Compare commits
10 Commits
imports/c8
...
c8
Author | SHA1 | Date |
---|---|---|
eabdullin | 38df1bcac6 | |
CentOS Sources | 448b8c8ef8 | |
CentOS Sources | 452a4ee472 | |
CentOS Sources | bf40d90262 | |
CentOS Sources | ca2295c355 | |
CentOS Sources | a1bbf7ecdf | |
CentOS Sources | a8ea4e7125 | |
CentOS Sources | b023370a40 | |
CentOS Sources | af0ca90a48 | |
CentOS Sources | a8ad87039c |
|
@ -1,19 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
INTERFACE=$1 # The interface which is brought up or down
|
||||
STATUS=$2 # The new state of the interface
|
||||
|
||||
# whenever interface is brought up by NM (rhbz #565921)
|
||||
if [ "$STATUS" = "up" ]; then
|
||||
# wait a few seconds to allow interface startup to complete
|
||||
# (important at boot time without this the service still fails
|
||||
# time-out for dispatcher script is 3s (rhbz#1003695#8)
|
||||
sleep 2
|
||||
# restart the services
|
||||
# In case this dispatcher script is called several times in a short period of time, it might happen that
|
||||
# systemd refuses to further restart the units. Therefore we use reset-failed command to prevent it.
|
||||
systemctl -q is-enabled dhcpd.service && systemctl restart dhcpd.service && systemctl reset-failed dhcpd.service
|
||||
systemctl -q is-enabled dhcpd6.service && systemctl restart dhcpd6.service && systemctl reset-failed dhcpd6.service
|
||||
fi
|
||||
|
||||
exit 0
|
|
@ -0,0 +1,32 @@
|
|||
diff --git a/common/options.c b/common/options.c
|
||||
index ed8ac38..addc65a 100644
|
||||
--- a/common/options.c
|
||||
+++ b/common/options.c
|
||||
@@ -4397,6 +4397,8 @@ add_option(struct option_state *options,
|
||||
if (!option_cache_allocate(&oc, MDL)) {
|
||||
log_error("No memory for option cache adding %s (option %d).",
|
||||
option->name, option_num);
|
||||
+ /* Get rid of reference created during hash lookup. */
|
||||
+ option_dereference(&option, MDL);
|
||||
return 0;
|
||||
}
|
||||
|
||||
@@ -4408,6 +4410,8 @@ add_option(struct option_state *options,
|
||||
MDL)) {
|
||||
log_error("No memory for constant data adding %s (option %d).",
|
||||
option->name, option_num);
|
||||
+ /* Get rid of reference created during hash lookup. */
|
||||
+ option_dereference(&option, MDL);
|
||||
option_cache_dereference(&oc, MDL);
|
||||
return 0;
|
||||
}
|
||||
@@ -4416,6 +4420,9 @@ add_option(struct option_state *options,
|
||||
save_option(&dhcp_universe, options, oc);
|
||||
option_cache_dereference(&oc, MDL);
|
||||
|
||||
+ /* Get rid of reference created during hash lookup. */
|
||||
+ option_dereference(&option, MDL);
|
||||
+
|
||||
return 1;
|
||||
}
|
||||
|
|
@ -0,0 +1,25 @@
|
|||
diff --git a/common/options.c b/common/options.c
|
||||
index addc65a..3e6383a 100644
|
||||
--- a/common/options.c
|
||||
+++ b/common/options.c
|
||||
@@ -435,16 +435,16 @@ int fqdn_universe_decode (struct option_state *options,
|
||||
while (s < &bp -> data[0] + length + 2) {
|
||||
len = *s;
|
||||
if (len > 63) {
|
||||
- log_info ("fancy bits in fqdn option");
|
||||
- return 0;
|
||||
+ log_info ("label length exceeds 63 in fqdn option");
|
||||
+ goto bad;
|
||||
}
|
||||
if (len == 0) {
|
||||
terminated = 1;
|
||||
break;
|
||||
}
|
||||
if (s + len > &bp -> data [0] + length + 3) {
|
||||
- log_info ("fqdn tag longer than buffer");
|
||||
- return 0;
|
||||
+ log_info ("fqdn label longer than buffer");
|
||||
+ goto bad;
|
||||
}
|
||||
|
||||
if (first_len == 0) {
|
|
@ -0,0 +1,85 @@
|
|||
From ffb24c0bbd4d6f2b4718a1a8f4f2da237cc6ed66 Mon Sep 17 00:00:00 2001
|
||||
From: Thomas Markwalder <tmark@isc.org>
|
||||
Date: Fri, 14 Sep 2018 13:41:41 -0400
|
||||
Subject: [PATCH] [master] Added includes of new BIND9 compatibility headers,
|
||||
updated util/bind.sh
|
||||
|
||||
Merges in rt48072.
