rpm/dhcp
SHA256
1
0
Fork 0
forked from pool/dhcp
Code Pull Requests Activity

OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/dhcp?expand=0&rev=24

Browse Source
This commit is contained in:
OBS User unknown 2009-08-06 19:34:50 +00:00 committed by Git OBS Bridge
parent 3b9128737e
commit f52eac7d22
18 changed files with 136 additions and 1877 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
dhcp-3.0.5-ldap-patch_3.1.1.bz2
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:09a632cd8f9ff436047cfa548eb2935409b246932075de8c084c4a9ba1080dd9
size 38097

15
dhcp-3.0.5-ldap-patch_host_brace.dif
View File

@ -1,15 +0,0 @@
--- server/ldap.c
+++ server/ldap.c 2007/04/26 11:44:01
@@ -165,10 +165,11 @@
x_strncat (cfile->inbuf, "host ", LDAP_BUFFER_SIZE);
x_strncat (cfile->inbuf, tempstr[0], LDAP_BUFFER_SIZE);
+ x_strncat (cfile->inbuf, " {\n", LDAP_BUFFER_SIZE);
if (hwaddr != NULL && hwaddr[0] != NULL)
{
- x_strncat (cfile->inbuf, " {\nhardware ", LDAP_BUFFER_SIZE);
+ x_strncat (cfile->inbuf, "hardware ", LDAP_BUFFER_SIZE);
x_strncat (cfile->inbuf, hwaddr[0], LDAP_BUFFER_SIZE);
x_strncat (cfile->inbuf, ";\n", LDAP_BUFFER_SIZE);
ldap_value_free (hwaddr);

110
dhcp-3.0.5-ldap-patch_object-order.dif
View File

@ -1,110 +0,0 @@
--- server/ldap.c
+++ server/ldap.c 2007/03/13 14:58:28
@@ -974,8 +974,8 @@ next_ldap_entry (struct parse *cfile)
}
while (ldap_stack != NULL &&
- (ldap_stack->ldent == NULL ||
- (ldap_stack->ldent = ldap_next_entry (ld, ldap_stack->ldent)) == NULL))
+ (ldap_stack->ldent == NULL || ( ldap_stack->processed &&
+ (ldap_stack->ldent = ldap_next_entry (ld, ldap_stack->ldent)) == NULL)))
{
if (ldap_stack->close_brace)
{
@@ -1110,9 +1110,9 @@ ldap_generate_config_string (struct pars
{
char **objectClass, *dn;
struct ldap_config_stack *entry;
- LDAPMessage * ent, * res;
+ LDAPMessage *ent, *res, *entfirst, *resfirst;
int i, j, ignore, found;
- int ret;
+ int ret, parsedn = 1;
if (ld == NULL)
ldap_start ();
@@ -1124,6 +1124,7 @@ ldap_generate_config_string (struct pars
"objectClass")) == NULL)
return;
+ entry->processed = 1;
ignore = 0;
found = 1;
for (i=0; objectClass[i] != NULL; i++)
@@ -1184,18 +1185,32 @@ ldap_generate_config_string (struct pars
LDAP_BUFFER_SIZE-1, NULL);
dn = ldap_get_dn (ld, entry->ldent);
-
+ if (dn == NULL)
+ {
+ ldap_stop();
+ return;
+ }
#if defined(DEBUG_LDAP)
- if (dn != NULL)
- log_info ("Found LDAP entry '%s'", dn);
+ else
+ {
+ log_info ("Found LDAP entry '%s'", dn);
+ }
#endif
- if (dn == NULL ||
- (ret = ldap_search_s (ld, dn, LDAP_SCOPE_ONELEVEL, "objectClass=*",
+ if ((ret = ldap_search_s (ld, dn, LDAP_SCOPE_ONELEVEL, "(!(|(|(objectClass=dhcpTSigKey)(objectClass=dhcpClass)) (objectClass=dhcpFailOverPeer)))",
NULL, 0, &res)) != LDAP_SUCCESS)
{
- if (dn)
- ldap_memfree (dn);
+ ldap_memfree (dn);
+
+ ldap_stop();
+ return;
+ }
+
+ if ((ret = ldap_search_s (ld, dn, LDAP_SCOPE_ONELEVEL, "(|(|(objectClass=dhcpTSigKey)(objectClass=dhcpClass)) (objectClass=dhcpFailOverPeer))",
+ NULL, 0, &resfirst)) != LDAP_SUCCESS)
+ {
+ ldap_memfree (dn);
+ ldap_msgfree (res);
ldap_stop();
return;
@@ -1203,17 +1218,32 @@ ldap_generate_config_string (struct pars
ldap_memfree (dn);
- if ((ent = ldap_first_entry (ld, res)) != NULL)
+ ent = ldap_first_entry(ld, res);
+ entfirst = ldap_first_entry(ld, resfirst);
+
+ if (ent == NULL && entfirst == NULL)
+ {
+ parse_external_dns (entry->ldent);
+ next_ldap_entry (cfile);
+ }
+
+ if (ent != NULL)
{
add_to_config_stack (res, ent);
parse_external_dns (entry->ldent);
+ parsedn = 0;
}
else
+ ldap_msgfree (res);
+
+ if (entfirst != NULL)
{
- ldap_msgfree (res);
- parse_external_dns (entry->ldent);
- next_ldap_entry (cfile);
+ add_to_config_stack (resfirst, entfirst);
+ if(parsedn)
+ parse_external_dns (entry->ldent);
}
+ else
+ ldap_msgfree (resfirst);
}

