rpm/dhcp
SHA256
1
0
Fork 0
forked from pool/dhcp
Code Pull Requests Activity

- Updated to ISC dhcp-4.2.2 release, providing two security fixes

Browse Source 
(CVE-2011-2748,CVE-2011-2749,[ISC-Bugs #24960],bnc#712653), that
  allowed remote attackers to cause a denial of service (a daemon
  exit) via crafted BOOTP packets. Further also DNS update fix to
  detect overlapping pools or misconfigured fixed-address entries,
  that caused a server crash during DNS update and other fixes.
  For a complete list, please see the RELNOTES file provided in
  the package and also available online at http://www.isc.org/.
- Merged/adopted dhclient option-checks, send-hostname-rml, ldap
  patch, xen-checksum, close-on-exec patches and removed obsolete
  in6_pktinfo-prototype and relay-no-ip-on-interface patches.
- Moved server pid files into chroot directory even chroot is
  not used and create a link in /var/run, so it can write one
  when started as user without chroot and avoid stop problems
  when the chroot sysconfig setting changed (bnc#712438).
- Disabled log-info level messages in dhclient(6) quiet mode to
  avoid excessive logging of non-critical messages (bnc#711420).
- Fixed dhclient-script to not remove alias IP when it didn't
  changed to not wipe out iptables connmark when renewing the
  lease (bnc#700771). Thanks to James Carter for the patch.
- Fixed DDNS-howto.txt reference in the config file; it has been
  moved to the dhcp-doc package (bnc#697279).
- Removed GPL licensed files (bind-*/contrib/dbus) from bind.tgz
  to ensure, they're not used to build non-GPL dhcp (bnc#714004).
- Changed to apply strict-aliasing/RELRO for >= 12.x only

OBS-URL: https://build.opensuse.org/package/show/network:dhcp/dhcp?expand=0&rev=75
This commit is contained in:
Marius Tomaschewski 2011-08-29 15:37:53 +00:00 committed by Git OBS Bridge
parent 538b3bfcf1
commit 209e98a28b
19 changed files with 453 additions and 393 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
dhclient-script
View File

@ -400,8 +400,8 @@ ARPCHECK|ARPSEND)
BOUND|RENEW|REBIND|REBOOT) BOUND|RENEW|REBIND|REBOOT)
#################################################################### ####################################################################
if [ x$old_ip_address != x -a x$alias_ip_address != x ] && \ if [ x$alias_ip_address != x -a x$alias_ip_address != x$old_ip_address -a \
[ x$alias_ip_address != x$old_ip_address ] ; x$new_ip_address != x$old_ip_address ] ;
then then
# Possible new alias. Remove old alias. # Possible new alias. Remove old alias.
/sbin/ip addr del $alias_ip_address/$alias_subnet_mask dev $interface /sbin/ip addr del $alias_ip_address/$alias_subnet_mask dev $interface
@ -426,7 +426,8 @@ BOUND|RENEW|REBIND|REBOOT)
set_ipv4_routes set_ipv4_routes
fi fi
if [ x$new_ip_address != x$alias_ip_address -a x$alias_ip_address != x ]; if [ x$new_ip_address != x$alias_ip_address -a x$alias_ip_address != x \
-a x$new_ip_address != x$old_ip_address ];
then then
/sbin/ip addr add $alias_ip_address/$alias_subnet_mask \ /sbin/ip addr add $alias_ip_address/$alias_subnet_mask \
dev $interface dev $interface

31
dhcp-4.1.1-P1-relay-no-ip-on-interface.diff
View File

@ -1,31 +0,0 @@
From 4509d956715297469469ab0e207c2641f521470d Mon Sep 17 00:00:00 2001
From: Marius Tomaschewski <mt@suse.de>
Date: Fri, 29 Oct 2010 18:49:06 +0200
Subject: [PATCH] dhcp-4.1.1-P1-relay-no-ip-on-interface
Fix for a dhcrelay segfault while receiving packets on interfaces
without any IPv4 address assigned (bnc#631305, [ISC-Bugs #22409]).
Signed-off-by: Marius Tomaschewski <mt@suse.de>
---
relay/dhcrelay.c | 4 ++++
1 files changed, 4 insertions(+), 0 deletions(-)
diff --git a/relay/dhcrelay.c b/relay/dhcrelay.c
index 11676ae..c375c83 100644
--- a/relay/dhcrelay.c
+++ b/relay/dhcrelay.c
@@ -565,6 +565,10 @@ do_relay4(struct interface_info *ip, struct dhcp_packet *packet,
log_info("Discarding packet with invalid hlen.");
return;
}
+ if (ip->address_count < 1 || ip->addresses == NULL) {
+ log_info("Discarding packet from interface without IP address");
+ return;
+ }
/* Find the interface that corresponds to the giaddr
in the packet. */
--
1.7.1

21
dhcp-4.1.1-in6_pktinfo-prototype.diff
View File

@ -1,21 +0,0 @@
diff --git a/common/socket.c b/common/socket.c
index 036f7ae..6f56740 100644
--- a/common/socket.c
+++ b/common/socket.c
@@ -40,11 +40,16 @@
* I have implemented it under Linux; other systems should be doable also.
*/
+#ifndef _GNU_SOURCE
+#define _GNU_SOURCE
+#endif
#include "dhcpd.h"
#include <errno.h>
#include <sys/ioctl.h>
#include <sys/uio.h>
#include <sys/uio.h>
+#include <netinet/in.h> /* for struct in6_pktinfo, with glibc >= 2.10.1
+ _GNU_SOURCE required to enable it */
#ifdef USE_SOCKET_FALLBACK
# if !defined (USE_SOCKET_SEND)

77
dhcp-4.2.1-P1-dhclient-option-checks.bnc675052.diff
View File

@ -1,77 +0,0 @@
From 7c0b7ae289a0f25853bd4bb660f3dd34b5c1ce88 Mon Sep 17 00:00:00 2001
From: Marius Tomaschewski <mt@suse.de>
Date: Wed, 27 Apr 2011 13:56:47 +0200
Subject: [PATCH] dhclient string option checks
Merged dhclient pretty escape and string option checks.
Use relaxed domain-name option check causing a regression, when the
server is misusing it to provide a domain list and does not provide
it via the domain-search option; pretty escape semicolon as well
(bnc#675052, CVE-2011-0997).
Signed-off-by: Marius Tomaschewski <mt@suse.de>
---
client/dhclient.c | 8 ++++----
common/options.c | 2 +-
2 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/client/dhclient.c b/client/dhclient.c
index 970b935..93db494 100644
--- a/client/dhclient.c
+++ b/client/dhclient.c
@@ -3142,7 +3142,7 @@ void script_write_params (client, prefix, lease)
} else {
log_error("suspect value in %s "
"option - discarded",
- lease->filename);
+ "filename");
}
}
@@ -3155,7 +3155,7 @@ void script_write_params (client, prefix, lease)
} else {
log_error("suspect value in %s "
"option - discarded",
- lease->server_name);
+ "server-name");
}
}
@@ -4077,7 +4077,7 @@ static int check_domain_name(const char *ptr, size_t len, int dots)
const char *p;
/* not empty or complete length not over 255 characters */
- if ((len == 0) || (len > 256))
+ if ((len == 0) || (len >= 256))
return(-1);
/* consists of [[:alnum:]-]+ labels separated by [.] */
@@ -4140,11 +4140,11 @@ static int check_option_values(struct universe *universe,
if ((universe == NULL) || (universe == &dhcp_universe)) {
switch(opt) {
case DHO_HOST_NAME:
- case DHO_DOMAIN_NAME:
case DHO_NIS_DOMAIN:
case DHO_NETBIOS_SCOPE:
return check_domain_name(ptr, len, 0);
break;
+ case DHO_DOMAIN_NAME: /* accept a list for compatibiliy */
case DHO_DOMAIN_SEARCH:
return check_domain_name_list(ptr, len, 0);
break;
diff --git a/common/options.c b/common/options.c
index c26f88c..8b4be65 100644
--- a/common/options.c
+++ b/common/options.c
@@ -3916,7 +3916,7 @@ pretty_escape(char **dst, char *dend, const unsigned char **src,
}
} else if (**src == '"' || **src == '\'' || **src == '$' ||
**src == '`' || **src == '\\' || **src == '|' ||
- **src == '&') {
+ **src == '&' || **src == ';') {
if (*dst + 2 > dend)
return -1;
--
1.7.3.4

3
dhcp-4.2.1-P1-ldap-patch-mt01.diff.bz2
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:6f1458dc06686ad2c80111f09d1ffc61f0f7feecbd9e693bdc55904a35708608
size 11461

3
dhcp-4.2.1-P1.tar.bz2
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:cb8e19d01c5ab5de1da759c3fb34e4967e863e78c8d6106d2cbb0ffeaa80df76
size 8659247