|
||||
|
||||
(cherry picked from commit 8194daabfd590f17825f0c61e9534bee5c99cc86)
|
||||
---
|
||||
includes/omapip/isclib.h | 3 +++
|
||||
includes/omapip/result.h | 1 +
|
||||
server/dhcpv6.c | 13 +++++++++----
|
||||
3 files changed, 13 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/includes/omapip/isclib.h b/includes/omapip/isclib.h
|
||||
index e2963089..fa5d9ad3 100644
|
||||
--- a/includes/omapip/isclib.h
|
||||
+++ b/includes/omapip/isclib.h
|
||||
@@ -48,6 +48,9 @@
|
||||
#include <string.h>
|
||||
#include <netdb.h>
|
||||
|
||||
+#include <isc/boolean.h>
|
||||
+#include <isc/int.h>
|
||||
+
|
||||
#include <isc/buffer.h>
|
||||
#include <isc/lex.h>
|
||||
#include <isc/lib.h>
|
||||
diff --git a/includes/omapip/result.h b/includes/omapip/result.h
|
||||
index ae5f7d6a..9c1fab23 100644
|
||||
--- a/includes/omapip/result.h
|
||||
+++ b/includes/omapip/result.h
|
||||
@@ -26,6 +26,7 @@
|
||||
#ifndef DHCP_RESULT_H
|
||||
#define DHCP_RESULT_H 1
|
||||
|
||||
+#include <isc/boolean.h>
|
||||
#include <isc/lang.h>
|
||||
#include <isc/resultclass.h>
|
||||
#include <isc/types.h>
|
||||
diff --git a/server/dhcpv6.c b/server/dhcpv6.c
|
||||
index 74487667..1a6ff241 100644
|
||||
--- a/server/dhcpv6.c
|
||||
+++ b/server/dhcpv6.c
|
||||
@@ -1003,7 +1003,8 @@ void check_pool6_threshold(struct reply_state *reply,
|
||||
shared_name,
|
||||
inet_ntop(AF_INET6, &lease->addr,
|
||||
tmp_addr, sizeof(tmp_addr)),
|
||||
- used, count);
|
||||
+ (long long unsigned)(used),
|
||||
+ (long long unsigned)(count));
|
||||
}
|
||||
return;
|
||||
}
|
||||
@@ -1035,7 +1036,8 @@ void check_pool6_threshold(struct reply_state *reply,
|
||||
"address: %s; high threshold %d%% %llu/%llu.",
|
||||
shared_name,
|
||||
inet_ntop(AF_INET6, &lease->addr, tmp_addr, sizeof(tmp_addr)),
|
||||
- poolhigh, used, count);
|
||||
+ poolhigh, (long long unsigned)(used),
|
||||
+ (long long unsigned)(count));
|
||||
|
||||
/* handle the low threshold now, if we don't
|
||||
* have one we default to 0. */
|
||||
@@ -1383,12 +1385,15 @@ pick_v6_address(struct reply_state *reply)
|
||||
log_debug("Unable to pick client address: "
|
||||
"no addresses available - shared network %s: "
|
||||
" 2^64-1 < total, %llu active, %llu abandoned",
|
||||
- shared_name, active - abandoned, abandoned);
|
||||
+ shared_name, (long long unsigned)(active - abandoned),
|
||||
+ (long long unsigned)(abandoned));
|
||||
} else {
|
||||
log_debug("Unable to pick client address: "
|
||||
"no addresses available - shared network %s: "
|
||||
"%llu total, %llu active, %llu abandoned",
|
||||
- shared_name, total, active - abandoned, abandoned);
|
||||
+ shared_name, (long long unsigned)(total),
|
||||
+ (long long unsigned)(active - abandoned),
|
||||
+ (long long unsigned)(abandoned));
|
||||
}
|
||||
|
||||
return ISC_R_NORESOURCES;
|
||||
--
|
||||
2.14.5
|
|
@ -0,0 +1,93 @@
|
|||
From 41c6032ace65119e6a400365f7e90283c930afd4 Mon Sep 17 00:00:00 2001
|
||||
From: Pavel Zhukov <pzhukov@redhat.com>
|
||||
Date: Tue, 22 Oct 2019 16:23:01 +0200
|
||||
Subject: [PATCH 24/26] Detect system time changes
|
||||
Cc: pzhukov@redhat.com
|
||||
|
||||
---
|
||||
client/dhclient.c | 6 ++++++
|
||||
common/dispatch.c | 11 ++++++++++-
|
||||
includes/dhcpd.h | 3 ++-
|
||||
server/dhcpd.c | 6 ++++++
|
||||
4 files changed, 24 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/client/dhclient.c b/client/dhclient.c
|
||||
index 9b65438..44d508a 100644
|
||||
--- a/client/dhclient.c
|
||||
+++ b/client/dhclient.c
|
||||
@@ -5408,6 +5408,12 @@ isc_result_t dhcp_set_control_state (control_object_state_t oldstate,
|
||||
case server_awaken:
|
||||
state_reboot (client);
|
||||
break;
|
||||
+
|
||||
+ case server_time_changed:
|
||||
+ if (client->active){
|
||||
+ state_reboot (client);
|
||||
+ }
|
||||
+ break;
|
||||
}
|
||||
}
|
||||
}
|
||||
diff --git a/common/dispatch.c b/common/dispatch.c
|
||||
index d7fe200..8a24499 100644
|
||||
--- a/common/dispatch.c
|
||||
+++ b/common/dispatch.c
|
||||
@@ -118,7 +118,6 @@ dispatch(void)
|
||||
* signal. It will return ISC_R_RELOAD in that
|
||||
* case. That is a normal behavior.
|
||||
*/
|
||||
-
|
||||
if (status == ISC_R_RELOAD) {
|
||||
/*
|
||||
* dhcp_set_control_state() will do the job.
