rpm/dhcp
SHA256
1
0
Fork 0
forked from pool/dhcp
Code Pull Requests Activity

- Updated to ISC dhcp-4.2.2 release, providing two security fixes

Browse Source 
(CVE-2011-2748,CVE-2011-2749,[ISC-Bugs #24960],bnc#712653), that
  allowed remote attackers to cause a denial of service (a daemon
  exit) via crafted BOOTP packets. Further also DNS update fix to
  detect overlapping pools or misconfigured fixed-address entries,
  that caused a server crash during DNS update and other fixes.
  For a complete list, please see the RELNOTES file provided in
  the package and also available online at http://www.isc.org/.
- Merged/adopted dhclient option-checks, send-hostname-rml, ldap
  patch, xen-checksum, close-on-exec patches and removed obsolete
  in6_pktinfo-prototype and relay-no-ip-on-interface patches.
- Moved server pid files into chroot directory even chroot is
  not used and create a link in /var/run, so it can write one
  when started as user without chroot and avoid stop problems
  when the chroot sysconfig setting changed (bnc#712438).
- Disabled log-info level messages in dhclient(6) quiet mode to
  avoid excessive logging of non-critical messages (bnc#711420).
- Fixed dhclient-script to not remove alias IP when it didn't
  changed to not wipe out iptables connmark when renewing the
  lease (bnc#700771). Thanks to James Carter for the patch.
- Fixed DDNS-howto.txt reference in the config file; it has been
  moved to the dhcp-doc package (bnc#697279).
- Removed GPL licensed files (bind-*/contrib/dbus) from bind.tgz
  to ensure, they're not used to build non-GPL dhcp (bnc#714004).
- Changed to apply strict-aliasing/RELRO for >= 12.x only

OBS-URL: https://build.opensuse.org/package/show/network:dhcp/dhcp?expand=0&rev=75
This commit is contained in:
Marius Tomaschewski
2011-08-29 15:37:53 +00:00
committed by Git OBS Bridge
parent 538b3bfcf1
commit 209e98a28b
19 changed files with 453 additions and 393 deletions
Download Patch File Download Diff File Expand all files Collapse all files