186
dhcp-4.2.0-CLOEXEC.patch → dhcp-4.2.2-close-on-exec.diff
View File

@ -1,6 +1,8 @@
--- client/clparse.c.orig diff --git a/client/clparse.c b/client/clparse.c
+++ client/clparse.c index 9de4ce2..ca24ba6 100644
@@ -210,7 +210,7 @@ int read_client_conf_file (const char *n --- a/client/clparse.c
+++ b/client/clparse.c
@@ -220,7 +220,7 @@ int read_client_conf_file (const char *name, struct interface_info *ip,
int token; int token;
isc_result_t status; isc_result_t status;
@ -9,7 +11,7 @@
return uerr2isc (errno); return uerr2isc (errno);
cfile = NULL; cfile = NULL;
@@ -247,7 +247,7 @@ void read_client_leases () @@ -257,7 +257,7 @@ void read_client_leases ()
/* Open the lease file. If we can't open it, just return - /* Open the lease file. If we can't open it, just return -
we can safely trust the server to remember our state. */ we can safely trust the server to remember our state. */
@ -18,9 +20,11 @@
return; return;
cfile = NULL; cfile = NULL;
--- client/dhclient.c.orig diff --git a/client/dhclient.c b/client/dhclient.c
+++ client/dhclient.c index 82c26bb..a1cab01 100644
@@ -127,11 +127,11 @@ main(int argc, char **argv) { --- a/client/dhclient.c
+++ b/client/dhclient.c
@@ -131,11 +131,11 @@ main(int argc, char **argv) {
/* Make sure that file descriptors 0 (stdin), 1, (stdout), and /* Make sure that file descriptors 0 (stdin), 1, (stdout), and
2 (stderr) are open. To do this, we assume that when we 2 (stderr) are open. To do this, we assume that when we
open a file the lowest available file descriptor is used. */ open a file the lowest available file descriptor is used. */
@ -35,7 +39,7 @@
if (fd == 2) if (fd == 2)
log_perror = 0; /* No sense logging to /dev/null. */ log_perror = 0; /* No sense logging to /dev/null. */
else if (fd != -1) else if (fd != -1)
@@ -406,7 +406,7 @@ main(int argc, char **argv) { @@ -423,7 +423,7 @@ main(int argc, char **argv) {
int e; int e;
oldpid = 0; oldpid = 0;
@ -44,7 +48,7 @@
e = fscanf(pidfd, "%ld\n", &temp); e = fscanf(pidfd, "%ld\n", &temp);
oldpid = (pid_t)temp; oldpid = (pid_t)temp;
@@ -2627,7 +2627,7 @@ void rewrite_client_leases () @@ -2689,7 +2689,7 @@ void rewrite_client_leases ()
if (leaseFile != NULL) if (leaseFile != NULL)
fclose (leaseFile); fclose (leaseFile);
@ -53,7 +57,7 @@
if (leaseFile == NULL) { if (leaseFile == NULL) {
log_error ("can't create %s: %m", path_dhclient_db); log_error ("can't create %s: %m", path_dhclient_db);
return; return;
@@ -2731,7 +2731,7 @@ write_duid(struct data_string *duid) @@ -2799,7 +2799,7 @@ write_duid(struct data_string *duid)
return DHCP_R_INVALIDARG; return DHCP_R_INVALIDARG;
if (leaseFile == NULL) { /* XXX? */ if (leaseFile == NULL) { /* XXX? */
@ -62,7 +66,7 @@
if (leaseFile == NULL) { if (leaseFile == NULL) {
log_error("can't create %s: %m", path_dhclient_db); log_error("can't create %s: %m", path_dhclient_db);
return ISC_R_IOERROR; return ISC_R_IOERROR;
@@ -2779,7 +2779,7 @@ write_client6_lease(struct client_state @@ -2847,7 +2847,7 @@ write_client6_lease(struct client_state *client, struct dhc6_lease *lease,
return DHCP_R_INVALIDARG; return DHCP_R_INVALIDARG;
if (leaseFile == NULL) { /* XXX? */ if (leaseFile == NULL) { /* XXX? */
@ -71,7 +75,7 @@
if (leaseFile == NULL) { if (leaseFile == NULL) {
log_error("can't create %s: %m", path_dhclient_db); log_error("can't create %s: %m", path_dhclient_db);
return ISC_R_IOERROR; return ISC_R_IOERROR;
@@ -2911,7 +2911,7 @@ int write_client_lease (client, lease, r @@ -2979,7 +2979,7 @@ int write_client_lease (client, lease, rewrite, makesure)
return 1; return 1;
if (leaseFile == NULL) { /* XXX */ if (leaseFile == NULL) { /* XXX */
@ -80,7 +84,7 @@
if (leaseFile == NULL) { if (leaseFile == NULL) {
log_error ("can't create %s: %m", path_dhclient_db); log_error ("can't create %s: %m", path_dhclient_db);
return 0; return 0;
@@ -3400,9 +3400,9 @@ void go_daemon () @@ -3472,9 +3472,9 @@ void go_daemon ()
close(2); close(2);
/* Reopen them on /dev/null. */ /* Reopen them on /dev/null. */
@ -93,25 +97,10 @@
write_client_pid_file (); write_client_pid_file ();
@@ -3414,14 +3414,14 @@ void write_client_pid_file () diff --git a/common/bpf.c b/common/bpf.c
FILE *pf; index 8bd5727..7b8f1d4 100644
int pfdesc; --- a/common/bpf.c
+++ b/common/bpf.c
- pfdesc = open (path_dhclient_pid, O_CREAT | O_TRUNC | O_WRONLY, 0644);
+ pfdesc = open (path_dhclient_pid, O_CREAT | O_TRUNC | O_WRONLY | O_CLOEXEC, 0644);
if (pfdesc < 0) {
log_error ("Can't create %s: %m", path_dhclient_pid);
return;
}
- pf = fdopen (pfdesc, "w");
+ pf = fdopen (pfdesc, "we");
if (!pf)
log_error ("Can't fdopen %s: %m", path_dhclient_pid);
else {
--- common/bpf.c.orig
+++ common/bpf.c
@@ -94,7 +94,7 @@ int if_register_bpf (info) @@ -94,7 +94,7 @@ int if_register_bpf (info)
for (b = 0; 1; b++) { for (b = 0; 1; b++) {
/* %Audit% 31 bytes max. %2004.06.17,Safe% */ /* %Audit% 31 bytes max. %2004.06.17,Safe% */
@ -121,9 +110,11 @@
if (sock < 0) { if (sock < 0) {
if (errno == EBUSY) { if (errno == EBUSY) {
continue; continue;
--- common/discover.c.orig diff --git a/common/discover.c b/common/discover.c
+++ common/discover.c index 1d84219..93a278e 100644
@@ -409,7 +409,7 @@ begin_iface_scan(struct iface_conf_list --- a/common/discover.c
+++ b/common/discover.c
@@ -421,7 +421,7 @@ begin_iface_scan(struct iface_conf_list *ifaces) {
int len; int len;
int i; int i;
@ -132,7 +123,7 @@
if (ifaces->fp == NULL) { if (ifaces->fp == NULL) {
log_error("Error opening '/proc/net/dev' to list interfaces"); log_error("Error opening '/proc/net/dev' to list interfaces");
return 0; return 0;
@@ -444,7 +444,7 @@ begin_iface_scan(struct iface_conf_list @@ -456,7 +456,7 @@ begin_iface_scan(struct iface_conf_list *ifaces) {
#ifdef DHCPv6 #ifdef DHCPv6
if (local_family == AF_INET6) { if (local_family == AF_INET6) {
@ -141,9 +132,11 @@
if (ifaces->fp6 == NULL) { if (ifaces->fp6 == NULL) {
log_error("Error opening '/proc/net/if_inet6' to " log_error("Error opening '/proc/net/if_inet6' to "
"list IPv6 interfaces; %m"); "list IPv6 interfaces; %m");
--- common/dlpi.c.orig diff --git a/common/dlpi.c b/common/dlpi.c
+++ common/dlpi.c index b9eb1d3..c044ec6 100644
@@ -808,7 +808,7 @@ dlpiopen(const char *ifname) { --- a/common/dlpi.c
+++ b/common/dlpi.c
@@ -806,7 +806,7 @@ dlpiopen(const char *ifname) {
} }
*dp = '\0'; *dp = '\0';
@ -152,8 +145,10 @@
} }
/* /*
--- common/nit.c.orig diff --git a/common/nit.c b/common/nit.c
+++ common/nit.c index 0da9c36..896cbb6 100644
--- a/common/nit.c
+++ b/common/nit.c
@@ -81,7 +81,7 @@ int if_register_nit (info) @@ -81,7 +81,7 @@ int if_register_nit (info)
struct strioctl sio; struct strioctl sio;
@ -163,8 +158,10 @@
if (sock < 0) if (sock < 0)
log_fatal ("Can't open NIT device for %s: %m", info -> name); log_fatal ("Can't open NIT device for %s: %m", info -> name);
--- common/resolv.c.orig diff --git a/common/resolv.c b/common/resolv.c
+++ common/resolv.c index b29d4cf..d946ccc 100644
--- a/common/resolv.c
+++ b/common/resolv.c
@@ -49,7 +49,7 @@ void read_resolv_conf (parse_time) @@ -49,7 +49,7 @@ void read_resolv_conf (parse_time)
struct domain_search_list *dp, *dl, *nd; struct domain_search_list *dp, *dl, *nd;
isc_result_t status; isc_result_t status;
@ -174,8 +171,10 @@
log_error ("Can't open %s: %m", path_resolv_conf); log_error ("Can't open %s: %m", path_resolv_conf);
return; return;
} }
--- common/upf.c.orig diff --git a/common/upf.c b/common/upf.c
+++ common/upf.c index fff3949..4f9318e 100644
--- a/common/upf.c
+++ b/common/upf.c
@@ -77,7 +77,7 @@ int if_register_upf (info) @@ -77,7 +77,7 @@ int if_register_upf (info)
/* %Audit% Cannot exceed 36 bytes. %2004.06.17,Safe% */ /* %Audit% Cannot exceed 36 bytes. %2004.06.17,Safe% */
sprintf(filename, "/dev/pf/pfilt%d", b); sprintf(filename, "/dev/pf/pfilt%d", b);
@ -185,9 +184,11 @@
if (sock < 0) { if (sock < 0) {
if (errno == EBUSY) { if (errno == EBUSY) {
continue; continue;
--- dst/dst_api.c.orig diff --git a/dst/dst_api.c b/dst/dst_api.c
+++ dst/dst_api.c index 8925c66..fa4eb5f 100644
@@ -437,7 +437,7 @@ dst_s_write_private_key(const DST_KEY *k --- a/dst/dst_api.c
+++ b/dst/dst_api.c
@@ -437,7 +437,7 @@ dst_s_write_private_key(const DST_KEY *key)
PRIVATE_KEY, PATH_MAX); PRIVATE_KEY, PATH_MAX);
/* Do not overwrite an existing file */ /* Do not overwrite an existing file */
@ -196,7 +197,7 @@
int nn; int nn;
if ((nn = fwrite(encoded_block, 1, len, fp)) != len) { if ((nn = fwrite(encoded_block, 1, len, fp)) != len) {
EREPORT(("dst_write_private_key(): Write failure on %s %d != %d errno=%d\n", EREPORT(("dst_write_private_key(): Write failure on %s %d != %d errno=%d\n",
@@ -494,7 +494,7 @@ dst_s_read_public_key(const char *in_nam @@ -494,7 +494,7 @@ dst_s_read_public_key(const char *in_name, const unsigned in_id, int in_alg)
* flags, proto, alg stored as decimal (or hex numbers FIXME). * flags, proto, alg stored as decimal (or hex numbers FIXME).
* (FIXME: handle parentheses for line continuation.) * (FIXME: handle parentheses for line continuation.)
*/ */
@ -205,7 +206,7 @@
EREPORT(("dst_read_public_key(): Public Key not found %s\n", EREPORT(("dst_read_public_key(): Public Key not found %s\n",
name)); name));
return (NULL); return (NULL);
@@ -620,7 +620,7 @@ dst_s_write_public_key(const DST_KEY *ke @@ -620,7 +620,7 @@ dst_s_write_public_key(const DST_KEY *key)
return (0); return (0);
} }
/* create public key file */ /* create public key file */
@ -214,7 +215,7 @@
EREPORT(("DST_write_public_key: open of file:%s failed (errno=%d)\n", EREPORT(("DST_write_public_key: open of file:%s failed (errno=%d)\n",
filename, errno)); filename, errno));
return (0); return (0);
@@ -854,7 +854,7 @@ dst_s_read_private_key_file(char *name, @@ -854,7 +854,7 @@ dst_s_read_private_key_file(char *name, DST_KEY *pk_key, unsigned in_id,
return (0); return (0);
} }
/* first check if we can find the key file */ /* first check if we can find the key file */
@ -223,9 +224,11 @@
EREPORT(("dst_s_read_private_key_file: Could not open file %s in directory %s\n", EREPORT(("dst_s_read_private_key_file: Could not open file %s in directory %s\n",
filename, dst_path[0] ? dst_path : filename, dst_path[0] ? dst_path :
(char *) getcwd(NULL, PATH_MAX - 1))); (char *) getcwd(NULL, PATH_MAX - 1)));
--- dst/prandom.c.orig diff --git a/dst/prandom.c b/dst/prandom.c
+++ dst/prandom.c index 4de3fe4..fbbe07c 100644
@@ -269,7 +269,7 @@ get_dev_random(u_char *output, unsigned --- a/dst/prandom.c
+++ b/dst/prandom.c
@@ -269,7 +269,7 @@ get_dev_random(u_char *output, unsigned size)
s = stat("/dev/random", &st); s = stat("/dev/random", &st);
if (s == 0 && S_ISCHR(st.st_mode)) { if (s == 0 && S_ISCHR(st.st_mode)) {
@ -243,9 +246,11 @@
return (0); return (0);
for (no = 0; (i = fread(buf, sizeof(*buf), sizeof(buf), fp)) > 0; for (no = 0; (i = fread(buf, sizeof(*buf), sizeof(buf), fp)) > 0;
no += i) no += i)
--- omapip/trace.c.orig diff --git a/omapip/trace.c b/omapip/trace.c
+++ omapip/trace.c index 9fd3fb5..9c4e11e 100644
@@ -141,10 +141,10 @@ isc_result_t trace_begin (const char *fi --- a/omapip/trace.c
+++ b/omapip/trace.c
@@ -141,10 +141,10 @@ isc_result_t trace_begin (const char *filename,
return DHCP_R_INVALIDARG; return DHCP_R_INVALIDARG;
} }
@ -258,7 +263,7 @@
0600); 0600);
} }
@@ -431,7 +431,7 @@ void trace_file_replay (const char *file @@ -431,7 +431,7 @@ void trace_file_replay (const char *filename)
isc_result_t result; isc_result_t result;
int len; int len;
@ -267,9 +272,11 @@
if (!traceinfile) { if (!traceinfile) {
log_error("Can't open tracefile %s: %m", filename); log_error("Can't open tracefile %s: %m", filename);
return; return;
--- relay/dhcrelay.c.orig diff --git a/relay/dhcrelay.c b/relay/dhcrelay.c
+++ relay/dhcrelay.c index f21f16f..d2aa90e 100644
@@ -177,11 +177,11 @@ main(int argc, char **argv) { --- a/relay/dhcrelay.c
+++ b/relay/dhcrelay.c
@@ -183,11 +183,11 @@ main(int argc, char **argv) {
/* Make sure that file descriptors 0(stdin), 1,(stdout), and /* Make sure that file descriptors 0(stdin), 1,(stdout), and
2(stderr) are open. To do this, we assume that when we 2(stderr) are open. To do this, we assume that when we
open a file the lowest available file descriptor is used. */ open a file the lowest available file descriptor is used. */
@ -284,24 +291,28 @@
if (fd == 2) if (fd == 2)
log_perror = 0; /* No sense logging to /dev/null. */ log_perror = 0; /* No sense logging to /dev/null. */
else if (fd != -1) else if (fd != -1)
@@ -520,12 +520,12 @@ main(int argc, char **argv) { @@ -540,13 +540,14 @@ main(int argc, char **argv) {
exit(0);
if (no_pid_file == ISC_FALSE) {
pfdesc = open(path_dhcrelay_pid, pfdesc = open(path_dhcrelay_pid,
- O_CREAT | O_TRUNC | O_WRONLY, 0644); - O_CREAT | O_TRUNC | O_WRONLY, 0644);
+ O_CREAT | O_TRUNC | O_WRONLY | O_CLOEXEC, 0644); + O_CREAT | O_TRUNC | O_WRONLY |
+ O_CLOEXEC, 0644);
if (pfdesc < 0) { if (pfdesc < 0) {
log_error("Can't create %s: %m", path_dhcrelay_pid); log_error("Can't create %s: %m",
path_dhcrelay_pid);
} else { } else {
- pf = fdopen(pfdesc, "w"); - pf = fdopen(pfdesc, "w");
+ pf = fdopen(pfdesc, "we"); + pf = fdopen(pfdesc, "we");
if (!pf) if (!pf)
log_error("Can't fdopen %s: %m", log_error("Can't fdopen %s: %m",
path_dhcrelay_pid); path_dhcrelay_pid);
--- server/confpars.c.orig diff --git a/server/confpars.c b/server/confpars.c
+++ server/confpars.c index c0742d4..62568e9 100644
@@ -116,7 +116,7 @@ isc_result_t read_conf_file (const char --- a/server/confpars.c
+++ b/server/confpars.c
@@ -116,7 +116,7 @@ isc_result_t read_conf_file (const char *filename, struct group *group,
} }
#endif #endif
@ -310,8 +321,10 @@
if (leasep) { if (leasep) {
log_error ("Can't open lease database %s: %m --", log_error ("Can't open lease database %s: %m --",
path_dhcpd_db); path_dhcpd_db);
--- server/db.c.orig diff --git a/server/db.c b/server/db.c
+++ server/db.c index dc75321..be5db26 100644
--- a/server/db.c
+++ b/server/db.c
@@ -1035,7 +1035,7 @@ void db_startup (testp) @@ -1035,7 +1035,7 @@ void db_startup (testp)
} }
#endif #endif
@ -339,9 +352,11 @@
log_error("Can't fdopen new lease file: %m"); log_error("Can't fdopen new lease file: %m");
close(db_fd); close(db_fd);
goto fdfail; goto fdfail;
--- server/dhcpd.c.orig diff --git a/server/dhcpd.c b/server/dhcpd.c
+++ server/dhcpd.c index 27e04e4..9233d26 100644
@@ -272,11 +272,11 @@ main(int argc, char **argv) { --- a/server/dhcpd.c
+++ b/server/dhcpd.c
@@ -274,11 +274,11 @@ main(int argc, char **argv) {
/* Make sure that file descriptors 0 (stdin), 1, (stdout), and /* Make sure that file descriptors 0 (stdin), 1, (stdout), and
2 (stderr) are open. To do this, we assume that when we 2 (stderr) are open. To do this, we assume that when we
open a file the lowest available file descriptor is used. */ open a file the lowest available file descriptor is used. */
@ -356,25 +371,25 @@
if (fd == 2) if (fd == 2)
log_perror = 0; /* No sense logging to /dev/null. */ log_perror = 0; /* No sense logging to /dev/null. */
else if (fd != -1) else if (fd != -1)
@@ -800,7 +800,7 @@ main(int argc, char **argv) { @@ -809,7 +809,7 @@ main(int argc, char **argv) {
#endif /* PARANOIA */ */
if (no_pid_file == ISC_FALSE) {
/*Read previous pid file. */ /*Read previous pid file. */
- if ((i = open (path_dhcpd_pid, O_RDONLY)) >= 0) { - if ((i = open (path_dhcpd_pid, O_RDONLY)) >= 0) {
+ if ((i = open (path_dhcpd_pid, O_RDONLY | O_CLOEXEC)) >= 0) { + if ((i = open (path_dhcpd_pid, O_RDONLY | O_CLOEXEC)) >= 0) {
status = read(i, pbuf, (sizeof pbuf) - 1); status = read(i, pbuf, (sizeof pbuf) - 1);
close (i); close (i);
if (status > 0) { if (status > 0) {
@@ -818,7 +818,7 @@ main(int argc, char **argv) { @@ -828,7 +828,7 @@ main(int argc, char **argv) {
} }
/* Write new pid file. */ /* Write new pid file. */
- if ((i = open(path_dhcpd_pid, O_WRONLY|O_CREAT|O_TRUNC, 0644)) >= 0) { - i = open(path_dhcpd_pid, O_WRONLY|O_CREAT|O_TRUNC, 0644);
+ if ((i = open(path_dhcpd_pid, O_WRONLY|O_CREAT|O_TRUNC|O_CLOEXEC, 0644)) >= 0) { + i = open(path_dhcpd_pid, O_WRONLY|O_CREAT|O_TRUNC|O_CLOEXEC, 0644);
if (i >= 0) {
sprintf(pbuf, "%d\n", (int) getpid()); sprintf(pbuf, "%d\n", (int) getpid());
IGNORE_RET (write(i, pbuf, strlen(pbuf))); IGNORE_RET (write(i, pbuf, strlen(pbuf)));
close(i); @@ -856,9 +856,9 @@ main(int argc, char **argv) {
@@ -844,9 +844,9 @@ main(int argc, char **argv) {
close(2); close(2);
/* Reopen them on /dev/null. */ /* Reopen them on /dev/null. */
@ -387,8 +402,10 @@
log_perror = 0; /* No sense logging to /dev/null. */ log_perror = 0; /* No sense logging to /dev/null. */
IGNORE_RET (chdir("/")); IGNORE_RET (chdir("/"));
--- server/ldap.c.orig diff --git a/server/ldap.c b/server/ldap.c
+++ server/ldap.c index 68acbbb..77efe26 100644
--- a/server/ldap.c
+++ b/server/ldap.c
@@ -1098,7 +1098,7 @@ ldap_start (void) @@ -1098,7 +1098,7 @@ ldap_start (void)
if (ldap_debug_file != NULL && ldap_debug_fd == -1) if (ldap_debug_file != NULL && ldap_debug_fd == -1)
@ -398,3 +415,6 @@
S_IRUSR | S_IWUSR)) < 0) S_IRUSR | S_IWUSR)) < 0)
log_error ("Error opening debug LDAP log file %s: %s", ldap_debug_file, log_error ("Error opening debug LDAP log file %s: %s", ldap_debug_file,
strerror (errno)); strerror (errno));
--
1.7.3.4

