRqQ/L863TXT/vjnthWm9wuZy9NifhxH
R2i22X3qWnnBPWM3tVd9m7+2wcS1ODWh94TE24IvwNlWxI3zfqJ1GY5uEs92diZO
FlxcEndGBKeJA3C+64ZS2kfs5dvm+cA57jb6ffK5zGE8j0bOjmDp9OpbBv6rCHf3
J3G2K/e/eOAWLEkuP8cfcyzFObpw1RNY0vO9f4e6AF645/IMb37597dSZl4xzMAX
0320MU/7RvV2JfLAlZ9J1UsGYwBFh6HRLCO53rRJAtOpqpdV89IQIaj0tVzCi3a7
irrtCFQLY5MqJOQXpBUTTmIqg8Q+QJOYy9KlscXcRFkTcnpixWDXtRzsutnsNFEX
7Tea7ieNLwu8ih4G6qwH3qY1A0f8/AtIA1ZO1yULCPYL1bUcrLfMqOe7eQI8cvPB
AUQ7bxMTkSxuWcF0DyjM0hXzztXvLDz0zE+Gm5dGfwFUBTVL0OPuPeY0cuOtUCBm
av+fHegO3xV85mkry7e7W+hl0L5ydMF1wbaDMzxhr6HwLrRjx0XPKSvyGvhvmAN4
MjU6RDa85Ae2dA92xxgqXS/We0erbCsW4IiiXhad4qHcmu91vftwv3vW7iB2nDSN
M7/KQK8uWKnGMn82udcVvpOuJlGBZmqIjBjaUoR9kNepz+I5rYvTIGvbVrkCDQRf
7uW7ARAAz8JB2KdPMgdoQmwJ7jaDq23h0EL9QLjAPfruslzIlsR36posnBIJBRuD
/CsR1FP5pE4dUovCu9fG2AmzTHXm+8VO6uSfUGc0yHunzChjCKns8qs2fb73piDs
CpzdreCQNB4XxDu6Kk4f/l94mHqXsi7vXym+cNTDhQVm39FSt2qx4VdXCv999JqU
vHuAmEveZi5TWqklnGyic3ABLjd5WJqAjQUdKqLEHmQ+AVxsF/cEiKKw4LJrUv1r
7NK3XLVoQULub71iUYkDcLT9fyz50rRVY6smU/9aYpSncSnGm7qyuwEi1xNgy4YD
zb/TdgAn6OkYxFv5fUOr2+45TG8OMb4bXQKB7DYSOICRelWD/U2wKtBZFuwq0V/k
9cZ8oI7SLyETPCYkt3k6U0giK6njnSJfh5LvtN7Lr2EbLB4sgLhgM8PAWmluQN1E
bqcO949sQeLnPUvjU1pY1rTATKHbw6quYPQUJwa6STbikFV6ZUTHQSfiyJCVrr/V
BdCUb/BOLtiLvVX/ijPuJniVI9azQAIUYP1bkieVHKSJFcLVxXbt/6ozD25jpRuC
83vRxZ+UrkLt7aH94BB/GP6x5gVSMyclOReJkTzmbrenVi7YDVz36OonQvct+flg
hB21Z1jdBzVEhBg9VGXk1yBcg9XtPCO+eOjC4eNZfQhBuG/rWU0AEQEAAYkEcgQY
AQgAJhYhBH4ckayAMKWlnR76uXUPPIdyPkASBQJf7uW7AhsCBQkD60WAAkAJEHUP
PIdyPkASwXQgBBkBCAAdFiEE4l6wzxzoBJ1H8dmmM+EOShg6jkYFAl/u5bsACgkQ
M+EOShg6jkaGlxAAujAKlnxSjAxaVAV9nbJIlqWdkzpLZHEIWKyzhb2ka6708q43
bB1dbccaQEYMC5CAvBqdJ+EZK3+6tPf4NPjQ6UMzNqdHAQrSqJJpKz/EG0p00vsm
YZtxZNek0/doeF9iFU6Ds0mex9nxOLd1+6/dmuNwu+B2dn+zo71LeBTwO0d+mc58
TeHGNQQcTD2Gz061zp+gKowNkO99Td6Zh24PkC9OJdh14P+ZkEPg6YX30ghdY25B
7EAn7GA4929dpi3SUG5eZ8xyf/WGtTdEmqC7Cc9nZxTnOjjX+5Jt2wWtMcrIQ4tO
fRdhiTTuZkZ2xyWPOZdumxsALgmnwIMGFR93N+LWfcA7JuWTWfLB+KicuXMcO19Z
BgLGnXo3xLYxTu0DXDysU3BUNXCbEh+CMuuM8CC+pKkKYsdNc0F90tRhEC9Klj1N
H5Thg464THY2LCemt2ObWqKU35+Y9He1a9UKGUPeQeZKmLX72LH7GLOUGM15nTwS
rmsME+xOmomag1LykcTQQvchWlwHWlnmt3pQFJrsugwt5bBabsCnlVkAt+mMw3Cz
hIDark5NFjaiv/6bX5x8NYg/7ZdBXhho0Uxs7tcqve+dQ7Fj2DIAOp9EmK8OWMeL
DmIvNuRoezt1gk480wYyVHNl+STGDo9q3HjhNDas7sufIKBV0VlYMc16+BFnwA//
XnbF+Heqw6dP5HfZG3wJzBeYoXEvKWCmN6BxSZu62jD3N2Vfbqpnrtwn/emE0tmA
Bgo+sZ5wYDQEnZTOw8QorPwj90Cn3oukej/bhapRqaHXPY9ECDIkYLjfObSsD8oC
VyG3xtsj9W5nl4BheMfTVB89LuLt8U6vJhgWp8f4FOndkSv8DsWRw5leY1UaDj6g
La3pwmfMOwzQxQnt2A0AdMsbHpFllqF0TcsnyhUnxV6T0q2Mls+vXjcRku3KaSLL
3enMtRopZ8JkkIIj2d8mc1me+hBe/SXfCetAgUTXgW/SNtMAsdGBEmUHhxmLe14S
5/uyFIOx3XckN1+bEyzGd95WwhQ9r4nQYFJt7XgkdeVx3S3TdylvM7njtBusWkP3
xc7pjs559YPenAMXYjOOefgKfL+GlQgQ7UDaPioeFSSqacWYE7rIgWJzrfsImdh7
e5Tuyz9M0hQouG6OqVw2XxZ44xU9uGcK46HJCHZqKgAqfXKJDUSA1IgYhUMvCoy3
STEjnb9oORmAJwR8EULVzXsh5Qf4bQcwabj39pwUeSFfrVLh59eG/MfknSUOv7Sq
ThpUo3CqRQ2nnoZIwuGKJJiK9f1dripAY2WauSLWkLYNqaVNcMsHrtdBxGl0Bz7i
c1MrgT9zOuvT7CWSDPukLUwCWUIuKXJNI8acog+U53a5Ag0EX+7l3QEQAMX7qEO4
q/NuYpZk1eMkroSb/mefME5rXnlhAs33XMyzoI4jin5i4hU8/NVZlhHTIeyBNbDj
lwxX5FjC4v8/7VnzhuA7I+WghUX1VCM4L7AHcafiqZPOhuvqr5R9BW9SJRDx8YbX
W15a9ilaIb3W6JqWMdmaukA5DGMdHEc+mLRxm1MUSqKcIjLpz3jbFu1mfN+fM+nG
QqXRryzV4pnQqUMroBvn2fECKeKWiFdGD9TqyrKmzIuXjUvSoxl6Tl0S3gKveyl1
KRmDGomktOpDL/lUHilx8RohpqeTewvGGmKX+hCKr7fxYDRWQgJDJ6IKy994QrK3
ULoI4E0f6iV6BTG51MoMcW2HIYw9HPcxwjmMfELKu7SZ8slqDaEdfOAahoNWRgjC
S/JWwdYOqtkwxdwIhRWWmmHG0ejUzfYABOdYV7grWcV1t6NH1cLnFY6DBtPMJuWq
misfNTRzxYFt8nRjXQgOsexr8XTw+QW9U3jxh2KTqtzCjBI/E/7n1D0AouEix3aH
N9ZTbMBsbk+HXB5zCVhHe2n/SLe5JMNd+65pj6+uqmgQI3p+dKDw3GIFuNQlHQm7
ooMzZJ4FTPmGn0HMvz449OiBFmiKfEGiCtEC90Ys6csbmEyMF7PMXxQS+nogyKwY
cFmBehfgm69/vxETwk7Adr4dR6OPmRiJBbpPABEBAAGJBHIEGAEIACYWIQR+HJGs
gDClpZ0e+rl1DzyHcj5AEgUCX+7l3QIbAgUJA+tFgAJACRB1DzyHcj5AEsF0IAQZ
AQgAHRYhBPYBT3A31btO47ojcTnqe73wkUVbBQJf7uXdAAoJEDnqe73wkUVbnCEP
/0e7lycnSGfOqTcxCx0xdtM0uy/4p49XvWRwxFq3iGPDYuL9NRoLzG0DzV07/Whu
ay6gMCC/zYqVDsMsNeMWTarjmUl2BnECQ3d0ShhqR1MgSLXUW/BuFX6rFkqNOreM
VCGjiLcYMuCu8EwbgHVMYwfQg+7H1+YEanFgqanUaOGmCgxen1urOxX+Y9lPE+WY
il4kQ7aN4JYqEcfDqvPAaMXrwbceInROq+N0K1w2vB3cZMOx0Qm1SXj1qoUztV+i
oqNV1E79gMv//5Mk05jPkQEaMhnFuGBkn1DP6B5IHH0Ym0NZ2rX3eh8WLf2iV5MW
cQyP454ivUFzalzxnccm20WSeJwkOR7N7eYzQJkCSFWQsXLoO8BCReuC9+kBRgUA
JBbwTZeZEGIp3iG6iNZjPlAZIQiTZ9hFWGx7YcBRn2BM4NJfYvXeeWz4ESKwCuyZ
IUD9FCyUNdb4mX4/R7fsHM3nW6TYODjKUlQGBylNFSfhDxzUOAcOGQRWcEifLYf8
wW6EibD2DnGqUF8IQqHkPwPR7h9fbwyFKwGU4J4gomhjzlTcY1jS2UjAC3wzsggd
7WfWqdw9sAyarQrjwnWV/JMRtemdJ8CvMR1ueiyMFRqJBfkTADrnp5nrBvdWrTZQ
N6Loo+46iyXhWjL4V+rkwKRqdUwD3v/TBXcJ4K9BgZuy+xQP/18thzfIfsDTGSwr
s8ibO0NHwwuxQ+iK/++d9n5Ykn5gnRMoAebVk7c2p5mYPtehYcrCHzfOwrzH8lQB
IIE3XqKwL5ibojAXzf8dcl8o2++i2SvZYboO/xWDUeGTYi/nLcQxsVr2t+/q+PGG
j7SxiutokfypAAzTwgg6Lv5p+uRH+KSADxXvKaqZ3G0wwdmob6HlHRUZNXBAHFnn
9mJjnpCflQfabRNzYAc5wBBO8ITDJvX0g/KGJ/6t6TeelK8q0NzpYEmKjKKC8OGX
6OAh9wijvvDoa2GBsVz2Trwl7no967YnfTNaPvpn4OLU4mECPXAWvj9dPmhzUwH9
V/LHeEQ9EM3Pt1FoOqhWdhV2gjRuXIKJKQP0jj9rFvhffE3ZIrhcD/O/4tvUVsIz
VcUvZoX7T22T7vsRV1awGZCk4CsPR3ngTVi6UEZrFWblAp+i/bcqKocgVUXxZiom
o0nBslFmKLuSVzORWbfAW17c1YrsdbyR8XXjuW/TPcCJlieTQ7oyPWKndHxCbnKK
/nsNtuAgyRI9YKkS0UYcigraawnZtByLOHZYbEuizTRFPHchUB5IBLnj6SuswGDn
TA1zNwYco8NQovCRhzOAeidS2WMCR5edOXr2uJ8KEj4qmMc20Xp0WALVpK0w653o
eEBx3R/eWa4/MIYanhg5DH21XXf1uQINBF/u5fgBEADFrJu51Arh8wjMuJWCsjO2
GFvf8Mrzc82iFM0x6YzZXbPUiPkOW7Zc0PKkx1HSsoz9AjfNa53X693aH+VBmWDn
wWym+tjojuEj5xt1GV1VoAoMZAejkGLRrsGSidm9L/TCc1Q8iHL/OfNe1dF/gvt4
9kyh8f/ayHPhNnXI2lTzNqiZjp42NJznU/i9XG0NDhCh9B4kSfxo71rjCG47RNUQ
A8pFgFGCMzx9oO5Qm0t+ILc6uEuD4HslVIXd2LgkhMDJp89tkAIuNXtSbFtJQvep
MllWki6EXTFA4IT5ZHHdezuWQ90cyo/Y5onxjjKZHTxxJ8g/ZcUqxAW2ipNXIxCA
aAjpVcXw5+cKcaDHQOjW8k2gvSd4XNVekI8/OHVFtyu2d1la6b/VHh6CRiAnxM9A
flff3UnnxTB3mX39kN2hJ55Bh21NHhhDz/8BMU7eGhJG8RLhTpnA7wszp2Ktrqmp
vqPSWJP4N1wHATgLVsYkwnp33dLlJ8feWUMgwmju4kNsogsUwRL2uDtLojz5Jbvl
OMpSThjsvxHyrBRGoTK444Z9pBeKuq+OLg91wYMGIiTY6rr0rLqWaUmDIgdJntI7
UleTTIAlNdv5roUlMsXGJ2QhnO74uEsGf8yEA+NXK/eoJNDs7SW7wx9yqDnyGEno
gTv08EdLfPyiT6YUrSIatwARAQABiQRyBBgBCAAmFiEEfhyRrIAwpaWdHvq5dQ88
h3I+QBIFAl/u5fgCGwIFCQPrRYACQAkQdQ88h3I+QBLBdCAEGQEIAB0WIQQkVXdN
Qv3+a5w4Prj+EAK8WXCBHwUCX+7l+AAKCRD+EAK8WXCBH4uhEACC0iBopvhljyqg
AVl6mH5LKD6Ywp88mQG4ZR50mXojFscFKDaaGcKMnRuZ2rGwBeC1xJSqa1ljD03K
gaCJWOz6C7mxCnU7Fzb+R5BdpWSxOShfB2d/7aJfKnVY954sbJIebO7DL1x4TG36
HSZWYGAWWzbA10UY9tV+JPc+8WTCqye1rod5sNM3ikzO8bUggZXsvkpGjUR2aSu3
eVdBaZ2AeXcmg1D2/8mB/iOjqAPDndi8kUolxo44BLd3gLM9aZwvNzLiZ/T1gjcO
hAJtgvdxE16VTDNQXYvpDI8LCidd6YsKZ+QGCxJWq9bh+rypsQcYXZ8rvHd3ttkS
xSIYK3+1c6QOQ0nfVP+YLfmfFl9yPwAw+LE74GcB4p5gLfsttAPvqOvDnbq1RewA
X5A43kM96i357xsjH2pJu92qlcOQriUZxFO5LY5ULwn1d8NNyHjCbcp3g/iUN1EA
lact9VrLSbTksaV6RZ0TNyM/woNogIf2sSzp/17WDLqZMQGcFb//jUHEQtMrGhMa
VxffISEKYrfqDkL/53pvsmLlqsYZMJr3q//EbfYphzXN+fdNiQLHTqk9RvOICXaX
QxOkZ6rPaEkw4YDcm7HCWSwkqqc9jLSEcp1Vbg+efbk15dwGnzCmS3xVk5FvOPD9
MkHuq8kehGjW1q3zlSKP2sBepPI7wRrSEACL8R+6IMPLcZXtu+MVIDVcSMt34XjS
DZfRAb88dNJxgHisUnBXQYVTEseviDuLKkBUj4EHgRiKTHyCl57oHSDcn6toIUMO
tE8Mp2qulkrnehhwE+R1IFsKvkwBr8zcN6soESCgFVRtpIdY3s4fZp77lHpfYRGZ
hl1bg8KPqXDtr5GGQCyAqjxGOieNXrV6FA9mHbSegjX1DzQFhhIJ8ce/PLm/C8HK
GZMwk2uXc8OkHL39PAFHkOmcd848lfpueXel27rkXZNEzrKgVt+hSISqtdXjALUj
7431WOtC9dKnSKT9doxarzvAsiD7WjASUkjPDJla6RCRkwBi16xUXPbRjALs27xI
2v81NIIfUSouxLhiEFOyOlzZPwCpSWDEquKWYtuuPrg9eAyxD1ZibnPCULlQDl6T
LliERMUnbl0hqmUybjtohs9Ifl/3Ll5g+R84Kgy7mgPMPOhd0f1XVh+weprxtuhK
BN1quILbfHfwT09pZA3JjYwUovpwW3aKUiwxJIPokCbXHyQG2fVsGikbnzzuZMO2
WocLD9CtO4ut4kb0onV1AUn9Djb5ywfT2XTzXCW/gEG5WU3VeaP5zaxaf3SXUE9l
9gd32OGCAj3rJNmF9N8VtIxK4Y9DKoefANh0Ddw2PkFiJ68GQ7kVloJ71JnjFxiC
qVWm/Xk7tWsP4g==
=Ynj7
-----END PGP PUBLIC KEY BLOCK-----