22
dhcp-3.0.5-ldap-patch_server_dn.dif
View File

@ -1,22 +0,0 @@
--- server/ldap.c
+++ server/ldap.c 2007/04/26 11:42:39
@@ -1477,8 +1477,8 @@
for (cnt=0; tempstr[cnt] != NULL; cnt++)
{
snprintf(sfilter, sizeof(sfilter), "(&(objectClass=dhcpService)"
- "(|(dhcpPrimaryDN=%s)(dhcpSecondaryDN=%s)))",
- hostdn, hostdn);
+ "(|(|(dhcpPrimaryDN=%s)(dhcpSecondaryDN=%s))(dhcpServerDN=%s)))",
+ hostdn, hostdn, hostdn);
ldres = NULL;
if ((ret = ldap_search_s (ld, tempstr[cnt], LDAP_SCOPE_BASE,
sfilter, NULL, 0, &ldres)) != LDAP_SUCCESS)
@@ -1493,7 +1493,7 @@
if ((ent = ldap_first_entry (ld, ldres)) == NULL)
{
- log_error ("Error: Cannot find dhcpService DN '%s' with primary or secondary server reference. Please update the LDAP server entry '%s'",
+ log_error ("Error: Cannot find dhcpService DN '%s' with server reference. Please update the LDAP server entry '%s'",
tempstr[cnt], hostdn);
ldap_msgfree(ldres);

19
dhcp-3.0.6-ldap-patch_external-dn.diff
View File

@ -1,19 +0,0 @@
--- server/ldap.c
+++ server/ldap.c 2008-05-10 07:49:20.000000000 +0530
@@ -893,7 +893,15 @@
{
char *search[] = {"dhcpOptionsDN", "dhcpSharedNetworkDN", "dhcpSubnetDN",
"dhcpGroupDN", "dhcpHostDN", "dhcpClassesDN",
- "dhcpPoolDN", NULL};
+ "dhcpPoolDN", "dhcpZoneDN", "dhcpFailOverPeerDN", NULL};
+
+ /* FIXME: dhcpKeyDN can't be added. It is referenced in dhcpDnsZone to
+ retrive the key name (cn). Adding keyDN will reflect adding a key declaration
+ inside the zone configuration.
+
+ dhcpSubClassesDN cant be added. It is also similar to the above.
+ Needs schema change.
+ */
LDAPMessage * newres, * newent;
struct ldap_config_stack *ns;
char **tempstr;

60
dhcp-3.0.6-ldap-patch_hwaddr-icase.dif
View File

@ -1,60 +0,0 @@
--- server/ldap.c
+++ server/ldap.c 2007/12/04 10:16:56
@@ -39,6 +39,7 @@
#include "dhcpd.h"
#include <signal.h>
+#include <ctype.h>
#if defined(LDAP_CONFIGURATION)
@@ -87,6 +88,24 @@
return strncat(dst, src, dst_size > len ? dst_size - len - 1: 0);
}
+static char *
+x_strxform(char *dst, const char *src, size_t dst_size,
+ int (*xform)(int))
+{
+ if(dst && src && dst_size)
+ {
+ size_t len, pos;
+
+ len = strlen(src);
+ for(pos=0; pos < len && pos + 1 < dst_size; pos++)
+ dst[pos] = xform((int)src[pos]);
+ dst[pos] = '\0';
+
+ return dst;
+ }
+ return NULL;
+}
+
static void
ldap_parse_class (struct ldap_config_stack *item, struct parse *cfile)
{
@@ -1707,6 +1726,8 @@
struct host_decl * host;
isc_result_t status;
ldap_dn_node *curr;
+ char up_hwaddr[20];
+ char lo_hwaddr[20];
int ret;
if (ldap_method == LDAP_METHOD_STATIC)
@@ -1737,9 +1758,13 @@
** FIXME: It is not guaranteed, that the dhcpHWAddress attribute
** contains _exactly_ "type addr" with one space between!
*/
+ snprintf(lo_hwaddr, sizeof(lo_hwaddr), "%s",
+ print_hw_addr (htype, hlen, haddr));
+ x_strxform(up_hwaddr, lo_hwaddr, sizeof(up_hwaddr), toupper);
+
snprintf (buf, sizeof (buf),
- "(&(objectClass=dhcpHost)(dhcpHWAddress=%s %s))",
- type_str, print_hw_addr (htype, hlen, haddr));
+ "(&(objectClass=dhcpHost)(|(dhcpHWAddress=%s %s)(dhcpHWAddress=%s %s)))",
+ type_str, lo_hwaddr, type_str, up_hwaddr);
res = ent = NULL;
for (curr = ldap_service_dn_head;

