aboutsummaryrefslogtreecommitdiff
path: root/net/isc-dhcp40-server
diff options
context:
space:
mode:
authorPav Lucistnik <pav@FreeBSD.org>2004-06-01 13:34:27 +0000
committerPav Lucistnik <pav@FreeBSD.org>2004-06-01 13:34:27 +0000
commitbfef58c1429e04a1e34423d58bc6f1d130a1290a (patch)
treea9cea76816f6a00346ea46d36ab166f572195aa2 /net/isc-dhcp40-server
parent3c0bf3b7c0090c757bc4dab0cee1cfcc6e3c78db (diff)
- Integrate paranoia and jail patches to allow running in chroot and jail
- Employ OPTIONS PR: ports/67407 Submitted by: Cyrille Lefevre <cyrille.lefevre@laposte.net> (maintainer)
Notes
Notes: svn path=/head/; revision=110606
Diffstat (limited to 'net/isc-dhcp40-server')
-rw-r--r--net/isc-dhcp40-server/Makefile33
-rw-r--r--net/isc-dhcp40-server/files/patch-server::dhcpd.c250
-rw-r--r--net/isc-dhcp40-server/pkg-message17
3 files changed, 282 insertions, 18 deletions
diff --git a/net/isc-dhcp40-server/Makefile b/net/isc-dhcp40-server/Makefile
index 291e831481f3..7e503b671f2b 100644
--- a/net/isc-dhcp40-server/Makefile
+++ b/net/isc-dhcp40-server/Makefile
@@ -8,7 +8,7 @@
PORTNAME= dhcp
PORTVERSION= 3.0.1.r12
-PORTREVISION= 2
+PORTREVISION= 3
CATEGORIES= net
MASTER_SITES= ${MASTER_SITE_ISC}
MASTER_SITE_SUBDIR= dhcp dhcp/dhcp-3.0-history
@@ -22,6 +22,16 @@ COMMENT?= The ISC Dynamic Host Configuration Protocol server
USE_REINPLACE= yes
USE_RC_SUBR= yes
+SUBSYS?= server
+
+.if ${SUBSYS} == client
+OPTIONS= INTERFACE_POLLING "interface polling support" on
+.endif
+.if ${SUBSYS} == server
+OPTIONS= DHCP_PARANOIA "add -user, -group and -chroot options" on \
+ DHCP_JAIL "add -chroot and -jail options" on
+.endif
+
.include <bsd.port.pre.mk>
# Global variables
@@ -32,8 +42,6 @@ CONFIGURE_ARGS= --subsys ${SUBSYS}
ALL_TARGET= all.${SUBSYS}
INSTALL_TARGET= install.${SUBSYS}
-SUBSYS?= server
-
.if ${SUBSYS} == client
MAN5= dhclient.conf.5 dhclient.leases.5
MAN8= dhclient.8 dhclient-script.8
@@ -117,17 +125,6 @@ REINPLACE_SUB= PREFIX=${PREFIX}
RCSCRIPTS_SUB= PREFIX=${PREFIX} RC_SUBR=${RC_SUBR}
PKGMESSAGE_SUB= PREFIX=${PREFIX} MAN1PREFIX=${MAN1PREFIX}
-# Pre-everything
-#
-
-.if ${SUBSYS} == client && !defined(WITHOUT_INTERFACE_POLLING)
-pre-everything::
- @${ECHO_MSG}
- @${ECHO_MSG} "If you want to compile without interface polling support."
