rpms/dhcp
7
0
Fork 0
Code Issues Pull Requests Releases Activity

- Carry over RES_OPTIONS from ifcfg-ethX files to /etc/resolv.conf

Browse Source 
(#202923)
- Clean up Requires tags for devel packages
- Allow SEARCH variable in ifcfg files to override search path (#454152)
- Do not down interface if there is an active lease (#453982)
- Clean up how dhclient-script restarts ypbind
- Set close-on-exec on dhclient.leases for SELinux (#446632)
This commit is contained in:
David Cantrell 2008-08-01 22:16:38 +00:00
parent ddfb139a17
commit f669e74cea
5 changed files with 165 additions and 576 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

133
dhcp-4.0.0-FD_CLOEXEC.patch Normal file
View File

@ -0,0 +1,133 @@
diff -up dhcp-4.0.0/client/dhclient.c.FD_CLOEXEC dhcp-4.0.0/client/dhclient.c
--- dhcp-4.0.0/client/dhclient.c.FD_CLOEXEC 2008-08-01 11:02:35.000000000 -1000
+++ dhcp-4.0.0/client/dhclient.c 2008-08-01 11:14:01.000000000 -1000
@@ -2696,6 +2696,7 @@ int leases_written = 0;
void rewrite_client_leases ()
{
+ int fd, flags;
struct interface_info *ip;
struct client_state *client;
struct client_lease *lp;
@@ -2708,6 +2709,23 @@ void rewrite_client_leases ()
return;
}
+ if ((fd = fileno(leaseFile)) == -1) {
+ log_error ("could not determine fd for %s: %s", path_dhclient_db, strerror(errno));
+ return;
+ }
+
+ if ((flags = fcntl(fd, F_GETFD)) == -1) {
+ log_error ("failed to get flags for %s: %s", path_dhclient_db, strerror(errno));
+ return;
+ }
+
+ flags |= FD_CLOEXEC;
+
+ if (fcntl(fd, F_SETFD, flags) == -1) {
+ log_error ("failed to set close-on-exec for %s", path_dhclient_db);
+ return;
+ }
+
/* If there is a default duid, write it out. */
if (default_duid.len != 0)
write_duid(&default_duid);
@@ -2800,7 +2818,7 @@ static isc_result_t
write_duid(struct data_string *duid)
{
char *str;
- int stat;
+ int stat, flags, fd;
if ((duid == NULL) || (duid->len <= 2))
return ISC_R_INVALIDARG;
@@ -2811,6 +2829,23 @@ write_duid(struct data_string *duid)
log_error("can't create %s: %m", path_dhclient_db);
return ISC_R_IOERROR;
}
+
+ if ((fd = fileno(leaseFile)) == -1) {
+ log_error ("could not determine fd for %s: %s", path_dhclient_db, strerror(errno));
+ return ISC_R_IOERROR;
+ }
+
+ if ((flags = fcntl(fd, F_GETFD)) == -1) {
+ log_error ("failed to get flags for %s: %s", path_dhclient_db, strerror(errno));
+ return ISC_R_IOERROR;
+ }
+
+ flags |= FD_CLOEXEC;
+
+ if (fcntl(fd, F_SETFD, flags) == -1) {
+ log_error ("failed to set close-on-exec for %s", path_dhclient_db);
+ return ISC_R_IOERROR;
+ }
}
/* It would make more sense to write this as a hex string,
@@ -2840,7 +2875,7 @@ write_client6_lease(struct client_state
{
struct dhc6_ia *ia;
struct dhc6_addr *addr;
- int stat;
+ int stat, flags, fd;
/* This should include the current lease. */
if (!rewrite && (leases_written++ > 20)) {
@@ -2858,6 +2893,23 @@ write_client6_lease(struct client_state
log_error("can't create %s: %m", path_dhclient_db);
return ISC_R_IOERROR;
}
+
+ if ((fd = fileno(leaseFile)) == -1) {
+ log_error ("could not determine fd for %s: %s", path_dhclient_db, strerror(errno));
+ return ISC_R_IOERROR;
+ }
+
+ if ((flags = fcntl(fd, F_GETFD)) == -1) {
+ log_error ("failed to get flags for %s: %s", path_dhclient_db, strerror(errno));
