Write lease file AFTER changing of the effective user/group ID.

Move omshell from dhcp-common to main package (where it originally was).
2011-10-26 19:40:23 +02:00 · 2011-10-26 19:40:23 +02:00 · 6e67a560a8
commit 6e67a560a8
parent 278bc55875
3 changed files with 124 additions and 60 deletions
--- a/dhcp-4.2.2-paranoia-pid.patch
+++ b/dhcp-4.2.2-paranoia-pid.patch
@ -1,49 +0,0 @@
-diff -up dhcp-4.2.2/server/dhcpd.c.paranoia-pid dhcp-4.2.2/server/dhcpd.c
--- dhcp-4.2.2/server/dhcpd.c.paranoia-pid	2011-09-12 16:07:01.000000000 +0200
-+++ dhcp-4.2.2/server/dhcpd.c	2011-09-12 16:08:55.680988466 +0200
-@@ -791,22 +791,6 @@ main(int argc, char **argv) {
- 			exit (0);
- 	}
-  
-#if defined (PARANOIA)
-	/* change uid to the specified one */
-
-	if (set_gid) {
-		if (setgroups (0, (void *)0))
-			log_fatal ("setgroups: %m");
-		if (setgid (set_gid))
-			log_fatal ("setgid(%d): %m", (int) set_gid);
-	}	
-
-	if (set_uid) {
-		if (setuid (set_uid))
-			log_fatal ("setuid(%d): %m", (int) set_uid);
-	}
-#endif /* PARANOIA */
-
- 	/*
- 	 * Deal with pid files.  If the user told us
- 	 * not to write a file we don't read one either
-@@ -843,6 +827,22 @@ main(int argc, char **argv) {
- 		}
- 	}
- 
-+#if defined (PARANOIA)
-+	/* change uid to the specified one */
-+
-+	if (set_gid) {
-+		if (setgroups (0, (void *)0))
-+			log_fatal ("setgroups: %m");
-+		if (setgid (set_gid))
-+			log_fatal ("setgid(%d): %m", (int) set_gid);
-+	}	
-+
-+	if (set_uid) {
-+		if (setuid (set_uid))
-+			log_fatal ("setuid(%d): %m", (int) set_uid);
-+	}
-+#endif /* PARANOIA */
-+
- 	/* If we were requested to log to stdout on the command line,
- 	   keep doing so; otherwise, stop. */
- 	if (log_perror == -1)
--- a/dhcp-4.2.3-paranoia.patch
+++ b/dhcp-4.2.3-paranoia.patch
@ -0,0 +1,110 @@
+diff -up dhcp-4.2.3/server/dhcpd.c.paranoia dhcp-4.2.3/server/dhcpd.c
+--- dhcp-4.2.3/server/dhcpd.c.paranoia	2011-10-26 19:10:08.162925489 +0200
+++ dhcp-4.2.3/server/dhcpd.c	2011-10-26 19:12:34.541095509 +0200
+@@ -699,11 +699,11 @@ main(int argc, char **argv) {
+ 
+ 	group_write_hook = group_writer;
+ 
+-	/* Start up the database... */
+-	db_startup (lftest);
+-
+-	if (lftest)
+	if (lftest) {
+		/* Start up the database... */
+		db_startup (lftest);
+ 		exit (0);
+	}
+ 
+ 	/* Discover all the network interfaces and initialize them. */
+ 	discover_interfaces(DISCOVER_SERVER);
+@@ -743,24 +743,6 @@ main(int argc, char **argv) {
+ #if defined (TRACING)
+ 	trace_seed_stash (trace_srandom, seed + cur_time);
+ #endif
+-	postdb_startup ();
+-
+-#ifdef DHCPv6
+-	/*
+-	 * Set server DHCPv6 identifier.
+-	 * See dhcpv6.c for discussion of setting DUID.
+-	 */
+-	if (set_server_duid_from_option() == ISC_R_SUCCESS) {
+-		write_server_duid();
+-	} else {
+-		if (!server_duid_isset()) {
+-			if (generate_new_server_duid() != ISC_R_SUCCESS) {
+-				log_fatal("Unable to set server identifier.");
+-			}
+-			write_server_duid();
+-		}
+-	}
+-#endif /* DHCPv6 */
+ 
+ #ifndef DEBUG
+ 	if (daemon) {
+@@ -771,22 +753,6 @@ main(int argc, char **argv) {
+ 			exit (0);
+ 	}
+  
+-#if defined (PARANOIA)
+-	/* change uid to the specified one */
+-
+-	if (set_gid) {
+-		if (setgroups (0, (void *)0))
+-			log_fatal ("setgroups: %m");
+-		if (setgid (set_gid))
+-			log_fatal ("setgid(%d): %m", (int) set_gid);
+-	}	
+-
+-	if (set_uid) {
+-		if (setuid (set_uid))
+-			log_fatal ("setuid(%d): %m", (int) set_uid);
+-	}
+-#endif /* PARANOIA */
+-
+ 	/*
+ 	 * Deal with pid files.  If the user told us
+ 	 * not to write a file we don't read one either
+@@ -823,6 +789,42 @@ main(int argc, char **argv) {
+ 		}
+ 	}
+ 
+#if defined (PARANOIA)
+	/* change uid to the specified one */
+
+	if (set_gid) {
+		if (setgroups (0, (void *)0))
+			log_fatal ("setgroups: %m");
+		if (setgid (set_gid))
+			log_fatal ("setgid(%d): %m", (int) set_gid);
+	}	
+
+	if (set_uid) {
+		if (setuid (set_uid))
+			log_fatal ("setuid(%d): %m", (int) set_uid);
+	}
+#endif /* PARANOIA */
+
+	db_startup(lftest);
+	postdb_startup ();
+
+#ifdef DHCPv6
+	/*
+	 * Set server DHCPv6 identifier.
+	 * See dhcpv6.c for discussion of setting DUID.
+	 */
+	if (set_server_duid_from_option() == ISC_R_SUCCESS) {
+		write_server_duid();
+	} else {
+		if (!server_duid_isset()) {
+			if (generate_new_server_duid() != ISC_R_SUCCESS) {
+				log_fatal("Unable to set server identifier.");
+			}
+			write_server_duid();
+		}
+	}
+#endif /* DHCPv6 */
+
+ 	/* If we were requested to log to stdout on the command line,
+ 	   keep doing so; otherwise, stop. */
+ 	if (log_perror == -1)
--- a/dhcp.spec
+++ b/dhcp.spec
@ -22,7 +22,7 @@
 Summary:  Dynamic host configuration protocol software
 Name:     dhcp
 Version:  4.2.3
-Release:  2%{?dist}
+Release:  3%{?dist}
 # NEVER CHANGE THE EPOCH on this package.  The previous maintainer (prior to
 # dcantrell maintaining the package) made incorrect use of the epoch and
 # that's why it is at 12 now.  It should have never been used, but it was.
@ -71,7 +71,7 @@ Patch28:  dhcp-4.2.0-noprefixavail.patch
 Patch29:  dhcp-4.2.2-remove-bind.patch
 Patch30:  dhcp-4.2.2-sharedlib.patch
 Patch31:  dhcp-4.2.0-PPP.patch
-Patch32:  dhcp-4.2.2-paranoia-pid.patch
+Patch32:  dhcp-4.2.3-paranoia.patch
 Patch33:  dhcp-4.2.2-lpf-ib.patch
 Patch34:  dhcp-4.2.2-improved-xid.patch
 Patch35:  dhcp-4.2.2-gpxe-cid.patch
@ -117,8 +117,7 @@ DHCP (Dynamic Host Configuration Protocol) is a protocol which allows
 individual devices on an IP network to get their own network
 configuration information (IP address, subnetmask, broadcast address,
 etc.) from a DHCP server. The overall purpose of DHCP is to make it
-easier to administer a large network.  The dhcp package includes the
-ISC DHCP service and relay agent.
+easier to administer a large network.