11
dhcp-3.1.1-CVE-2009-1892.bnc519413.dif Normal file
View File

@ -0,0 +1,11 @@
--- server/dhcp.c
+++ server/dhcp.c 2009/07/09 16:05:43
@@ -1747,6 +1747,8 @@ void ack_lease (packet, lease, offer, wh
host_reference (&host, h, MDL);
}
if (!host) {
+ if (hp)
+ host_dereference (&hp, MDL);
find_hosts_by_haddr (&hp,
packet -> raw -> htype,
packet -> raw -> chaddr,

10
dhcp-3.1.1-dhclient-no-dereference-twice.dif
View File

@ -1,10 +0,0 @@
--- client/dhclient.c
+++ client/dhclient.c 2008/09/12 11:37:53
@@ -2156,7 +2156,6 @@
(struct option_state *)0, options,
&global_scope, 0, 0, 0, (struct data_string *)0,
client -> config -> vendor_space_name);
- option_state_dereference (&options, MDL);
if (client -> packet_length < BOOTP_MIN_LEN)
client -> packet_length = BOOTP_MIN_LEN;
option_state_dereference (&options, MDL);

381
dhcp-3.1.1-ldap-patch_failover-obj.dif
View File

@ -1,381 +0,0 @@
--- server/ldap.c
+++ server/ldap.c 2009/01/15 15:42:21
@@ -106,6 +106,106 @@ x_strxform(char *dst, const char *src, s
return NULL;
}
+static int
+get_host_entry(char *fqdnname, size_t fqdnname_size,
+ char *hostaddr, size_t hostaddr_size)
+{
+#if defined(MAXHOSTNAMELEN)
+ char hname[MAXHOSTNAMELEN+1];
+#else
+ char hname[65];
+#endif
+ struct hostent *hp;
+
+ if (NULL == fqdnname || 1 >= fqdnname_size)
+ return -1;
+
+ memset(hname, 0, sizeof(hname));
+ if (gethostname(hname, sizeof(hname)-1))
+ return -1;
+
+ if (NULL == (hp = gethostbyname(hname)))
+ return -1;
+
+ strncpy(fqdnname, hp->h_name, fqdnname_size-1);
+ fqdnname[fqdnname_size-1] = '\0';
+
+ if (hostaddr != NULL)
+ {
+ if (hp->h_addr != NULL)
+ {
+ struct in_addr *aptr = (struct in_addr *)hp->h_addr;
+#if defined(HAVE_INET_NTOP)
+ if (hostaddr_size >= INET_ADDRSTRLEN &&
+ inet_ntop(AF_INET, aptr, hostaddr, hostaddr_size) != NULL)
+ {
+ return 0;
+ }
+#else
+ char *astr = inet_ntoa(*aptr);
+ size_t alen = strlen(astr);
+ if (astr && alen > 0 && hostaddr_size > alen)
+ {
+ strncpy(hostaddr, astr, hostaddr_size-1);
+ hostaddr[hostaddr_size-1] = '\0';
+ return 0;
+ }
+#endif
+ }
+ return -1;
+ }
+ return 0;
+}
+
+static int
+get_host_address(const char *hostname, char *hostaddr, size_t hostaddr_size)
+{
+ if (hostname && *hostname && hostaddr && hostaddr_size)
+ {
+ struct in_addr addr;
+
+#if defined(HAVE_INET_PTON)
+ if (inet_pton(AF_INET, hostname, &addr) == 0)
+#else
+ if (inet_aton(hostname, &addr) == 0)
+#endif
+ {
+ /* it is already IP address string */
+ if(strlen(hostname) < hostaddr_size)
+ {
+ strncpy(hostaddr, hostname, hostaddr_size-1);
+ hostaddr[hostaddr_size-1] = '\0';
+ return 0;
+ }
+ }
+ else
+ {
+ struct hostent *hp;
+ if ((hp = gethostbyname(hostname)) != NULL && hp->h_addr != NULL)
+ {
+ struct in_addr *aptr = (struct in_addr *)hp->h_addr;
+#if defined(HAVE_INET_NTOP)
+ if (hostaddr_size >= INET_ADDRSTRLEN &&
+ inet_ntop(AF_INET, aptr, hostaddr, hostaddr_size) != NULL)
+ {
+ return 0;
+ }
+#else
+ char *astr = inet_ntoa(*aptr);
+ size_t alen = strlen(astr);
+ if (astr && alen > 0 && alen < hostaddr_size)
+ {
+ strncpy(hostaddr, astr, hostaddr_size-1);
+ hostaddr[hostaddr_size-1] = '\0';
+ return 0;
+ }
+#endif
+ }
+ }
+ }
+ return -1;
+}
+
static void
ldap_parse_class (struct ldap_config_stack *item, struct parse *cfile)
{
@@ -447,6 +547,220 @@ add_to_config_stack (LDAPMessage * res,
ldap_stack = ns;
}
+static void
+ldap_parse_failover (struct ldap_config_stack *item, struct parse *cfile)
+{
+ char **tempstr;
+ char nodename[257]="\0", fqdnname[257]="\0", fqdnaddr[64]="\0";
+ char srvaddr[2][64] = {"\0", "\0"};
+ int primary, split = 0;
+ struct utsname unme;
+
+ if(uname(&unme) == 0)
+ {
+ snprintf(nodename, sizeof(nodename), "%s", unme.nodename);
+ }
+ if (get_host_entry (fqdnname, sizeof(fqdnname), fqdnaddr, sizeof(fqdnaddr)))