+ return ISC_R_IOERROR;
+ }
+
+ flags |= FD_CLOEXEC;
+
+ if (fcntl(fd, F_SETFD, flags) == -1) {
+ log_error ("failed to set close-on-exec for %s", path_dhclient_db);
+ return ISC_R_IOERROR;
+ }
}
stat = fprintf(leaseFile, "lease6 {\n");
@@ -2940,6 +2992,7 @@ int write_client_lease (client, lease, r
{
struct data_string ds;
int errors = 0;
+ int flags, fd;
char *s;
const char *tval;
@@ -2961,6 +3014,23 @@ int write_client_lease (client, lease, r
log_error ("can't create %s: %m", path_dhclient_db);
return 0;
}
+
+ if ((fd = fileno(leaseFile)) == -1) {
+ log_error ("could not determine fd for %s: %s", path_dhclient_db, strerror(errno));
+ return ISC_R_IOERROR;
+ }
+
+ if ((flags = fcntl(fd, F_GETFD)) == -1) {
+ log_error ("failed to get flags for %s: %s", path_dhclient_db, strerror(errno));
+ return ISC_R_IOERROR;
+ }
+
+ flags |= FD_CLOEXEC;
+
+ if (fcntl(fd, F_SETFD, flags) == -1) {
+ log_error ("failed to set close-on-exec for %s", path_dhclient_db);
+ return ISC_R_IOERROR;
+ }
}
errno = 0;

508
dhcp-4.0.0-O_CLOEXEC.patch
View File

@ -1,508 +0,0 @@
diff -up dhcp-4.0.0//client/clparse.c.cloexec dhcp-4.0.0//client/clparse.c
--- dhcp-4.0.0//client/clparse.c.cloexec 2008-07-01 15:36:54.000000000 -1000
+++ dhcp-4.0.0//client/clparse.c 2008-07-01 17:02:38.000000000 -1000
@@ -221,7 +221,7 @@ int read_client_conf_file (const char *n
int token;
isc_result_t status;
- if ((file = open (name, O_RDONLY)) < 0)
+ if ((file = open (name, O_RDONLY | O_CLOEXEC)) < 0)
return uerr2isc (errno);
cfile = (struct parse *)0;
@@ -258,7 +258,7 @@ void read_client_leases ()
/* Open the lease file. If we can't open it, just return -
we can safely trust the server to remember our state. */
- if ((file = open (path_dhclient_db, O_RDONLY)) < 0)
+ if ((file = open (path_dhclient_db, O_RDONLY | O_CLOEXEC)) < 0)
return;
cfile = (struct parse *)0;
/* new_parse() may fail if the file is of zero length. */
diff -up dhcp-4.0.0//client/dhclient.c.cloexec dhcp-4.0.0//client/dhclient.c
--- dhcp-4.0.0//client/dhclient.c.cloexec 2008-07-01 15:36:54.000000000 -1000
+++ dhcp-4.0.0//client/dhclient.c 2008-07-01 17:22:06.000000000 -1000
@@ -162,11 +162,11 @@ int main(int argc, char **argv, char **e
/* Make sure that file descriptors 0 (stdin), 1, (stdout), and
2 (stderr) are open. To do this, we assume that when we
open a file the lowest available file descriptor is used. */
- fd = open("/dev/null", O_RDWR);
+ fd = open("/dev/null", O_RDWR | O_CLOEXEC);
if (fd == 0)
- fd = open("/dev/null", O_RDWR);
+ fd = open("/dev/null", O_RDWR | O_CLOEXEC);
if (fd == 1)
- fd = open("/dev/null", O_RDWR);
+ fd = open("/dev/null", O_RDWR | O_CLOEXEC);
if (fd == 2)
log_perror = 0; /* No sense logging to /dev/null. */
else if (fd != -1)
@@ -442,6 +442,19 @@ int main(int argc, char **argv, char **e
oldpid = 0;
if ((pidfd = fopen(path_dhclient_pid, "r")) != NULL) {
+ int fn = fileno(pidfd);
+ int flags = fcntl(fn, F_GETFD);
+
+ if (flags == -1) {
+ log_error("%s (%d): %s\n", __func__, __LINE__, strerror(errno));
+ } else {
+ flags |= FD_CLOEXEC;
+
+ if (fcntl(fn, F_SETFD, flags) == -1) {
+ log_error("%s (%d): %s\n", __func__, __LINE__, strerror(errno));
+ }
+ }
+
e = fscanf(pidfd, "%ld\n", &temp);