|
||||
@@ -129,6 +128,16 @@ dispatch(void)
|
||||
if (status == ISC_R_SUCCESS)
|
||||
status = ISC_R_RELOAD;
|
||||
}
|
||||
+
|
||||
+
|
||||
+ if (status == ISC_R_TIMESHIFTED){
|
||||
+ status = dhcp_set_control_state(server_time_changed,
|
||||
+ server_time_changed);
|
||||
+ status = ISC_R_RELOAD;
|
||||
+ log_info ("System time has been changed. Unable to use existing leases. Restarting");
|
||||
+ // do nothing, restart context
|
||||
+ };
|
||||
+
|
||||
} while (status == ISC_R_RELOAD);
|
||||
|
||||
log_fatal ("Dispatch routine failed: %s -- exiting",
|
||||
diff --git a/includes/dhcpd.h b/includes/dhcpd.h
|
||||
index 635c510..ec6c227 100644
|
||||
--- a/includes/dhcpd.h
|
||||
+++ b/includes/dhcpd.h
|
||||
@@ -524,7 +524,8 @@ typedef enum {
|
||||
server_running = 1,
|
||||
server_shutdown = 2,
|
||||
server_hibernate = 3,
|
||||
- server_awaken = 4
|
||||
+ server_awaken = 4,
|
||||
+ server_time_changed = 5
|
||||
} control_object_state_t;
|
||||
|
||||
typedef struct {
|
||||
diff --git a/server/dhcpd.c b/server/dhcpd.c
|
||||
index 530a923..4aef16b 100644
|
||||
--- a/server/dhcpd.c
|
||||
+++ b/server/dhcpd.c
|
||||
@@ -1767,6 +1767,12 @@ isc_result_t dhcp_set_control_state (control_object_state_t oldstate,
|
||||
{
|
||||
struct timeval tv;
|
||||
|
||||
+ if (newstate == server_time_changed){
|
||||
+ log_error ("System time has been changed. Leases information unreliable!");
|
||||
+ return ISC_R_SUCCESS;
|
||||
+ }
|
||||
+
|
||||
+
|
||||
if (newstate != server_shutdown)
|
||||
return DHCP_R_INVALIDARG;
|
||||
/* Re-entry. */
|
||||
--
|
||||
2.14.5
|
||||
|
|
@ -0,0 +1,12 @@
|
|||
diff --git a/common/options.c b/common/options.c
|
||||
index 3e6383a..9216ae4 100644
|
||||
--- a/common/options.c
|
||||
+++ b/common/options.c
|
||||
@@ -1122,7 +1122,6 @@ store_options6(char *buf, int buflen,
|
||||
*/
|
||||
if (code == vsio_option_code) {
|
||||
vsio_wanted = 1;
|
||||
- continue;
|
||||
}
|
||||
|
||||
/*
|
|
@ -0,0 +1,200 @@
|
|||
From e6ffc27f24321017a5ad9af3707f4e2e54bbac74 Mon Sep 17 00:00:00 2001
|
||||
From: Thomas Markwalder <tmark@isc.org>
|
||||
Date: Mon, 11 Dec 2017 07:19:43 -0500
|
||||
Subject: [PATCH] [master] Adds key-algorithm statement to omshell
|
||||
|
||||
Merges in rt46771.
|
||||
---
|
||||
RELNOTES | 7 +++++++
|
||||
common/conflex.c | 2 ++
|
||||
dhcpctl/omshell.1 | 32 ++++++++++++++++++++++++--------
|
||||
dhcpctl/omshell.c | 38 +++++++++++++++++++++++++++++++++++---
|
||||
includes/dhctoken.h | 3 ++-
|
||||
5 files changed, 70 insertions(+), 12 deletions(-)
|
||||
|
||||
diff --git a/common/conflex.c b/common/conflex.c
|
||||
index 8ce024af..045b655d 100644
|
||||
--- a/common/conflex.c
|
||||
+++ b/common/conflex.c
|
||||
@@ -1104,6 +1104,8 @@ intern(char *atom, enum dhcp_token dfv) {
|
||||
}
|
||||
if (!strcasecmp (atom + 1, "ey"))
|
||||
return KEY;
|
||||
+ if (!strcasecmp (atom + 1, "ey-algorithm"))
|
||||
+ return KEY_ALGORITHM;
|
||||
break;
|
||||
case 'l':
|
||||
if (!strcasecmp (atom + 1, "case"))
|
||||
diff --git a/dhcpctl/omshell.1 b/dhcpctl/omshell.1
|
||||
index 4846272a..2f55e965 100644
|
||||
--- a/dhcpctl/omshell.1
|
||||
+++ b/dhcpctl/omshell.1
|
||||
@@ -1,7 +1,6 @@
|
||||
.\" $Id: omshell.1,v 1.6 2009/11/24 02:06:56 sar Exp $
|
||||
.\"
|
||||
-.\" Copyright (c) 2012,2014 by Internet Systems Consortium, Inc. ("ISC")
|
||||
-.\" Copyright (c) 2004,2009 by Internet Systems Consortium, Inc. ("ISC")
|
||||
+.\" Copyright (c) 2004-2017 by Internet Systems Consortium, Inc. ("ISC")
|
||||
.\" Copyright (c) 2001-2003 by Internet Software Consortium
|
||||
.\"
|
||||
.\" Permission to use, copy, modify, and distribute this software for any
|
||||
@@ -81,7 +80,24 @@ where number is the port that OMAPI listens on. By default, this is 7911.
|
||||
This specifies the TSIG key to use to authenticate the OMAPI transactions.
|
||||
\fIname\fR is the name of a key defined in \fIdhcpd.conf\fR with the
|
||||
\fBomapi-key\fR statement. The \fIsecret\fR is the secret key generated from
|
||||
-\fBdnssec-keygen\fR or another key generation program.
|
||||
+\fBdnssec-keygen\fR or another key generation program. The key algorithm is
|
||||
+assumed to be HMAC-MD5 key. If a different algorithm was specified in dhcpd.conf
|
||||
+file for the key, then it must be specified via the \fIkey-algorithm\fR statement.
|
||||
+.RE
|
||||
+.PP
|
||||
+.B key-algorithm \fIalgorithm\fR
|
||||
+.RS 0.5i
|
||||
+This specifies the cryptographic algorithm for the key used when authenticating OMAPI
|
||||
+transactions. Supported values for \fIalgorithm\fR are:
|
||||
+.nf
|
||||
+ HMAC-MD5
|
||||
+ HMAC-SHA1
|
||||
+ HMAC-SHA224
|
||||
+ HMAC-SHA256
|
||||
+ HMAC-SHA384
|
||||
+ HMAC-SHA512
|
||||
+fi
|
||||
+The default is HMAC-MD5. (Value is not case sensitive).