69
rc.dhcpd
View File

@@ -59,6 +59,11 @@ DAEMON_BIN=${DHCPD_BINARY:=/usr/sbin/dhcpd}
DAEMON_CONF=/etc/dhcpd.conf
DAEMON_STATE=/var/lib/dhcp
DAEMON_LEASES=dhcpd.leases
# note: $DAEMON_PIDFILE is a symlink to the
# $DAEMON_STATE$DAEMON_PIDFILE (also
# while DHCPD_RUN_CHROOTED=no) now,
# as DHCPD_RUN_AS is not allowed to
# create pid files in /var/run.
DAEMON_PIDFILE=/var/run/dhcpd.pid
STARTPROC_LOGFILE=/var/log/rc.dhcpd.log
LDAP_CONF=/etc/openldap/ldap.conf
@@ -128,7 +133,7 @@ fi
# remove empty pid files to avoid disturbing warnings by checkproc/killproc
# (these can occur if dhcpd does not start correctly)
test -e $DAEMON_PIDFILE && ! test -s $DAEMON_PIDFILE && rm $DAEMON_PIDFILE
test -e $CHROOT_PREFIX/$DAEMON_PIDFILE && ! test -s $CHROOT_PREFIX/$DAEMON_PIDFILE && rm $CHROOT_PREFIX/$DAEMON_PIDFILE
test -e $DAEMON_STATE/$DAEMON_PIDFILE && ! test -s $DAEMON_STATE/$DAEMON_PIDFILE && rm $DAEMON_STATE/$DAEMON_PIDFILE
case "$1" in
start)
@@ -240,33 +245,33 @@ case "$1" in
## the chroot jail. Therefore, and old pid file may exist. This is only a problem if it
## incidentally contains the pid of a running process. If this process is not a 'dhcpd',
## we remove the pid. (dhcpd itself only checks whether the pid is alive or not.)
if test -e $CHROOT_PREFIX/$DAEMON_PIDFILE -a -s $CHROOT_PREFIX/$DAEMON_PIDFILE; then
p=$(<$CHROOT_PREFIX/$DAEMON_PIDFILE)
if test -s $DAEMON_STATE/$DAEMON_PIDFILE; then
p=$(<$DAEMON_STATE/$DAEMON_PIDFILE)
if test -n "$p" && grep -qsE "^${DAEMON_BIN}" "/proc/$p/cmdline" ; then
echo -n '(already running) '
else
rm $CHROOT_PREFIX/$DAEMON_PIDFILE
rm -f $DAEMON_STATE/$DAEMON_PIDFILE
fi
fi
PID_FILE_ARG="$DAEMON_PIDFILE"
else
DHCPD_ARGS="-lf ${DAEMON_STATE}/db/$DAEMON_LEASES"
PID_FILE_ARG="$DAEMON_STATE$DAEMON_PIDFILE"
fi
if [ -n "$DHCPD_RUN_AS" ]; then
DHCPD_RUN_AS_GROUP="$(getent group $(getent passwd $DHCPD_RUN_AS | cut -d: -f4) | cut -d: -f1)"
DHCPD_ARGS="$DHCPD_ARGS -user $DHCPD_RUN_AS -group $DHCPD_RUN_AS_GROUP"
if test "$DHCPD_RUN_CHROOTED" = "yes" ; then
chown "${DHCPD_RUN_AS}:${DHCPD_RUN_AS_GROUP}" \
"$CHROOT_PREFIX/${DAEMON_PIDFILE%/*}"
fi
chown "${DHCPD_RUN_AS}:${DHCPD_RUN_AS_GROUP}" \
"$DAEMON_STATE/${DAEMON_PIDFILE%/*}"
fi
## check syntax with -t (output to log file) and start only when the syntax is okay
rm -f $STARTPROC_LOGFILE # start log
error=0
if ! $DAEMON_BIN $DHCPDv_OPT -t -cf $CHROOT_PREFIX/$DAEMON_CONF -pf $DAEMON_PIDFILE > $STARTPROC_LOGFILE 2>&1 ; then
if ! $DAEMON_BIN $DHCPDv_OPT -t -cf $CHROOT_PREFIX/$DAEMON_CONF -pf $PID_FILE_ARG > $STARTPROC_LOGFILE 2>&1 ; then
error=1
else
## Start daemon. If this fails the return value is set appropriate.
@@ -274,19 +279,20 @@ case "$1" in
## to match the LSB spec.
test "$2" = "-v" && echo -en \
"\nexecuting '$DAEMON_BIN $DHCPDv_OPT -cf $DAEMON_CONF -pf $DAEMON_PIDFILE $DHCPD_ARGS $DHCPD_OTHER_ARGS $DHCPD_INTERFACE'"
"\nexecuting '$DAEMON_BIN $DHCPDv_OPT -cf $DAEMON_CONF -pf $PID_FILE_ARG $DHCPD_ARGS $DHCPD_OTHER_ARGS $DHCPD_INTERFACE'"