oldpid = (pid_t)temp;
@@ -484,6 +497,19 @@ int main(int argc, char **argv, char **e
sprintf(new_path_dhclient_pid + pfx, "-%s.pid", ip->name);
if ((pidfd = fopen(new_path_dhclient_pid, "r")) != NULL) {
+ int fn = fileno(pidfd);
+ int flags = fcntl(fn, F_GETFD);
+
+ if (flags == -1) {
+ log_error("%s (%d): %s\n", __func__, __LINE__, strerror(errno));
+ } else {
+ flags |= FD_CLOEXEC;
+
+ if (fcntl(fn, F_SETFD, flags) == -1) {
+ log_error("%s (%d): %s\n", __func__, __LINE__, strerror(errno));
+ }
+ }
+
e = fscanf(pidfd, "%ld\n", &temp);
oldpid = (pid_t)temp;
@@ -509,6 +535,19 @@ int main(int argc, char **argv, char **e
char procfn[256] = "";
if ((pidfp = fopen(path_dhclient_pid, "r")) != NULL) {
+ int fn = fileno(pidfd);
+ int flags = fcntl(fn, F_GETFD);
+
+ if (flags == -1) {
+ log_error("%s (%d): %s\n", __func__, __LINE__, strerror(errno));
+ } else {
+ flags |= FD_CLOEXEC;
+
+ if (fcntl(fn, F_SETFD, flags) == -1) {
+ log_error("%s (%d): %s\n", __func__, __LINE__, strerror(errno));
+ }
+ }
+
if ((fscanf(pidfp, "%ld", &temp)==1) && ((dhcpid=(pid_t)temp) > 0)) {
snprintf(procfn,256,"/proc/%u",dhcpid);
dhc_running = (access(procfn, F_OK) == 0);
@@ -2896,6 +2935,7 @@ int leases_written = 0;
void rewrite_client_leases ()
{
+ int fn, flags;
struct interface_info *ip;
struct client_state *client;
struct client_lease *lp;
@@ -2908,9 +2948,17 @@ void rewrite_client_leases ()
return;
}
- if (fcntl(leaseFile, F_SETFD, FD_CLOEXEC) == -1) {
- log_error ("failed to set close-on-exec for %s", path_dhclient_db);
- return;
+ fn = fileno(leaseFile);
+ flags = fcntl(fn, F_GETFD);
+
+ if (flags == -1) {
+ log_error("%s (%d): %s\n", __func__, __LINE__, strerror(errno));
+ } else {
+ flags |= FD_CLOEXEC;
+
+ if (fcntl(fn, F_SETFD, flags) == -1) {
+ log_error("%s (%d): %s\n", __func__, __LINE__, strerror(errno));
+ }
}
/* If there is a default duid, write it out. */
@@ -3005,20 +3053,30 @@ static isc_result_t
write_duid(struct data_string *duid)
{
char *str;
- int stat;
+ int stat, fn, flags;
if ((duid == NULL) || (duid->len <= 2))
return ISC_R_INVALIDARG;
if (leaseFile == NULL) { /* XXX? */
leaseFile = fopen(path_dhclient_db, "w");
+
if (leaseFile == NULL) {
log_error("can't create %s: %m", path_dhclient_db);
return ISC_R_IOERROR;
}
- if (fcntl(leaseFile, F_SETFD, FD_CLOEXEC) == -1) {
- log_error ("failed to set close-on-exec for %s", path_dhclient_db);
- return ISC_R_IOERROR;
+
+ fn = fileno(leaseFile);
+ flags = fcntl(fn, F_GETFD);
+
+ if (flags == -1) {
+ log_error("%s (%d): %s\n", __func__, __LINE__, strerror(errno));
+ } else {
+ flags |= FD_CLOEXEC;
+
+ if (fcntl(fn, F_SETFD, flags) == -1) {
+ log_error("%s (%d): %s\n", __func__, __LINE__, strerror(errno));
+ }
}
}
@@ -3049,7 +3107,7 @@ write_client6_lease(struct client_state
{
struct dhc6_ia *ia;
struct dhc6_addr *addr;
- int stat;
+ int stat, fn, flags;
/* This should include the current lease. */
if (!rewrite && (leases_written++ > 20)) {
@@ -3063,13 +3121,23 @@ write_client6_lease(struct client_state
if (leaseFile == NULL) { /* XXX? */
leaseFile = fopen(path_dhclient_db, "w");
+
if (leaseFile == NULL) {
log_error("can't create %s: %m", path_dhclient_db);
return ISC_R_IOERROR;
}
- if (fcntl(leaseFile, F_SETFD, FD_CLOEXEC) == -1) {
