mir/isc-dhcp
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/dhcp synced 2025-08-31 22:35:25 +00:00
Code Issues Releases Wiki Activity

[master] Print out files used and move the dropping of privileges in paranoia

Browse Source 
17551 - When starting up in verbose mode have the server print out
        the files it will use

25806 - Moving the paranoia code that drops the privileges to be after
        the server has written the PID file.
This commit is contained in:
Shawn Routhier
2014-05-07 11:54:27 -07:00
parent 02b0bdc3cf
commit d8c7c34ef6
2 changed files with 36 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
RELNOTES
View File

@@ -123,6 +123,16 @@ by Eric Young (eay@cryptsoft.com).
Thanks to Tomas Hozza at Red Hat for the suggestion and a prototype fix. Thanks to Tomas Hozza at Red Hat for the suggestion and a prototype fix.
[ISC-Bugs #33098] [ISC-Bugs #33098]
- Several updates to the dhcp server code
When not in quiet mode print out the files being used.
[ISC-Bugs #17551]
As accessing some pid files may require privileges move the dropping
of permission bits due to the paranoia patch to be after the pid code.
Thanks to Jiri Popelka at Red Hat for the bug and fix.
[ISC-Bugs #25806]
When processing a "--version" request don't output the version information
to syslog.
Changes since 4.3.0rc1 Changes since 4.3.0rc1
- None - None

43
server/dhcpd.c
View File

@@ -308,7 +308,13 @@ main(int argc, char **argv) {
local_family_set = 1; local_family_set = 1;
#endif /* DHCPv6 */ #endif /* DHCPv6 */
} else if (!strcmp (argv [i], "--version")) { } else if (!strcmp (argv [i], "--version")) {
log_info("isc-dhcpd-%s", PACKAGE_VERSION); const char vstring[] = "isc-dhcpd-";
IGNORE_RET(write(STDERR_FILENO, vstring,
strlen(vstring)));
IGNORE_RET(write(STDERR_FILENO,
PACKAGE_VERSION,
strlen(PACKAGE_VERSION)));
IGNORE_RET(write(STDERR_FILENO, "\n", 1));
exit (0); exit (0);
#if defined (TRACING) #if defined (TRACING)
} else if (!strcmp (argv [i], "-tf")) { } else if (!strcmp (argv [i], "-tf")) {
@@ -394,6 +400,9 @@ main(int argc, char **argv) {
log_info (copyright); log_info (copyright);
log_info (arr); log_info (arr);
log_info (url); log_info (url);
log_info ("Config file: %s", path_dhcpd_conf);
log_info ("Database file: %s", path_dhcpd_db);
log_info ("PID file: %s", path_dhcpd_pid);
} else { } else {
quiet = 0; quiet = 0;
log_perror = 0; log_perror = 0;
@@ -690,22 +699,6 @@ main(int argc, char **argv) {
exit (0); exit (0);
} }
#if defined (PARANOIA)
/* change uid to the specified one */
if (set_gid) {
if (setgroups (0, (void *)0))
log_fatal ("setgroups: %m");
if (setgid (set_gid))
log_fatal ("setgid(%d): %m", (int) set_gid);
}
if (set_uid) {
if (setuid (set_uid))
log_fatal ("setuid(%d): %m", (int) set_uid);
}
#endif /* PARANOIA */
/* /*
* Deal with pid files. If the user told us * Deal with pid files. If the user told us
* not to write a file we don't read one either * not to write a file we don't read one either
@@ -742,6 +735,22 @@ main(int argc, char **argv) {
} }
} }
#if defined (PARANOIA)
/* change uid to the specified one */
if (set_gid) {
if (setgroups (0, (void *)0))
log_fatal ("setgroups: %m");
if (setgid (set_gid))
log_fatal ("setgid(%d): %m", (int) set_gid);
}
if (set_uid) {
if (setuid (set_uid))
log_fatal ("setuid(%d): %m", (int) set_uid);
}
#endif /* PARANOIA */
/* If we were requested to log to stdout on the command line, /* If we were requested to log to stdout on the command line,
keep doing so; otherwise, stop. */ keep doing so; otherwise, stop. */
if (log_perror == -1) if (log_perror == -1)