$DAEMON_BIN $DHCPDv_OPT -cf $DAEMON_CONF -pf $DAEMON_PIDFILE $DHCPD_ARGS $DHCPD_OTHER_ARGS $DHCPD_INTERFACE &> $STARTPROC_LOGFILE
$DAEMON_BIN $DHCPDv_OPT -cf $DAEMON_CONF -pf $PID_FILE_ARG $DHCPD_ARGS $DHCPD_OTHER_ARGS $DHCPD_INTERFACE &> $STARTPROC_LOGFILE
ret=$?
fi
if [ $error -gt 0 -o ${ret:-0} -gt 0 ]; then
## be verbose
echo ""
echo -n " please see $STARTPROC_LOGFILE for details ";
echo -n " please see $STARTPROC_LOGFILE for details "
## set status to failed
rc_failed
else
ln -sf "$DAEMON_STATE$DAEMON_PIDFILE" "$DAEMON_PIDFILE"
[ "$DHCPD_RUN_CHROOTED" = "yes" ] && echo -n "[chroot]" || :
fi
@@ -296,14 +302,29 @@ case "$1" in
stop)
echo -n "Shutting down $DAEMON "
# Catch the case where daemon is running without chroot,
# but sysconfig/dhcp has been changed to use chroot (and
# another way around).
# In this case is there is no $chroot/$pidfile, but there
# should be a /pidfile that we use instead.
# We can not kill without pid file or dhcp4 kills dhcp6.
PID_FILE="$DAEMON_STATE$DAEMON_PIDFILE"
if test "$DHCPD_RUN_CHROOTED" = "yes" ; then
if test ! -s "$DAEMON_STATE$DAEMON_PIDFILE" -a \
-s "$DAEMON_PIDFILE" ; then
PID_FILE="$DAEMON_PIDFILE"
fi
else
if test ! -s "$DAEMON_PIDFILE" -a \
-s "$DAEMON_STATE$DAEMON_PIDFILE" ; then
PID_FILE="$DAEMON_STATE$DAEMON_PIDFILE"
fi
fi
## Stop daemon with killproc(8) and if this fails
## set echo the echo return value.
killproc -p $CHROOT_PREFIX/$DAEMON_PIDFILE $DAEMON_BIN
killproc -p "$PID_FILE" $DAEMON_BIN
ret=$?
if test -s $CHROOT_PREFIX/$DAEMON_PIDFILE; then
kill $(<$CHROOT_PREFIX/$DAEMON_PIDFILE) 2>/dev/null
fi
# umount proc and remove libraries from the chroot jail,
# so they are not left over if the server is deinstalled
@@ -347,8 +368,8 @@ case "$1" in
echo -n "Reload service $DAEMON"
if [ "$SUPPORTS_HUP" = "yes" ]; then
killproc -p $CHROOT_PREFIX/$DAEMON_PIDFILE -HUP $DAEMON_BIN
#touch $CHROOT_PREFIX/$DAEMON_PIDFILE
killproc -p $DAEMON_STATE/$DAEMON_PIDFILE -HUP $DAEMON_BIN
#touch $DAEMON_STATE/$DAEMON_PIDFILE
rc_status -v
else
$0 stop && sleep 3 && $0 start
@@ -362,8 +383,8 @@ case "$1" in
echo -n "Reload service $DAEMON"
if [ "$SUPPORTS_HUP" = "yes" ]; then
# If it supports signalling:
killproc -p $CHROOT_PREFIX/$DAEMON_PIDFILE -HUP $DAEMON_BIN
#touch $CHROOT_PREFIX/$DAEMON_PIDFILE
killproc -p $DAEMON_STATE/$DAEMON_PIDFILE -HUP $DAEMON_BIN
#touch $DAEMON_STATE/$DAEMON_PIDFILE
rc_status -v
else
## Otherwise if it does not support reload:
@@ -383,7 +404,7 @@ case "$1" in
# 3 - service not running
# NOTE: checkproc returns LSB compliant status values.
checkproc -p $CHROOT_PREFIX/$DAEMON_PIDFILE $DAEMON_BIN
checkproc -p $DAEMON_STATE/$DAEMON_PIDFILE $DAEMON_BIN
rc_status -v
;;
probe)
@@ -392,7 +413,7 @@ case "$1" in
rc=0
for i in /etc/sysconfig/dhcpd $DAEMON_CONF $DHCPD_CONF_INCLUDE_FILES; do
test $i -nt $CHROOT_PREFIX/$DAEMON_PIDFILE && rc=1
test $i -nt $DAEMON_STATE/$DAEMON_PIDFILE && rc=1
done
test $rc = 1 && echo restart
;;