- log_error ("failed to set close-on-exec for %s", path_dhclient_db);
- return ISC_R_IOERROR;
+
+ fn = fileno(leaseFile);
+ flags = fcntl(fn, F_GETFD);
+
+ if (flags == -1) {
+ log_error("%s (%d): %s\n", __func__, __LINE__, strerror(errno));
+ } else {
+ flags |= FD_CLOEXEC;
+
+ if (fcntl(fn, F_SETFD, flags) == -1) {
+ log_error("%s (%d): %s\n", __func__, __LINE__, strerror(errno));
+ }
}
}
@@ -3152,7 +3220,7 @@ int write_client_lease (client, lease, r
int makesure;
{
struct data_string ds;
- int errors = 0;
+ int errors = 0, fn, flags;
char *s;
const char *tval;
@@ -3170,13 +3238,23 @@ int write_client_lease (client, lease, r
if (leaseFile == NULL) { /* XXX */
leaseFile = fopen (path_dhclient_db, "w");
+
if (leaseFile == NULL) {
log_error ("can't create %s: %m", path_dhclient_db);
return 0;
}
- if (fcntl(leaseFile, F_SETFD, FD_CLOEXEC) == -1) {
- log_error ("failed to set close-on-exec for %s", path_dhclient_db);
- return ISC_R_IOERROR;
+
+ fn = fileno(leaseFile);
+ flags = fcntl(fn, F_GETFD);
+
+ if (flags == -1) {
+ log_error("%s (%d): %s\n", __func__, __LINE__, strerror(errno));
+ } else {
+ flags |= FD_CLOEXEC;
+
+ if (fcntl(fn, F_SETFD, flags) == -1) {
+ log_error("%s (%d): %s\n", __func__, __LINE__, strerror(errno));
+ }
}
}
@@ -3675,9 +3753,9 @@ void go_daemon ()
close(2);
/* Reopen them on /dev/null. */
- open("/dev/null", O_RDWR);
- open("/dev/null", O_RDWR);
- open("/dev/null", O_RDWR);
+ open("/dev/null", O_RDWR | O_CLOEXEC);
+ open("/dev/null", O_RDWR | O_CLOEXEC);
+ open("/dev/null", O_RDWR | O_CLOEXEC);
write_client_pid_file ();
@@ -3689,7 +3767,7 @@ void write_client_pid_file ()
FILE *pf;
int pfdesc;
- pfdesc = open (path_dhclient_pid, O_CREAT | O_TRUNC | O_WRONLY, 0644);
+ pfdesc = open (path_dhclient_pid, O_CREAT | O_TRUNC | O_WRONLY | O_CLOEXEC, 0644);
if (pfdesc < 0) {
log_error ("Can't create %s: %m", path_dhclient_pid);
diff -up dhcp-4.0.0//common/bpf.c.cloexec dhcp-4.0.0//common/bpf.c
--- dhcp-4.0.0//common/bpf.c.cloexec 2008-07-01 15:36:54.000000000 -1000
+++ dhcp-4.0.0//common/bpf.c 2008-07-01 17:23:40.000000000 -1000
@@ -94,7 +94,7 @@ int if_register_bpf (info)
for (b = 0; 1; b++) {
/* %Audit% 31 bytes max. %2004.06.17,Safe% */
sprintf(filename, BPF_FORMAT, b);
- sock = open (filename, O_RDWR, 0);
+ sock = open (filename, O_RDWR | O_CLOEXEC, 0);
if (sock < 0) {
if (errno == EBUSY) {
continue;
diff -up dhcp-4.0.0//common/discover.c.cloexec dhcp-4.0.0//common/discover.c
--- dhcp-4.0.0//common/discover.c.cloexec 2008-07-01 15:36:54.000000000 -1000
+++ dhcp-4.0.0//common/discover.c 2008-07-01 17:26:03.000000000 -1000
@@ -387,6 +387,8 @@ begin_iface_scan(struct iface_conf_list
char buf[256];
int len;
int i;
+ int fn;
+ int flags;
ifaces->fp = fopen("/proc/net/dev", "r");
if (ifaces->fp == NULL) {
@@ -394,6 +396,19 @@ begin_iface_scan(struct iface_conf_list
return 0;
}
+ fn = fileno(ifaces->fp);
+ flags = fcntl(fn, F_GETFD);
+
+ if (flags == -1) {
+ log_error("%s (%d): %s\n", __func__, __LINE__, strerror(errno));
+ } else {
+ flags |= FD_CLOEXEC;
+
+ if (fcntl(fn, F_SETFD, flags) == -1) {
+ log_error("%s (%d): %s\n", __func__, __LINE__, strerror(errno));
+ }
+ }
+
/*
* The first 2 lines are header information, so read and ignore them.