568
dhcp.spec Normal file
View File

@ -0,0 +1,568 @@
#
# spec file for package dhcp
#
# Copyright (c) 2023 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
%define isc_version 4.4.2-P1
#Compat macro for new _fillupdir macro introduced in Nov 2017
%if ! %{defined _fillupdir}
%define _fillupdir %{_localstatedir}/adm/fillup-templates
%endif
%if 0%{?suse_version} >= 1550
%define sbindir %{_sbindir}
%else
%define sbindir /sbin
%endif
%if 0%{?suse_version} >= 1330
%bcond_without sysusers
%else
%bcond_with sysusers
%endif
Name: dhcp
Version: 4.4.2.P1
Release: 0
Summary: Common Files Used by ISC DHCP Software
License: MPL-2.0
Group: Productivity/Networking/Boot/Servers
URL: https://www.isc.org/software/dhcp
Source0: https://ftp.isc.org/isc/dhcp/%{isc_version}/dhcp-%{isc_version}.tar.gz
Source1: https://ftp.isc.org/isc/dhcp/%{isc_version}/dhcp-%{isc_version}.tar.gz.asc
Source2: %{name}.keyring
#
Source10: dhcpd.script
Source11: dhcrelay.script
Source12: dhcpd.service
Source13: dhcpd6.service
Source14: dhcrelay.service
Source15: dhcrelay6.service
Source17: sysconfig.dhcpd
Source18: sysconfig.dhcrelay
Source19: if-up.d.dhcpd-restart-hook
#
Source20: dhclient.conf
Source21: dhclient6.conf
Source22: dhcpd.conf
Source23: dhcpd6.conf
Source26: sysconfig.syslog-dhcpd
#
Source41: dhcp.README
Source43: DDNS-howto.txt
Source44: contrib.tar.gz
Source45: examples.tar.gz
Source46: slp.reg.d.dhcp.reg
Source47: dhcp-user.conf
Patch1: 0001-dhcp-4.1.1-default-paths.patch
# paranoia patch is included now, but not the
# additional patch by thomas@suse.de not ...
Patch2: 0002-dhcp-4.1.1-paranoia.patch
Patch3: 0003-dhcp-4.2.2-man-includes.patch
Patch4: 0004-dhcp-4.1.1-tmpfile.patch
Patch5: 0005-dhcp-4.1.1-dhclient-exec-filedes.patch
Patch6: 0006-dhcp-4.3.2-dhclient-send-hostname-or-fqdn.patch
# PATCH-FIX-UPSTREAM lpf-bind-msg-fix bnc#617795
Patch7: 0007-dhcp-4.1.1-P1-lpf-bind-msg-fix.patch
# PATCH-FIX-SLE dhclient-option-checks bnc#675052
Patch8: 0008-dhcp-4.2.2-dhclient-option-checks.patch
# PATCH-FIX-OPENSUSE close-on-exec bnc#732910
Patch9: 0009-dhcp-4.2.6-close-on-exec.patch
# PATCH-FIX-OPENSUSE quiet-dhclient bnc#711420
Patch10: 0010-dhcp-4.2.2-quiet-dhclient.patch
# PATCH-FIX-OPENSUSE dhcp-4.2.x-chown-server-leases bnc#868253
Patch12: 0012-dhcp-4.2.x-chown-server-leases.bnc868253.patch
# PATCH-FIX-SLE dhclient6-unsigned-lifetimes-for-script bsc#926159
Patch14: 0014-dhclient6-unsigned-lifetimes-for-script-bsc-926159.patch
# PATCH-FIX-SLE Expose-next-server-DHCPv4-option-to-dhclient-script bsc#928390
Patch15: 0015-Expose-next-server-DHCPv4-option-to-dhclient-script.patch
# PATCH-FIX-SLE infiniband-support bnc#870535,bsc#909189,bsc#910984
Patch16: 0016-infiniband-support.patch
# PATCH-FIX-SLE server-no-success-report-before-send bsc#919959
Patch17: 0017-server-no-success-report-before-send.919959.patch
# PATCH-FIX-SLE client-fail-on-script-pre-init-error bsc#912098
Patch18: 0018-client-fail-on-script-pre-init-error-bsc-912098.patch
# PATCH-FIX-SLE dhcp-4.2.4-P1-interval bsc#947780
Patch20: 0020-dhcp-4.x.x-fixed-improper-lease-duration-checking.patch
Patch21: 0021-dhcp-ip-family-symlinks.patch
Patch22: dhcp-CVE-2022-2928.patch
Patch23: dhcp-CVE-2022-2929.patch
BuildRequires: automake
BuildRequires: dos2unix
BuildRequires: libtool
BuildRequires: openldap2-devel
%if %{with sysusers}
BuildRequires: sysuser-tools
%endif
%package server
Summary: ISC DHCP Server
Group: Productivity/Networking/Boot/Servers
Requires: dhcp = %{version}
Requires(post): %fillup_prereq
%{?systemd_ordering}
%if 0%{?suse_version} < 1500
Requires: net-tools
%endif
%if %{with sysusers}
%sysusers_requires
%else
Requires(pre): shadow
%endif
%package client
Summary: ISC DHCP Client
Group: Productivity/Networking/Boot/Clients
Requires: %{_bindir}/getent
Requires: dhcp = %{version}
Requires: iproute2
Requires: iputils
%if 0%{?suse_version} >= 1330
Requires: /usr/bin/hostname
%else
Requires: net-tools
%endif
%package relay
Summary: ISC DHCP Relay Agent
Group: Productivity/Networking/Boot/Servers
Requires: dhcp = %{version}
Requires(post): %fillup_prereq
%{?systemd_ordering}
%if 0%{?suse_version} < 1500
Requires: net-tools
%endif
%package devel
Summary: Header Files and Libraries for dhcpctl API
Group: Development/Libraries/C and C++
Requires: dhcp = %{version}
%package doc
Summary: Documentation
Group: Productivity/Networking/Boot/Servers
%description
This package contains common programs used by both the ISC DHCP
server ("dhcp-server" package) and client ("dhcp-client") as the
omshell and common manual pages.
%description server
This package contains the ISC DHCP server.
%description client
This is an alternative DHCP client, the ISC DHCP client for Linux. Like
"dhcpcd" (the client that is installed by default), it can be used to
configure the network setup. IP address, hostname, routing,
nameserver, netmask, and broadcast can be dynamically assigned while
booting the machine.
It is configurable via the configuration file %{_sysconfdir}/dhclient.conf.
%description relay
This is the ISC DHCP relay agent. It can be used as a 'gateway' for
DHCP messages across physical network segments. This is necessary
because requests can be broadcast, and they will normally not be
routed.
%description doc
This package contains additional documentation files provided with
the software. The manual pages are in the corresponding packages.
%description devel
This package contains all of the libraries and headers for developing
with the Internet Software Consortium (ISC) dhcpctl API.
%prep
if test "%version" != $(echo %isc_version | tr "-" "."); then
echo "error: %%version and %%isc_version are not in sync."
exit 1
fi
%setup -q -n %{name}-%{isc_version} -a 44 -a 45
##
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
%patch8 -p1
%patch9
%patch10 -p1
%patch12 -p1
%patch14
%patch15 -p1
%patch16
%patch17 -p1
%patch18 -p1
%patch20
%patch21
%patch22
%patch23
##
find . -type f -name \*.cat\* -exec rm -f {} \;
dos2unix contrib/ms2isc/*
# Remove GPL licensed files to make sure,
# they're not used to build (bnc#714004).
pushd bind
gunzip -c bind.tar.gz | tar xf -
rm -rf bind-*/contrib/dbus
bind_dir=$(ls -1d bind-*)
for i in %{_datadir}/automake-*/config.{sub,guess} ; do
install -v -m755 $i $bind_dir/
done
# use the year from source gzip header instead of current one to make reproducible rpms
year=$(perl -e 'sysread(STDIN, $h, 8); print (1900+(gmtime(unpack("l",substr($h,4))))[5])' < bind.tar.gz)
sed -i "s/stdout, copyright, year/stdout, copyright, \"-$year\"/" $bind_dir/lib/dns/gen.c
popd
##
%build
%global _lto_cflags %{_lto_cflags} -ffat-lto-objects
CFLAGS="%{optflags} -D_GNU_SOURCE -W -Wall -Wno-unused -fcommon -fno-strict-aliasing"
%ifarch ppc ppc64 s390x
# bugs 134590, 171532
CFLAGS="$CFLAGS -fsigned-char"
%endif
%ifarch ia64 %{sparc} alpha s390x ppc64 x86_64
CFLAGS="$CFLAGS -fPIE"
%else
CFLAGS="$CFLAGS -fpie"
%endif
LDFLAGS="-Wl,-z,relro,-z,now -pie"
FFLAGS="$CFLAGS"
CXXFLAGS="$CFLAGS"
export CFLAGS LDFLAGS FFLAGS CXXFLAGS
%configure \
--enable-dhcpv6 \
--enable-failover \
--enable-paranoia \
--enable-early-chroot \
--disable-libtool \
--enable-log-pid \
--enable-binary-leases \
--with-ldap \
--with-ldapcrypto \
--with-cli-pid-file=%{_rundir}/dhclient.pid \
--with-cli-lease-file=%{_localstatedir}/lib/dhcp/dhclient.leases \
--with-cli6-pid-file=%{_rundir}/dhclient6.pid \
--with-cli6-lease-file=%{_localstatedir}/lib/dhcp6/dhclient.leases \
--with-srv-pid-file=%{_rundir}/dhcpd.pid \
--with-srv-lease-file=%{_localstatedir}/lib/dhcp/db/dhcpd.leases \
--with-srv6-pid-file=%{_rundir}/dhcpd6.pid \
--with-srv6-lease-file=%{_localstatedir}/lib/dhcp6/db/dhcpd6.leases
#
: building bind sources
%if 0%{?!make_build:1}
# SLE-12 compatbility still needed as of October 2021
%define make_build %{__make} %{?_smp_mflags}
%endif
%make_build -j1 -C bind all
cat bind/configure.log
cat bind/build.log
cat bind/install.log
: building dhcp sources
%make_build
%if %{with sysusers}
%sysusers_generate_pre %{SOURCE47} dhcp-server dhcp-user.conf
%endif
%check
# check example config, see if it runs
./server/dhcpd -4 -t -cf $RPM_SOURCE_DIR/dhcpd.conf
./server/dhcpd -6 -t -cf $RPM_SOURCE_DIR/dhcpd6.conf
# check syntax in our scripts
bash -n $RPM_SOURCE_DIR/dhcpd.script
bash -n $RPM_SOURCE_DIR/dhcrelay.script
%install
%make_install
#
# directories
install -d -m0755 %{buildroot}/sbin
install -d -m0755 %{buildroot}%{_sysconfdir}/dhcpd{,6}.d
install -d -m0755 %{buildroot}%{_sysconfdir}/openldap/schema
install -d -m0755 %{buildroot}%{_localstatedir}/run
install -d -m0755 %{buildroot}%{_fillupdir}
# chroot jail
install -d -m0755 %{buildroot}%{_localstatedir}/lib/{dhcp,dhcp6}%{_sysconfdir}
install -d -m0755 %{buildroot}%{_localstatedir}/lib/{dhcp,dhcp6}/dev
install -d -m0755 %{buildroot}%{_localstatedir}/lib/{dhcp,dhcp6}/%{_lib}
install -d -m0755 %{buildroot}%{_localstatedir}/lib/{dhcp,dhcp6}/run
install -d -m0755 %{buildroot}%{_localstatedir}/lib/{dhcp,dhcp6}/db
%if 0%{?suse_version} < 1550
# move the dhclient binary to /sbin
mv -f %{buildroot}%{_sbindir}/dhclient %{buildroot}/sbin/
%endif
# provide a ...6 link, so we know it supports DHCPv6
ln -sf dhcpd %{buildroot}%{_sbindir}/dhcpd6