+ {
+ log_info("Could not get fqdn and the IP address of the host");
+ return;
+ }
+
+ /*
+ ** when dhcpFailOverPrimaryServer or dhcpFailOverSecondaryServer
+ ** matches our IP address, the following valiables are set:
+ ** - primary is 1 when we are primary or 0 when we are secondary
+ ** - srvaddr[0] contains ip address of the primary
+ ** - srvaddr[1] contains ip address of the secondary
+ */
+ primary = -1;
+ if ((tempstr = ldap_get_values (ld, item->ldent, "dhcpFailOverPrimaryServer")) != NULL)
+ {
+ if (strcasecmp (tempstr[0], fqdnaddr) == 0 ||
+ strcasecmp (tempstr[0], fqdnname) == 0 ||
+ strcasecmp (tempstr[0], nodename) == 0)
+ {
+ /* we are the primary */
+ primary = 1;
+ /* write primary address */
+ strncpy(srvaddr[0], fqdnaddr, sizeof(srvaddr[0])-1);
+ srvaddr[0][sizeof(srvaddr[0])-1] = '\0';
+ }
+ else
+ {
+ /* no match => don't set primary flag */
+ /* write primary address */
+ if (get_host_address (tempstr[0], srvaddr[0], sizeof(srvaddr[0])) != 0)
+ {
+ log_info("Can't resolve address of the primary failover server %s",
+ tempstr[0]);
+ ldap_value_free (tempstr);
+ return;
+ }
+ }
+ ldap_value_free (tempstr);
+ }
+
+ if ((tempstr = ldap_get_values (ld, item->ldent, "dhcpFailOverSecondaryServer")) != NULL)
+ {
+ if (strcasecmp (tempstr[0], fqdnaddr) == 0 ||
+ strcasecmp (tempstr[0], fqdnname) == 0 ||
+ strcasecmp (tempstr[0], nodename) == 0)
+ {
+ if (primary == 1)
+ {
+ log_info("Both, primary and secondary failover server"
+ " attribute matches our hostname/address");
+ ldap_value_free (tempstr);
+ return;
+ }
+ /* we are the secondary */
+ primary = 0;
+ /* write secondary address */
+ strncpy(srvaddr[1], fqdnaddr, sizeof(srvaddr[1])-1);
+ srvaddr[1][sizeof(srvaddr[1])-1] = '\0';
+ }
+ else
+ {
+ /* no match => don't set primary flag */
+ /* write secondary address */
+ if (get_host_address (tempstr[0], srvaddr[1], sizeof(srvaddr[1])) != 0)
+ {
+ log_info("Can't resolve address of the secondary failover server %s",
+ tempstr[0]);
+ ldap_value_free (tempstr);
+ return;
+ }
+ }
+ ldap_value_free (tempstr);
+ }
+
+ if (primary == -1 || srvaddr[0] == '\0' || srvaddr[1] == '\0')
+ {
+ log_error("Could not decide if the server type is primary"
+ " or secondary for failover peering.");
+ return;
+ }
+
+ if ((tempstr = ldap_get_values (ld, item->ldent, "cn")) != NULL)
+ {
+ x_strncat (cfile->inbuf, "failover peer \"", LDAP_BUFFER_SIZE);
+ x_strncat (cfile->inbuf, tempstr[0], LDAP_BUFFER_SIZE);
+ x_strncat (cfile->inbuf, "\" {\n", LDAP_BUFFER_SIZE);
+ ldap_value_free (tempstr);
+ }
+ else
+ {
+ // ldap with disabled schema checks? fail to avoid syntax error.
+ log_error("Unable to find mandatory failover peering name attribute");
+ return;
+ }
+
+ if (primary)
+ x_strncat (cfile->inbuf, "primary;\n", LDAP_BUFFER_SIZE);
+ else
+ x_strncat (cfile->inbuf, "secondary;\n", LDAP_BUFFER_SIZE);
+
+ x_strncat (cfile->inbuf, "address ", LDAP_BUFFER_SIZE);
+ if (primary)
+ x_strncat (cfile->inbuf, srvaddr[0], LDAP_BUFFER_SIZE);
+ else
+ x_strncat (cfile->inbuf, srvaddr[1], LDAP_BUFFER_SIZE);
+ x_strncat (cfile->inbuf, ";\n", LDAP_BUFFER_SIZE);
+
+ x_strncat (cfile->inbuf, "peer address ", LDAP_BUFFER_SIZE);
+ if (primary)
+ x_strncat (cfile->inbuf, srvaddr[1], LDAP_BUFFER_SIZE);
+ else
+ x_strncat (cfile->inbuf, srvaddr[0], LDAP_BUFFER_SIZE);
+ x_strncat (cfile->inbuf, ";\n", LDAP_BUFFER_SIZE);
+
+ if ((tempstr = ldap_get_values (ld, item->ldent, "dhcpFailOverPrimaryPort")) != NULL)
+ {
+ if (primary)
+ x_strncat (cfile->inbuf, "port ", LDAP_BUFFER_SIZE);
+ else
+ x_strncat (cfile->inbuf, "peer port ", LDAP_BUFFER_SIZE);
+ x_strncat (cfile->inbuf, tempstr[0], LDAP_BUFFER_SIZE);
+ x_strncat (cfile->inbuf, ";\n", LDAP_BUFFER_SIZE);
+ ldap_value_free (tempstr);
+ }