*/
@@ -432,6 +447,19 @@ begin_iface_scan(struct iface_conf_list
ifaces->fp = NULL;
return 0;
}
+
+ int fn = fileno(ifaces->fp6);
+ int flags = fcntl(fn, F_GETFD);
+
+ if (flags == -1) {
+ log_error("%s (%d): %s\n", __func__, __LINE__, strerror(errno));
+ } else {
+ flags |= FD_CLOEXEC;
+
+ if (fcntl(fn, F_SETFD, flags) == -1) {
+ log_error("%s (%d): %s\n", __func__, __LINE__, strerror(errno));
+ }
+ }
#endif
return 1;
diff -up dhcp-4.0.0//common/dlpi.c.cloexec dhcp-4.0.0//common/dlpi.c
--- dhcp-4.0.0//common/dlpi.c.cloexec 2008-07-01 15:36:54.000000000 -1000
+++ dhcp-4.0.0//common/dlpi.c 2008-07-01 17:26:31.000000000 -1000
@@ -795,7 +795,7 @@ dlpiopen(const char *ifname) {
}
*dp = '\0';
- return open (devname, O_RDWR, 0);
+ return open (devname, O_RDWR | O_CLOEXEC, 0);
}
/*
diff -up dhcp-4.0.0//common/nit.c.cloexec dhcp-4.0.0//common/nit.c
--- dhcp-4.0.0//common/nit.c.cloexec 2008-07-01 15:36:54.000000000 -1000
+++ dhcp-4.0.0//common/nit.c 2008-07-01 17:26:41.000000000 -1000
@@ -81,7 +81,7 @@ int if_register_nit (info)
struct strioctl sio;
/* Open a NIT device */
- sock = open ("/dev/nit", O_RDWR);
+ sock = open ("/dev/nit", O_RDWR | O_CLOEXEC);
if (sock < 0)
log_fatal ("Can't open NIT device for %s: %m", info -> name);
diff -up dhcp-4.0.0//common/resolv.c.cloexec dhcp-4.0.0//common/resolv.c
--- dhcp-4.0.0//common/resolv.c.cloexec 2007-11-30 11:51:43.000000000 -1000
+++ dhcp-4.0.0//common/resolv.c 2008-07-01 17:26:54.000000000 -1000
@@ -48,7 +48,7 @@ void read_resolv_conf (parse_time)
struct name_server *sp, *sl, *ns;
struct domain_search_list *dp, *dl, *nd;
- if ((file = open (path_resolv_conf, O_RDONLY)) < 0) {
+ if ((file = open (path_resolv_conf, O_RDONLY | O_CLOEXEC)) < 0) {
log_error ("Can't open %s: %m", path_resolv_conf);
return;
}
diff -up dhcp-4.0.0//common/upf.c.cloexec dhcp-4.0.0//common/upf.c
--- dhcp-4.0.0//common/upf.c.cloexec 2008-07-01 15:36:54.000000000 -1000
+++ dhcp-4.0.0//common/upf.c 2008-07-01 17:27:04.000000000 -1000
@@ -77,7 +77,7 @@ int if_register_upf (info)
/* %Audit% Cannot exceed 36 bytes. %2004.06.17,Safe% */
sprintf(filename, "/dev/pf/pfilt%d", b);
- sock = open (filename, O_RDWR, 0);
+ sock = open (filename, O_RDWR | O_CLOEXEC, 0);
if (sock < 0) {
if (errno == EBUSY) {
continue;
diff -up dhcp-4.0.0//dst/dst_support.c.cloexec dhcp-4.0.0//dst/dst_support.c
--- dhcp-4.0.0//dst/dst_support.c.cloexec 2007-12-05 14:50:22.000000000 -1000
+++ dhcp-4.0.0//dst/dst_support.c 2008-07-01 17:31:47.000000000 -1000
@@ -426,6 +426,8 @@ dst_s_fopen(const char *filename, const
FILE *fp;
char pathname[PATH_MAX];
unsigned plen = sizeof(pathname);
+ int fn;
+ int flags;
if (*dst_path != '\0') {
strcpy(pathname, dst_path);
@@ -442,6 +444,15 @@ dst_s_fopen(const char *filename, const
fp = fopen(pathname, mode);
if (perm)
chmod(pathname, perm);
+
+ fn = fileno(fp);