ln -sf dhcrelay %{buildroot}%{_sbindir}/dhcrelay6
ln -sf dhclient %{buildroot}%{sbindir}/dhclient6
# install our adopted config examples:
install -m0644 $RPM_SOURCE_DIR/dhcpd.conf %{buildroot}%{_sysconfdir}/
install -m0644 $RPM_SOURCE_DIR/dhcpd6.conf %{buildroot}%{_sysconfdir}/
install -m0644 $RPM_SOURCE_DIR/dhclient.conf %{buildroot}%{_sysconfdir}/
install -m0644 $RPM_SOURCE_DIR/dhclient6.conf %{buildroot}%{_sysconfdir}/
# We don't ship dhclient-script any more (boo#1216822)
rm -f %{buildroot}%{_mandir}/man8/dhclient-script.8
# helper / wrapper scripts
install -d -m0755 %{buildroot}%{_libexecdir}/dhcp
install -m0755 $RPM_SOURCE_DIR/dhcpd.script \
%{buildroot}%{_libexecdir}/dhcp/dhcpd
sed -e 's,@LIBDIR@,%{_lib},g' -i %{buildroot}%{_libexecdir}/dhcp/dhcpd
install -m0755 $RPM_SOURCE_DIR/dhcrelay.script \
%{buildroot}%{_libexecdir}/dhcp/dhcrelay
# service units
install -d -m0755 %{buildroot}%{_unitdir}
install -m0644 $RPM_SOURCE_DIR/dhcpd.service \
%{buildroot}%{_unitdir}/dhcpd.service
install -m0644 $RPM_SOURCE_DIR/dhcpd6.service \
%{buildroot}%{_unitdir}/dhcpd6.service
install -m0644 $RPM_SOURCE_DIR/dhcrelay.service \
%{buildroot}%{_unitdir}/dhcrelay.service
install -m0644 $RPM_SOURCE_DIR/dhcrelay6.service \
%{buildroot}%{_unitdir}/dhcrelay6.service
sed -e 's,@LIBEXECDIR@,%{_libexecdir},g' -i %{buildroot}%{_unitdir}/d*
# rcservice links
ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rcdhcpd
ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rcdhcpd6
ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rcdhcrelay
ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rcdhcrelay6
# rcservice actions
legacy_actionsdir=%{buildroot}%{_libexecdir}/initscripts/legacy-actions
cat >dhcpd.action <<'EOF'
#!/bin/bash
exec %{_libexecdir}/dhcp/dhcpd -4 ${0##*/}
EOF
install -d -m0755 ${legacy_actionsdir}/dhcpd
install -m0755 dhcpd.action ${legacy_actionsdir}/dhcpd/syntax-check
ln -sf syntax-check ${legacy_actionsdir}/dhcpd/check-syntax
ln -sf syntax-check ${legacy_actionsdir}/dhcpd/check-lease
rm -f dhcpd.action
cat >dhcpd.action <<'EOF'
#!/bin/bash
exec %{_libexecdir}/dhcp/dhcpd -6 ${0##*/}
EOF
install -d -m0755 ${legacy_actionsdir}/dhcpd6
install -m0755 dhcpd.action ${legacy_actionsdir}/dhcpd6/syntax-check
ln -sf syntax-check ${legacy_actionsdir}/dhcpd6/check-syntax
ln -sf syntax-check ${legacy_actionsdir}/dhcpd6/check-lease
rm -f dhcpd.action
# sysconfig files
install -m0644 $RPM_SOURCE_DIR/sysconfig.dhcpd \
%{buildroot}%{_fillupdir}/
install -m0644 $RPM_SOURCE_DIR/sysconfig.syslog-dhcpd \
%{buildroot}%{_fillupdir}/
install -m0644 $RPM_SOURCE_DIR/sysconfig.dhcrelay \
%{buildroot}%{_fillupdir}/
# another config files and scripts
install -m0644 contrib/ldap/dhcp.schema \
%{buildroot}%{_sysconfdir}/openldap/schema
install -d -m0755 %{buildroot}%{_sysconfdir}/sysconfig/network/if-up.d
install -d -m0755 %{buildroot}%{_sysconfdir}/sysconfig/network/scripts
install -m0755 $RPM_SOURCE_DIR/if-up.d.dhcpd-restart-hook \
%{buildroot}%{_sysconfdir}/sysconfig/network/scripts/dhcpd-restart-hook
sed 's,@LIBEXECDIR@,%{_libexecdir},g' -i \
%{buildroot}%{_sysconfdir}/sysconfig/network/scripts/dhcpd-restart-hook
ln -sf ../scripts/dhcpd-restart-hook \
%{buildroot}%{_sysconfdir}/sysconfig/network/if-up.d/60-dhcpd-restart-hook
# slp support
install -d -m0755 %{buildroot}%{_sysconfdir}/slp.reg.d
install -m0644 $RPM_SOURCE_DIR/slp.reg.d.dhcp.reg \
%{buildroot}%{_sysconfdir}/slp.reg.d/dhcp.reg
# fix manual page permissions
find %{buildroot}/%{_mandir} -type f | xargs chmod 644
# copy some documentation and examples from src dir
install -m0644 $RPM_SOURCE_DIR/dhcp.README README.SUSE
install -m0644 $RPM_SOURCE_DIR/DDNS-howto.txt .
cp doc/examples/* ./examples/
rm -f doc/{References.xml,Makefile*}
rm -f contrib/dhcp.spec
rm -f %{buildroot}%{_sysconfdir}/{dhcpd,dhclient}.conf.example
find contrib doc/examples -type f | xargs chmod -x
# install bind libs+includes needed for dhcp-devel
pushd bind
install -d -m0755 %{buildroot}%{_includedir}/dhcp/
for i in include/* ; do
cp -r $i %{buildroot}%{_includedir}/dhcp/
done
install -d -m0755 %{buildroot}%{_libdir}/dhcp/
for l in lib/lib*.a ; do
install -m0644 $l %{buildroot}%{_libdir}/dhcp/
done
popd
# move also all dhcp-devel files to dhcp subdirectories
mv %{buildroot}%{_includedir}/{dhcpctl,omapip} \
%{buildroot}%{_includedir}/dhcp/
mv %{buildroot}%{_libdir}/lib*.* \
%{buildroot}%{_libdir}/dhcp/
%if %{with sysusers}
mkdir -p %{buildroot}%{_sysusersdir}
install -m 644 %{SOURCE47} %{buildroot}%{_sysusersdir}/
%endif
%if %{with sysusers}
%pre server -f dhcp-server.pre
%else
%pre server
getent passwd dhcpd >/dev/null || useradd -r -g nogroup -s /bin/false -c "DHCP server daemon" -d %{_localstatedir}/lib/dhcp dhcpd
%endif
%service_add_pre dhcpd.service
%service_add_pre dhcpd6.service
%post server
%{fillup_only -n dhcpd dhcpd}
%{fillup_only -ans syslog dhcpd}
%service_add_post dhcpd.service
%service_add_post dhcpd6.service
# FIXME: update?
if [ $1 -gt 1 ]; then
if grep -q '^DHCPD_RUN_AS=.*nobody' etc/sysconfig/dhcpd; then
tmpfile=$(mktemp -q etc/sysconfig/dhcpd.XXXXXX)
sed 's|^DHCPD_RUN_AS=.*|DHCPD_RUN_AS="dhcpd"|' etc/sysconfig/dhcpd \
> $tmpfile && mv $tmpfile etc/sysconfig/dhcpd
rm -f $tmpfile
fi
if grep -q '^DHCPD_BINARY=.*dhcpd\..*' etc/sysconfig/dhcpd; then
tmpfile=$(mktemp -q etc/sysconfig/dhcpd.XXXXXX)
sed 's|^DHCPD_BINARY=.*|DHCPD_BINARY=""|' etc/sysconfig/dhcpd \
> $tmpfile && mv $tmpfile etc/sysconfig/dhcpd
rm -f $tmpfile
fi
fi
%preun server
%service_del_preun dhcpd.service
%service_del_preun dhcpd6.service
%postun server
%service_del_postun dhcpd.service
%service_del_postun dhcpd6.service
%pre relay
%service_add_pre dhcrelay.service
%service_add_pre dhcrelay6.service
%post relay
#
%{rename_sysconfig_variable -f etc/sysconfig/dhcrelay
DHCRELAY6_LOWER_INTERFACES_ARGS DHCRELAY6_LOWER_INTERFACES}
%{rename_sysconfig_variable -f etc/sysconfig/dhcrelay
DHCRELAY6_UPPER_INTERFACES_ARGS DHCRELAY6_UPPER_INTERFACES}
#
%{fillup_only -n dhcrelay dhcrelay}
%service_add_post dhcrelay.service
%service_add_post dhcrelay6.service
%preun relay
%service_del_preun dhcrelay.service
%service_del_preun dhcrelay6.service
%postun relay
%service_del_postun dhcrelay.service
%service_del_postun dhcrelay6.service
%files
%license LICENSE
%{_bindir}/omshell
%{_mandir}/man1/omshell.1%{?ext_man}
%{_mandir}/man5/dhcp-eval.5%{?ext_man}
%{_mandir}/man5/dhcp-options.5%{?ext_man}
%files server
%{_sbindir}/dhcpd
%{_sbindir}/dhcpd6
%{_sbindir}/rcdhcpd
%{_sbindir}/rcdhcpd6
%{_unitdir}/dhcpd.service
%{_unitdir}/dhcpd6.service
%if %{with sysusers}
%{_sysusersdir}/dhcp-user.conf
%endif
%dir %{_libexecdir}/initscripts/legacy-actions/dhcpd
%{_libexecdir}/initscripts/legacy-actions/dhcpd/*
%dir %{_libexecdir}/initscripts/legacy-actions/dhcpd6
%{_libexecdir}/initscripts/legacy-actions/dhcpd6/*
%config(noreplace) %{_sysconfdir}/dhcpd.conf
%config(noreplace) %{_sysconfdir}/dhcpd6.conf
%attr(755,root,root) %dir %config(noreplace) %ghost %{_sysconfdir}/dhcpd.d/
%attr(755,root,root) %dir %config(noreplace) %ghost %{_sysconfdir}/dhcpd6.d/
%dir %{_libexecdir}/dhcp
%{_libexecdir}/dhcp/dhcpd
%dir %{_localstatedir}/lib/dhcp
%dir %{_localstatedir}/lib/dhcp%{_sysconfdir}
%dir %{_localstatedir}/lib/dhcp/dev
%dir %{_localstatedir}/lib/dhcp/%{_lib}
%dir %{_localstatedir}/lib/dhcp/run
%attr(755,dhcpd,root) %dir %{_localstatedir}/lib/dhcp/db
%dir %{_localstatedir}/lib/dhcp6
%dir %{_localstatedir}/lib/dhcp6%{_sysconfdir}
%dir %{_localstatedir}/lib/dhcp6/dev
%dir %{_localstatedir}/lib/dhcp6/%{_lib}
%dir %{_localstatedir}/lib/dhcp6/run
%attr(755,dhcpd,root) %dir %{_localstatedir}/lib/dhcp6/db
%{_mandir}/man8/dhcpd.8%{?ext_man}
%{_mandir}/man5/dhcpd.conf.5%{?ext_man}
%{_mandir}/man5/dhcpd.leases.5%{?ext_man}
%dir %{_sysconfdir}/openldap
%dir %{_sysconfdir}/openldap/schema
%attr(0644, root, root) %config %{_sysconfdir}/openldap/schema/dhcp.schema
%dir %{_sysconfdir}/slp.reg.d
%config(noreplace) %{_sysconfdir}/slp.reg.d/dhcp.reg
%dir %{_sysconfdir}/sysconfig/network
%dir %{_sysconfdir}/sysconfig/network/scripts
%dir %{_sysconfdir}/sysconfig/network/if-up.d
%{_sysconfdir}/sysconfig/network/scripts/dhcpd-restart-hook
%{_sysconfdir}/sysconfig/network/if-up.d/60-dhcpd-restart-hook
%{_fillupdir}/sysconfig.dhcpd
%{_fillupdir}/sysconfig.syslog-dhcpd
%files doc
%doc README RELNOTES
%doc README.* DDNS-howto.txt doc/*
%doc contrib examples
%files client
%{sbindir}/dhclient
%{sbindir}/dhclient6
%config(noreplace) %{_sysconfdir}/dhclient.conf
%config(noreplace) %{_sysconfdir}/dhclient6.conf
%{_mandir}/man5/dhclient.conf.5%{?ext_man}
%{_mandir}/man5/dhclient.leases.5%{?ext_man}
%{_mandir}/man8/dhclient.8%{?ext_man}
%dir %{_localstatedir}/lib/dhcp
%dir %{_localstatedir}/lib/dhcp6
%files relay
%{_sbindir}/dhcrelay
%{_sbindir}/dhcrelay6
%{_sbindir}/rcdhcrelay
%{_sbindir}/rcdhcrelay6
%dir %{_libexecdir}/dhcp
%{_libexecdir}/dhcp/dhcrelay
%{_unitdir}/dhcrelay.service
%{_unitdir}/dhcrelay6.service
%{_mandir}/man8/dhcrelay.8%{?ext_man}
%{_fillupdir}/sysconfig.dhcrelay
%files devel
%dir %{_libdir}/dhcp
%{_libdir}/dhcp/lib*
%dir %{_includedir}/dhcp
%{_includedir}/dhcp/*
%{_mandir}/man3/omapi.3%{?ext_man}
%{_mandir}/man3/dhcpctl.3%{?ext_man}
%changelog