+ if ((tempstr = ldap_get_values (ld, item->ldent, "dhcpFailOverSecondaryPort")) != NULL)
+ {
+ if (primary)
+ x_strncat (cfile->inbuf, "peer port ", LDAP_BUFFER_SIZE);
+ else
+ x_strncat (cfile->inbuf, "port ", LDAP_BUFFER_SIZE);
+ x_strncat (cfile->inbuf, tempstr[0], LDAP_BUFFER_SIZE);
+ x_strncat (cfile->inbuf, ";\n", LDAP_BUFFER_SIZE);
+ ldap_value_free (tempstr);
+ }
+
+ if ((tempstr = ldap_get_values (ld, item->ldent, "dhcpFailOverResponseDelay")) != NULL)
+ {
+ x_strncat (cfile->inbuf, "max-response-delay ", LDAP_BUFFER_SIZE);
+ x_strncat (cfile->inbuf, tempstr[0], LDAP_BUFFER_SIZE);
+ x_strncat (cfile->inbuf, ";\n", LDAP_BUFFER_SIZE);
+ ldap_value_free (tempstr);
+ }
+
+ if ((tempstr = ldap_get_values (ld, item->ldent, "dhcpFailOverUnackedUpdates")) != NULL)
+ {
+ x_strncat (cfile->inbuf, "max-unacked-updates ", LDAP_BUFFER_SIZE);
+ x_strncat (cfile->inbuf, tempstr[0], LDAP_BUFFER_SIZE);
+ x_strncat (cfile->inbuf, ";\n", LDAP_BUFFER_SIZE);
+ ldap_value_free (tempstr);
+ }
+
+ if ((tempstr = ldap_get_values (ld, item->ldent, "dhcpFailOverLoadBalanceTime")) != NULL)
+ {
+ x_strncat (cfile->inbuf, "load balance max seconds ", LDAP_BUFFER_SIZE);
+ x_strncat (cfile->inbuf, tempstr[0], LDAP_BUFFER_SIZE);
+ x_strncat (cfile->inbuf, ";\n", LDAP_BUFFER_SIZE);
+ ldap_value_free (tempstr);
+ }
+
+ if (primary &&
+ (tempstr = ldap_get_values (ld, item->ldent, "dhcpMaxClientLeadTime")) != NULL)
+ {
+ x_strncat (cfile->inbuf, "mclt ", LDAP_BUFFER_SIZE);
+ x_strncat (cfile->inbuf, tempstr[0], LDAP_BUFFER_SIZE);
+ x_strncat (cfile->inbuf, ";\n", LDAP_BUFFER_SIZE);
+ ldap_value_free (tempstr);
+ }
+
+ if (primary &&
+ (tempstr = ldap_get_values (ld, item->ldent, "dhcpFailOverSplit")) != NULL)
+ {
+ x_strncat (cfile->inbuf, "split ", LDAP_BUFFER_SIZE);
+ x_strncat (cfile->inbuf, tempstr[0], LDAP_BUFFER_SIZE);
+ x_strncat (cfile->inbuf, ";\n", LDAP_BUFFER_SIZE);
+ split = 1;
+ ldap_value_free (tempstr);
+ }
+
+ if (primary && !split &&
+ (tempstr = ldap_get_values (ld, item->ldent, "dhcpFailOverHashBucketAssignment")) != NULL)
+ {
+ x_strncat (cfile->inbuf, "hba ", LDAP_BUFFER_SIZE);
+ x_strncat (cfile->inbuf, tempstr[0], LDAP_BUFFER_SIZE);
+ x_strncat (cfile->inbuf, ";\n", LDAP_BUFFER_SIZE);
+ ldap_value_free (tempstr);
+ }
+
+ /*
+ ** Are there any other options can come here? If yes then we need to enable
+ ** dhcpStatements in the schema and apply them here as well.
+ **
+ if ((tempstr = ldap_get_values (ld, item->ldent, "dhcpStatements")) != NULL)
+ {
+ ...
+ ldap_value_free (tempstr);
+ }
+ */
+
+ item->close_brace = 1;
+}
static void
ldap_stop()
@@ -1171,6 +1485,8 @@ ldap_generate_config_string (struct pars
ldap_parse_key (entry, cfile);
else if (strcasecmp (objectClass[i], "dhcpDnsZone") == 0)
ldap_parse_zone (entry, cfile);
+ else if (strcasecmp (objectClass[i], "dhcpFailOverPeer") == 0)
+ ldap_parse_failover (entry, cfile);
else if (strcasecmp (objectClass[i], "dhcpHost") == 0)
{
if (ldap_method == LDAP_METHOD_STATIC)
@@ -1356,32 +1672,6 @@ ldap_get_host_name (LDAPMessage * ent)
}
-static int
-getfqhostname(char *fqhost, size_t size)
-{
-#if defined(MAXHOSTNAMELEN)
- char hname[MAXHOSTNAMELEN];
-#else
- char hname[65];
-#endif
- struct hostent *hp;
-
- if(NULL == fqhost || 1 >= size)
- return -1;
-
- memset(hname, 0, sizeof(hname));
- if( gethostname(hname, sizeof(hname)-1))
- return -1;
-
- if(NULL == (hp = gethostbyname(hname)))
- return -1;
-
- strncpy(fqhost, hp->h_name, size-1);
- fqhost[size-1] = '\0';
- return 0;
-}
-
-
isc_result_t
ldap_read_config (void)
{
@@ -1417,7 +1707,7 @@ ldap_read_config (void)
}
else
{
- if(0 == getfqhostname(fqdn, sizeof(fqdn)))
+ if(0 == get_host_entry(fqdn, sizeof(fqdn), NULL, 0))
{
snprintf (hfilter, sizeof (hfilter),
"(&(objectClass=dhcpServer)(|(cn=%s)(cn=%s)))",