+ flags = fcntl(fn, F_GETFD);
+
+ if (flags != -1) {
+ flags |= FD_CLOEXEC;
+ flags = fcntl(fn, F_SETFD, flags);
+ }
+
return (fp);
}
diff -up dhcp-4.0.0//dst/prandom.c.cloexec dhcp-4.0.0//dst/prandom.c
--- dhcp-4.0.0//dst/prandom.c.cloexec 2007-11-30 11:51:43.000000000 -1000
+++ dhcp-4.0.0//dst/prandom.c 2008-07-01 17:35:55.000000000 -1000
@@ -267,7 +267,7 @@ get_dev_random(u_char *output, unsigned
s = stat("/dev/random", &st);
if (s == 0 && S_ISCHR(st.st_mode)) {
- if ((fd = open("/dev/random", O_RDONLY | O_NONBLOCK)) != -1) {
+ if ((fd = open("/dev/random", O_RDONLY | O_NONBLOCK | O_CLOEXEC)) != -1) {
if ((n = read(fd, output, size)) < 0)
n = 0;
close(fd);
@@ -480,6 +480,12 @@ digest_file(dst_work *work)
}
if ((fp = fopen(name, "r")) == NULL)
return (0);
+ int fn = fileno(fp);
+ int flags = fcntl(fn, F_GETFD);
+ if (flags != -1) {
+ flags |= FD_CLOEXEC;
+ flags = fcntl(fn, F_SETFD, flags);
+ }
for (no = 0; (i = fread(buf, sizeof(*buf), sizeof(buf), fp)) > 0;
no += i)
dst_sign_data(SIG_MODE_UPDATE, work->file_digest, &ctx,
diff -up dhcp-4.0.0//minires/res_init.c.cloexec dhcp-4.0.0//minires/res_init.c
--- dhcp-4.0.0//minires/res_init.c.cloexec 2007-10-01 04:47:35.000000000 -1000
+++ dhcp-4.0.0//minires/res_init.c 2008-07-01 17:44:26.000000000 -1000
@@ -235,6 +235,14 @@ minires_vinit(res_state statp, int prein
line[sizeof(name) - 1] == '\t'))
if ((fp = fopen(_PATH_RESCONF, "r")) != NULL) {
+ int fn = fileno(fp);
+ int flags = fcntl(fn, F_GETFD);
+
+ if (flags != -1) {
+ flags |= FD_CLOEXEC;
+ flags = fcntl(fn, F_SETFD, flags);
+ }
+
/* read the config file */
while (fgets(buf, sizeof(buf), fp) != NULL) {
/* skip comments */
diff -up dhcp-4.0.0//minires/res_query.c.cloexec dhcp-4.0.0//minires/res_query.c
--- dhcp-4.0.0//minires/res_query.c.cloexec 2007-09-05 07:32:10.000000000 -1000
+++ dhcp-4.0.0//minires/res_query.c 2008-07-01 17:46:04.000000000 -1000
@@ -387,12 +387,19 @@ res_hostalias(const res_state statp, con
unsigned char *cp1, *cp2;
char buf[BUFSIZ];
FILE *fp;
+ int fn, flags;
if (statp->options & RES_NOALIASES)
return (NULL);
file = getenv("HOSTALIASES");
if (file == NULL || (fp = fopen(file, "r")) == NULL)
return (NULL);
+ fn = fileno(fp);
+ flags = fcntl(fn, F_GETFD);
+ if (flags != -1) {
+ flags |= FD_CLOEXEC;
+ flags = fcntl(fn, F_SETFD, flags);
+ }
setbuf(fp, NULL);
buf[sizeof(buf) - 1] = '\0';
while (fgets(buf, sizeof(buf), fp)) {
diff -up dhcp-4.0.0//omapip/trace.c.cloexec dhcp-4.0.0//omapip/trace.c
--- dhcp-4.0.0//omapip/trace.c.cloexec 2007-07-12 20:43:42.000000000 -1000
+++ dhcp-4.0.0//omapip/trace.c 2008-07-01 17:29:46.000000000 -1000
@@ -140,10 +140,10 @@ isc_result_t trace_begin (const char *fi
return ISC_R_INVALIDARG;
}
- traceoutfile = open (filename, O_CREAT | O_WRONLY | O_EXCL, 0600);
+ traceoutfile = open (filename, O_CREAT | O_WRONLY | O_EXCL | O_CLOEXEC, 0600);