 To use DHCP on your network, install a DHCP service (or relay agent),
 and on clients run a DHCP client daemon.  The dhcp package provides
@ -315,9 +314,10 @@ rm bind/bind.tar.gz
 # DHCPv6 over PPP support (#626514)
 %patch31 -p1 -b .PPP

-# Move changing of the effective user/group ID after writing new PID file.
+# Write PID file BEFORE changing of the effective user/group ID.
 # (Submitted to dhcp-bugs@isc.org - [ISC-Bugs #25806])
-%patch32 -p1 -b .paranoia-pid
+# Write lease file AFTER changing of the effective user/group ID.
+%patch32 -p1 -b .paranoia

 # IPoIB support (#660681)
 # (Submitted to dhcp-bugs@isc.org - [ISC-Bugs #24249])
@ -364,7 +364,7 @@ for page in server/dhcpd.conf.5 server/dhcpd.leases.5 server/dhcpd.8 ; do
 done

 %build
-libtoolize --copy --force
+#libtoolize --copy --force
 autoreconf --verbose --force --install

 CFLAGS="%{optflags} -fno-strict-aliasing -D_GNU_SOURCE" \
@ -462,7 +462,6 @@ EOF
 # DHCPv6 Server Configuration file.
 #   see /usr/share/doc/dhcp*/dhcpd6.conf.sample
 #   see dhcpd.conf(5) man page
-#   run 'service dhcpd6 start' or 'dhcpd -6 -cf /etc/dhcp/dhcpd6.conf'
 #
 EOF

@ -617,6 +616,8 @@ fi
 %attr(0644,root,root)   %{_unitdir}/dhcrelay.service
 %{_sbindir}/dhcpd
 %{_sbindir}/dhcrelay
+%{_bindir}/omshell
+%attr(0644,root,root) %{_mandir}/man1/omshell.1.gz
 %attr(0644,root,root) %{_mandir}/man5/dhcpd.conf.5.gz
 %attr(0644,root,root) %{_mandir}/man5/dhcpd.leases.5.gz
 %attr(0644,root,root) %{_mandir}/man8/dhcpd.8.gz
@ -643,8 +644,6 @@ fi

 %files common
 %doc LICENSE README RELNOTES doc/References.txt
-%{_bindir}/omshell
-%attr(0644,root,root) %{_mandir}/man1/omshell.1.gz
 %attr(0644,root,root) %{_mandir}/man5/dhcp-options.5.gz
 %attr(0644,root,root) %{_mandir}/man5/dhcp-eval.5.gz

@ -670,8 +669,12 @@ fi
 %{_initddir}/dhcrelay

 %changelog
+* Wed Oct 26 2011 Jiri Popelka <jpopelka@redhat.com> - 12:4.2.3-3
+- Write lease file AFTER changing of the effective user/group ID.
+- Move omshell from dhcp-common to main package (where it originally was).
+
 * Thu Oct 20 2011 Jiri Popelka <jpopelka@redhat.com> - 12:4.2.3-2
- Move changing of the effective user/group ID after writing new PID file.
+- Write PID file BEFORE changing of the effective user/group ID.
 - Really define _hardened_build this time

 * Thu Oct 20 2011 Jiri Popelka <jpopelka@redhat.com> - 12:4.2.3-1