- @${ECHO_MSG} "hit Ctrl-C right now and use \"make WITHOUT_INTERFACE_POLLING=yes\""
- @${ECHO_MSG}
-.endif
-
# Post-extract
#
@@ -156,6 +153,14 @@ patch-site-conf:
.if ${SUBSYS} == client && !defined(WITHOUT_INTERFACE_POLLING)
@${ECHO_CMD} CFLAGS += -DENABLE_POLLING_MODE >> ${WRKSRC}/site.conf
.endif
+.if ${SUBSYS} == server
+.if !defined(WITHOUT_DHCP_PARANOIA)
+ @${ECHO_CMD} CFLAGS += -DPARANOIA >> ${WRKSRC}/site.conf
+.endif
+.if !defined(WITHOUT_DHCP_JAIL)
+ @${ECHO_CMD} CFLAGS += -DJAIL >> ${WRKSRC}/site.conf
+.endif
+.endif
patch-makefile-conf:
@${REINPLACE_CMD} -e 's|^DEBUG[ ]*=|# DEBUG ?=|g' \
diff --git a/net/isc-dhcp40-server/files/patch-server::dhcpd.c b/net/isc-dhcp40-server/files/patch-server::dhcpd.c
new file mode 100644
index 000000000000..d77330b32ea8
--- /dev/null
+++ b/net/isc-dhcp40-server/files/patch-server::dhcpd.c
@@ -0,0 +1,250 @@
+--- server/dhcpd.c.orig Wed Jan 15 00:15:24 2003
++++ server/dhcpd.c Sun May 30 23:14:42 2004
+@@ -56,6 +56,22 @@
+ #include "version.h"
+ #include <omapip/omapip_p.h>
+
++#if defined (PARANOIA)
++#include <sys/types.h>
++#include <unistd.h>
++#include <pwd.h>
++/* get around the ISC declaration of group */
++#define group real_group
++#include <grp.h>
++#undef group
++#endif /* PARANOIA */
++#if defined (JAIL)
++#include <sys/param.h>
++#include <sys/jail.h>
++#include <netinet/in.h>
++#include <arpa/inet.h>
++#endif /* JAIL */
++
+ static void usage PROTO ((void));
+
+ TIME cur_time;
+@@ -204,6 +220,35 @@
+ omapi_object_dereference (&listener, MDL);
+ }
+
++#if defined (PARANOIA)
++/* to be used in one of two possible scenarios */
++static void setup_chroot (char *chroot_dir)
++{
++ if (geteuid ())
++ log_fatal ("you must be root to use chroot");
++ if (chroot (chroot_dir))
++ log_fatal ("chroot(\"%s\"): %m", chroot_dir);
++ if (chdir ("/"))
++ /* probably permission denied */
++ log_fatal ("chdir(\"/\"): %m");
++}
++#endif /* PARANOIA */
++
++#if defined (JAIL)
++static void setup_jail (char *chroot_dir, char *hostname, u_int32_t ip_number)
++{
++ struct jail j;
++
++ j.version = 0;
++ j.path = chroot_dir;
++ j.hostname = hostname;
++ j.ip_number = ip_number;
++
++ if (jail (&j) < 0)
++ log_fatal ("jail(%s, %s): %m", chroot_dir, hostname);
++}
++#endif /* JAIL */
++
+ int main (argc, argv, envp)
+ int argc;
+ char **argv, **envp;
+@@ -236,6 +281,20 @@
+ char *traceinfile = (char *)0;
+ char *traceoutfile = (char *)0;
+ #endif
++#if defined (PARANOIA)
++ char *set_user = 0;
++ char *set_group = 0;
++ uid_t set_uid = 0;
++ gid_t set_gid = 0;
++ int early_chroot = 0;
++#endif /* PARANOIA */
++#if defined (PARANOIA) || defined (JAIL)
++ char *set_chroot = 0;
++#endif /* PARANOIA || JAIL */
++#if defined (JAIL)
++ char *set_jail = 0;
++ u_int32_t jail_ip_address = 0; /* Good as long as it's IPv4 ... */
++#endif /* JAIL */
+
+ /* Make sure we have stdin, stdout and stderr. */
+ status = open ("/dev/null", O_RDWR);
+@@ -298,6 +357,35 @@
+ if (++i == argc)
+ usage ();
+ server = argv [i];
++#if defined (PARANOIA)
++ } else if (!strcmp (argv [i], "-user")) {
++ if (++i == argc)
++ usage ();
++ set_user = argv [i];
++ } else if (!strcmp (argv [i], "-group")) {
++ if (++i == argc)
++ usage ();
++ set_group = argv [i];
++ } else if (!strcmp (argv [i], "-early_chroot")) {
++ early_chroot = 1;
++#endif /* PARANOIA */
++#if defined (PARANOIA) || defined (JAIL)
++ } else if (!strcmp (argv [i], "-chroot")) {
++ if (++i == argc)
++ usage ();
++ set_chroot = argv [i];
++#endif /* PARANOIA || JAIL */
++#if defined (JAIL)
++ } else if (!strcmp (argv [i], "-jail")) {
++ if (++i == argc)
++ usage ();
++ set_jail = argv [i];
++ if (++i == argc)
++ usage ();
++ if (ascii2addr (AF_INET, argv[i], &jail_ip_address) < 0)
++ usage();
++ jail_ip_address = ntohl (jail_ip_address);
++#endif /* JAIL */
+ } else if (!strcmp (argv [i], "-cf")) {
+ if (++i == argc)
+ usage ();
+@@ -397,6 +485,57 @@
+ trace_seed_stop, MDL);
+ #endif
+
++#if defined (PARANOIA)
++ /* get user and group info if those options were given */