|
||||
.RE
|
||||
.PP
|
||||
.B connect
|
||||
@@ -253,7 +269,7 @@ name = "some-host"
|
||||
hardware-address = 00:80:c7:84:b1:94
|
||||
hardware-type = 00:00:00:01
|
||||
ip-address = c0:a8:04:28
|
||||
->
|
||||
+>
|
||||
.fi
|
||||
.PP
|
||||
Your dhcpd.leases file would then have an entry like this in it:
|
||||
@@ -267,7 +283,7 @@ host some-host {
|
||||
.fi
|
||||
.PP
|
||||
The \fIdynamic;\fR line is to denote that this host entry did not come from
|
||||
-dhcpd.conf, but was created dynamically via OMAPI.
|
||||
+dhcpd.conf, but was created dynamically via OMAPI.
|
||||
.SH RESETTING ATTRIBUTES
|
||||
.PP
|
||||
If you want to remove an attribute from an object, you can do this with the
|
||||
@@ -288,7 +304,7 @@ name = "some-host"
|
||||
hardware-address = 00:80:c7:84:b1:94
|
||||
hardware-type = 00:00:00:01
|
||||
ip-address = <null>
|
||||
->
|
||||
+>
|
||||
.fi
|
||||
.SH REFRESHING OBJECTS
|
||||
.PP
|
||||
@@ -300,7 +316,7 @@ particularly useful for hosts.
|
||||
.PP
|
||||
Any remote object that can be created can also be destroyed. This is done by
|
||||
creating a new local object, setting attributes, associating the local and
|
||||
-remote object using \fBopen\fR, and then using the \fBremove\fR command.
|
||||
+remote object using \fBopen\fR, and then using the \fBremove\fR command.
|
||||
If the host "some-host" from before was created in error, this could be
|
||||
corrected as follows:
|
||||
.nf
|
||||
@@ -312,7 +328,7 @@ hardware-type = 00:00:00:01
|
||||
ip-address = c0:a8:04:28
|
||||
> remove
|
||||
obj: <null>
|
||||
->
|
||||
+>
|
||||
.fi
|
||||
.SH HELP
|
||||
.PP
|
||||
diff --git a/dhcpctl/omshell.c b/dhcpctl/omshell.c
|
||||
index c42bab1a..9233f50e 100644
|
||||
--- a/dhcpctl/omshell.c
|
||||
+++ b/dhcpctl/omshell.c
|
||||
@@ -321,12 +321,42 @@ main(int argc, char **argv) {
|
||||
}
|
||||
break;
|
||||
|
||||
+ case KEY_ALGORITHM:
|
||||
+ /* Algorithm is optional */
|
||||
+ token = next_token (&val, (unsigned *)0, cfile);
|
||||
+ if (token != NAME || !is_identifier(token)) {
|
||||
+ printf ("missing or invalid algorithm name\n");
|
||||
+ printf ("usage: key-algoritm <algorithm name>\n");
|
||||
+ skip_to_semi (cfile);
|
||||
+ break;
|
||||
+ }
|
||||
+
|
||||
+ s = dmalloc (strlen (val) + 1, MDL);
|
||||
+ if (!s) {
|
||||
+ printf ("no memory for algorithm name.\n");
|
||||
+ skip_to_semi (cfile);
|
||||
+ break;
|
||||
+ }
|
||||
+
|
||||
+ strcpy (s, val);
|
||||
+ algorithm = s;
|
||||
+
|
||||
+ token = next_token (&val, (unsigned *)0, cfile);
|
||||
+ if (token != END_OF_FILE && token != EOL) {
|
||||
+ printf ("extra information after %s\n", algorithm);
|
||||
+ printf ("usage: key-algorithm <algorithm name>\n");
|
||||
+ skip_to_semi (cfile);
|
||||
+ break;
|
||||
+ }
|
||||
+
|
||||
+ break;
|
||||
+
|
||||
case KEY:
|
||||
token = peek_token(&val, (unsigned *)0, cfile);
|
||||
if (token == STRING) {
|
||||
token = next_token (&val, (unsigned *)0, cfile);
|
||||
if (!is_identifier (token)) {
|
||||
- printf ("usage: key <name> <value>\n");
|
||||
+ printf ("usage: key <name> <value>\n");
|
||||
skip_to_semi (cfile);
|
||||
break;
|
||||
}
|
||||
@@ -340,7 +370,7 @@ main(int argc, char **argv) {
|
||||
} else {
|
||||
s = parse_host_name(cfile);
|
||||
if (s == NULL) {
|
||||
- printf ("usage: key <name> <value>\n");
|
||||
+ printf ("usage: key <name> <value>\n");
|
||||
skip_to_semi(cfile);
|
||||
break;
|
||||
}
|
||||
@@ -352,12 +382,14 @@ main(int argc, char **argv) {
|
||||
skip_to_semi (cfile);
|
||||
break;
|
||||
}
|
||||
+
|
||||
token = next_token (&val, (unsigned *)0, cfile);
|
||||
if (token != END_OF_FILE && token != EOL) {
|
||||
- printf ("usage: key <name> <secret>\n");
|
||||
+ printf ("usage: key <name> <value> {algorithm}\n");
|
||||
skip_to_semi (cfile);
|
||||
break;
|
||||
}
|
||||
+
|
||||
break;
|
||||
|
||||
case CONNECT:
|
||||
diff --git a/includes/dhctoken.h b/includes/dhctoken.h
|
||||
index 6fc4df3..ca24d4c 100644
|
||||
--- a/includes/dhctoken.h
|
||||
+++ b/includes/dhctoken.h
|
||||
@@ -374,8 +374,9 @@ enum dhcp_token {
|
||||
LEASE_ID_FORMAT = 676,
|
||||
TOKEN_HEX = 677,
|
||||
TOKEN_OCTAL = 678,
|
||||
- BOOTP_BROADCAST_ALWAYS = 679,
|
||||
- DESTINATION_DESCRIPTOR = 680
|
||||
+ KEY_ALGORITHM = 679,
|
||||
+ BOOTP_BROADCAST_ALWAYS = 680,
|
||||