if (traceoutfile < 0 && errno == EEXIST) {
log_error ("WARNING: Overwriting trace file \"%s\"", filename);
- traceoutfile = open (filename, O_WRONLY | O_EXCL, 0600);
+ traceoutfile = open (filename, O_WRONLY | O_EXCL | O_CLOEXEC, 0600);
}
if (traceoutfile < 0) {
@@ -428,12 +428,28 @@ void trace_file_replay (const char *file
trace_type_t *ttype = (trace_type_t *)0;
isc_result_t result;
int len;
+ int fn;
+ int flags;
traceinfile = fopen (filename, "r");
if (!traceinfile) {
log_error ("Can't open tracefile %s: %m", filename);
return;
}
+
+ fn = fileno(traceinfile);
+ flags = fcntl(fn, F_GETFD);
+
+ if (flags == -1) {
+ log_error("%s (%d): %s\n", __func__, __LINE__, strerror(errno));
+ } else {
+ flags |= FD_CLOEXEC;
+
+ if (fcntl(fn, F_SETFD, flags) == -1) {
+ log_error("%s (%d): %s\n", __func__, __LINE__, strerror(errno));
+ }
+ }
+
#if defined (HAVE_SETFD)
if (fcntl (fileno (traceinfile), F_SETFD, 1) < 0)
log_error ("Can't set close-on-exec on %s: %m", filename);

27
dhcp-4.0.0-inherit-leases.patch
View File

@ -1,18 +1,33 @@
diff -up dhcp-4.0.0//client/dhclient.c.inherit dhcp-4.0.0//client/dhclient.c
--- dhcp-4.0.0//client/dhclient.c.inherit 2008-08-01 09:49:36.000000000 -1000
+++ dhcp-4.0.0//client/dhclient.c 2008-08-01 09:53:28.000000000 -1000
@@ -2393,6 +2393,15 @@ void send_request (cpp)
diff -up dhcp-4.0.0/client/dhclient.c.inherit dhcp-4.0.0/client/dhclient.c
--- dhcp-4.0.0/client/dhclient.c.inherit 2008-08-01 11:34:29.000000000 -1000
+++ dhcp-4.0.0/client/dhclient.c 2008-08-01 11:34:42.000000000 -1000
@@ -2296,6 +2296,7 @@ void send_request (cpp)
{
struct client_state *client = cpp;
+ int i;
int result;
int interval;
struct sockaddr_in destination;
@@ -2354,6 +2355,22 @@ void send_request (cpp)
/* Now do a preinit on the interface so that we can
discover a new address. */
script_init (client, "PREINIT", (struct string_list *)0);
+
+ /* Has an active lease */
+ if (client -> interface -> addresses != NULL) {
+ for (i = 0; i < client -> interface -> address_count; i++) {
+ if (client -> active &&
+ client -> active -> is_bootp &&
+ client -> active -> expiry > cur_time &&
+ primary_address.s_addr != 0 &&
+ client -> interface -> addresses[i].s_addr != 0 &&
+ client -> active -> address.len == 4 &&
+ memcpy (client -> active -> address.iabuf, &primary_address, 4) == 0)
+ memcpy (client -> active -> address.iabuf, &(client -> interface -> addresses[i]), 4) == 0) {
+ client_envadd (client, "", "keep_old_ip", "%s", "yes");
+ break;
+ }
+ }
+ }
+
if (client -> alias)
script_write_params (client, "alias_",

48
dhcp-4.0.0-selinux.patch
View File

@ -1,48 +0,0 @@
diff -up dhcp-4.0.0//client/dhclient.c.selinux dhcp-4.0.0//client/dhclient.c
--- dhcp-4.0.0//client/dhclient.c.selinux 2008-08-01 10:16:48.000000000 -1000
+++ dhcp-4.0.0//client/dhclient.c 2008-08-01 10:16:48.000000000 -1000