154
dhcpd.conf Normal file
View File

@ -0,0 +1,154 @@
# /etc/dhcpd.conf
#
# Sample configuration file for ISC dhcpd
#
# *** PLEASE CONFIGURE IT FIRST ***
#
# Don't forget to set the DHCPD_INTERFACE in the
# /etc/sysconfig/dhcpd file.
#
# option definitions common to all supported networks...
#option domain-name "example.org";
#option domain-name-servers ns1.example.org, ns2.example.org;
#default-lease-time 600;
#max-lease-time 7200;
# if you do not use dynamical DNS updates:
#
# if you want to use dynamical DNS updates, you should first read
# read /usr/share/doc/packages/dhcp-server/DDNS-howto.txt
#
#ddns-updates off;
# Use this to enble / disable dynamic dns updates globally.
#ddns-update-style none;
# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
#authoritative;
# Use this to send dhcp log messages to a different log file (you also
# have to hack syslog.conf to complete the redirection).
#log-facility local7;
#
# Define RFC 3442 classless static route option (121);
# the following _example_ routes:
# 192.168.2.254/32 via 0.0.0.0 (device route)
# 192.168.2.253/32 via 192.168.1.2 (255.255.255.255)
# 192.2.0.128/25 via 192.168.1.2 (255.255.255.128)
# 192.168.2.0/24 via 192.168.1.2 (255.255.255.0)
# 172.16.0.0/12 via 192.168.1.2 (255.240.0.0)
# 10.0.0.0/8 via 192.168.1.2 (255.0.0.0)
# default via 192.168.1.1
# have to be written as:
# option rfc3442-classless-static-routes
# 32, 192, 168, 2, 254, 0, 0, 0, 0,
# 32, 192, 168, 2, 253, 192, 168, 1, 2,
# 25, 192, 2, 0, 128, 192, 168, 1, 2,
# 24, 192, 168, 3, 192, 168, 1, 2,
# 12, 172, 16, 192, 168, 1, 2,
# 8, 10, 192, 168, 1, 2,
# 0, 192, 168, 1, 1;
#
# Note: you have to specify the default gateway here
# as well, because when classless routes are in use,
# the 'routers' option is ignored by the dhcp client.
#
#option rfc3442-classless-static-routes code 121 = array of unsigned integer 8;
#
# Define RFC 4833 timezone options:
#
#option rfc4833-tz-posix-string code 100 = string;
#option rfc4833-tz-name code 101 = string;
#
# Use example:
# option rfc4833-tz-posix-string "EST5EDT4,M3.2.0/02:00,M11.1.0/02:00";
# option rfc4833-tz-name "Europe/Zurich";
# No service will be given on this subnet, but declaring it helps the
# DHCP server to understand the network topology.
#subnet 10.152.187.0 netmask 255.255.255.0 {
#}
# This is a very basic subnet declaration.
#subnet 10.254.239.0 netmask 255.255.255.224 {
# range 10.254.239.10 10.254.239.20;
# option routers rtr-239-0-1.example.org, rtr-239-0-2.example.org;
#}
# This declaration allows BOOTP clients to get dynamic addresses,
# which we don't really recommend.
#subnet 10.254.239.32 netmask 255.255.255.224 {
# range dynamic-bootp 10.254.239.40 10.254.239.60;
# option broadcast-address 10.254.239.31;
# option routers rtr-239-32-1.example.org;
#}
# A slightly different configuration for an internal subnet.
#subnet 10.5.5.0 netmask 255.255.255.224 {
# range 10.5.5.26 10.5.5.30;
# option domain-name-servers ns1.internal.example.org;
# option domain-name "internal.example.org";
# option routers 10.5.5.1;
# option broadcast-address 10.5.5.31;
# default-lease-time 600;
# max-lease-time 7200;
#}
# Hosts which require special configuration options can be listed in
# host statements. If no address is specified, the address will be
# allocated dynamically (if possible), but the host-specific information
# will still come from the host declaration.
#host passacaglia {
# hardware ethernet 0:0:c0:5d:bd:95;
# filename "vmunix.passacaglia";
# server-name "toccata.fugue.com";
#}
# Fixed IP addresses can also be specified for hosts. These addresses
# should not also be listed as being available for dynamic assignment.
# Hosts for which fixed IP addresses have been specified can boot using
# BOOTP or DHCP. Hosts for which no fixed address is specified can only
# be booted with DHCP, unless there is an address range on the subnet
# to which a BOOTP client is connected which has the dynamic-bootp flag
# set.
#host fantasia {
# hardware ethernet 08:00:07:26:c0:a5;
# fixed-address fantasia.fugue.com;
#}
# You can declare a class of clients and then do address allocation
# based on that. The example below shows a case where all clients
# in a certain class get addresses on the 10.17.224/24 subnet, and all
# other clients get addresses on the 10.0.29/24 subnet.
#class "foo" {
# match if substring (option vendor-class-identifier, 0, 4) = "SUNW";
#}
#
#shared-network 224-29 {
# subnet 10.17.224.0 netmask 255.255.255.0 {
# option routers rtr-224.example.org;
# }
# subnet 10.0.29.0 netmask 255.255.255.0 {
# option routers rtr-29.example.org;
# }
# pool {
# allow members of "foo";
# range 10.17.224.10 10.17.224.250;
# }
# pool {
# deny members of "foo";
# range 10.0.29.10 10.0.29.230;
# }
#}

