dhcpd needs to chown leases file created before de-rooting itself (#866714)

dhcp-4.2.3-paranoia.patch

@@ -1,49 +0,0 @@
-diff -up dhcp-4.2.3-P1/server/dhcpd.c.paranoia dhcp-4.2.3-P1/server/dhcpd.c
---- dhcp-4.2.3-P1/server/dhcpd.c.paranoia	2011-12-20 18:02:26.000000000 +0100
-+++ dhcp-4.2.3-P1/server/dhcpd.c	2011-12-20 18:03:43.840037108 +0100
-@@ -771,22 +771,6 @@ main(int argc, char **argv) {
- 			exit (0);
- 	}
-  
--#if defined (PARANOIA)
--	/* change uid to the specified one */
--
--	if (set_gid) {
--		if (setgroups (0, (void *)0))
--			log_fatal ("setgroups: %m");
--		if (setgid (set_gid))
--			log_fatal ("setgid(%d): %m", (int) set_gid);
--	}	
--
--	if (set_uid) {
--		if (setuid (set_uid))
--			log_fatal ("setuid(%d): %m", (int) set_uid);
--	}
--#endif /* PARANOIA */
--
- 	/*
- 	 * Deal with pid files.  If the user told us
- 	 * not to write a file we don't read one either
-@@ -823,6 +807,22 @@ main(int argc, char **argv) {
- 		}
- 	}
- 
-+#if defined (PARANOIA)
-+	/* change uid to the specified one */
-+
-+	if (set_gid) {
-+		if (setgroups (0, (void *)0))
-+			log_fatal ("setgroups: %m");
-+		if (setgid (set_gid))
-+			log_fatal ("setgid(%d): %m", (int) set_gid);
-+	}	
-+
-+	if (set_uid) {
-+		if (setuid (set_uid))
-+			log_fatal ("setuid(%d): %m", (int) set_uid);
-+	}
-+#endif /* PARANOIA */
-+
- 	/* If we were requested to log to stdout on the command line,
- 	   keep doing so; otherwise, stop. */
- 	if (log_perror == -1)

dhcp-4.2.4-paranoia.patch

@@ -0,0 +1,164 @@
+diff -up dhcp-4.2.4-P2/client/dhclient.c.paranoia dhcp-4.2.4-P2/client/dhclient.c
+--- dhcp-4.2.4-P2/client/dhclient.c.paranoia	2012-10-16 15:56:41.562001524 +0200
++++ dhcp-4.2.4-P2/client/dhclient.c	2012-10-16 15:56:42.106994294 +0200
+@@ -1696,11 +1696,6 @@ int write_host (host)
+ 	return 0;
+ }
+ 
+-void db_startup (testp)
+-	int testp;
+-{
+-}
+-
+ void bootp (packet)
+ 	struct packet *packet;
+ {
+diff -up dhcp-4.2.4-P2/includes/dhcpd.h.paranoia dhcp-4.2.4-P2/includes/dhcpd.h
+--- dhcp-4.2.4-P2/includes/dhcpd.h.paranoia	2012-10-16 15:56:41.784998564 +0200
++++ dhcp-4.2.4-P2/includes/dhcpd.h	2012-10-16 15:56:42.108994268 +0200
+@@ -2793,7 +2793,11 @@ void commit_leases_timeout (void *);
+ void commit_leases_readerdry(void *);
+ int commit_leases (void);
+ int commit_leases_timed (void);
++#if defined (PARANOIA)
++void db_startup (int, uid_t, gid_t);
++#else
+ void db_startup (int);
++#endif /* PARANOIA */
+ int new_lease_file (void);
+ int group_writer (struct group_object *);
+ int write_ia(const struct ia_xx *);
+diff -up dhcp-4.2.4-P2/server/confpars.c.paranoia dhcp-4.2.4-P2/server/confpars.c
+--- dhcp-4.2.4-P2/server/confpars.c.paranoia	2012-10-16 15:56:39.052034671 +0200
++++ dhcp-4.2.4-P2/server/confpars.c	2012-10-16 15:56:42.109994255 +0200
+@@ -224,7 +224,11 @@ void trace_conf_input (trace_type_t *tty
+ 	}
+ 
+ 	if (!leaseconf_initialized && ttype == trace_readleases_type) {
++#if defined (PARANOIA)
++		db_startup (0, 0, 0);
++#else
+ 		db_startup (0);
++#endif /* PARANOIA */
+ 		leaseconf_initialized = 1;
+ 		postdb_startup ();
+ 	}
+diff -up dhcp-4.2.4-P2/server/db.c.paranoia dhcp-4.2.4-P2/server/db.c
+--- dhcp-4.2.4-P2/server/db.c.paranoia	2012-10-16 15:56:39.062034541 +0200
++++ dhcp-4.2.4-P2/server/db.c	2012-10-16 15:56:42.110994242 +0200
+@@ -47,6 +47,10 @@ static int counting = 0;
+ static int count = 0;
+ TIME write_time;
+ int lease_file_is_corrupt = 0;
++#if defined (PARANOIA)
++uid_t global_set_uid = 0;
++gid_t global_set_gid = 0;
++#endif /* PARANOIA */
+ 
+ /* Write a single binding scope value in parsable format.
+  */
+@@ -1027,8 +1031,11 @@ int commit_leases_timed()
+ 	return (1);
+ }
+ 
+-void db_startup (testp)
+-	int testp;
++#if defined (PARANOIA)
++void db_startup (int testp, uid_t set_uid, gid_t set_gid)
++#else
++void db_startup (int testp)
++#endif /* PARANOIA */
+ {
+ 	isc_result_t status;
+ 
+@@ -1047,6 +1054,11 @@ void db_startup (testp)
+ 	}
+ #endif
+ 
++#if defined (PARANOIA)
++	global_set_uid = set_uid;
++	global_set_gid = set_gid;
++#endif /* PARANOIA */
++
+ #if defined (TRACING)
+ 	/* If we're playing back, there is no lease file, so we can't
+ 	   append it, so we create one immediately (maybe this isn't
+@@ -1109,6 +1121,17 @@ int new_lease_file ()
+ 		log_error ("Can't create new lease file: %m");
+ 		return 0;
+ 	}
++
++#if defined (PARANOIA)
++	if (global_set_uid && !geteuid() &&
++	    global_set_gid && !getegid())
++		if (fchown(db_fd, global_set_uid, global_set_gid)) {
++			log_fatal ("Can't chown new lease file: %m");
++			close(db_fd);
++			goto fdfail;
++	}
++#endif /* PARANOIA */
++
+ 	if ((new_db_file = fdopen(db_fd, "we")) == NULL) {
+ 		log_error("Can't fdopen new lease file: %m");
+ 		close(db_fd);
+diff -up dhcp-4.2.4-P2/server/dhcpd.c.paranoia dhcp-4.2.4-P2/server/dhcpd.c
+--- dhcp-4.2.4-P2/server/dhcpd.c.paranoia	2012-10-16 15:56:39.180032998 +0200
++++ dhcp-4.2.4-P2/server/dhcpd.c	2012-10-16 16:01:52.822804493 +0200
+@@ -700,7 +700,11 @@ main(int argc, char **argv) {
+ 	group_write_hook = group_writer;
+ 
+ 	/* Start up the database... */
++#if defined (PARANOIA)
++	db_startup (lftest, set_uid, set_gid);
++#else
+ 	db_startup (lftest);
++#endif /* PARANOIA */
+ 
+ 	if (lftest)
+ 		exit (0);
+@@ -771,22 +775,6 @@ main(int argc, char **argv) {
+ 			exit (0);
+ 	}
+  
+-#if defined (PARANOIA)
+-	/* change uid to the specified one */
+-
+-	if (set_gid) {
+-		if (setgroups (0, (void *)0))
+-			log_fatal ("setgroups: %m");
+-		if (setgid (set_gid))
+-			log_fatal ("setgid(%d): %m", (int) set_gid);
+-	}	
+-
+-	if (set_uid) {
+-		if (setuid (set_uid))
+-			log_fatal ("setuid(%d): %m", (int) set_uid);
+-	}
+-#endif /* PARANOIA */
+-
+ 	/*
+ 	 * Deal with pid files.  If the user told us
+ 	 * not to write a file we don't read one either
+@@ -823,6 +811,22 @@ main(int argc, char **argv) {
+ 		}
+ 	}
+ 
++#if defined (PARANOIA)
++	/* change uid to the specified one */
++
++	if (set_gid) {
++		if (setgroups (0, (void *)0))
++			log_fatal ("setgroups: %m");
++		if (setgid (set_gid))
++			log_fatal ("setgid(%d): %m", (int) set_gid);
++	}	
++
++	if (set_uid) {
++		if (setuid (set_uid))
++			log_fatal ("setuid(%d): %m", (int) set_uid);
++	}
++#endif /* PARANOIA */
++
+ 	/* If we were requested to log to stdout on the command line,
+ 	   keep doing so; otherwise, stop. */
+ 	if (log_perror == -1)