+ DESTINATION_DESCRIPTOR = 681
|
||||
};
|
||||
|
||||
#define is_identifier(x) ((x) >= FIRST_TOKEN && \
|
|
@ -0,0 +1,155 @@
|
|||
diff --git a/omapip/connection.c b/omapip/connection.c
|
||||
index a74becc..56826a5 100644
|
||||
--- a/omapip/connection.c
|
||||
+++ b/omapip/connection.c
|
||||
@@ -46,6 +46,9 @@ extern omapi_array_t *trace_listeners;
|
||||
#endif
|
||||
static isc_result_t omapi_connection_connect_internal (omapi_object_t *);
|
||||
|
||||
+static isc_result_t ctring_from_attribute(omapi_object_t *obj, char *attr_name,
|
||||
+ char **cstr);
|
||||
+
|
||||
OMAPI_OBJECT_ALLOC (omapi_connection,
|
||||
omapi_connection_object_t, omapi_type_connection)
|
||||
|
||||
@@ -765,64 +768,41 @@ isc_result_t omapi_connection_reaper (omapi_object_t *h)
|
||||
}
|
||||
|
||||
static isc_result_t make_dst_key (dst_key_t **dst_key, omapi_object_t *a) {
|
||||
- omapi_value_t *name = (omapi_value_t *)0;
|
||||
- omapi_value_t *algorithm = (omapi_value_t *)0;
|
||||
- omapi_value_t *key = (omapi_value_t *)0;
|
||||
- char *name_str = NULL;
|
||||
+ omapi_value_t *key = 0;
|
||||
+ char *name_str = 0;
|
||||
+ char *algorithm_str = 0;
|
||||
isc_result_t status = ISC_R_SUCCESS;
|
||||
|
||||
- if (status == ISC_R_SUCCESS)
|
||||
- status = omapi_get_value_str
|
||||
- (a, (omapi_object_t *)0, "name", &name);
|
||||
-
|
||||
- if (status == ISC_R_SUCCESS)
|
||||
- status = omapi_get_value_str
|
||||
- (a, (omapi_object_t *)0, "algorithm", &algorithm);
|
||||
-
|
||||
- if (status == ISC_R_SUCCESS)
|
||||
- status = omapi_get_value_str
|
||||
- (a, (omapi_object_t *)0, "key", &key);
|
||||
-
|
||||
+ /* Get the key name as a C string. */
|
||||
+ status = ctring_from_attribute(a, "name", &name_str);
|
||||
if (status == ISC_R_SUCCESS) {
|
||||
- if ((algorithm->value->type != omapi_datatype_data &&
|
||||
- algorithm->value->type != omapi_datatype_string) ||
|
||||
- strncasecmp((char *)algorithm->value->u.buffer.value,
|
||||
- NS_TSIG_ALG_HMAC_MD5 ".",
|
||||
- algorithm->value->u.buffer.len) != 0) {
|
||||
- status = DHCP_R_INVALIDARG;
|
||||
+ /* Get the algorithm name as a C string. */
|
||||
+ status = ctring_from_attribute(a, "algorithm", &algorithm_str);
|
||||
+ if (status == ISC_R_SUCCESS) {
|
||||
+ /* Get the key secret value */
|
||||
+ status = omapi_get_value_str(a, 0, "key", &key);
|
||||
+ if (status == ISC_R_SUCCESS) {
|
||||
+ /* Now let's try and create the key */
|
||||
+ status = isclib_make_dst_key(
|
||||
+ name_str,
|
||||
+ algorithm_str,
|
||||
+ key->value->u.buffer.value,
|
||||
+ key->value->u.buffer.len,
|
||||
+ dst_key);
|
||||
+
|
||||
+ if (*dst_key == NULL) {
|
||||
+ status = ISC_R_NOMEMORY;
|
||||
+ }
|
||||
+ }
|
||||
}
|
||||
}
|
||||
|
||||
- if (status == ISC_R_SUCCESS) {
|
||||
- name_str = dmalloc (name -> value -> u.buffer.len + 1, MDL);
|
||||
- if (!name_str)
|
||||
- status = ISC_R_NOMEMORY;
|
||||
- }
|
||||
-
|
||||
- if (status == ISC_R_SUCCESS) {
|
||||
- memcpy (name_str,
|
||||
- name -> value -> u.buffer.value,
|
||||
- name -> value -> u.buffer.len);
|
||||
- name_str [name -> value -> u.buffer.len] = 0;
|
||||
-
|
||||
- status = isclib_make_dst_key(name_str,
|
||||
- DHCP_HMAC_MD5_NAME,
|
||||
- key->value->u.buffer.value,
|
||||
- key->value->u.buffer.len,
|
||||
- dst_key);
|
||||
-
|
||||
- if (*dst_key == NULL)
|
||||
- status = ISC_R_NOMEMORY;
|
||||
- }
|
||||
-
|
||||
if (name_str)
|
||||
dfree (name_str, MDL);
|
||||
+ if (algorithm_str)
|
||||
+ dfree (algorithm_str, MDL);
|
||||
if (key)
|
||||
omapi_value_dereference (&key, MDL);
|
||||
- if (algorithm)
|
||||
- omapi_value_dereference (&algorithm, MDL);
|
||||
- if (name)
|
||||
- omapi_value_dereference (&name, MDL);
|
||||
|
||||
return status;
|
||||
}
|
||||
@@ -1105,3 +1085,50 @@ isc_result_t omapi_connection_stuff_values (omapi_object_t *c,
|
||||
m -> inner);
|
||||
return ISC_R_SUCCESS;
|
||||
}
|
||||
+
|
||||
+/* @brief Fetches the value of an attribute in an object as an allocated
|
||||
+ * C string
|
||||
+ *
|
||||
+ * @param obj ompapi object containing the desire attribute
|
||||
+ * @param attr_name name of the desired attribute
|
||||
+ * @param[out] cstr pointer in which to place the allocated C string's address
|
||||
+ *
|
||||
+ * Caller is responsible for freeing (via dfree) the allocated string.