429
dhcpd.script Normal file
View File

@ -0,0 +1,429 @@
#! /bin/bash
# Copyright (c) 1996, 1997, 1998 S.u.S.E. GmbH
# Copyright (c) 1998, 1999, 2000, 2001 SuSE GmbH
# Copyright (c) 2002, 2003 SuSE Linux AG
# Copyright (c) 2004-2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# This program is free software; you can redistribute it and/or modify it under
# the terms of the GNU General Public License as published by the Free Software
# Foundation; either version 2 of the License, or (at your option) any later
# version.
#
# This program is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
# details.
#
# You should have received a copy of the GNU General Public License along with
# this program; if not, see <http://www.gnu.org/licenses/>.
#
# Author: Rolf Haberrecker <rolf@suse.de>, 1997-1999
# Peter Poeml <poeml@suse.de>, 2000-2006
# Marius Tomaschewski <mt@suse.de>, 2006-2010
#
# /usr/lib/dhcp/dhcpd helper script, fromer /etc/init.d/dhcpd init script.
#
###
test -s /etc/sysconfig/dhcpd && . /etc/sysconfig/dhcpd
SUPPORTS_CHROOT="yes"
SUPPORTS_RUN_AS="yes"
SUPPORTS_HUP="no"
# note: $DAEMON_PIDFILE is a symlink to the
# $DAEMON_STATE$DAEMON_PIDFILE (also
# while DHCPD_RUN_CHROOTED=no) now,
# as DHCPD_RUN_AS is not allowed to
# create pid files in /run.
DHCPv_OPT=$1 ; shift
case $DHCPv_OPT in
-4)
DAEMON='ISC DHCPv4 Server'
DAEMON_BIN=/usr/sbin/dhcpd
DAEMON_CONF=/etc/dhcpd.conf
DAEMON_STATE=/var/lib/dhcp
DAEMON_LEASES=dhcpd.leases
DAEMON_PIDFILE=/run/dhcpd.pid
STARTPROC_LOGFILE=/var/log/rc.dhcpd.log
LDAP_CONF=/etc/openldap/ldap.conf
test "$DHCPD_RUN_CHROOTED" = "yes" && \
CHROOT_PREFIX="$DAEMON_STATE" || CHROOT_PREFIX=''
DHCPD_CONF_INCLUDE_FILES=${DHCPD_CONF_INCLUDE_FILES:-/etc/dhcpd.d}
;;
-6)
DAEMON='ISC DHCPv6 Server'
DAEMON_BIN=/usr/sbin/dhcpd
DAEMON_CONF=/etc/dhcpd6.conf
DAEMON_STATE=/var/lib/dhcp6
DAEMON_LEASES=dhcpd6.leases
DAEMON_PIDFILE=/run/dhcpd6.pid
STARTPROC_LOGFILE=/var/log/rc.dhcpd6.log
LDAP_CONF=""
test "$DHCPD6_RUN_CHROOTED" = "yes" && \
CHROOT_PREFIX="$DAEMON_STATE" || CHROOT_PREFIX=''
DHCPD_RUN_AS=$DHCPD6_RUN_AS
DHCPD_INTERFACE=$DHCPD6_INTERFACE
DHCPD_OTHER_ARGS=$DHCPD6_OTHER_ARGS
DHCPD_CONF_INCLUDE_FILES=${DHCPD6_CONF_INCLUDE_FILES:-/etc/dhcpd6.d}
;;
*)
echo >&2 "Usage: $0 <-4|-6> <action>"
exit 2
;;
esac
# Return values acc. to LSB for all commands but status:
# 0 - success
# 1 - generic or unspecified error
# 2 - invalid or excess argument(s)
# 3 - unimplemented feature (e.g. "reload")
# 4 - insufficient privilege
# 5 - program is not installed
# 6 - program is not configured
# 7 - program is not running
#
# Note that starting an already running service, stopping
# or restarting a not-running service as well as the restart
# with force-reload (in case signalling is not supported) are
# considered a success.
if ! [ -x "$DAEMON_BIN" ]; then
case $1 in
stop) ;;
*) echo -n >&2 "\"$DAEMON_BIN\" is not an executable file. Exiting."
case $1 in
status) exit 4 ;;
*) exit 5 ;;
esac
;;
esac
exit
fi
if ! [ -r "$DAEMON_CONF" ] ; then
case $1 in
stop|status)
if test ! -s /etc/sysconfig/dhcpd ; then
test -e $DAEMON_STATE/$DAEMON_PIDFILE && \
CHROOT_PREFIX="$DAEMON_STATE" || CHROOT_PREFIX=''
fi
;;
*)
echo -n >&2 "\"$DAEMON_CONF\" config file missed. Exiting."
exit 6
;;
esac
fi
# remove empty pid files to avoid disturbing warnings by checkproc/killproc
# (these can occur if dhcpd does not start correctly)
test -e $DAEMON_PIDFILE && ! test -s $DAEMON_PIDFILE && rm $DAEMON_PIDFILE
test -e $DAEMON_STATE/$DAEMON_PIDFILE && ! test -s $DAEMON_STATE/$DAEMON_PIDFILE && rm $DAEMON_STATE/$DAEMON_PIDFILE
case "$1" in
start)
echo -n "Starting $DAEMON "
## If there is no conf file, skip starting of dhcpd
## and return with "program not configured"
if ! [ -f $DAEMON_CONF ]; then
echo -n "... no configuration file found";
# service is not configured
exit 6;
fi
## If the interfaces are not set, skip starting of dhcpd
## and return with "program not configured"
if [ -z "$DHCPD_INTERFACE" ]; then
var="DHCPD_INTERFACE"
case $DHCPv_OPT in -6) var=DHCPD6_INTERFACE ;; esac
echo -n "... set $var in /etc/sysconfig/dhcpd"
# service is not configured
exit 6;
fi
if [ "$DHCPD_INTERFACE" = "ANY" ]; then
DHCPD_INTERFACE=""
fi
jail=${CHROOT_PREFIX:-${DAEMON_STATE}}; leases=$DAEMON_LEASES
if ! [ -e $jail/db/$leases ]; then
# until 9.0, the lease file was in /var/lib/dhcp and part of the package
if test -e $jail/$leases -a '!' -L $jail/$leases; then
# this is the case where the %post script runs _before_ the old package is
# removed (i.e., dhcpd.leases has not renamed to .rpmsave yet)
mv $jail/$leases $jail/db/$leases && \
ln -s db/$leases $jail/
elif test -e $jail/$leases.rpmsave; then
# this is what's left when the package is already gone.
mv $jail/$leases.rpmsave $jail/db/$leases && \
ln -s db/$leases $jail/
else
# fresh installation:
# a lease file must be present. the server won't start without
touch $jail/db/$leases
fi
fi
if test "$DHCPD_RUN_CHROOTED" = "yes" ; then
## copy the conf file to the chroot jail (dhcpd has to be restarted anyway,
## when it has changed) and change path to leases file
for i in $DAEMON_CONF $DHCPD_CONF_INCLUDE_FILES $LDAP_CONF /etc /dev; do
if test -d "${i}" ; then
test -d "$CHROOT_PREFIX/${i}" || \
mkdir -p "$CHROOT_PREFIX/${i}"
elif test -e "${i}" ; then
test -d "$CHROOT_PREFIX/${i%/*}" || \
mkdir -p "$CHROOT_PREFIX/${i%/*}"
fi
done
rm -f $CHROOT_PREFIX/dev/urandom
for i in $DAEMON_CONF $DHCPD_CONF_INCLUDE_FILES $LDAP_CONF /etc/{gai.conf,nsswitch.conf,resolv.conf,host.conf,hosts,localtime,bindresvport.blacklist} /dev/urandom; do
if ! test -e "$i"; then continue; fi # neither of them is absolutely necessary
cp -aL "$i" "${CHROOT_PREFIX}/${i%/*}/" &>/dev/null \
|| { echo "...$0:$LINENO: could not copy $i to chroot jail"; exit 6; }
done
libdir=@LIBDIR@
if test -x /usr/bin/ldd ; then
get_ldd_deps()
{
ldd_wl="\/${libdir}\/lib"
ldd_bl="\/${libdir}\/libc\."
/usr/bin/ldd "$1" | \
while read -sr a b c d ; do
[ -n "$c" ] || continue
[[ $c =~ $ldd_wl ]] || continue
[[ $c =~ $ldd_bl ]] && continue
echo $c
done
}
else
get_ldd_deps() { :; }
fi
cplibs=`for i in /$libdir/{libresolv.so.*,libnss_*.so.*} \
/$libdir/{libpthread.so.0,libdl.so.2,libgcc_s.so.*} ;
do
if [ -s "$i" ] ; then
echo "$i"
get_ldd_deps "$i"
fi
done | sort -u`
for i in $cplibs ; do
if [ -s "$i" ]; then
cp -pL "$i" "${CHROOT_PREFIX}/$libdir/" \
|| { echo "...$0:$LINENO: could not copy $i to chroot jail"; exit 6; }
fi
done
# mount /proc into the chroot; the server fails if unable to read /proc/net/{dev,if_inet6}
mkdir -p ${CHROOT_PREFIX}/proc
mount -t proc -o ro proc ${CHROOT_PREFIX}/proc 2>/dev/null
DHCPD_ARGS="-chroot $CHROOT_PREFIX -lf /db/$DAEMON_LEASES"
## If there is a pid file containing a pid, the machine might have crashed. pid files in
## /run are always cleaned up at boot time, but this is not the case for the pid file in
## the chroot jail. Therefore, and old pid file may exist. This is only a problem if it
## incidentally contains the pid of a running process. If this process is not a 'dhcpd',
## we remove the pid. (dhcpd itself only checks whether the pid is alive or not.)
if test -s $DAEMON_STATE/$DAEMON_PIDFILE; then
p=$(<$DAEMON_STATE/$DAEMON_PIDFILE)
if test -n "$p" && grep -qsE "^${DAEMON_BIN}" "/proc/$p/cmdline" ; then
echo -n '(already running) '
else
rm -f $DAEMON_STATE/$DAEMON_PIDFILE
fi
fi
PID_FILE_ARG="$DAEMON_PIDFILE"
else
DHCPD_ARGS="-lf ${DAEMON_STATE}/db/$DAEMON_LEASES"
PID_FILE_ARG="$DAEMON_STATE$DAEMON_PIDFILE"
fi
if [ -n "$DHCPD_RUN_AS" ]; then
DHCPD_RUN_AS_GROUP="$(getent group $(getent passwd $DHCPD_RUN_AS | cut -d: -f4) | cut -d: -f1)"
DHCPD_ARGS="$DHCPD_ARGS -user $DHCPD_RUN_AS -group $DHCPD_RUN_AS_GROUP"
chown "${DHCPD_RUN_AS}:${DHCPD_RUN_AS_GROUP}" \
"$DAEMON_STATE/${DAEMON_PIDFILE%/*}"
fi
## check syntax with -t (output to log file) and start only when the syntax is okay
rm -f $STARTPROC_LOGFILE # start log
error=0
if ! $DAEMON_BIN $DHCPv_OPT -t -cf $CHROOT_PREFIX/$DAEMON_CONF -pf $PID_FILE_ARG > $STARTPROC_LOGFILE 2>&1 ; then
error=1
else
## Start daemon. If this fails the return value is set appropriate.
## The init script should return 0, even if service is already running,
## to match the LSB spec.
test "$2" = "-v" && echo -en \
"\nexecuting '$DAEMON_BIN $DHCPv_OPT -cf $DAEMON_CONF -pf $PID_FILE_ARG $DHCPD_ARGS $DHCPD_OTHER_ARGS $DHCPD_INTERFACE'"
$DAEMON_BIN $DHCPv_OPT -cf $DAEMON_CONF -pf $PID_FILE_ARG $DHCPD_ARGS $DHCPD_OTHER_ARGS $DHCPD_INTERFACE &> $STARTPROC_LOGFILE
ret=$?
fi
if [ $error -gt 0 -o ${ret:-0} -gt 0 ]; then
## be verbose
echo ""
echo -n " please see $STARTPROC_LOGFILE for details "
## set status to failed
exit 1
else
ln -sf "$DAEMON_STATE$DAEMON_PIDFILE" "$DAEMON_PIDFILE"
[ "$DHCPD_RUN_CHROOTED" = "yes" ] && echo -n "[chroot]" || :
fi
;;
stop)
echo -n "Shutting down $DAEMON "
# Catch the case where daemon is running without chroot,
# but sysconfig/dhcp has been changed to use chroot (and
# another way around).
# In this case is there is no $chroot/$pidfile, but there
# should be a /pidfile that we use instead.
# We can not kill without pid file or dhcp4 kills dhcp6.
PID_FILE="$DAEMON_STATE$DAEMON_PIDFILE"
if test "$DHCPD_RUN_CHROOTED" = "yes" ; then
if test ! -s "$DAEMON_STATE$DAEMON_PIDFILE" -a \
-s "$DAEMON_PIDFILE" ; then
PID_FILE="$DAEMON_PIDFILE"
fi
else
if test ! -s "$DAEMON_PIDFILE" -a \
-s "$DAEMON_STATE$DAEMON_PIDFILE" ; then
PID_FILE="$DAEMON_STATE$DAEMON_PIDFILE"
fi
fi
## Stop daemon with killproc(8) and if this fails
## set echo the echo return value.
killproc -p "$PID_FILE" $DAEMON_BIN
ret=$?
# umount proc and remove libraries from the chroot jail,
# so they are not left over if the server is deinstalled
if [ "$DHCPD_RUN_CHROOTED" = yes -a -n "$CHROOT_PREFIX" ]; then
umount ${CHROOT_PREFIX}/proc 2>/dev/null
rm -f $CHROOT_PREFIX/lib*/*
fi
exit $ret
;;
try-restart)
## Do a restart only if the service was active before.
## Note: try-restart is now part of LSB (as of 1.9).
## RH has a similar command named condrestart.
$0 $DHCPv_OPT status
if test $? = 0; then
$0 $DHCPv_OPT restart
fi
;;
restart)
## Check syntax and when it is OK, stop the service
## and regardless of whether it was running or not,
## start it again.
if ! $0 $DHCPv_OPT check-syntax &>/dev/null ; then
echo -n "Syntax check reports errors, see log messages"
exit 1
else
$0 $DHCPv_OPT stop
sleep 3
$0 $DHCPv_OPT start
fi
;;
force-reload)
## Signal the daemon to reload its config. Most daemons
## do this on signal 1 (SIGHUP).
## If it does not support it, restart.
if [ "$SUPPORTS_HUP" = "yes" ]; then
echo -n "Reload service $DAEMON"
killproc -p $DAEMON_STATE/$DAEMON_PIDFILE -HUP $DAEMON_BIN
#touch $DAEMON_STATE/$DAEMON_PIDFILE
elif ! $0 $DHCPv_OPT check-syntax &>/dev/null ; then
echo -n "Syntax check reports errors, see log messages"
exit 1
else
$0 $DHCPv_OPT stop && sleep 3 && $0 $DHCPv_OPT start
fi
;;
reload)
## Like force-reload, but if daemon does not support
## signalling, do nothing (!)
echo -n "Reload service $DAEMON"
if [ "$SUPPORTS_HUP" = "yes" ]; then
# If it supports signalling:
killproc -p $DAEMON_STATE/$DAEMON_PIDFILE -HUP $DAEMON_BIN
#touch $DAEMON_STATE/$DAEMON_PIDFILE
else
## Otherwise if it does not support reload:
exit 3
fi
;;
status)
echo -n "Checking for $DAEMON: "
## Check status with checkproc(8), if process is running
## checkproc will return with exit status 0.
# Status has a slightly different for the status command:
# 0 - service running
# 1 - service dead, but /run/ pid file exists
# 2 - service dead, but /var/lock/ lock file exists
# 3 - service not running
# NOTE: checkproc returns LSB compliant status values.
checkproc -p $DAEMON_STATE/$DAEMON_PIDFILE $DAEMON_BIN
;;
probe)
## Optional: Probe for the necessity of a reload,
## give out the argument which is required for a reload.
rc=0
for i in /etc/sysconfig/dhcpd $DAEMON_CONF $DHCPD_CONF_INCLUDE_FILES; do
test $i -nt $DAEMON_STATE/$DAEMON_PIDFILE && rc=1
done
test $rc = 1 && echo restart
;;
check-syntax|syntax-check)
echo -n "Checking syntax of $DAEMON_CONF: "
## this nice bit is from Edwin Groothuis:
## check syntax (quiet)
$DAEMON_BIN $DHCPv_OPT -q -t -cf $DAEMON_CONF
if [ $? -ne 0 ]; then
echo ""
## check syntax (verbose)
$DAEMON_BIN $DHCPv_OPT -t -cf $DAEMON_CONF
echo -ne '\nConfig is NOT okay'
exit 1
fi
;;
check-lease|check-lease-file)
echo -n "Checking lease file $DAEMON_LEASES: "
if [ -s ${DAEMON_STATE}/db/$DAEMON_LEASES ] ; then
## check leases file (quiet)
$DAEMON_BIN $DHCPv_OPT -q -T -cf /dev/null -lf ${DAEMON_STATE}/db/$DAEMON_LEASES
if [ $? -ne 0 ]; then
echo ""
## check leases file (verbose)
$DAEMON_BIN $DHCPv_OPT -T -cf $DAEMON_CONF -lf ${DAEMON_STATE}/db/$DAEMON_LEASES
echo -ne '\nLease file is NOT okay'
exit 1
fi
fi
;;
*)
SCRIPT="${SCRIPT:-${0##*/} $DHCPv_OPT}"
echo "Usage: $SCRIPT {start|stop|status|try-restart|restart|force-reload|reload|probe|check-syntax} [-v]"
exit 1
esac