47
dhcp-4.2.2-dhclient-option-checks.bnc675052.diff Normal file
View File

@ -0,0 +1,47 @@
diff --git a/client/dhclient.c b/client/dhclient.c
index 9fd7ccc..82c26bb 100644
--- a/client/dhclient.c
+++ b/client/dhclient.c
@@ -3251,7 +3251,7 @@ void script_write_params (client, prefix, lease)
} else {
log_error("suspect value in %s "
"option - discarded",
- lease->filename);
+ "filename");
}
}
@@ -3264,7 +3264,7 @@ void script_write_params (client, prefix, lease)
} else {
log_error("suspect value in %s "
"option - discarded",
- lease->server_name);
+ "server-name");
}
}
@@ -4193,7 +4193,7 @@ static int check_domain_name(const char *ptr, size_t len, int dots)
const char *p;
/* not empty or complete length not over 255 characters */
- if ((len == 0) || (len > 256))
+ if ((len == 0) || (len >= 256))
return(-1);
/* consists of [[:alnum:]-]+ labels separated by [.] */
diff --git a/common/options.c b/common/options.c
index 80fd8db..6b95f3b 100644
--- a/common/options.c
+++ b/common/options.c
@@ -3916,7 +3916,7 @@ pretty_escape(char **dst, char *dend, const unsigned char **src,
}
} else if (**src == '"' || **src == '\'' || **src == '$' ||
**src == '`' || **src == '\\' || **src == '|' ||
- **src == '&') {
+ **src == '&' || **src == ';') {
if (*dst + 2 > dend)
return -1;
--
1.7.3.4

67
dhcp-4.2.1-dhclient-send-hostname-rml.diff → dhcp-4.2.2-dhclient-send-hostname-rml.diff
View File