|
||||
+ *
|
||||
+ * @return ISC_R_SUCCESS if successful, otherwise indicates the type of failure
|
||||
+*/
|
||||
+static isc_result_t ctring_from_attribute(omapi_object_t *obj, char *attr_name,
|
||||
+ char **cstr) {
|
||||
+ isc_result_t status = ISC_R_SUCCESS;
|
||||
+ omapi_value_t *attr = 0;
|
||||
+
|
||||
+ /* Find the attribute in the object. */
|
||||
+ status = omapi_get_value_str(obj, (omapi_object_t *)0, attr_name,
|
||||
+ &attr);
|
||||
+ if (status != ISC_R_SUCCESS) {
|
||||
+ return (status);
|
||||
+ }
|
||||
+
|
||||
+ /* Got it, let's make sure it's either data or string type. */
|
||||
+ if (attr->value->type != omapi_datatype_data &&
|
||||
+ attr->value->type != omapi_datatype_string) {
|
||||
+ return (DHCP_R_INVALIDARG);
|
||||
+ }
|
||||
+
|
||||
+ /* Make a C string from the attribute value. */
|
||||
+ *cstr = dmalloc (attr->value->u.buffer.len + 1, MDL);
|
||||
+ if (!(*cstr)) {
|
||||
+ status = ISC_R_NOMEMORY;
|
||||
+ } else {
|
||||
+ memcpy (*cstr, attr->value->u.buffer.value,
|
||||
+ attr->value->u.buffer.len);
|
||||
+ (*cstr)[attr->value->u.buffer.len] = 0;
|
||||
+ }
|
||||
+
|
||||
+ /* Get rid of the attribute reference */
|
||||
+ if (attr) {
|
||||
+ omapi_value_dereference (&attr, MDL);
|
||||
+ }
|
||||
+
|
||||
+ return (status);
|
||||
+}
|
|
@ -1,5 +1,5 @@
|
|||
diff --git a/server/confpars.c b/server/confpars.c
|
||||
index d79489b..c20d618 100644
|
||||
index d79489b..2b1e393 100644
|
||||
--- a/server/confpars.c
|
||||
+++ b/server/confpars.c
|
||||
@@ -134,6 +134,11 @@ isc_result_t read_conf_file (const char *filename, struct group *group,
|
||||
|
@ -7,39 +7,38 @@ index d79489b..c20d618 100644
|
|||
cfile = (struct parse *)0;
|
||||
#if defined (TRACING)
|
||||
+ // No need to dmalloc huge memory region if we're not going to re-play
|
||||
+ if (!trace_playback()){
|
||||
+ if (!trace_record()){
|
||||
+ status = new_parse(&cfile, file, NULL, 0, filename, 0);
|
||||
+ goto noreplay;
|
||||
+ };
|
||||
flen = lseek (file, (off_t)0, SEEK_END);
|
||||
if (flen < 0) {
|
||||
boom:
|
||||
@@ -174,6 +179,7 @@ isc_result_t read_conf_file (const char *filename, struct group *group,
|
||||
@@ -165,7 +170,6 @@ isc_result_t read_conf_file (const char *filename, struct group *group,
|
||||
if (result != ulen)
|
||||
log_fatal ("%s: short read of %d bytes instead of %d.",
|
||||
filename, ulen, result);
|
||||
- close (file);
|
||||
memfile:
|
||||
/* If we're recording, write out the filename and file contents. */
|
||||
if (trace_record ())
|
||||
@@ -174,6 +178,9 @@ isc_result_t read_conf_file (const char *filename, struct group *group,
|
||||
#else
|
||||
status = new_parse(&cfile, file, NULL, 0, filename, 0);
|
||||
#endif
|
||||
+ noreplay:
|
||||
+ if (!trace_playback())
|
||||
+ close (file);
|
||||
if (status != ISC_R_SUCCESS || cfile == NULL)
|
||||
return status;
|
||||
|
||||
diff --git a/server/confpars.c b/server/confpars.c
|
||||
index 3aecd05..5be4ab1 100644
|
||||
--- a/server/confpars.c
|
||||
+++ b/server/confpars.c
|
||||
@@ -176,6 +176,7 @@ isc_result_t read_conf_file (const char *filename, struct group *group,
|
||||
if (trace_record ())
|
||||
trace_write_packet (ttype, ulen + tflen + 1, dbuf, MDL);
|
||||
status = new_parse(&cfile, -1, fbuf, ulen, filename, 0); /* XXX */
|
||||
+ dfree(dbuf, MDL);
|
||||
#else
|
||||
status = new_parse(&cfile, file, NULL, 0, filename, 0);
|
||||
#endif
|
||||
@@ -188,9 +189,6 @@ isc_result_t read_conf_file (const char *filename, struct group *group,
|
||||
else
|
||||
@@ -183,7 +190,8 @@ isc_result_t read_conf_file (const char *filename, struct group *group,
|
||||
status = conf_file_subparse (cfile, group, group_type);
|
||||
end_parse (&cfile);
|
||||
-#if defined (TRACING)
|
||||
#if defined (TRACING)
|
||||
- dfree (dbuf, MDL);
|
||||
-#endif
|
||||
+ if (trace_record())
|
||||
+ dfree (dbuf, MDL);
|
||||
#endif
|
||||
return status;
|
||||
}
|
||||
|
|
|
@ -0,0 +1,21 @@
|
|||
diff --git a/common/parse.c b/common/parse.c
|
||||
index e78223c2..656b378b 100644
|
||||
--- a/common/parse.c
|
||||
+++ b/common/parse.c
|
||||
@@ -5790,13 +5790,14 @@ int parse_X (cfile, buf, max)
|
||||
skip_to_semi (cfile);
|
||||
return 0;
|
||||
}
|
||||
- convert_num (cfile, &buf [len], val, 16, 8);
|
||||
- if (len++ > max) {
|
||||
+ if (len >= max) {
|
||||
parse_warn (cfile,
|
||||
"hexadecimal constant too long.");
|
||||
skip_to_semi (cfile);
|
||||
return 0;
|
||||
}
|
||||
+ convert_num (cfile, &buf [len], val, 16, 8);
|
||||
+ len++;
|
||||
token = peek_token (&val, (unsigned *)0, cfile);
|
||||
if (token == COLON)