25
dhcpd.service Normal file
View File

@ -0,0 +1,25 @@
[Unit]
Description=ISC DHCPv4 Server
Before=multi-user.target
After=remote-fs.target network-online.target nss-lookup.target time-sync.target slapd.service sssd.service ndsd.service
[Service]
# added automatically, for details please see
# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
ProtectSystem=full
ProtectHome=true
ProtectKernelTunables=true
ProtectKernelModules=true
ProtectKernelLogs=true
ProtectControlGroups=true
RestrictRealtime=true
# end of automatic additions
Type=forking
Restart=on-abort
ExecStart=@LIBEXECDIR@/dhcp/dhcpd -4 start
ExecStop=@LIBEXECDIR@/dhcp/dhcpd -4 stop
[Install]
WantedBy=multi-user.target
Alias=dhcp-server.service

127
dhcpd6.conf Normal file
View File

@ -0,0 +1,127 @@
# /etc/dhcpd6.conf
#
# Sample DHCPv6 configuration file for ISC dhcpd
#
# *** PLEASE CONFIGURE IT FIRST ***
#
# Don't forget to set the DHCPD6_INTERFACE in the
# /etc/sysconfig/dhcpd file.
#
#
# Define RFC 4833 timezone options:
#
#option dhcp6.rfc4833-tz-posix-string code 41 = string;
#option dhcp6.rfc4833-tz-name code 42 = string;
#
# Use example:
# option dhcp6.rfc4833-tz-posix-string "EST5EDT4,M3.2.0/02:00,M11.1.0/02:00";
# option dhcp6.rfc4833-tz-name "Europe/Zurich";
# From the file used for TAHI tests.
#
# For more iformations about IPv6 addresses, see also:
# http://tools.ietf.org/html/rfc4193
# http://tools.ietf.org/html/rfc4291
# http://www.iana.org/assignments/ipv6-address-space/
#
# The addresses in the examples bellow are from the:
# FC00::/7 Unique Local Unicast [RFC4193]
# address space.
#
# Please allocate own prefix (6to4, tunnel broker) !
#
# IPv6 address valid lifetime
# (at the end the address is no longer usable by the client)
# (set to 30 days, the usual IPv6 default)
#default-lease-time 2592000;
# IPv6 address preferred lifetime
# (at the end the address is deprecated, i.e., the client should use
# other addresses for new connections)
# (set to 7 days, the usual IPv6 default)
#preferred-lifetime 604800;
# T1, the delay before Renew
# (default is 1/2 preferred lifetime)
# (set to 1 hour)
#option dhcp-renewal-time 3600;
# T2, the delay before Rebind (if Renews failed)
# (default is 3/4 preferred lifetime)
# (set to 2 hours)
#option dhcp-rebinding-time 7200;
# Enable RFC 5007 support (same than for DHCPv4)
#allow leasequery;
# Global definitions for name server address(es) and domain search list
#option dhcp6.name-servers fc00:501:ffff:100:200:ff:fe00:3f3e;
#option dhcp6.domain-search "test.example.com","example.com";
# Set preference to 255 (maximum) in order to avoid waiting for
# additional servers when there is only one
##option dhcp6.preference 255;
# Server side command to enable rapid-commit (2 packet exchange)
##option dhcp6.rapid-commit;
# The delay before information-request refresh
# (minimum is 10 minutes, maximum one day, default is to not refresh)
# (set to 6 hours)
#option dhcp6.info-refresh-time 21600;
# Static definition (must be global)
#host myclient {
# # The entry is looked up by this
# host-identifier option
# dhcp6.client-id 00:01:00:01:00:04:93:e0:00:00:00:00:a2:a2;
#
# # A fixed address
# fixed-address6 fc00:501:ffff:100::1234;
#
# # A fixed prefix
# fixed-prefix6 fc00:501:ffff:101::/64;
#
# # Override of the global definitions,
# # works only when a resource (address or prefix) is assigned
# option dhcp6.name-servers fc00:501:ffff:100:200:ff:fe00:4f4e;
#
# # For debug (to see when the entry statements are executed)
# # (log "sol" when a matching Solicitation is received)
# ##if packet(0,1) = 1 { log(debug,"sol"); }
#}
# The subnet where the server is attached
# (i.e., the server has an address in this subnet)
#subnet6 fc00:501:ffff:100::/64 {
# # Two addresses available to clients
# # (the third client should get NoAddrsAvail)
# range6 fc00:501:ffff:100::10 fc00:501:ffff:100::11;
#
# # Use the whole /64 prefix for temporary addresses
# # (i.e., direct application of RFC 4941)
# range6 fc00:501:ffff:100:: temporary;
#
# # Some /64 prefixes available for Prefix Delegation (RFC 3633)
# prefix6 fc00:501:ffff:100:: fc00:501:ffff:111:: /64;
#}
# A second subnet behind a relay agent
#subnet6 fc00:501:ffff:101::/64 {
# range6 fc00:501:ffff:101::10 fc00:501:ffff:101::11;
#
# # Override of the global definitions,
# # works only when a resource (address or prefix) is assigned
# option dhcp6.name-servers fc00:501:ffff:101:200:ff:fe00:3f3e;
#
#}
# A third subnet behind a relay agent chain
#subnet6 fc00:501:ffff:102::/64 {
# range6 fc00:501:ffff:102::10 fc00:501:ffff:102::11;
#}

25
dhcpd6.service Normal file
View File

@ -0,0 +1,25 @@
[Unit]
Description=ISC DHCPv6 Server
Before=multi-user.target
After=remote-fs.target network.target nss-lookup.target time-sync.target slapd.service sssd.service ndsd.service
[Service]
# added automatically, for details please see
# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
ProtectSystem=full
ProtectHome=true
ProtectKernelTunables=true
ProtectKernelModules=true
ProtectKernelLogs=true
ProtectControlGroups=true
RestrictRealtime=true
# end of automatic additions
Type=forking
Restart=on-abort
ExecStart=@LIBEXECDIR@/dhcp/dhcpd -6 start
ExecStop=@LIBEXECDIR@/dhcp/dhcpd -6 stop
[Install]
WantedBy=multi-user.target
Alias=dhcp6-server.service