@ -1,34 +1,34 @@
diff --git a/client/dhclient.8 b/client/dhclient.8 diff --git a/client/dhclient.8 b/client/dhclient.8
index 7a3c154..e284210 100644 index 6306b08..1394c38 100644
--- a/client/dhclient.8 --- a/client/dhclient.8
+++ b/client/dhclient.8 +++ b/client/dhclient.8
@@ -64,6 +64,10 @@ dhclient - Dynamic Host Configuration Protocol Client @@ -60,6 +60,10 @@ dhclient - Dynamic Host Configuration Protocol Client
.I port .I LL|LLT
] ]
[ [
+.B -H +.B -H
+.I hostname +.I hostname
+] +]
+[ +[
.B -d .B -p
.I port
] ]
[ @@ -299,6 +303,10 @@ PID file. When shutdown via this method
@@ -305,6 +309,10 @@ If a different port is specified on which the client should listen and .B dhclient-script(8)
transmit, the client will also use a different destination port - will be executed with the specific reason for calling the script set.
one less than the specified port.
.TP .TP
+.BI \-H \ hostname +.BI \-H \ hostname
+This flag may be used to specify a client hostname that should be sent to +This flag may be used to specify a client hostname that should be sent to
+the DHCP server. Note, that this option is a SUSE/Novell extension. +the DHCP server. Note, that this option is a SUSE/Novell extension.
+.TP +.TP
.BI \-s \ server .BI \-p \ port
Specify the server IP address or fully qualified domain name to use as The UDP port number on which the DHCP client should listen and transmit.
a destination for DHCP protocol messages before If unspecified,
diff --git a/client/dhclient.c b/client/dhclient.c diff --git a/client/dhclient.c b/client/dhclient.c
index dc19e8b..bd02cc9 100644 index 9b53f07..9fd7ccc 100644
--- a/client/dhclient.c --- a/client/dhclient.c
+++ b/client/dhclient.c +++ b/client/dhclient.c
@@ -110,6 +110,7 @@ main(int argc, char **argv) { @@ -119,6 +119,7 @@ main(int argc, char **argv) {
int no_dhclient_db = 0; int no_dhclient_db = 0;
int no_dhclient_pid = 0; int no_dhclient_pid = 0;
int no_dhclient_script = 0; int no_dhclient_script = 0;
@ -36,24 +36,30 @@ index dc19e8b..bd02cc9 100644
#ifdef DHCPv6 #ifdef DHCPv6
int local_family_set = 0; int local_family_set = 0;
#endif /* DHCPv6 */ #endif /* DHCPv6 */
@@ -220,6 +221,16 @@ main(int argc, char **argv) { @@ -231,6 +232,22 @@ main(int argc, char **argv) {
if (++i == argc) if (++i == argc)
usage(); usage();
mockup_relay = argv[i]; mockup_relay = argv[i];
+ } else if (!strcmp (argv[i], "-H")) { + } else if (!strcmp (argv[i], "-H")) {
+ size_t len;
+ if (++i == argc || !argv[i] || *(argv[i]) == '\0') + if (++i == argc || !argv[i] || *(argv[i]) == '\0')
+ usage (); + usage ();
+ if (strlen (argv[i]) > HOST_NAME_MAX) { + len = strlen (argv[i]);
+ if (len > HOST_NAME_MAX) {
+ log_error("-H option host-name string \"%s\" is too long:" + log_error("-H option host-name string \"%s\" is too long:"
+ "maximum length is %d characters", + "maximum length is %d characters",
+ argv[i], HOST_NAME_MAX); + argv[i], HOST_NAME_MAX);
+ exit(1); + exit(1);
+ } else if(check_domain_name(argv[i], len, 0) != 0) {
+ log_error("suspect host-name in -H \"%s\"",
+ argv[i]);
+ exit(1);
+ } + }
+ dhclient_hostname = argv [i]; + dhclient_hostname = argv [i];
} else if (!strcmp(argv[i], "-nw")) { } else if (!strcmp(argv[i], "-nw")) {
nowait = 1; nowait = 1;
} else if (!strcmp(argv[i], "-n")) { } else if (!strcmp(argv[i], "-n")) {
@@ -468,6 +479,32 @@ main(int argc, char **argv) { @@ -484,6 +501,35 @@ main(int argc, char **argv) {
/* Parse the dhclient.conf file. */ /* Parse the dhclient.conf file. */
read_client_conf(); read_client_conf();
@ -63,10 +69,12 @@ index dc19e8b..bd02cc9 100644
+ char buf[HOST_NAME_MAX + 40]; + char buf[HOST_NAME_MAX + 40];
+ int len; + int len;
+ +
+ snprintf (buf, sizeof(buf), "send host-name \"%s\";", dhclient_hostname); + snprintf (buf, sizeof(buf), "send host-name \"%s\";",
+ dhclient_hostname);
+ len = strlen(buf); + len = strlen(buf);
+ +
+ status = new_parse (&cfile, -1, buf, len, "host-name option", 0); + status = new_parse (&cfile, -1, buf, len,
+ "host-name option", 0);
+ if (status != ISC_R_SUCCESS) + if (status != ISC_R_SUCCESS)
+ log_fatal ("Cannot parse send host-name statement!"); + log_fatal ("Cannot parse send host-name statement!");
+ +
@ -78,7 +86,8 @@ index dc19e8b..bd02cc9 100644
+ if (token == END_OF_FILE) + if (token == END_OF_FILE)
+ break; + break;
+ +
+ parse_client_statement (cfile, NULL, &top_level_config); + parse_client_statement (cfile, NULL,
+ &top_level_config);
+ } + }
+ end_parse (&cfile); + end_parse (&cfile);
+ } + }
@ -86,19 +95,15 @@ index dc19e8b..bd02cc9 100644
/* Parse the lease database. */ /* Parse the lease database. */
read_client_leases(); read_client_leases();
@@ -676,12 +713,12 @@ static void usage() @@ -708,9 +754,9 @@ static void usage()
log_error("Usage: dhclient %s %s", log_fatal("Usage: dhclient "
#ifdef DHCPv6 #ifdef DHCPv6
- "[-4|-6] [-SNTP1dvrx] [-nw] [-p <port>] [-D LL|LLT]", - "[-4|-6] [-SNTP1dvrx] [-nw] [-p <port>] [-D LL|LLT]\n"
+ "[-4|-6] [-SNTP1dvrx] [-nw] [-H <hostname>] [-p <port>] [-D LL|LLT]", + "[-4|-6] [-SNTP1dvrx] [-nw] [-H <hostname>] [-p <port>] [-D LL|LLT]\n"
#else /* DHCPv6 */ #else /* DHCPv6 */
- "[-1dvrx] [-nw] [-p <port>]", - "[-1dvrx] [-nw] [-p <port>]\n"
+ "[-1dvrx] [-nw] [-H <hostname>] [-p <port>]", + "[-1dvrx] [-nw] [-H <hostname>] [-p <port>]\n"
#endif /* DHCPv6 */ #endif /* DHCPv6 */
"[-s server]"); " [-s server-addr] [-cf config-file] "
- log_error(" [-cf config-file] [-lf lease-file]%s", "[-lf lease-file]\n"
+ log_error(" [-cf config-file] [-lf lease-file] %s",
"[-pf pid-file] [-e VAR=val]");
log_fatal(" [-sf script-file] [interface]");
}

3
dhcp-4.2.2-ldap-patch-mt01.diff.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:b113289cbcaf5d9f76892b48a6c8a452f7f2180aab1a06a8acacc49d0fa137a9
size 11732

20
dhcp-4.1.1-man-includes.diff → dhcp-4.2.2-man-includes.diff
View File

@ -1,26 +1,28 @@
diff --git a/dhcpctl/dhcpctl.3 b/dhcpctl/dhcpctl.3 diff --git a/dhcpctl/dhcpctl.3 b/dhcpctl/dhcpctl.3
index 2e1cb8a..ee44755 100644 index 9aa1851..7497612 100644
--- a/dhcpctl/dhcpctl.3 --- a/dhcpctl/dhcpctl.3
+++ b/dhcpctl/dhcpctl.3 +++ b/dhcpctl/dhcpctl.3
@@ -425,7 +425,7 @@ that most error checking has been ommitted for brevity. @@ -430,8 +430,8 @@ that most error checking has been ommitted for brevity.
#include <stdio.h>
#include <netinet/in.h> #include <netinet/in.h>
#include <arpa/inet.h>
-#include <isc/result.h> -#include "omapip/result.h"
+#include <isc-dhcp/result.h> -#include "dhcpctl.h"
#include <dhcpctl/dhcpctl.h> +#include <omapip/result.h>
+#include <dhcpctl/dhcpctl.h>
int main (int argc, char **argv) { int main (int argc, char **argv) {
dhcpctl_data_string ipaddrstring = NULL;
diff --git a/omapip/omapi.3 b/omapip/omapi.3 diff --git a/omapip/omapi.3 b/omapip/omapi.3
index 4673549..8e2503f 100644 index 4868d7c..23389b0 100644
--- a/omapip/omapi.3 --- a/omapip/omapi.3
+++ b/omapip/omapi.3 +++ b/omapip/omapi.3
@@ -87,7 +87,7 @@ the lease ends. @@ -88,7 +88,7 @@ the lease ends.
#include <stdio.h> #include <stdio.h>
#include <netinet/in.h> #include <netinet/in.h>
- #include <isc/result.h> - #include <isc/result.h>
+ #include <isc-dhcp/result.h> + #include <omapip/result.h>
#include <dhcpctl/dhcpctl.h> #include <dhcpctl/dhcpctl.h>
int main (int argc, char **argv) { int main (int argc, char **argv) {

17
dhcp-4.2.2-quiet-dhclient.bnc711420.diff Normal file
View File

@ -0,0 +1,17 @@
diff --git a/client/dhclient.c b/client/dhclient.c
index a1cab01..ff5ede5 100644
--- a/client/dhclient.c
+++ b/client/dhclient.c
@@ -444,6 +444,9 @@ main(int argc, char **argv) {
} else {
log_perror = 0;
quiet_interface_discovery = 1;
+#if !defined(DEBUG)
+ setlogmask(LOG_UPTO(LOG_NOTICE));
+#endif
}
/* If we're given a relay agent address to insert, for testing
--
1.7.3.4