|
||||
token = next_token (&val,
|
|
@ -12,11 +12,14 @@
|
|||
#global patchver P1
|
||||
%global DHCPVERSION %{version}%{?prever}%{?patchver:-%{patchver}}
|
||||
|
||||
# bind has changed ABI with CVE-2023-50387 fixes. Require compatible build
|
||||
%global BIND_MINVER 9.11.36-14
|
||||
|
||||
|
||||
Summary: Dynamic host configuration protocol software
|
||||
Name: dhcp
|
||||
Version: 4.3.6
|
||||
Release: 34%{?dist}
|
||||
Release: 50%{?dist}
|
||||
# NEVER CHANGE THE EPOCH on this package. The previous maintainer (prior to
|
||||
# dcantrell maintaining the package) made incorrect use of the epoch and
|
||||
# that's why it is at 12 now. It should have never been used, but it was.
|
||||
|
@ -28,7 +31,6 @@ Source0: ftp://ftp.isc.org/isc/dhcp/%{DHCPVERSION}/dhcp-%{DHCPVERSION}.tar.gz
|
|||
Source1: dhclient-script
|
||||
Source2: README.dhclient.d
|
||||
Source3: 11-dhclient
|
||||
Source4: 12-dhcpd
|
||||
Source5: 56dhclient
|
||||
Source6: dhcpd.service
|
||||
Source7: dhcpd6.service
|
||||
|
@ -81,6 +83,14 @@ Patch44: dhcp-replay_file_limit.patch
|
|||
Patch45: dhcp-4.2.5-expiry_before_renewal_v2.patch
|
||||
Patch46: dhcp-dhclient_ipv6_prefix.patch
|
||||
Patch47: dhcp-isc_heap_delete.patch
|
||||
Patch48: dhcp-bind-9.11.patch
|
||||
Patch49: dhcp-detect-system-time-jumps.patch
|
||||
Patch50: dhcp-key_algorithm.patch
|
||||
Patch51: dhcp-statement_parser.patch
|
||||
Patch52: dhcp-omshell-hmac-sha512-support.patch
|
||||
Patch53: dhcp-CVE-2022-2928.patch
|
||||
Patch54: dhcp-CVE-2022-2929.patch
|
||||
Patch55: dhcp-dhcp6-vendor-opts.patch
|
||||
|
||||
BuildRequires: autoconf
|
||||
BuildRequires: automake
|
||||
|
@ -90,7 +100,7 @@ BuildRequires: openldap-devel
|
|||
BuildRequires: krb5-devel
|
||||
BuildRequires: libcap-ng-devel
|
||||
# https://fedorahosted.org/fpc/ticket/502#comment:3
|
||||
BuildRequires: bind-export-devel
|
||||
BuildRequires: bind-export-devel >= %{BIND_MINVER}
|
||||
BuildRequires: systemd systemd-devel
|
||||
# dhcp-sd_notify.patch
|
||||
BuildRequires: pkgconfig(libsystemd)
|
||||
|
@ -115,6 +125,7 @@ DHCP (Dynamic Host Configuration Protocol)
|
|||
Summary: Provides the ISC DHCP server
|
||||
Requires: %{name}-common = %{epoch}:%{version}-%{release}
|
||||
Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}
|
||||
Requires: bind-export-libs >= %{BIND_MINVER}
|
||||
Requires(pre): shadow-utils
|
||||
Requires(post): coreutils grep sed
|
||||
Requires(post): systemd
|
||||
|
@ -134,6 +145,7 @@ This package provides the ISC DHCP server.