213
dhcrelay.script Normal file
View File

@ -0,0 +1,213 @@
#! /bin/sh
# Copyright (c) 1996, 1997, 1998 S.u.S.E. GmbH
# Copyright (c) 1998, 1999, 2000, 2001 SuSE GmbH
# Copyright (c) 2002 SuSE Linux AG
# Copyright (c) 2003-2014 SUSE LINUX Products GmbH
#
# Author: Peter Poeml <poeml@suse.de>, 2001
# Marius Tomaschewski <mt@suse.de>, 2010
#
# /usr/lib/dhcp/dhcrelay helper,
# fromer /etc/init.d/dhcrelay init script
#
###
DHCPv_OPT=$1 ; shift
case $DHCPv_OPT in
-4)
DAEMON="ISC DHCPv4 relay agent"
DAEMON_BIN=/usr/sbin/dhcrelay
DAEMON_CONF=/etc/sysconfig/dhcrelay
DAEMON_PIDFILE=/run/dhcrelay.pid
STARTPROC_LOGFILE=/var/log/rc.dhcrelay.log
SUPPORTS_HUP="no"
;;
-6)
DAEMON="ISC DHCPv6 relay agent"
DAEMON_BIN=/usr/sbin/dhcrelay6
DAEMON_CONF=/etc/sysconfig/dhcrelay
DAEMON_PIDFILE=/run/dhcrelay6.pid
STARTPROC_LOGFILE=/var/log/rc.dhcrelay6.log
;;
*)
echo >&2 "Usage: $0 <-4|-6> <action>"
exit 2
;;
esac
test -s "$DAEMON_CONF" && . "$DAEMON_CONF"
if ! [ -x "$DAEMON_BIN" ]; then
case $1 in
stop) ;;
*) echo -n >&2 "$0: \"$DAEMON_BIN\" is not an executable file. Exiting."
case $1 in
status) exit 4 ;;
*) exit 5 ;;
esac
;;
esac
exit 0
fi
# Return values acc. to LSB for all commands but status:
# 0 - success
# 1 - generic or unspecified error
# 2 - invalid or excess argument(s)
# 3 - unimplemented feature (e.g. "reload")
# 4 - insufficient privilege
# 5 - program is not installed
# 6 - program is not configured
# 7 - program is not running
#
# Note that starting an already running service, stopping
# or restarting a not-running service as well as the restart
# with force-reload (in case signalling is not supported) are
# considered a success.
case "$1" in
start)
# FIXME: this check is pointless since systemd already do it.
echo -n "Starting $DAEMON"
checkproc -p $DAEMON_PIDFILE $DAEMON_BIN && {
echo -n "... already running"; exit 0;
}
case $DHCPv_OPT in
-4)
## If interfaces or servers are not set, skip starting of dhcrelay
## and return with "program not configured"
if [ -z "$DHCRELAY_INTERFACES" -o -z "$DHCRELAY_SERVERS" ]; then
# service is not configured
exit 6;
fi
DHCRELAY_INTERFACES_ARGS=''
for i in $DHCRELAY_INTERFACES ; do
DHCRELAY_INTERFACES_ARGS="$DHCRELAY_INTERFACES_ARGS -i $i"
done
DHCRELAY_ARGS="$DHCRELAY_OPTIONS $DHCRELAY_INTERFACES_ARGS $DHCRELAY_SERVERS"
;;
-6)
DHCRELAY6_LOWER_INTERFACES_ARGS=''
for l in $DHCRELAY6_LOWER_INTERFACES ; do
test "x$l" = x -o "x$l" = "x-l" && continue
DHCRELAY6_LOWER_INTERFACES_ARGS="$DHCRELAY6_LOWER_INTERFACES_ARGS -l $l"
done
DHCRELAY6_UPPER_INTERFACES_ARGS=''
for u in $DHCRELAY6_UPPER_INTERFACES ; do
test "x$u" = x -o "x$u" = "x-u" && continue
DHCRELAY6_UPPER_INTERFACES_ARGS="$DHCRELAY6_UPPER_INTERFACES_ARGS -u $u"
done
if [ "x$DHCRELAY6_LOWER_INTERFACES_ARGS" = x -o \
"x$DHCRELAY6_UPPER_INTERFACES_ARGS" = x ]; then
# service is not configured
exit 6;
fi
DHCRELAY_ARGS="$DHCRELAY6_OPTIONS $DHCRELAY6_LOWER_INTERFACES_ARGS $DHCRELAY6_UPPER_INTERFACES_ARGS"
;;
esac
## Start daemon with startproc(8). If this fails
## the echo return value is set appropriate.
# startproc should return 0, even if service is
# already running to match LSB spec.
if [ "$2" = "-v" ]; then
echo
echo -n "executing '$DAEMON_BIN $DHCPv_OPT $DHCRELAY_ARGS'"
fi
startproc -q -l $STARTPROC_LOGFILE -p $DAEMON_PIDFILE $DAEMON_BIN $DHCPv_OPT $DHCRELAY_ARGS >/dev/null 2>&1
rc=$?
if ! [ $rc -eq 0 ]; then
## be verbose
echo ""
echo -n " please see $STARTPROC_LOGFILE for details "
## set status to failed
exit 1
fi
;;
stop)
echo -n "Shutting down $DAEMON"
## Stop daemon with killproc(8) and if this fails
## set echo the echo return value.
killproc -p $DAEMON_PIDFILE $DAEMON_BIN
;;
try-restart)
## Do a restart only if the service was active before.
## Note: try-restart is now part of LSB (as of 1.9).
## RH has a similar command named condrestart.
$0 status
if test $? = 0; then
$0 restart
fi
;;
restart)
## Stop the service and regardless of whether it was
## running or not, start it again.
$0 stop
sleep 1
$0 start
;;
force-reload)
## Signal the daemon to reload its config. Most daemons
## do this on signal 1 (SIGHUP).
## If it does not support it, restart.
$0 stop && sleep 1 && $0 start || exit
echo -n "Reload service $DAEMON"
if [ "$SUPPORTS_HUP" = "yes" ] ; then
killproc -p $DAEMON_PIDFILE -HUP $DAEMON_BIN
#touch $DAEMON_PIDFILE
else
$0 stop && $0 start
fi
;;
reload)
## Like force-reload, but if daemon does not support
## signalling, do nothing (!)
if [ "$SUPPORTS_HUP" = "yes" ] ; then
# If it supports signalling:
echo -n "Reload service $DAEMON"
killproc -p $DAEMON_PIDFILE -HUP $DAEMON_BIN
#touch $DAEMON_PIDFILE
else
## Otherwise if it does not support reload:
exit 3
fi
;;
status)
echo -n "Checking for dhcp relay agent: "
## Check status with checkproc(8), if process is running
## checkproc will return with exit status 0.
# Status has a slightly different for the status command:
# 0 - service running
# 1 - service dead, but /run/ pid file exists
# 2 - service dead, but /var/lock/ lock file exists
# 3 - service not running
# NOTE: checkproc returns LSB compliant status values.
checkproc -p $DAEMON_PIDFILE $DAEMON_BIN
;;
probe)
## Optional: Probe for the necessity of a reload,
## give out the argument which is required for a reload.
if [ "$DAEMON_CONF" -nt "$DAEMON_PIDFILE" ]; then
if [ "$SUPPORTS_HUP" = "yes" ]; then
echo reload
else
echo restart
fi
fi
;;
*)
SCRIPT="${SCRIPT:-${0##*/} $DHCPv_OPT}"
echo "Usage: $SCRIPT {start|stop|status|try-restart|restart|force-reload|reload|probe} [-v]"
exit 1
;;
esac

26
dhcrelay.service Normal file
View File

@ -0,0 +1,26 @@
[Unit]
Description=ISC DHCPv4 Relay Agent
Before=multi-user.target
After=remote-fs.target network.target nss-lookup.target time-sync.target ldap.service ndsd.service
[Service]
# added automatically, for details please see
# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
ProtectSystem=full
ProtectHome=true
ProtectKernelTunables=true
ProtectKernelModules=true
ProtectKernelLogs=true
ProtectControlGroups=true
RestrictRealtime=true
# end of automatic additions
Type=forking
Restart=on-abort
ExecStart=@LIBEXECDIR@/dhcp/dhcrelay -4 start
ExecStop=@LIBEXECDIR@/dhcp/dhcrelay -4 stop
PIDFile=/run/dhcrelay.pid
[Install]
WantedBy=multi-user.target
Alias=dhcp-relay.service

25
dhcrelay6.service Normal file
View File

@ -0,0 +1,25 @@
[Unit]
Description=ISC DHCPv6 Relay Agent
Before=multi-user.target
After=remote-fs.target network.target nss-lookup.target time-sync.target ldap.service ndsd.service
[Service]
# added automatically, for details please see
# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
ProtectSystem=full
ProtectHome=true
ProtectKernelTunables=true
ProtectKernelModules=true
ProtectKernelLogs=true
ProtectControlGroups=true
RestrictRealtime=true
# end of automatic additions
Type=forking
Restart=on-abort
ExecStart=@LIBEXECDIR@/dhcp/dhcrelay -6 start
ExecStop=@LIBEXECDIR@/dhcp/dhcrelay -6 stop
[Install]
WantedBy=multi-user.target
Alias=dhcp6-relay.service

BIN
examples.tar.gz (Stored with Git LFS) Normal file

Binary file not shown.

175
if-up.d.dhcpd-restart-hook Normal file
View File

@ -0,0 +1,175 @@
#! /bin/bash
#
# dhcpd-restart-hook - script to restart dhcpd on virtual interfaces
#
# Copyright (C) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# Author(s): Marius Tomaschewski <mt@suse.de>, 2009
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# version 2 as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, see <http://www.gnu.org/licenses/>
#
# Please send feedback via http://www.suse.de/feedback
#
set -e
unset ${!LC_*} LANUGUAGE
export LANG=POSIX
export PATH=/sbin:/usr/sbin:/usr/bin:/bin
SCRIPTNAME=${0##*/}
usage () {
echo "usage: $SCRIPTNAME [<config>] <interface> [-o <options>]"
echo ""
echo "Any options are ignored"
exit $R_USAGE
}
R_INTERNAL=1 # internal error, e.g. no config or missing scripts
cd /etc/sysconfig/network || exit $R_INTERNAL
case $1 in ""|-h|*help*) usage ;; esac
INTERFACE="$1"
if test "x$2" != x -a "x$2" != "x-o" ; then
CONFIG=$INTERFACE
INTERFACE="$2"
shift
else
CONFIG=$INTERFACE
fi
shift
mode=""
args=$(getopt -o "o:" -- "$@")
eval set -- "$args"
while [ $# -gt 0 ]; do
case "$1" in
--) shift; break;;
-o) mode="$2"; shift;;
esac
shift
done
. /etc/sysconfig/network/config
if test -f /etc/sysconfig/network/scripts/functions ; then
. /etc/sysconfig/network/scripts/functions
fi
. /etc/sysconfig/dhcpd 2>/dev/null
. /etc/sysconfig/network/ifcfg-"$CONFIG" 2>/dev/null || true
: ${DHCPD_IFUP_RESTART:=auto}
: ${DHCPD6_IFUP_RESTART:=auto}
iface_needs_restart()
{
test -d /sys/class/net/$1/bridge -o \
-d /sys/class/net/$1/bonding -o \
-f /proc/net/vlan/$1
}
dhcpv4_server_restart()
{
#
# don't do anything if we are disabled either
# in the /etc/sysconfig/dhcpd or per interface
# in the /etc/sysconfig/network/ifcfg-"$CONFIG"
#
test "$DHCPD_IFUP_RESTART" = no && return 0
# don't restart for loopback interface
case $INTERFACE in (lo) return 0 ;; esac
restart_needed=$DHCPD_IFUP_RESTART
if test -n "$DHCPD_INTERFACE" \
-a "$restart_needed" != yes ;
then
for I in $DHCPD_INTERFACE ; do
test -n "$I" || continue
# don't restart when _one_ involved
# interface is not available/up yet
is_iface_up $I || return 0
# check if this interface is involved
if test "$I" = "$INTERFACE" ; then
# check if a restart is needed
if iface_needs_restart $I ; then
restart_needed=yes
fi
fi
done
fi
if test "$restart_needed" = yes ; then
if test "`/usr/bin/systemctl --value -p SubState show dhcpd.service`" = "running"; then
/usr/bin/systemctl restart dhcpd.service
fi
fi
}
dhcpv6_server_restart()
{
#
# don't do anything if we are disabled either
# in the /etc/sysconfig/dhcpd or per interface
# in the /etc/sysconfig/network/ifcfg-"$CONFIG"
#
test "$DHCPD6_IFUP_RESTART" = no && return 0
# don't restart for loopback interface
case $INTERFACE in (lo) return 0 ;; esac
restart_needed=$DHCPD6_IFUP_RESTART
if test -n "$DHCPD6_INTERFACE" \
-a "$restart_needed" != yes ;
then
for I in $DHCPD6_INTERFACE ; do
test -n "$I" || continue
# don't restart when _one_ involved
# interface is not available/up yet
is_iface_up $I || return 0
# check if this interface is involved
if test "$I" = "$INTERFACE" ; then
# check if a restart is needed
if iface_needs_restart $I ; then
restart_needed=yes
fi
fi
done
fi
if test "$restart_needed" = yes ; then
if test "`/usr/bin/systemctl --value -p SubState show dhcpd6.service`" = "running"; then
/usr/bin/systemctl restart dhcpd6.service
fi
fi
}
case "$mode" in
*-up*)
dhcpv4_server_restart
dhcpv6_server_restart
;;
*-down*)
# don't do anything
;;
*)
echo "$SCRIPTNAME: don't know what to do" >&2
;;
esac