108
dhcp-4.2.0-xen-checksum.patch → dhcp-4.2.2-xen-checksum.diff
View File

@ -1,7 +1,8 @@
diff -up dhcp-4.2.0/common/bpf.c.xen dhcp-4.2.0/common/bpf.c diff --git a/common/bpf.c b/common/bpf.c
--- dhcp-4.2.0/common/bpf.c.xen 2009-11-20 02:48:59.000000000 +0100 index b0ef657..8bd5727 100644
+++ dhcp-4.2.0/common/bpf.c 2010-07-21 13:51:24.000000000 +0200 --- a/common/bpf.c
@@ -485,7 +485,7 @@ ssize_t receive_packet (interface, buf, +++ b/common/bpf.c
@@ -485,7 +485,7 @@ ssize_t receive_packet (interface, buf, len, from, hfrom)
offset = decode_udp_ip_header (interface, offset = decode_udp_ip_header (interface,
interface -> rbuf, interface -> rbuf,
interface -> rbuf_offset, interface -> rbuf_offset,
@ -10,10 +11,11 @@ diff -up dhcp-4.2.0/common/bpf.c.xen dhcp-4.2.0/common/bpf.c
/* If the IP or UDP checksum was bad, skip the packet... */ /* If the IP or UDP checksum was bad, skip the packet... */
if (offset < 0) { if (offset < 0) {
diff -up dhcp-4.2.0/common/dlpi.c.xen dhcp-4.2.0/common/dlpi.c diff --git a/common/dlpi.c b/common/dlpi.c
--- dhcp-4.2.0/common/dlpi.c.xen 2009-11-20 02:49:00.000000000 +0100 index 8f2c73d..b9eb1d3 100644
+++ dhcp-4.2.0/common/dlpi.c 2010-07-21 13:51:24.000000000 +0200 --- a/common/dlpi.c
@@ -694,7 +694,7 @@ ssize_t receive_packet (interface, buf, +++ b/common/dlpi.c
@@ -693,7 +693,7 @@ ssize_t receive_packet (interface, buf, len, from, hfrom)
length -= offset; length -= offset;
#endif #endif
offset = decode_udp_ip_header (interface, dbuf, bufix, offset = decode_udp_ip_header (interface, dbuf, bufix,
@ -22,10 +24,11 @@ diff -up dhcp-4.2.0/common/dlpi.c.xen dhcp-4.2.0/common/dlpi.c
/* /*
* If the IP or UDP checksum was bad, skip the packet... * If the IP or UDP checksum was bad, skip the packet...
diff -up dhcp-4.2.0/common/lpf.c.xen dhcp-4.2.0/common/lpf.c diff --git a/common/lpf.c b/common/lpf.c
--- dhcp-4.2.0/common/lpf.c.xen 2009-07-23 20:52:19.000000000 +0200 index 16eecc9..4bdb0f1 100644
+++ dhcp-4.2.0/common/lpf.c 2010-07-21 13:51:24.000000000 +0200 --- a/common/lpf.c
@@ -29,18 +29,33 @@ +++ b/common/lpf.c
@@ -29,19 +29,33 @@
#include "dhcpd.h" #include "dhcpd.h"
#if defined (USE_LPF_SEND) || defined (USE_LPF_RECEIVE) #if defined (USE_LPF_SEND) || defined (USE_LPF_RECEIVE)
#include <sys/ioctl.h> #include <sys/ioctl.h>
@ -38,6 +41,7 @@ diff -up dhcp-4.2.0/common/lpf.c.xen dhcp-4.2.0/common/lpf.c
#include <linux/if_ether.h> #include <linux/if_ether.h>
+#include <linux/if_packet.h> +#include <linux/if_packet.h>
#include <netinet/in_systm.h> #include <netinet/in_systm.h>
-#include <net/if_packet.h>
#include "includes/netinet/ip.h" #include "includes/netinet/ip.h"
#include "includes/netinet/udp.h" #include "includes/netinet/udp.h"
#include "includes/netinet/if_ether.h" #include "includes/netinet/if_ether.h"
@ -59,7 +63,7 @@ diff -up dhcp-4.2.0/common/lpf.c.xen dhcp-4.2.0/common/lpf.c
/* Reinitializes the specified interface after an address change. This /* Reinitializes the specified interface after an address change. This
is not required for packet-filter APIs. */ is not required for packet-filter APIs. */
@@ -66,10 +81,14 @@ int if_register_lpf (info) @@ -67,10 +81,14 @@ int if_register_lpf (info)
struct interface_info *info; struct interface_info *info;
{ {
int sock; int sock;
@ -76,7 +80,7 @@ diff -up dhcp-4.2.0/common/lpf.c.xen dhcp-4.2.0/common/lpf.c
htons((short)ETH_P_ALL))) < 0) { htons((short)ETH_P_ALL))) < 0) {
if (errno == ENOPROTOOPT || errno == EPROTONOSUPPORT || if (errno == ENOPROTOOPT || errno == EPROTONOSUPPORT ||
errno == ESOCKTNOSUPPORT || errno == EPFNOSUPPORT || errno == ESOCKTNOSUPPORT || errno == EPFNOSUPPORT ||
@@ -84,11 +103,16 @@ int if_register_lpf (info) @@ -85,11 +103,16 @@ int if_register_lpf (info)
log_fatal ("Open a socket for LPF: %m"); log_fatal ("Open a socket for LPF: %m");
} }
@ -96,7 +100,7 @@ diff -up dhcp-4.2.0/common/lpf.c.xen dhcp-4.2.0/common/lpf.c
if (errno == ENOPROTOOPT || errno == EPROTONOSUPPORT || if (errno == ENOPROTOOPT || errno == EPROTONOSUPPORT ||
errno == ESOCKTNOSUPPORT || errno == EPFNOSUPPORT || errno == ESOCKTNOSUPPORT || errno == EPFNOSUPPORT ||
errno == EAFNOSUPPORT || errno == EINVAL) { errno == EAFNOSUPPORT || errno == EINVAL) {
@@ -170,9 +194,18 @@ static void lpf_gen_filter_setup (struct @@ -171,9 +194,18 @@ static void lpf_gen_filter_setup (struct interface_info *);
void if_register_receive (info) void if_register_receive (info)
struct interface_info *info; struct interface_info *info;
{ {
@ -115,32 +119,34 @@ diff -up dhcp-4.2.0/common/lpf.c.xen dhcp-4.2.0/common/lpf.c
#if defined (HAVE_TR_SUPPORT) #if defined (HAVE_TR_SUPPORT)
if (info -> hw_address.hbuf [0] == HTYPE_IEEE802) if (info -> hw_address.hbuf [0] == HTYPE_IEEE802)
lpf_tr_filter_setup (info); lpf_tr_filter_setup (info);
@@ -294,7 +327,6 @@ ssize_t send_packet (interface, packet, @@ -295,7 +327,6 @@ ssize_t send_packet (interface, packet, raw, len, from, to, hto)
double hh [16]; double hh [16];
double ih [1536 / sizeof (double)]; double ih [1536 / sizeof (double)];
unsigned char *buf = (unsigned char *)ih; unsigned char *buf = (unsigned char *)ih;
- struct sockaddr sa; - struct sockaddr_pkt sa;
int result; int result;
int fudge; int fudge;
@@ -315,15 +347,7 @@ ssize_t send_packet (interface, packet, @@ -316,17 +347,7 @@ ssize_t send_packet (interface, packet, raw, len, from, to, hto)
(unsigned char *)raw, len); (unsigned char *)raw, len);
memcpy (buf + ibufp, raw, len); memcpy (buf + ibufp, raw, len);
- /* For some reason, SOCK_PACKET sockets can't be connected, - /* For some reason, SOCK_PACKET sockets can't be connected,
- so we have to do a sentdo every time. */ - so we have to do a sentdo every time. */
- memset (&sa, 0, sizeof sa); - memset (&sa, 0, sizeof sa);
- sa.sa_family = AF_PACKET; - sa.spkt_family = AF_PACKET;
- strncpy (sa.sa_data, - strncpy ((char *)sa.spkt_device,
- (const char *)interface -> ifp, sizeof sa.sa_data); - (const char *)interface -> ifp, sizeof sa.spkt_device);
- sa.spkt_protocol = htons(ETH_P_IP);
- -
- result = sendto (interface -> wfdesc, - result = sendto (interface -> wfdesc,
- buf + fudge, ibufp + len - fudge, 0, &sa, sizeof sa); - buf + fudge, ibufp + len - fudge, 0,
- (const struct sockaddr *)&sa, sizeof sa);
+ result = write (interface -> wfdesc, buf + fudge, ibufp + len - fudge); + result = write (interface -> wfdesc, buf + fudge, ibufp + len - fudge);
if (result < 0) if (result < 0)
log_error ("send_packet: %m"); log_error ("send_packet: %m");
return result; return result;
@@ -340,14 +364,35 @@ ssize_t receive_packet (interface, buf, @@ -343,14 +364,35 @@ ssize_t receive_packet (interface, buf, len, from, hfrom)
{ {
int length = 0; int length = 0;
int offset = 0; int offset = 0;
@ -148,6 +154,8 @@ diff -up dhcp-4.2.0/common/lpf.c.xen dhcp-4.2.0/common/lpf.c
unsigned char ibuf [1536]; unsigned char ibuf [1536];
unsigned bufix = 0; unsigned bufix = 0;
unsigned paylen; unsigned paylen;
-
- length = read (interface -> rfdesc, ibuf, sizeof ibuf);
+ unsigned char cmsgbuf[CMSG_LEN(sizeof(struct tpacket_auxdata))]; + unsigned char cmsgbuf[CMSG_LEN(sizeof(struct tpacket_auxdata))];
+ struct iovec iov = { + struct iovec iov = {
+ .iov_base = ibuf, + .iov_base = ibuf,
@ -160,8 +168,7 @@ diff -up dhcp-4.2.0/common/lpf.c.xen dhcp-4.2.0/common/lpf.c
+ .msg_controllen = sizeof(cmsgbuf), + .msg_controllen = sizeof(cmsgbuf),
+ }; + };
+ struct cmsghdr *cmsg; + struct cmsghdr *cmsg;
+
- length = read (interface -> rfdesc, ibuf, sizeof ibuf);
+ length = recvmsg (interface -> rfdesc, &msg, 0); + length = recvmsg (interface -> rfdesc, &msg, 0);
if (length <= 0) if (length <= 0)
return length; return length;
@ -177,7 +184,7 @@ diff -up dhcp-4.2.0/common/lpf.c.xen dhcp-4.2.0/common/lpf.c
bufix = 0; bufix = 0;
/* Decode the physical header... */ /* Decode the physical header... */
offset = decode_hw_header (interface, ibuf, bufix, hfrom); offset = decode_hw_header (interface, ibuf, bufix, hfrom);
@@ -364,7 +409,7 @@ ssize_t receive_packet (interface, buf, @@ -367,7 +409,7 @@ ssize_t receive_packet (interface, buf, len, from, hfrom)
/* Decode the IP and UDP headers... */ /* Decode the IP and UDP headers... */
offset = decode_udp_ip_header (interface, ibuf, bufix, from, offset = decode_udp_ip_header (interface, ibuf, bufix, from,
@ -186,10 +193,11 @@ diff -up dhcp-4.2.0/common/lpf.c.xen dhcp-4.2.0/common/lpf.c
/* If the IP or UDP checksum was bad, skip the packet... */ /* If the IP or UDP checksum was bad, skip the packet... */
if (offset < 0) if (offset < 0)
diff -up dhcp-4.2.0/common/nit.c.xen dhcp-4.2.0/common/nit.c diff --git a/common/nit.c b/common/nit.c
--- dhcp-4.2.0/common/nit.c.xen 2009-11-20 02:49:01.000000000 +0100 index 3822206..0da9c36 100644
+++ dhcp-4.2.0/common/nit.c 2010-07-21 13:51:24.000000000 +0200 --- a/common/nit.c
@@ -369,7 +369,7 @@ ssize_t receive_packet (interface, buf, +++ b/common/nit.c
@@ -369,7 +369,7 @@ ssize_t receive_packet (interface, buf, len, from, hfrom)
/* Decode the IP and UDP headers... */ /* Decode the IP and UDP headers... */
offset = decode_udp_ip_header (interface, ibuf, bufix, offset = decode_udp_ip_header (interface, ibuf, bufix,
@ -198,9 +206,10 @@ diff -up dhcp-4.2.0/common/nit.c.xen dhcp-4.2.0/common/nit.c
/* If the IP or UDP checksum was bad, skip the packet... */ /* If the IP or UDP checksum was bad, skip the packet... */
if (offset < 0) if (offset < 0)
diff -up dhcp-4.2.0/common/packet.c.xen dhcp-4.2.0/common/packet.c diff --git a/common/packet.c b/common/packet.c
--- dhcp-4.2.0/common/packet.c.xen 2009-07-23 20:52:20.000000000 +0200 index 42bca69..fd2d975 100644
+++ dhcp-4.2.0/common/packet.c 2010-07-21 13:51:24.000000000 +0200 --- a/common/packet.c
+++ b/common/packet.c
@@ -211,7 +211,7 @@ ssize_t @@ -211,7 +211,7 @@ ssize_t
decode_udp_ip_header(struct interface_info *interface, decode_udp_ip_header(struct interface_info *interface,
unsigned char *buf, unsigned bufix, unsigned char *buf, unsigned bufix,
@ -210,7 +219,7 @@ diff -up dhcp-4.2.0/common/packet.c.xen dhcp-4.2.0/common/packet.c
{ {
unsigned char *data; unsigned char *data;
struct ip ip; struct ip ip;
@@ -322,7 +322,7 @@ decode_udp_ip_header(struct interface_in @@ -322,7 +322,7 @@ decode_udp_ip_header(struct interface_info *interface,
8, IPPROTO_UDP + ulen)))); 8, IPPROTO_UDP + ulen))));
udp_packets_seen++; udp_packets_seen++;
@ -219,10 +228,11 @@ diff -up dhcp-4.2.0/common/packet.c.xen dhcp-4.2.0/common/packet.c
udp_packets_bad_checksum++; udp_packets_bad_checksum++;
if (udp_packets_seen > 4 && if (udp_packets_seen > 4 &&
(udp_packets_seen / udp_packets_bad_checksum) < 2) { (udp_packets_seen / udp_packets_bad_checksum) < 2) {
diff -up dhcp-4.2.0/common/upf.c.xen dhcp-4.2.0/common/upf.c diff --git a/common/upf.c b/common/upf.c
--- dhcp-4.2.0/common/upf.c.xen 2009-11-20 02:49:01.000000000 +0100 index feb82a2..fff3949 100644
+++ dhcp-4.2.0/common/upf.c 2010-07-21 13:51:24.000000000 +0200 --- a/common/upf.c
@@ -320,7 +320,7 @@ ssize_t receive_packet (interface, buf, +++ b/common/upf.c
@@ -320,7 +320,7 @@ ssize_t receive_packet (interface, buf, len, from, hfrom)
/* Decode the IP and UDP headers... */ /* Decode the IP and UDP headers... */
offset = decode_udp_ip_header (interface, ibuf, bufix, offset = decode_udp_ip_header (interface, ibuf, bufix,
@ -231,15 +241,19 @@ diff -up dhcp-4.2.0/common/upf.c.xen dhcp-4.2.0/common/upf.c
/* If the IP or UDP checksum was bad, skip the packet... */ /* If the IP or UDP checksum was bad, skip the packet... */
if (offset < 0) if (offset < 0)
diff -up dhcp-4.2.0/includes/dhcpd.h.xen dhcp-4.2.0/includes/dhcpd.h diff --git a/includes/dhcpd.h b/includes/dhcpd.h
--- dhcp-4.2.0/includes/dhcpd.h.xen 2010-07-21 13:38:31.000000000 +0200 index adf04cc..ded57a9 100644
+++ dhcp-4.2.0/includes/dhcpd.h 2010-07-21 13:51:24.000000000 +0200 --- a/includes/dhcpd.h
@@ -2773,7 +2773,7 @@ ssize_t decode_hw_header PROTO ((struct +++ b/includes/dhcpd.h
unsigned, struct hardware *)); @@ -2793,7 +2793,7 @@ ssize_t decode_hw_header (struct interface_info *, unsigned char *,
ssize_t decode_udp_ip_header PROTO ((struct interface_info *, unsigned char *, unsigned, struct hardware *);
ssize_t decode_udp_ip_header (struct interface_info *, unsigned char *,
unsigned, struct sockaddr_in *, unsigned, struct sockaddr_in *,
- unsigned, unsigned *)); - unsigned, unsigned *);
+ unsigned, unsigned *, int)); + unsigned, unsigned *, int);
/* ethernet.c */ /* ethernet.c */
void assemble_ethernet_header PROTO ((struct interface_info *, unsigned char *, void assemble_ethernet_header (struct interface_info *, unsigned char *,
--
1.7.3.4