++ if (set_user) {
++ struct passwd *tmp_pwd;
++
++ if (geteuid ())
++ log_fatal ("you must be root to set user");
++
++ if (!(tmp_pwd = getpwnam (set_user)))
++ log_fatal ("no such user: %s", set_user);
++
++ set_uid = tmp_pwd->pw_uid;
++
++ /* use the user's group as the default gid */
++ if (!set_group)
++ set_gid = tmp_pwd->pw_gid;
++ }
++
++ if (set_group) {
++/* get around the ISC declaration of group */
++#define group real_group
++ struct group *tmp_grp;
++
++ if (geteuid ())
++ log_fatal ("you must be root to set group");
++
++ if (!(tmp_grp = getgrnam (set_group)))
++ log_fatal ("no such group: %s", set_group);
++
++ set_gid = tmp_grp->gr_gid;
++#undef group
++ }
++#endif /* PARANOIA */
++#if defined (JAIL)
++ if (set_jail) {
++ /* Initialize icmp support... */
++ if (!cftest && !lftest)
++ icmp_startup (1, lease_pinged);
++ if(!set_chroot)
++ set_chroot = "/";
++ setup_jail (set_chroot, set_jail, jail_ip_address);
++ }
++#endif /* JAIL */
++#if defined (PARANOIA) && defined (JAIL)
++ else
++#endif /* PARANOIA && JAIL */
++#if defined (PARANOIA)
++ if (early_chroot && set_chroot)
++ setup_chroot (set_chroot);
++#endif /* PARANOIA */
++
+ /* Default to the DHCP/BOOTP port. */
+ if (!local_port)
+ {
+@@ -471,6 +610,9 @@
+ #endif
+
+ /* Initialize icmp support... */
++#if defined (JAIL)
++ if (!set_jail)
++#endif /* JAIL */
+ if (!cftest && !lftest)
+ icmp_startup (1, lease_pinged);
+
+@@ -500,6 +642,14 @@
+
+ postconf_initialization (quiet);
+
++#if defined (PARANOIA)
++#if defined (JAIL)
++ if (!set_jail)
++#endif /* JAIL */
++ if (!early_chroot && set_chroot)
++ setup_chroot (set_chroot);
++#endif /* PARANOIA */
++
+ /* test option should cause an early exit */
+ if (cftest && !lftest)
+ exit(0);
+@@ -542,7 +692,22 @@
+ else if (pid)
+ exit (0);
+ }
++
++#if defined (PARANOIA)
++ /* change uid to the specified one */
++ if (set_gid) {
++ if (setgroups (0, (void *)0))
++ log_fatal ("setgroups: %m");
++ if (setgid (set_gid))
++ log_fatal ("setgid(%d): %m", (int) set_gid);
++ }
+
++ if (set_uid) {
++ if (setuid (set_uid))
++ log_fatal ("setuid(%d): %m", (int) set_uid);
++ }
++#endif /* PARANOIA */
++
+ /* Read previous pid file. */
+ if ((i = open (path_dhcpd_pid, O_RDONLY)) >= 0) {
+ status = read (i, pbuf, (sizeof pbuf) - 1);
+@@ -886,8 +1051,24 @@
+ log_info (copyright);
+ log_info (arr);
+
+- log_fatal ("Usage: dhcpd [-p <UDP port #>] [-d] [-f]%s%s%s%s",
++ log_fatal ("Usage: dhcpd [-p <UDP port #>] [-d] [-f]%s%s%s%s%s%s%s",
+ "\n [-cf config-file] [-lf lease-file]",
++
++#if defined (PARANOIA)
++ /* meld into the following string */
++ "\n [-user user] [-group group]",
++ "\n [-chroot dir] [-early_chroot]",
++#else /* PARANOIA */
++ "", "",
++#endif /* PARANOIA */
++
++#if defined (JAIL)
++ /* then also these ones */
++ "\n [-jail name ip]",
++#else /* JAIL */
++ "",
++#endif /* JAIL */
++
+ #if defined (TRACING)
+ "\n [-tf trace-output-file]",
+ "\n [-play trace-input-file]",
diff --git a/net/isc-dhcp40-server/pkg-message b/net/isc-dhcp40-server/pkg-message
index 02c3fad98765..749a5d69ea4a 100644
--- a/net/isc-dhcp40-server/pkg-message
+++ b/net/isc-dhcp40-server/pkg-message
@@ -9,7 +9,16 @@
dhcpd_conf="%%PREFIX%%/etc/dhcpd.conf" # configuration file
dhcpd_ifaces="" # ethernet interface(s)
-**** For instance, rc.conf like variables are still read from
- %%PREFIX%%/etc/rc.isc-dhcpd.conf. They should be move into
- /etc/rc.conf. Also, the dhcpd_options variable must be
- renamed dhcpd_flags.
+**** For instance, rc.conf like variables are still read from %%PREFIX%%\
+ /etc/rc.isc-dhcpd.conf. They should be move into /etc/rc.conf. Also,
+ the dhcpd_options variable must be renamed dhcpd_flags.
+
+**** If compiled with paranoia support (the default), the following options
+ are also supported:
+
+ [-user user] [-group group] [-chroot dir] [-early_chroot]
+
+**** If compiled with jail support (the default), the following options are
+ also supported:
+
+ [-chroot dir] [-jail hostname ip_address] # implies -early_chroot