12
dhcp-3.1.1-ldap-patch_service-assoc-msg.dif
View File

@ -1,12 +0,0 @@
--- server/ldap.c
+++ server/ldap.c 2009/01/15 15:47:19
@@ -1750,7 +1750,8 @@ ldap_read_config (void)
(tempstr = ldap_get_values (ld, hostent, "dhcpServiceDN")) == NULL ||
tempstr[0] == NULL)
{
- log_error ("Error: Cannot find LDAP entry matching %s", hfilter);
+ log_error ("Error: No dhcp service is associated with the server %s %s", (hostdn ? "dn" : "name"),
+ (hostdn ? hostdn : (ldap_dhcp_server_cn ? ldap_dhcp_server_cn : unme.nodename)));
if (tempstr != NULL)
ldap_value_free (tempstr);

3
dhcp-3.1.1.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:129024c7545e3e8d37e75cd5d534b50c53955592c4935189a57916e216355f6d
size 798228

11
dhcp-3.1.1.tar.gz.asc
View File

@ -1,11 +0,0 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (FreeBSD)
iQEVAwUASCtC6iM0Ek4byR5sAQLL3QgAstoKreDh/9lqQDQ/LhwgsOdzL3aidqu1
YPz23QMqMWTR9lxCeLHJlz3w6JzlgA+2JRDn8CKHO8EMayw99nwtJs+Eu1D1s77D
m3K7T/vz3rfFlk0ObmFD/p18nL5HdEU+jX7wzJS8Um0R9AWClwLfJU6g58OH37MG
RHqrW9pXKa2cehoiQ1fZexuoylLgz/Rrb8PY79xjazWEbJCEbkkp8ZNMX3j6+FkO
CW6HVjFMWIkfnjGWUAbgbO8myzETPuBoVvh7yrpGicjOgQ+FvqukWgww2AgaLo/X
iUAIfjhjqQT2qnHwVvA7v1GEzEkl6pRR86knG492Aj4HTflLGCjV/A==
=Zw8s
-----END PGP SIGNATURE-----