3
dhcp-4.2.2.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:dfafcabbd4b2f099fd7ae1f9a9f6f2dc472b134ed5b6a391c2f7082dfdc2d8b6
size 8613758

29
dhcp.changes
View File

@ -1,3 +1,32 @@
-------------------------------------------------------------------
Mon Aug 29 15:15:44 UTC 2011 - mt@suse.de
- Updated to ISC dhcp-4.2.2 release, providing two security fixes
(CVE-2011-2748,CVE-2011-2749,[ISC-Bugs #24960],bnc#712653), that
allowed remote attackers to cause a denial of service (a daemon
exit) via crafted BOOTP packets. Further also DNS update fix to
detect overlapping pools or misconfigured fixed-address entries,
that caused a server crash during DNS update and other fixes.
For a complete list, please see the RELNOTES file provided in
the package and also available online at http://www.isc.org/.
- Merged/adopted dhclient option-checks, send-hostname-rml, ldap
patch, xen-checksum, close-on-exec patches and removed obsolete
in6_pktinfo-prototype and relay-no-ip-on-interface patches.
- Moved server pid files into chroot directory even chroot is
not used and create a link in /var/run, so it can write one
when started as user without chroot and avoid stop problems
when the chroot sysconfig setting changed (bnc#712438).
- Disabled log-info level messages in dhclient(6) quiet mode to
avoid excessive logging of non-critical messages (bnc#711420).
- Fixed dhclient-script to not remove alias IP when it didn't
changed to not wipe out iptables connmark when renewing the
lease (bnc#700771). Thanks to James Carter for the patch.
- Fixed DDNS-howto.txt reference in the config file; it has been
moved to the dhcp-doc package (bnc#697279).
- Removed GPL licensed files (bind-*/contrib/dbus) from bind.tgz
to ensure, they're not used to build non-GPL dhcp (bnc#714004).
- Changed to apply strict-aliasing/RELRO for >= 12.x only
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Jul 20 18:53:07 UTC 2011 - crrodriguez@opensuse.org Wed Jul 20 18:53:07 UTC 2011 - crrodriguez@opensuse.org

42
dhcp.spec
View File

@ -17,7 +17,7 @@
# norootforbuild # norootforbuild
%define isc_version 4.2.1-P1 %define isc_version 4.2.2
%define susefw2dir %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services %define susefw2dir %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services
%define omc_prefix /usr/share/omc %define omc_prefix /usr/share/omc
%define omc_svcdir %{omc_prefix}/svcinfo.d %define omc_svcdir %{omc_prefix}/svcinfo.d
@ -39,8 +39,8 @@ BuildRequires: dos2unix
License: BSD3c(or similar) License: BSD3c(or similar)
Group: Productivity/Networking/Boot/Servers Group: Productivity/Networking/Boot/Servers
AutoReqProv: on AutoReqProv: on
Version: 4.2.1.P1 Version: 4.2.2
Release: 5 Release: 0
Summary: Common Files Used by ISC DHCP Software Summary: Common Files Used by ISC DHCP Software
Url: http://www.isc.org/software/dhcp Url: http://www.isc.org/software/dhcp
Source0: dhcp-%{isc_version}.tar.bz2 Source0: dhcp-%{isc_version}.tar.bz2
@ -75,19 +75,18 @@ Patch10: dhcp-4.1.1-default-paths.diff
# paranoia patch is included now, but not the # paranoia patch is included now, but not the
# additional patch by thomas@suse.de not ... # additional patch by thomas@suse.de not ...
Patch11: dhcp-4.1.1-paranoia.diff Patch11: dhcp-4.1.1-paranoia.diff
Patch12: dhcp-4.1.1-man-includes.diff Patch12: dhcp-4.2.2-man-includes.diff
Patch13: dhcp-4.1.1-tmpfile.diff Patch13: dhcp-4.1.1-tmpfile.diff
Patch14: dhcp-4.1.1-in6_pktinfo-prototype.diff
Patch15: contrib-lease-path.diff Patch15: contrib-lease-path.diff
Patch20: dhcp-4.1.1-dhclient-exec-filedes.diff Patch20: dhcp-4.1.1-dhclient-exec-filedes.diff
Patch21: dhcp-4.2.1-dhclient-send-hostname-rml.diff Patch21: dhcp-4.2.2-dhclient-send-hostname-rml.diff
## patch lives here: http://www.suse.de/~mt/git/dhcp-ldap.git/ ## patch repo lives here: http://www.suse.de/~mt/git/dhcp-ldap.git/
Patch30: dhcp-4.2.1-P1-ldap-patch-mt01.diff.bz2 Patch30: dhcp-4.2.2-ldap-patch-mt01.diff.bz2
Patch40: dhcp-4.1.1-P1-lpf-bind-msg-fix.diff Patch40: dhcp-4.1.1-P1-lpf-bind-msg-fix.diff
Patch41: dhcp-4.1.1-P1-relay-no-ip-on-interface.diff Patch44: dhcp-4.2.2-xen-checksum.diff
Patch44: dhcp-4.2.0-xen-checksum.patch Patch45: dhcp-4.2.2-dhclient-option-checks.bnc675052.diff
Patch45: dhcp-4.2.1-P1-dhclient-option-checks.bnc675052.diff Patch46: dhcp-4.2.2-close-on-exec.diff
Patch46: dhcp-4.2.0-CLOEXEC.patch Patch47: dhcp-4.2.2-quiet-dhclient.bnc711420.diff
## ##
PreReq: /bin/touch /sbin/chkconfig sysconfig PreReq: /bin/touch /sbin/chkconfig sysconfig
BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRoot: %{_tmppath}/%{name}-%{version}-build
@ -217,7 +216,6 @@ Authors:
%patch11 -p1 %patch11 -p1
%patch12 -p1 %patch12 -p1
%patch13 -p1 %patch13 -p1
%patch14 -p1
%patch15 -p0 %patch15 -p0
%patch20 -p1 %patch20 -p1
%patch21 -p1 %patch21 -p1
@ -225,16 +223,26 @@ Authors:
%patch30 -p1 %patch30 -p1
%endif %endif
%patch40 -p1 %patch40 -p1
%patch41 -p1
%patch44 -p1 %patch44 -p1
%patch45 -p1 %patch45 -p1
%patch46 %patch46 -p1
%patch47 -p1
## ##
find . -type f -name \*.cat\* -exec rm -f {} \; find . -type f -name \*.cat\* -exec rm -f {} \;
dos2unix contrib/ms2isc/* dos2unix contrib/ms2isc/*
%build %build
# Remove GPL licensed files to make sure,
# they're not used to build (bnc#714004).
pushd bind
gunzip -c bind.tar.gz | tar xf -
rm -rf bind-*/contrib/dbus
popd
%if %suse_version >= 1210
CFLAGS="$RPM_OPT_FLAGS -D_GNU_SOURCE -W -Wall -Wno-unused" CFLAGS="$RPM_OPT_FLAGS -D_GNU_SOURCE -W -Wall -Wno-unused"
%else
CFLAGS="$RPM_OPT_FLAGS -D_GNU_SOURCE -W -Wall -fno-strict-aliasing -Wno-unused"
%endif
%ifarch ppc ppc64 s390x %ifarch ppc ppc64 s390x
# bugs 134590, 171532 # bugs 134590, 171532
CFLAGS="$CFLAGS -fsigned-char" CFLAGS="$CFLAGS -fsigned-char"
@ -244,7 +252,11 @@ CFLAGS="$RPM_OPT_FLAGS -D_GNU_SOURCE -W -Wall -Wno-unused"
%else %else
CFLAGS="$CFLAGS -fpie" CFLAGS="$CFLAGS -fpie"
%endif %endif
%if %suse_version >= 1210
LDFLAGS="-Wl,-z,relro,-z,now -pie" LDFLAGS="-Wl,-z,relro,-z,now -pie"
%else
LDFLAGS="-pie"
%endif
FFLAGS="$CFLAGS" FFLAGS="$CFLAGS"
CXXFLAGS="$CFLAGS" CXXFLAGS="$CFLAGS"
export RPM_OPT_FLAGS LDFLAGS export RPM_OPT_FLAGS LDFLAGS

2
dhcpd.conf
View File

@ -13,7 +13,7 @@ max-lease-time 7200;
# if you do not use dynamical DNS updates: # if you do not use dynamical DNS updates:
# #
# if you want to use dynamical DNS updates, you should first read # if you want to use dynamical DNS updates, you should first read
# read /usr/share/doc/packages/dhcp-server/DDNS-howto.txt # the manuals and DDNS-howto.txt provided in the dhcp-doc package.
# #
ddns-updates off; ddns-updates off;