dhcp.spec

@@ -18,7 +18,7 @@
 Summary:  Dynamic host configuration protocol software
 Name:     dhcp
 Version:  4.2.4
-Release:  18.%{patchver}%{?dist}
+Release:  19.%{patchver}%{?dist}
 # NEVER CHANGE THE EPOCH on this package.  The previous maintainer (prior to
 # dcantrell maintaining the package) made incorrect use of the epoch and
 # that's why it is at 12 now.  It should have never been used, but it was.
@@ -63,7 +63,7 @@ Patch28:  dhcp-4.2.2-remove-bind.patch
 Patch29:  dhcp-4.2.4-P1-remove-dst.patch
 Patch30:  dhcp-4.2.2-sharedlib.patch
 Patch31:  dhcp-4.2.4-PPP.patch
-Patch32:  dhcp-4.2.3-paranoia.patch
+Patch32:  dhcp-4.2.4-paranoia.patch
 Patch33:  dhcp-4.2.4-lpf-ib.patch
 Patch34:  dhcp-4.2.4-improved-xid.patch
 Patch35:  dhcp-4.2.2-gpxe-cid.patch
@@ -276,8 +276,9 @@ rm -rf includes/isc-dhcp
 # DHCPv6 over PPP support (#626514)
 %patch31 -p1 -b .PPP
 
-# Write PID file BEFORE changing of the effective user/group ID.
+# dhcpd: BEFORE changing of the effective user/group ID:
-# (Submitted to dhcp-bugs@isc.org - [ISC-Bugs #25806])
+#  - write PID file (Submitted to dhcp-bugs@isc.org - [ISC-Bugs #25806])
+#  - chown leases file (#866714)
 %patch32 -p1 -b .paranoia
 
 # IPoIB support (#660681)
@@ -557,6 +558,9 @@ fi
 
 
 %changelog
+* Wed Oct 17 2012 Jiri Popelka <jpopelka@redhat.com> - 12:4.2.4-19.P2
+- dhcpd needs to chown leases file created before de-rooting itself (#866714)
+
 * Thu Oct 11 2012 Adam Tkac <atkac redhat com> - 12:4.2.4-18.P2
 - rebuild against new bind-libs-lite