34
dhcp-3.1.1-dhclient-script.dif → dhcp-3.1.2-dhclient-script.dif
View File

@ -1,5 +1,5 @@
--- client/dhclient-script.8 --- client/dhclient-script.8
+++ client/dhclient-script.8 2009/01/19 14:56:42 +++ client/dhclient-script.8 2009/05/04 09:54:05
@@ -45,9 +45,10 @@ @@ -45,9 +45,10 @@
This script is not meant to be customized by the end user. If local This script is not meant to be customized by the end user. If local
customizations are needed, they should be possible using the enter and customizations are needed, they should be possible using the enter and
@ -72,7 +72,7 @@
.B dhclient-script(8) .B dhclient-script(8)
has been written for Internet Systems Consortium has been written for Internet Systems Consortium
--- client/scripts/linux --- client/scripts/linux
+++ client/scripts/linux 2009/01/19 14:56:58 +++ client/scripts/linux 2009/05/04 10:01:50
@@ -22,25 +22,97 @@ @@ -22,25 +22,97 @@
# 4. TIMEOUT not tested. ping has a flag I don't know, and I'm suspicious # 4. TIMEOUT not tested. ping has a flag I don't know, and I'm suspicious
# of the $1 in its args. # of the $1 in its args.
@ -83,7 +83,7 @@
+# logs entire run of dhclient-script to /var/log/dhclient-script, +# logs entire run of dhclient-script to /var/log/dhclient-script,
+# if DHCLIENT_DEBUG is set in sysconfig/network/dhcp +# if DHCLIENT_DEBUG is set in sysconfig/network/dhcp
+# +#
+eval `grep "^DHCLIENT_DEBUG=" /etc/sysconfig/network/dhcp` +eval `grep "^DHCLIENT_DEBUG=" /etc/sysconfig/network/dhcp 2>/dev/null`
+if [ "$DHCLIENT_DEBUG" = yes ]; then +if [ "$DHCLIENT_DEBUG" = yes ]; then
+ set -a # allexport + set -a # allexport
+ ( + (
@ -198,7 +198,7 @@
# Add route to make broadcast work. Do not omit netmask. # Add route to make broadcast work. Do not omit netmask.
route add default dev $interface netmask 0.0.0.0 route add default dev $interface netmask 0.0.0.0
else else
@@ -116,39 +192,59 @@ @@ -116,47 +192,117 @@
if [ x$reason = xBOUND ] || [ x$reason = xRENEW ] || \ if [ x$reason = xBOUND ] || [ x$reason = xRENEW ] || \
[ x$reason = xREBIND ] || [ x$reason = xREBOOT ]; then [ x$reason = xREBIND ] || [ x$reason = xREBOOT ]; then
@ -241,6 +241,9 @@
- route add default gw $router - route add default gw $router
- done - done
+ +
+ if test -f /etc/sysconfig/network/ifcfg-${interface} -o \
+ -f /dev/shm/sysconfig/if-${interface} ;
+ then
+ if grep -qs '^primary=yes' /dev/shm/sysconfig/if-${interface} 2>/dev/null ; + if grep -qs '^primary=yes' /dev/shm/sysconfig/if-${interface} 2>/dev/null ;
+ then + then
+ eval `grep --no-filename '^[[:space:]]*DHCLIENT_SET_DEFAULT_ROUTE=' \ + eval `grep --no-filename '^[[:space:]]*DHCLIENT_SET_DEFAULT_ROUTE=' \
@ -250,6 +253,10 @@
+ eval `grep --no-filename '^[[:space:]]*DHCLIENT_SET_DEFAULT_ROUTE=' \ + eval `grep --no-filename '^[[:space:]]*DHCLIENT_SET_DEFAULT_ROUTE=' \
+ /etc/sysconfig/network/ifcfg-${interface} 2>/dev/null` + /etc/sysconfig/network/ifcfg-${interface} 2>/dev/null`
+ fi + fi
+ else
+ eval `grep --no-filename '^[[:space:]]*DHCLIENT_SET_DEFAULT_ROUTE=' \
+ /etc/sysconfig/network/dhcp 2>/dev/null`
+ fi
+ if [ "$DHCLIENT_SET_DEFAULT_ROUTE" = yes ] ; then + if [ "$DHCLIENT_SET_DEFAULT_ROUTE" = yes ] ; then
+ for router in $new_routers; do + for router in $new_routers; do
+ err=`route add default gw $router 2>&1` && break || \ + err=`route add default gw $router 2>&1` && break || \
@ -272,18 +279,24 @@
+ done + done
+ fi + fi
fi fi
+
if [ x$new_ip_address != x$alias_ip_address ] && [ x$alias_ip_address != x ]; if [ x$new_ip_address != x$alias_ip_address ] && [ x$alias_ip_address != x ];
then then
@@ -156,7 +252,41 @@ ifconfig $interface:0- inet 0
ifconfig $interface:0 inet $alias_ip_address $alias_subnet_arg ifconfig $interface:0 inet $alias_ip_address $alias_subnet_arg
route add -host $alias_ip_address $interface:0 route add -host $alias_ip_address $interface:0
fi fi
- make_resolv_conf - make_resolv_conf
+
+ if use_netconfig ; then + if use_netconfig ; then
+ netconfig_modify + netconfig_modify
+ else + else
+ make_resolv_conf + make_resolv_conf
+ fi + fi
+
+ if test -f /etc/sysconfig/network/ifcfg-${interface} -o \
+ -f /dev/shm/sysconfig/if-${interface} ;
+ then
+ if grep -qs '^primary=yes' /dev/shm/sysconfig/if-${interface} 2>/dev/null ; + if grep -qs '^primary=yes' /dev/shm/sysconfig/if-${interface} 2>/dev/null ;
+ then + then
+ eval `grep --no-filename "^[[:space:]]*DHCLIENT_SET_HOSTNAME=" \ + eval `grep --no-filename "^[[:space:]]*DHCLIENT_SET_HOSTNAME=" \
@ -293,8 +306,11 @@
+ eval `grep --no-filename "^[[:space:]]*DHCLIENT_SET_HOSTNAME=" \ + eval `grep --no-filename "^[[:space:]]*DHCLIENT_SET_HOSTNAME=" \
+ /etc/sysconfig/network/ifcfg-${interface} 2>/dev/null` + /etc/sysconfig/network/ifcfg-${interface} 2>/dev/null`
+ fi + fi
+ else
+ eval `grep --no-filename "^[[:space:]]*DHCLIENT_SET_HOSTNAME=" \
+ /etc/sysconfig/network/dhcp 2>/dev/null`
+ fi
+ if [ "$DHCLIENT_SET_HOSTNAME" = yes ] ; then + if [ "$DHCLIENT_SET_HOSTNAME" = yes ] ; then
+
+ current_hostname=`hostname` + current_hostname=`hostname`
+ if [ "x${current_hostname%%.*}" = x ] || \ + if [ "x${current_hostname%%.*}" = x ] || \
+ [ "x${current_hostname%%.*}" != "x${new_host_name%%.*}" ]; then + [ "x${current_hostname%%.*}" != "x${new_host_name%%.*}" ]; then
@ -312,12 +328,12 @@
+ fi + fi
+ fi + fi
+ fi + fi
+
+ fi + fi
+
exit_with_hooks 0 exit_with_hooks 0
fi fi
@@ -168,7 +298,7 @@ @@ -168,7 +314,7 @@
fi fi
if [ x$old_ip_address != x ]; then if [ x$old_ip_address != x ]; then
# Shut down interface, which will delete routes and clear arp cache. # Shut down interface, which will delete routes and clear arp cache.
@ -326,7 +342,7 @@
fi fi
if [ x$alias_ip_address != x ]; then if [ x$alias_ip_address != x ]; then
ifconfig $interface:0 inet $alias_ip_address $alias_subnet_arg ifconfig $interface:0 inet $alias_ip_address $alias_subnet_arg
@@ -182,27 +312,37 @@ @@ -182,27 +328,37 @@
ifconfig $interface:0- inet 0 ifconfig $interface:0- inet 0
fi fi
ifconfig $interface inet $new_ip_address $new_subnet_arg \ ifconfig $interface inet $new_ip_address $new_subnet_arg \