|
|||
Summary: Provides the ISC DHCP relay agent
|
||||
Requires: %{name}-common = %{epoch}:%{version}-%{release}
|
||||
Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}
|
||||
Requires: bind-export-libs >= %{BIND_MINVER}
|
||||
Requires(post): grep sed
|
||||
Requires(post): systemd
|
||||
Requires(preun): systemd
|
||||
|
@ -156,6 +168,7 @@ Obsoletes: dhclient < %{epoch}:%{version}-%{release}
|
|||
Requires: coreutils gawk grep ipcalc iproute iputils sed systemd
|
||||
Requires: %{name}-common = %{epoch}:%{version}-%{release}
|
||||
Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}
|
||||
Requires: bind-export-libs >= %{BIND_MINVER}
|
||||
|
||||
%description client
|
||||
DHCP (Dynamic Host Configuration Protocol) is a protocol which allows
|
||||
|
@ -351,6 +364,29 @@ rm bind/bind.tar.gz
|
|||
# https://bugzilla.redhat.com/show_bug.cgi?id=1704672
|
||||
%patch47 -p1 -b .heap-delete
|
||||
|
||||
## https://bugzilla.redhat.com/show_bug.cgi?id=1762796
|
||||
%patch48 -p1 -b .isc-types
|
||||
|
||||
%patch49 -p1 -b .time-change
|
||||
|
||||
# https://github.com/isc-projects/dhcp/commit/e6ffc27f24321017a5ad9af3707f4e2e54bbac74
|
||||
%patch50 -p1 -b .key-alg
|
||||
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1963807
|
||||
%patch51 -p1
|
||||
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=2016248
|
||||
%patch52 -p1
|
||||
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=2132248
|
||||
%patch53 -p1
|
||||
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=2132245
|
||||
%patch54 -p1
|
||||
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=2142024
|
||||
%patch55 -p1
|
||||
|
||||
# Update paths in all man pages
|
||||
for page in client/dhclient.conf.5 client/dhclient.leases.5 \
|
||||
client/dhclient-script.8 client/dhclient.8 ; do
|
||||
|
@ -423,8 +459,6 @@ mkdir -p %{buildroot}%{dhcpconfdir}/dhclient.d
|
|||
# NetworkManager dispatcher script
|
||||
mkdir -p %{buildroot}%{_sysconfdir}/NetworkManager/dispatcher.d
|
||||
install -p -m 0755 %{SOURCE3} %{buildroot}%{_sysconfdir}/NetworkManager/dispatcher.d
|
||||
## https://bugzilla.redhat.com/show_bug.cgi?id=1685560
|
||||
install -p -m 0644 %{SOURCE4} %{buildroot}%{_sysconfdir}/NetworkManager/dispatcher.d
|
||||
|
||||
# pm-utils script to handle suspend/resume and dhclient leases
|
||||
install -D -p -m 0755 %{SOURCE5} %{buildroot}%{_libdir}/pm-utils/sleep.d/56dhclient
|
||||
|
@ -624,7 +658,6 @@ done
|
|||
%config(noreplace) %{_sysconfdir}/openldap/schema/dhcp.schema
|
||||
%dir %{_sysconfdir}/NetworkManager
|
||||
%dir %{_sysconfdir}/NetworkManager/dispatcher.d
|
||||
%{_sysconfdir}/NetworkManager/dispatcher.d/12-dhcpd
|
||||
%attr(0644,root,root) %{_unitdir}/dhcpd.service
|
||||
%attr(0644,root,root) %{_unitdir}/dhcpd6.service
|
||||
%{_sbindir}/dhcpd
|
||||
|
@ -687,6 +720,57 @@ done
|
|||
%endif
|
||||
|
||||
%changelog
|
||||
* Tue Mar 05 2024 Petr Menšík <pemensik@redhat.com> - 12:4.3.6-50
|
||||
- Rebuild because of bind ABI changes related to CVE-2023-50387
|
||||
|
||||
* Tue Oct 11 2022 Martin Osvald <mosvald@redhat.com> - 12:4.3.6-49
|
||||
- Fix for CVE-2022-2928
|
||||
- Fix for CVE-2022-2929
|
||||
- send back dhcp6.vendor-opts again (#2142024)
|
||||
|
||||
* Tue May 10 2022 Martin Osvald <mosvald@redhat.com> - 12:4.3.6-48
|
||||
- omshell: add support for hmac-sha512 algorithm (#2016248)
|
||||
|
||||
* Tue Dec 21 2021 Petr Menšík <pemensik@redhat.com> - 12:4.3.6-47
|
||||
- Rebuilt on a new side-tag (#2022715)
|
||||
|
||||
* Thu Dec 16 2021 Martin Osvald <mosvald@redhat.com> - 12:4.3.6-46
|
||||
- Rebuild with new bind (#2022715)
|
||||
|
||||
* Thu May 27 2021 Pavel Zhukov <pzhukov@redhat.com> - 12:4.3.6-45
|
||||
- Fix for CVE-2021-25217
|
||||
|
||||
* Fri Dec 11 2020 Pavel Zhukov <pzhukov@redhat.com> - 12:4.3.6-44
|
||||
- Rebuild with new bind (#1904613)
|
||||
|
||||
* Wed Nov 25 2020 Pavel Zhukov <pzhukov@redhat.com> - 12:4.3.6-43
|
||||
- Drop 12-dhcp NM dispatchers script (#1898423)
|
||||
|
||||
* Tue Oct 20 2020 Pavel Zhukov <pzhukov@redhat.com> - 12:4.3.6-42
|
||||
- Add key-algorithm support.
|
||||
- Resolves: rhbz#1883999
|
||||
|
||||
* Mon Apr 20 2020 Artem Egorenkov <aegorenk@redhat.com> - 12:4.3.6-41
|
||||
- Rebuild with bind-9.11.18
|
||||
|
||||
* Tue Nov 26 2019 Petr Menšík <pemensik@redhat.com> - 12:4.3.6-40
|
||||
- Rebuild with bind-9.11.13 again
|
||||
|
||||
* Tue Nov 26 2019 Pavel Zhukov <pzhukov@redhat.com> - 12:4.3.6-39
|
||||
- Resolves: #1757475 - Close replay files properly
|
||||
|
||||
* Mon Nov 25 2019 Petr Menšík <pemensik@redhat.com> - 12:4.3.6-38
|
||||
- Rebuild with bind-9.11.13
|
||||
|
||||
* Wed Nov 20 2019 Pavel Zhukov <pzhukov@redhat.com> - 12:4.3.6-36
|
||||
- Resolves: #1729211 - detect system time changes with monotonic timer
|
||||
|
||||
* Tue Nov 19 2019 Pavel Zhukov <pzhukov@redhat.com> - 12:4.3.6-36
|
||||
- Resolves: #1757475 - fix FD leak in nonreplay mode
|
||||
|
||||
* Tue Oct 22 2019 Pavel Zhukov <pzhukov@redhat.com> - 12:4.3.6-35
|
||||
- Rebuild with bind-9.11
|
||||
|
||||
* Mon May 13 2019 Pavel Zhukov <pzhukov@redhat.com> - 12:4.3.6-34
|
||||
- Resolves: #1704672 - Fix crash caused by bind rebase
|
||||
|
||||
|
|
Loading…
Reference in New Issue