65
rc.dhcpd
View File

@ -59,6 +59,11 @@ DAEMON_BIN=${DHCPD_BINARY:=/usr/sbin/dhcpd}
DAEMON_CONF=/etc/dhcpd.conf DAEMON_CONF=/etc/dhcpd.conf
DAEMON_STATE=/var/lib/dhcp DAEMON_STATE=/var/lib/dhcp
DAEMON_LEASES=dhcpd.leases DAEMON_LEASES=dhcpd.leases
# note: $DAEMON_PIDFILE is a symlink to the
# $DAEMON_STATE$DAEMON_PIDFILE (also
# while DHCPD_RUN_CHROOTED=no) now,
# as DHCPD_RUN_AS is not allowed to
# create pid files in /var/run.
DAEMON_PIDFILE=/var/run/dhcpd.pid DAEMON_PIDFILE=/var/run/dhcpd.pid
STARTPROC_LOGFILE=/var/log/rc.dhcpd.log STARTPROC_LOGFILE=/var/log/rc.dhcpd.log
LDAP_CONF=/etc/openldap/ldap.conf LDAP_CONF=/etc/openldap/ldap.conf
@ -128,7 +133,7 @@ fi
# remove empty pid files to avoid disturbing warnings by checkproc/killproc # remove empty pid files to avoid disturbing warnings by checkproc/killproc
# (these can occur if dhcpd does not start correctly) # (these can occur if dhcpd does not start correctly)
test -e $DAEMON_PIDFILE && ! test -s $DAEMON_PIDFILE && rm $DAEMON_PIDFILE test -e $DAEMON_PIDFILE && ! test -s $DAEMON_PIDFILE && rm $DAEMON_PIDFILE
test -e $CHROOT_PREFIX/$DAEMON_PIDFILE && ! test -s $CHROOT_PREFIX/$DAEMON_PIDFILE && rm $CHROOT_PREFIX/$DAEMON_PIDFILE test -e $DAEMON_STATE/$DAEMON_PIDFILE && ! test -s $DAEMON_STATE/$DAEMON_PIDFILE && rm $DAEMON_STATE/$DAEMON_PIDFILE
case "$1" in case "$1" in
start) start)
@ -240,33 +245,33 @@ case "$1" in
## the chroot jail. Therefore, and old pid file may exist. This is only a problem if it ## the chroot jail. Therefore, and old pid file may exist. This is only a problem if it
## incidentally contains the pid of a running process. If this process is not a 'dhcpd', ## incidentally contains the pid of a running process. If this process is not a 'dhcpd',
## we remove the pid. (dhcpd itself only checks whether the pid is alive or not.) ## we remove the pid. (dhcpd itself only checks whether the pid is alive or not.)
if test -e $CHROOT_PREFIX/$DAEMON_PIDFILE -a -s $CHROOT_PREFIX/$DAEMON_PIDFILE; then if test -s $DAEMON_STATE/$DAEMON_PIDFILE; then
p=$(<$CHROOT_PREFIX/$DAEMON_PIDFILE) p=$(<$DAEMON_STATE/$DAEMON_PIDFILE)
if test -n "$p" && grep -qsE "^${DAEMON_BIN}" "/proc/$p/cmdline" ; then if test -n "$p" && grep -qsE "^${DAEMON_BIN}" "/proc/$p/cmdline" ; then
echo -n '(already running) ' echo -n '(already running) '
else else
rm $CHROOT_PREFIX/$DAEMON_PIDFILE rm -f $DAEMON_STATE/$DAEMON_PIDFILE
fi fi
fi fi
PID_FILE_ARG="$DAEMON_PIDFILE"
else else
DHCPD_ARGS="-lf ${DAEMON_STATE}/db/$DAEMON_LEASES" DHCPD_ARGS="-lf ${DAEMON_STATE}/db/$DAEMON_LEASES"
PID_FILE_ARG="$DAEMON_STATE$DAEMON_PIDFILE"
fi fi
if [ -n "$DHCPD_RUN_AS" ]; then if [ -n "$DHCPD_RUN_AS" ]; then
DHCPD_RUN_AS_GROUP="$(getent group $(getent passwd $DHCPD_RUN_AS | cut -d: -f4) | cut -d: -f1)" DHCPD_RUN_AS_GROUP="$(getent group $(getent passwd $DHCPD_RUN_AS | cut -d: -f4) | cut -d: -f1)"
DHCPD_ARGS="$DHCPD_ARGS -user $DHCPD_RUN_AS -group $DHCPD_RUN_AS_GROUP" DHCPD_ARGS="$DHCPD_ARGS -user $DHCPD_RUN_AS -group $DHCPD_RUN_AS_GROUP"
if test "$DHCPD_RUN_CHROOTED" = "yes" ; then
chown "${DHCPD_RUN_AS}:${DHCPD_RUN_AS_GROUP}" \ chown "${DHCPD_RUN_AS}:${DHCPD_RUN_AS_GROUP}" \
"$CHROOT_PREFIX/${DAEMON_PIDFILE%/*}" "$DAEMON_STATE/${DAEMON_PIDFILE%/*}"
fi
fi fi
## check syntax with -t (output to log file) and start only when the syntax is okay ## check syntax with -t (output to log file) and start only when the syntax is okay
rm -f $STARTPROC_LOGFILE # start log rm -f $STARTPROC_LOGFILE # start log
error=0 error=0
if ! $DAEMON_BIN $DHCPDv_OPT -t -cf $CHROOT_PREFIX/$DAEMON_CONF -pf $DAEMON_PIDFILE > $STARTPROC_LOGFILE 2>&1 ; then if ! $DAEMON_BIN $DHCPDv_OPT -t -cf $CHROOT_PREFIX/$DAEMON_CONF -pf $PID_FILE_ARG > $STARTPROC_LOGFILE 2>&1 ; then
error=1 error=1
else else
## Start daemon. If this fails the return value is set appropriate. ## Start daemon. If this fails the return value is set appropriate.
@ -274,19 +279,20 @@ case "$1" in
## to match the LSB spec. ## to match the LSB spec.
test "$2" = "-v" && echo -en \ test "$2" = "-v" && echo -en \
"\nexecuting '$DAEMON_BIN $DHCPDv_OPT -cf $DAEMON_CONF -pf $DAEMON_PIDFILE $DHCPD_ARGS $DHCPD_OTHER_ARGS $DHCPD_INTERFACE'" "\nexecuting '$DAEMON_BIN $DHCPDv_OPT -cf $DAEMON_CONF -pf $PID_FILE_ARG $DHCPD_ARGS $DHCPD_OTHER_ARGS $DHCPD_INTERFACE'"
$DAEMON_BIN $DHCPDv_OPT -cf $DAEMON_CONF -pf $DAEMON_PIDFILE $DHCPD_ARGS $DHCPD_OTHER_ARGS $DHCPD_INTERFACE &> $STARTPROC_LOGFILE $DAEMON_BIN $DHCPDv_OPT -cf $DAEMON_CONF -pf $PID_FILE_ARG $DHCPD_ARGS $DHCPD_OTHER_ARGS $DHCPD_INTERFACE &> $STARTPROC_LOGFILE
ret=$? ret=$?
fi fi
if [ $error -gt 0 -o ${ret:-0} -gt 0 ]; then if [ $error -gt 0 -o ${ret:-0} -gt 0 ]; then
## be verbose ## be verbose
echo "" echo ""
echo -n " please see $STARTPROC_LOGFILE for details "; echo -n " please see $STARTPROC_LOGFILE for details "
## set status to failed ## set status to failed
rc_failed rc_failed
else else
ln -sf "$DAEMON_STATE$DAEMON_PIDFILE" "$DAEMON_PIDFILE"
[ "$DHCPD_RUN_CHROOTED" = "yes" ] && echo -n "[chroot]" || : [ "$DHCPD_RUN_CHROOTED" = "yes" ] && echo -n "[chroot]" || :
fi fi
@ -296,14 +302,29 @@ case "$1" in
stop) stop)
echo -n "Shutting down $DAEMON " echo -n "Shutting down $DAEMON "
# Catch the case where daemon is running without chroot,
# but sysconfig/dhcp has been changed to use chroot (and
# another way around).
# In this case is there is no $chroot/$pidfile, but there
# should be a /pidfile that we use instead.
# We can not kill without pid file or dhcp4 kills dhcp6.
PID_FILE="$DAEMON_STATE$DAEMON_PIDFILE"
if test "$DHCPD_RUN_CHROOTED" = "yes" ; then
if test ! -s "$DAEMON_STATE$DAEMON_PIDFILE" -a \
-s "$DAEMON_PIDFILE" ; then
PID_FILE="$DAEMON_PIDFILE"
fi
else
if test ! -s "$DAEMON_PIDFILE" -a \
-s "$DAEMON_STATE$DAEMON_PIDFILE" ; then
PID_FILE="$DAEMON_STATE$DAEMON_PIDFILE"
fi
fi
## Stop daemon with killproc(8) and if this fails ## Stop daemon with killproc(8) and if this fails
## set echo the echo return value. ## set echo the echo return value.
killproc -p "$PID_FILE" $DAEMON_BIN
killproc -p $CHROOT_PREFIX/$DAEMON_PIDFILE $DAEMON_BIN
ret=$? ret=$?
if test -s $CHROOT_PREFIX/$DAEMON_PIDFILE; then
kill $(<$CHROOT_PREFIX/$DAEMON_PIDFILE) 2>/dev/null
fi
# umount proc and remove libraries from the chroot jail, # umount proc and remove libraries from the chroot jail,
# so they are not left over if the server is deinstalled # so they are not left over if the server is deinstalled
@ -347,8 +368,8 @@ case "$1" in
echo -n "Reload service $DAEMON" echo -n "Reload service $DAEMON"
if [ "$SUPPORTS_HUP" = "yes" ]; then if [ "$SUPPORTS_HUP" = "yes" ]; then
killproc -p $CHROOT_PREFIX/$DAEMON_PIDFILE -HUP $DAEMON_BIN killproc -p $DAEMON_STATE/$DAEMON_PIDFILE -HUP $DAEMON_BIN
#touch $CHROOT_PREFIX/$DAEMON_PIDFILE #touch $DAEMON_STATE/$DAEMON_PIDFILE
rc_status -v rc_status -v
else else
$0 stop && sleep 3 && $0 start $0 stop && sleep 3 && $0 start
@ -362,8 +383,8 @@ case "$1" in
echo -n "Reload service $DAEMON" echo -n "Reload service $DAEMON"
if [ "$SUPPORTS_HUP" = "yes" ]; then if [ "$SUPPORTS_HUP" = "yes" ]; then
# If it supports signalling: # If it supports signalling:
killproc -p $CHROOT_PREFIX/$DAEMON_PIDFILE -HUP $DAEMON_BIN killproc -p $DAEMON_STATE/$DAEMON_PIDFILE -HUP $DAEMON_BIN
#touch $CHROOT_PREFIX/$DAEMON_PIDFILE #touch $DAEMON_STATE/$DAEMON_PIDFILE
rc_status -v rc_status -v
else else
## Otherwise if it does not support reload: ## Otherwise if it does not support reload:
@ -383,7 +404,7 @@ case "$1" in
# 3 - service not running # 3 - service not running
# NOTE: checkproc returns LSB compliant status values. # NOTE: checkproc returns LSB compliant status values.
checkproc -p $CHROOT_PREFIX/$DAEMON_PIDFILE $DAEMON_BIN checkproc -p $DAEMON_STATE/$DAEMON_PIDFILE $DAEMON_BIN
rc_status -v rc_status -v
;; ;;
probe) probe)
@ -392,7 +413,7 @@ case "$1" in
rc=0 rc=0
for i in /etc/sysconfig/dhcpd $DAEMON_CONF $DHCPD_CONF_INCLUDE_FILES; do for i in /etc/sysconfig/dhcpd $DAEMON_CONF $DHCPD_CONF_INCLUDE_FILES; do
test $i -nt $CHROOT_PREFIX/$DAEMON_PIDFILE && rc=1 test $i -nt $DAEMON_STATE/$DAEMON_PIDFILE && rc=1
done done
test $rc = 1 && echo restart test $rc = 1 && echo restart
;; ;;