11
slp.reg.d.dhcp.reg Normal file
View File

@ -0,0 +1,11 @@
#############################################################################
#
# OpenSLP registration file
#
# register dhcp service daemon
#
#############################################################################
service:dhcp://$HOSTNAME:67,en,65535
watch-port-udp=67
description=DHCP Service

184
sysconfig.dhcpd Normal file
View File

@ -0,0 +1,184 @@
## Path: Network/DHCP/DHCP server
## Description: DHCPv4 server settings
## Type: string
## Default: ""
## ServiceRestart: dhcpd
#
# Interface(s) for the DHCPv4 server to listen on.
#
# A special keyword is ANY, it will cause dhcpd to autodetect available
# interfaces.
#
# Examples: DHCPD_INTERFACE="eth0 eth1 eth2"
# DHCPD_INTERFACE="ANY"
#
DHCPD_INTERFACE=""
## Path: Network/DHCP/DHCP server
## Description: DHCPv6 server settings
## Type: string
## Default: ""
## ServiceRestart: dhcpd6
#
# Interface(s) for the DHCPv6 server to listen on.
#
# A special keyword is ANY, it will cause dhcpd to autodetect available
# interfaces.
#
# Examples: DHCPD6_INTERFACE="eth0 eth1 eth2"
# DHCPD6_INTERFACE="ANY"
#
DHCPD6_INTERFACE=""
## Type: list(yes,no,auto,)
## Default:
## Description: Restart dhcpv4 server when interface goes up (again)
#
# When the dhcp server is listening on a virtual interface, e.g. bridge,
# bonding or vlan, and this interface gets deleted and recreated during
# a network restart, dhcpd will stop answering requests on this interface
# and needs a restart as well.
# Begining with SLE-10 SP3, we install an if-up.d post script (see ifup(8)
# and also ifservices(5)), enabled in auto mode by default. This variable
# can be used to force or avoid the dhcp server restart:
#
# no: do not restart dhcpd
# yes: force a dhcp server restart
# auto: (default) restart for virtual interfaces (bond,bridge,vlan) when
# all interfaces used in DHCPD_INTERFACE variable are up as well.
#
# Except of this global setting, the variable can be specified per interface
# in the interface configurations (/etc/sysconfig/network/ifcfg-$name).
#
DHCPD_IFUP_RESTART=""
## Type: list(yes,no,auto,)
## Default:
## Description: Restart dhcpv6 server when interface goes up (again)
#
# When the dhcp server is listening on a virtual interface, e.g. bridge,
# bonding or vlan, and this interface gets deleted and recreated during
# a network restart, dhcpd will stop answering requests on this interface
# and needs a restart as well.
# Begining with SLE-10 SP3, we install an if-up.d post script (see ifup(8)
# and also ifservices(5)), enabled in auto mode by default. This variable
# can be used to force or avoid the dhcp server restart:
#
# no: do not restart dhcpd
# yes: force a dhcp server restart
# auto: (default) restart for virtual interfaces (bond,bridge,vlan) when
# all interfaces used in DHCPD_INTERFACE variable are up as well.
#
# Except of this global setting, the variable can be specified per interface
# in the interface configurations (/etc/sysconfig/network/ifcfg-$name).
#
DHCPD6_IFUP_RESTART=""
## Type: yesno
## Default: yes
## ServiceRestart: dhcpd
#
# Shall the DHCP server dhcpd run in a chroot jail (/var/lib/dhcp)?
#
# Each time you start dhcpd with the init script, /etc/dhcpd.conf
# will be copied to /var/lib/dhcp/etc/.
#
# Some files that are important for hostname to IP address resolution
# (/etc/{gai.conf,nsswitch.conf,resolv.conf,host.conf,hosts,localtime},
# /lib/lib{resolv.so.*,libnss_*.so.*,libpthread.so.0,libdl.so.2}) will
# also be copied to the chroot jail by the init script when you start
# it (less than 1MB altogether).
#
# The pid file will be in /var/lib/dhcp/var/run/dhcpd.pid.
#
DHCPD_RUN_CHROOTED="yes"
## Type: yesno
## Default: yes
## ServiceRestart: dhcpd6
#
# Shall the DHCP server dhcpd run in a chroot jail (/var/lib/dhcp6)?
#
# Each time you start dhcpd with the init script, /etc/dhcpd6.conf
# will be copied to /var/lib/dhcp6/etc/.
#
# Some files that are important for hostname to IP address resolution
# (/etc/{gai.conf,nsswitch.conf,resolv.conf,host.conf,hosts,localtime},
# /lib/lib{resolv.so.*,libnss_*.so.*,libpthread.so.0,libdl.so.2}) will
# also be copied to the chroot jail by the init script when you start
# it (less than 1MB altogether).
#
# The pid file will be in /var/lib/dhcp6/var/run/dhcpd.pid.
#
DHCPD6_RUN_CHROOTED="yes"
## Type: string
## Default: "/etc/dhcpd.d"
## ServiceRestart: dhcpd
#
# Since version 3, dhcpd.conf can contain include statements.
# If you enter the names of any include files here, _all_ conf
# files will be copied to $chroot/etc/, when dhcpd is started in the
# chroot jail. (/etc/dhcpd.conf is always copied.)
#
# For your convenience, you can also specify entire directories,
# that will be copied inclusive subdirectories. The /etc/dhcpd.d
# directory will be copied by default when it exists.
#
# Example: "/etc/foo.bar.conf /etc/dhcpd.bootp-clients.conf"
#
DHCPD_CONF_INCLUDE_FILES="/etc/dhcpd.d"
## Type: string
## Default: "/etc/dhcpd.d"
## ServiceRestart: dhcpd6
#
# Since version 3, dhcpd.conf can contain include statements.
# If you enter the names of any include files here, _all_ conf
# files will be copied to $chroot/etc/, when dhcpd is started in
# the chroot jail. (/etc/dhcpd6.conf is always copied.)
#
# For your convenience, you can also specify entire directories,
# that will be copied inclusive subdirectories. The /etc/dhcpd6.d
# directory will be copied by default when it exists.
#
# Example: "/etc/foo.bar.conf /etc/dhcpd6.bootp-clients.conf"
#
DHCPD6_CONF_INCLUDE_FILES="/etc/dhcpd6.d"
## Type: string
## Default: "dhcpd"
## ServiceRestart: dhcpd
#
# Leave empty or enter "root" to let dhcpd run as root.
# Enter "dhcpd" to run dhcpd as user 'dhcpd'.
#
DHCPD_RUN_AS="dhcpd"
## Type: string
## Default: "dhcpd"
## ServiceRestart: dhcpd6
#
# Leave empty or enter "root" to let dhcpd run as root.
# Enter "dhcpd" to run dhcpd as user 'dhcpd'.
#
DHCPD6_RUN_AS="dhcpd"
## Type: string
## Default: ""
## ServiceRestart: dhcpd
#
# Other arguments that you want dhcpd to be started with
# (e.g. "-p 1234" for a non-standard port to listen on)
#
DHCPD_OTHER_ARGS=""
## Type: string
## Default: ""
## ServiceRestart: dhcpd6
#
# Other arguments that you want dhcpd to be started with
# (e.g. "-p 1234" for a non-standard port to listen on)
#
DHCPD6_OTHER_ARGS=""

59
sysconfig.dhcrelay Normal file
View File

@ -0,0 +1,59 @@
## Path: Network/DHCP/DHCP Relay agent
## Description: Configuration file for DHCP relay agent
## Type: string
## Default: ""
## ServiceRestart: dhcrelay
#
# Interface(s) for DHCPv4 relay agent to listen on
#
# Example: DHCPD_INTERFACE="eth0 eth1 eth2 wlan0"
#
DHCRELAY_INTERFACES=""
## Type: string
## Default: ""
## ServiceRestart: dhcrelay
#
# DHCPv4 servers to be used by DHCPv4 relay agent
# (separated by spaces, e.g. "192.168.0.11 191.168.0.12")
#
DHCRELAY_SERVERS=""
## Type: string
## Default: ""
## ServiceRestart: dhcrelay
#
# Additional DHCPv4 relay start options
# Example: "-c 8"
#
DHCRELAY_OPTIONS=""
## Type: string
## Default: ""
## ServiceRestart: dhcrelay6
#
# Specifies the ``lower'' client link network interfaces for DHCPv6
# relay -- separated by spaces.
# The format of the lower interface is: "[address%]ifname[#index]".
#
DHCRELAY6_LOWER_INTERFACES=""
## Type: string
## Default: ""
## ServiceRestart: dhcrelay6
#
# Specifies the ``upper'' server link network interfaces for DHCPv6
# relay -- separated by spaces.
# The format of the upper interface is "[address%]ifname".
#
DHCRELAY6_UPPER_INTERFACES=""
## Type: string
## Default: ""
## ServiceRestart: dhcrelay6
#
# Additional DHCPv6 relay start options
# Example: "-c 8 -I"
#
DHCRELAY6_OPTIONS=""

26
sysconfig.syslog-dhcpd Normal file
View File

@ -0,0 +1,26 @@
## Type: string
## Default: "/var/lib/dhcp/dev/log"
## ServiceRestart: syslog
#
# The filename mentioned here will be added with the "-a ..." option as
# additional socket via SYSLOGD_PARAMS when syslogd is started or used
# to generate an include file for another syslog daemons.
#
# This additional socket is needed in case that syslogd is restarted.
# Otherwise a chrooted dhcpd won't be able to continue logging.
#
SYSLOGD_ADDITIONAL_SOCKET_DHCP="/var/lib/dhcp/dev/log"
## Type: string
## Default: "/var/lib/dhcp6/dev/log"
## ServiceRestart: syslog
#
# The filename mentioned here will be added with the "-a ..." option as
# additional socket via SYSLOGD_PARAMS when syslogd is started or used
# to generate an include file for another syslog daemons.
#
# This additional socket is needed in case that syslogd is restarted.
# Otherwise a chrooted dhcpd won't be able to continue logging.
#
SYSLOGD_ADDITIONAL_SOCKET_DHCP6="/var/lib/dhcp6/dev/log"