@@ -2708,6 +2708,11 @@ void rewrite_client_leases ()
return;
}
+ if (fcntl(leaseFile, F_SETFD, FD_CLOEXEC) == -1) {
+ log_error ("failed to set close-on-exec for %s", path_dhclient_db);
+ return;
+ }
+
/* If there is a default duid, write it out. */
if (default_duid.len != 0)
write_duid(&default_duid);
@@ -2811,6 +2816,10 @@ write_duid(struct data_string *duid)
log_error("can't create %s: %m", path_dhclient_db);
return ISC_R_IOERROR;
}
+ if (fcntl(leaseFile, F_SETFD, FD_CLOEXEC) == -1) {
+ log_error ("failed to set close-on-exec for %s", path_dhclient_db);
+ return ISC_R_IOERROR;
+ }
}
/* It would make more sense to write this as a hex string,
@@ -2858,6 +2867,10 @@ write_client6_lease(struct client_state
log_error("can't create %s: %m", path_dhclient_db);
return ISC_R_IOERROR;
}
+ if (fcntl(leaseFile, F_SETFD, FD_CLOEXEC) == -1) {
+ log_error ("failed to set close-on-exec for %s", path_dhclient_db);
+ return ISC_R_IOERROR;
+ }
}
stat = fprintf(leaseFile, "lease6 {\n");
@@ -2961,6 +2974,10 @@ int write_client_lease (client, lease, r
log_error ("can't create %s: %m", path_dhclient_db);
return 0;
}
+ if (fcntl(leaseFile, F_SETFD, FD_CLOEXEC) == -1) {
+ log_error ("failed to set close-on-exec for %s", path_dhclient_db);
+ return ISC_R_IOERROR;
+ }
}
errno = 0;

13
dhcp.spec
View File

@ -43,10 +43,9 @@ Patch13: %{name}-4.0.0-dhclient-anycast.patch
Patch14: %{name}-4.0.0-manpages.patch
Patch15: %{name}-4.0.0-paths.patch
Patch16: %{name}-4.0.0-NetworkManager-crash.patch
Patch17: %{name}-4.0.0-selinux.patch
Patch17: %{name}-4.0.0-FD_CLOEXEC.patch
Patch18: %{name}-4.0.0-libdhcp4client.patch
Patch19: %{name}-4.0.0-O_CLOEXEC.patch
Patch20: %{name}-4.0.0-inherit-leases.patch
Patch19: %{name}-4.0.0-inherit-leases.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: autoconf
@ -191,17 +190,14 @@ client library.
# Avoid crash when dhclient is run with NetworkManager
%patch16 -p1
# Set close-on-exec for dhclient.leases for SELinux (#446632)
# Make sure all open file descriptors are closed-on-exec for SELinux (#446632)
%patch17 -p1
# Add the libdhcp4client target (library version of dhclient)
%patch18 -p1
# Make sure all open file descriptors are closed-on-exec for SELinux
%patch19 -p1
# If we have an active lease, do not down the interface (#453982)
%patch20 -p1
%patch19 -p1
# Copy in documentation and example scripts for LDAP patch to dhcpd
%{__install} -p -m 0644 %{SOURCE5} .
@ -437,6 +433,7 @@ fi
- Allow SEARCH variable in ifcfg files to override search path (#454152)
- Do not down interface if there is an active lease (#453982)
- Clean up how dhclient-script restarts ypbind
- Set close-on-exec on dhclient.leases for SELinux (#446632)
* Sat Jun 21 2008 David Cantrell <dcantrell@redhat.com> - 12:4.0.0-16
- Remove instaces of \032 in domain search option (#450042)