63
rc.dhcpd6
View File

@ -63,6 +63,11 @@ DAEMON_BIN=${DHCPD_BINARY:=/usr/sbin/dhcpd6}
DAEMON_CONF=/etc/dhcpd6.conf DAEMON_CONF=/etc/dhcpd6.conf
DAEMON_STATE=/var/lib/dhcp6 DAEMON_STATE=/var/lib/dhcp6
DAEMON_LEASES=dhcpd6.leases DAEMON_LEASES=dhcpd6.leases
# note: $DAEMON_PIDFILE is a symlink to the
# $DAEMON_STATE$DAEMON_PIDFILE (also
# while DHCPD_RUN_CHROOTED=no) now,
# as DHCPD_RUN_AS is not allowed to
# create pid files in /var/run.
DAEMON_PIDFILE=/var/run/dhcpd6.pid DAEMON_PIDFILE=/var/run/dhcpd6.pid
STARTPROC_LOGFILE=/var/log/rc.dhcpd6.log STARTPROC_LOGFILE=/var/log/rc.dhcpd6.log
LDAP_CONF= LDAP_CONF=
@ -132,7 +137,7 @@ fi
# remove empty pid files to avoid disturbing warnings by checkproc/killproc # remove empty pid files to avoid disturbing warnings by checkproc/killproc
# (these can occur if dhcpd does not start correctly) # (these can occur if dhcpd does not start correctly)
test -e $DAEMON_PIDFILE && ! test -s $DAEMON_PIDFILE && rm $DAEMON_PIDFILE test -e $DAEMON_PIDFILE && ! test -s $DAEMON_PIDFILE && rm $DAEMON_PIDFILE
test -e $CHROOT_PREFIX/$DAEMON_PIDFILE && ! test -s $CHROOT_PREFIX/$DAEMON_PIDFILE && rm $CHROOT_PREFIX/$DAEMON_PIDFILE test -e $DAEMON_STATE/$DAEMON_PIDFILE && ! test -s $DAEMON_STATE/$DAEMON_PIDFILE && rm $DAEMON_STATE/$DAEMON_PIDFILE
case "$1" in case "$1" in
start) start)
@ -244,33 +249,33 @@ case "$1" in
## the chroot jail. Therefore, and old pid file may exist. This is only a problem if it ## the chroot jail. Therefore, and old pid file may exist. This is only a problem if it
## incidentally contains the pid of a running process. If this process is not a 'dhcpd', ## incidentally contains the pid of a running process. If this process is not a 'dhcpd',
## we remove the pid. (dhcpd itself only checks whether the pid is alive or not.) ## we remove the pid. (dhcpd itself only checks whether the pid is alive or not.)
if test -e $CHROOT_PREFIX/$DAEMON_PIDFILE -a -s $CHROOT_PREFIX/$DAEMON_PIDFILE; then if test -s $DAEMON_STATE/$DAEMON_PIDFILE; then
p=$(<$CHROOT_PREFIX/$DAEMON_PIDFILE) p=$(<$DAEMON_STATE/$DAEMON_PIDFILE)
if test -n "$p" && grep -qsE "^${DAEMON_BIN}" "/proc/$p/cmdline" ; then if test -n "$p" && grep -qsE "^${DAEMON_BIN}" "/proc/$p/cmdline" ; then
echo -n '(already running) ' echo -n '(already running) '
else else
rm $CHROOT_PREFIX/$DAEMON_PIDFILE rm -f $DAEMON_STATE/$DAEMON_PIDFILE
fi fi
fi fi
PID_FILE_ARG="$DAEMON_PIDFILE"
else else
DHCPD_ARGS="-lf ${DAEMON_STATE}/db/$DAEMON_LEASES" DHCPD_ARGS="-lf ${DAEMON_STATE}/db/$DAEMON_LEASES"
PID_FILE_ARG="$DAEMON_STATE$DAEMON_PIDFILE"
fi fi
if [ -n "$DHCPD_RUN_AS" ]; then if [ -n "$DHCPD_RUN_AS" ]; then
DHCPD_RUN_AS_GROUP="$(getent group $(getent passwd $DHCPD_RUN_AS | cut -d: -f4) | cut -d: -f1)" DHCPD_RUN_AS_GROUP="$(getent group $(getent passwd $DHCPD_RUN_AS | cut -d: -f4) | cut -d: -f1)"
DHCPD_ARGS="$DHCPD_ARGS -user $DHCPD_RUN_AS -group $DHCPD_RUN_AS_GROUP" DHCPD_ARGS="$DHCPD_ARGS -user $DHCPD_RUN_AS -group $DHCPD_RUN_AS_GROUP"
if test "$DHCPD_RUN_CHROOTED" = "yes" ; then
chown "${DHCPD_RUN_AS}:${DHCPD_RUN_AS_GROUP}" \ chown "${DHCPD_RUN_AS}:${DHCPD_RUN_AS_GROUP}" \
"$CHROOT_PREFIX/${DAEMON_PIDFILE%/*}" "$DAEMON_STATE/${DAEMON_PIDFILE%/*}"
fi
fi fi
## check syntax with -t (output to log file) and start only when the syntax is okay ## check syntax with -t (output to log file) and start only when the syntax is okay
rm -f $STARTPROC_LOGFILE # start log rm -f $STARTPROC_LOGFILE # start log
error=0 error=0
if ! $DAEMON_BIN $DHCPDv_OPT -t -cf $CHROOT_PREFIX/$DAEMON_CONF -pf $DAEMON_PIDFILE > $STARTPROC_LOGFILE 2>&1 ; then if ! $DAEMON_BIN $DHCPDv_OPT -t -cf $CHROOT_PREFIX/$DAEMON_CONF -pf $PID_FILE_ARG > $STARTPROC_LOGFILE 2>&1 ; then
error=1 error=1
else else
## Start daemon. If this fails the return value is set appropriate. ## Start daemon. If this fails the return value is set appropriate.
@ -278,9 +283,9 @@ case "$1" in
## to match the LSB spec. ## to match the LSB spec.
test "$2" = "-v" && echo -en \ test "$2" = "-v" && echo -en \
"\nexecuting '$DAEMON_BIN $DHCPDv_OPT -cf $DAEMON_CONF -pf $DAEMON_PIDFILE $DHCPD_ARGS $DHCPD_OTHER_ARGS $DHCPD_INTERFACE'" "\nexecuting '$DAEMON_BIN $DHCPDv_OPT -cf $DAEMON_CONF -pf $PID_FILE_ARG $DHCPD_ARGS $DHCPD_OTHER_ARGS $DHCPD_INTERFACE'"
$DAEMON_BIN $DHCPDv_OPT -cf $DAEMON_CONF -pf $DAEMON_PIDFILE $DHCPD_ARGS $DHCPD_OTHER_ARGS $DHCPD_INTERFACE &> $STARTPROC_LOGFILE $DAEMON_BIN $DHCPDv_OPT -cf $DAEMON_CONF -pf $PID_FILE_ARG $DHCPD_ARGS $DHCPD_OTHER_ARGS $DHCPD_INTERFACE &> $STARTPROC_LOGFILE
ret=$? ret=$?
fi fi
@ -291,6 +296,7 @@ case "$1" in
## set status to failed ## set status to failed
rc_failed rc_failed
else else
ln -sf "$DAEMON_STATE$DAEMON_PIDFILE" "$DAEMON_PIDFILE"
[ "$DHCPD_RUN_CHROOTED" = "yes" ] && echo -n "[chroot]" || : [ "$DHCPD_RUN_CHROOTED" = "yes" ] && echo -n "[chroot]" || :
fi fi
@ -300,14 +306,29 @@ case "$1" in
stop) stop)
echo -n "Shutting down $DAEMON " echo -n "Shutting down $DAEMON "
# Catch the case where daemon is running without chroot,
# but sysconfig/dhcp has been changed to use chroot (and
# another way around).
# In this case is there is no $chroot/$pidfile, but there
# should be a /pidfile that we use instead.
# We can not kill without pid file or dhcp4 kills dhcp6.
PID_FILE="$DAEMON_STATE$DAEMON_PIDFILE"
if test "$DHCPD_RUN_CHROOTED" = "yes" ; then
if test ! -s "$DAEMON_STATE$DAEMON_PIDFILE" -a \
-s "$DAEMON_PIDFILE" ; then
PID_FILE="$DAEMON_PIDFILE"
fi
else
if test ! -s "$DAEMON_PIDFILE" -a \
-s "$DAEMON_STATE$DAEMON_PIDFILE" ; then
PID_FILE="$DAEMON_STATE$DAEMON_PIDFILE"
fi
fi
## Stop daemon with killproc(8) and if this fails ## Stop daemon with killproc(8) and if this fails
## set echo the echo return value. ## set echo the echo return value.
killproc -p "$PID_FILE" $DAEMON_BIN
killproc -p $CHROOT_PREFIX/$DAEMON_PIDFILE $DAEMON_BIN
ret=$? ret=$?
if test -s $CHROOT_PREFIX/$DAEMON_PIDFILE; then
kill $(<$CHROOT_PREFIX/$DAEMON_PIDFILE) 2>/dev/null
fi
# umount proc and remove libraries from the chroot jail, # umount proc and remove libraries from the chroot jail,
# so they are not left over if the server is deinstalled # so they are not left over if the server is deinstalled
@ -351,8 +372,8 @@ case "$1" in
echo -n "Reload service $DAEMON" echo -n "Reload service $DAEMON"
if [ "$SUPPORTS_HUP" = "yes" ]; then if [ "$SUPPORTS_HUP" = "yes" ]; then
killproc -p $CHROOT_PREFIX/$DAEMON_PIDFILE -HUP $DAEMON_BIN killproc -p $DAEMON_STATE/$DAEMON_PIDFILE -HUP $DAEMON_BIN
#touch $CHROOT_PREFIX/$DAEMON_PIDFILE #touch $DAEMON_STATE/$DAEMON_PIDFILE
rc_status -v rc_status -v
else else
$0 stop && sleep 3 && $0 start $0 stop && sleep 3 && $0 start
@ -366,8 +387,8 @@ case "$1" in
echo -n "Reload service $DAEMON" echo -n "Reload service $DAEMON"
if [ "$SUPPORTS_HUP" = "yes" ]; then if [ "$SUPPORTS_HUP" = "yes" ]; then
# If it supports signalling: # If it supports signalling:
killproc -p $CHROOT_PREFIX/$DAEMON_PIDFILE -HUP $DAEMON_BIN killproc -p $DAEMON_STATE/$DAEMON_PIDFILE -HUP $DAEMON_BIN
#touch $CHROOT_PREFIX/$DAEMON_PIDFILE #touch $DAEMON_STATE/$DAEMON_PIDFILE
rc_status -v rc_status -v
else else
## Otherwise if it does not support reload: ## Otherwise if it does not support reload:
@ -387,7 +408,7 @@ case "$1" in
# 3 - service not running # 3 - service not running
# NOTE: checkproc returns LSB compliant status values. # NOTE: checkproc returns LSB compliant status values.
checkproc -p $CHROOT_PREFIX/$DAEMON_PIDFILE $DAEMON_BIN checkproc -p $DAEMON_STATE/$DAEMON_PIDFILE $DAEMON_BIN
rc_status -v rc_status -v
;; ;;
probe) probe)
@ -396,7 +417,7 @@ case "$1" in
rc=0 rc=0
for i in /etc/sysconfig/dhcpd $DAEMON_CONF $DHCPD_CONF_INCLUDE_FILES; do for i in /etc/sysconfig/dhcpd $DAEMON_CONF $DHCPD_CONF_INCLUDE_FILES; do
test $i -nt $CHROOT_PREFIX/$DAEMON_PIDFILE && rc=1 test $i -nt $DAEMON_STATE/$DAEMON_PIDFILE && rc=1
done done
test $rc = 1 && echo restart test $rc = 1 && echo restart
;; ;;