3
dhcp-3.1.2p1-ldap-patch-mt.11.2-02.diff.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:bfe07920a26242850ea78fe5439e29b6f2f8e068618752849b72ab5ff8dbc449
size 42845

3
dhcp-3.1.2p1.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:e0cb405e0fef0ecebec7aaed294032a06178ff28be87498596e6069ccda4341e
size 792355

11
dhcp-3.1.2p1.tar.gz.asc Normal file
View File

@ -0,0 +1,11 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (FreeBSD)
iQEVAwUASj/23dgRtT8Le64AAQLfFAgAjKwtGHGpS9Jw5nEhqkiXUq6E+WPxAVAl
u59q6XS186MwbfZuOreTJBmh2MrD/EKqb642AJr6kZpw/EfuB4Bisd1iyqixH8pX
hQsmmpGis4QkPIBkEW6ktGEayeVEUE5r5PEmDvXEEs6kTxmMjOk5ZUpy3lsN2ZYN
OitmOTU4TbHyFyWVwRKWsRvozJrPvwMmMGEyNWcGKFF8O8ogJ5iWQAqaMWiRN8a0
q+8/lU3IbT+ZUK8agFK28rohNsoSto41ABEcjG+xRY8YQDJVVJ+NJuzxnjB5ns/W
ELiEZhnJ+m8jyze0yR2qNlunudg2FBKIK8z4YVTUQvF0q0r99kAkig==
=BJvL
-----END PGP SIGNATURE-----

48
dhcp.changes
View File

@ -1,3 +1,51 @@
-------------------------------------------------------------------
Wed Jul 29 14:05:41 CEST 2009 - mt@suse.de
- Applied fix for a dhcp client id DoS (CVE-2009-1892, bnc#519413).
-------------------------------------------------------------------
Wed Jul 29 12:47:46 CEST 2009 - mt@suse.de
- Updated to dhcp-3.1.2p1 maintenance release fixing following
issues:
* A stack overflow vulnerability was fixed in dhclient that could
allow remote attackers to execute arbitrary commands as root on
the system, or simply terminate the client, by providing an
over-long subnet-mask option.
* A double-dereference in dhclient transmission of DHCPDECLINEs
was repaired.
* Fix handling of -A and -a flags in dhcrelay; it was failing
to expand packet size as needed to add relay agent options.
* Corrected list of failover state values in dhcpd man page.
* Fixed a bug that caused some request types to be logged
incorrectly.
* Fixed a coredump when adding a class via OMAPI.
* Clients that sent a parameter request list containing the
routers option before the subnet mask option were receiving
only the latter. Fixed.
* The server wasn't always sending the FQDN option when it should.
* A partner-down failover server no longer emits 'peer holds all
free leases' if it is able to newly-allocate one of the peer's
leases.
* A cosmetic bug in DHCPDECLINE processing was fixed which caused
all successful DHCPDECLINEs to be logged as "not found" rather
than "abandoned".
* Some failover debugging #defines have been better defined and
some high frequency messages moved to a deeper debugging symbol.
* The CLTT parameter in failover is now only updated by client
activity, and not by failover binding updates.
* Failover BNDUPD messages are now discarded if they conflict with
an update that has been trasnmitted, but not acknowledged.
* A bug cleaning up unknown-xxx temporary option definitions was
fixed.
- Removed obsolete dhclient-no-dereference-twice patch
- Improved dhclient-script to apply global dhcp settings, when
there is no interface config (bnc#480922).
- Enabled casa support in dhcp-ldap for >= sles 10 and => 11.1.
- Updated dhcp-3.1.2p1-ldap-patch-mt.11.2-02 merging all patches
flying around -- see http://www.suse.de/~mt/git/dhcp-ldap.git
and the git changelog at the begin of the patch.
------------------------------------------------------------------- -------------------------------------------------------------------
Mon Jan 19 15:58:38 CET 2009 - mt@suse.de Mon Jan 19 15:58:38 CET 2009 - mt@suse.de

1219
dhcp.spec
View File

File diff suppressed because it is too large Load Diff