From 0 Mon Sep 17 00:00:00 2001

From: "Dmitry V. Levin" <ldv@altlinux.org>

Date: Tue, 16 Oct 2007 00:23:11 +0000

Subject: [PATCH 10] Update and apply dhcp-3.0.3-owl-alt-drop_priv.patch

diff --git a/dhcp/client/Makefile.am b/dhcp/client/Makefile.am

index defaced..defaced 100644

--- a/dhcp/client/Makefile.am

+++ b/dhcp/client/Makefile.am

@@ -13,6 +13,7 @@ dhclient_SOURCES = client_tables.c clparse.c dhclient.c dhc6.c \

 		   scripts/bsdos scripts/freebsd scripts/linux scripts/macos \

 		   scripts/netbsd scripts/nextstep scripts/openbsd \

 		   scripts/solaris scripts/openwrt

+dhclient_LDFLAGS = -pie

 dhclient_LDADD = ../common/libdhcp.@A@ ../omapip/libomapi.@A@ \

 		 @BINDLIBIRSDIR@/libirs.@A@ \

 		 @BINDLIBDNSDIR@/libdns.@A@ \

diff --git a/dhcp/common/Makefile.am b/dhcp/common/Makefile.am

index defaced..defaced 100644

--- a/dhcp/common/Makefile.am

+++ b/dhcp/common/Makefile.am

@@ -6,7 +6,7 @@ libdhcp_a_SOURCES = alloc.c bpf.c comapi.c conflex.c ctrace.c dhcp4o6.c \

 		      discover.c dispatch.c dlpi.c dns.c ethernet.c execute.c \

 		      fddi.c icmp.c inet.c lpf.c memory.c nit.c ns_name.c \

 		      options.c packet.c parse.c print.c raw.c resolv.c \

-		      socket.c tables.c tr.c tree.c upf.c

+		      socket.c tables.c tr.c tree.c upf.c droproot.c

 man_MANS = dhcp-eval.5 dhcp-options.5

 EXTRA_DIST = $(man_MANS)

diff --git a/dhcp/common/droproot.c b/dhcp/common/droproot.c

new file mode 100644

index 0000000..36c42dd

--- /dev/null

+++ b/dhcp/common/droproot.c

@@ -0,0 +1,121 @@

+#include "dhcpd.h"

+#include <unistd.h>

+#include <time.h>

+#include <pwd.h>

+#define group real_group

+#include <grp.h>

+#undef group

+

+#include <sys/capability.h>

+#include <sys/prctl.h>

+

+static int minimized = 0;

+

+void

+dhcpd_priv_minimize(const char *user, const char *dir)

+{

+	struct passwd *pw;

+	uid_t   uid;

+	gid_t   gid;

+

+	if (!*user)

+		return;

+

+	if (!(pw = getpwnam(user)))

+		log_fatal("Failed to lower privileges: getpwnam: %s", user);

+

+	uid = pw->pw_uid;

+	gid = pw->pw_gid;

+

+	tzset();

+

+	if (initgroups(user, gid))

+		log_fatal("Failed to lower privileges: initgroups: %s/%u: %m",

+			  user, (unsigned) gid);

+

+	endpwent();

+

+	if (*dir && (chdir(dir) || chroot(".")))

+		log_fatal("Failed to lower privileges: chroot: %s: %m", dir);

+

+	if (setgid(gid))

+		log_fatal("Failed to lower privileges: setgid: %s/%u: %m",

+			  user, (unsigned) gid);

+

+	if (prctl(PR_SET_KEEPCAPS, 1))

+		log_fatal("Failed to lower privileges: prctl: %m");

+

+	if (setreuid(uid, uid))

+		log_fatal("Failed to lower privileges: setreuid: %s/%u: %m",

+			  user, (unsigned) uid);

+

+	cap_t   caps = cap_from_text("cap_net_bind_service=ep");

+

+	if (!caps)

+		log_fatal("Failed to lower privileges: cap_from_text: %m");

+

+	if (cap_set_proc(caps) < 0)

+		log_fatal("Failed to lower privileges: cap_set_proc: %m");

+

+	cap_free(caps);

+	minimized = 1;

+}

+

+static void

+drop_minimized(void)

+{

+	cap_t   caps = cap_from_text("all-ep");

+	if (!caps)

+		log_fatal("Failed to lower privileges: cap_from_text: %m");

+

+	if (cap_set_proc(caps) < 0)

+		log_fatal("Failed to lower privileges: cap_set_proc: %m");

+

+	cap_free(caps);

+}

+

+static void

+drop_all(const char *user, const char *dir)

+{

+	struct passwd *pw;

+	uid_t   uid;

+	gid_t   gid;

+

+	if (!(pw = getpwnam(user)))

+		log_fatal("Failed to lower privileges: getpwnam: %s", user);

+

+	uid = pw->pw_uid;

+	gid = pw->pw_gid;

+

+	tzset();

+

+	if (initgroups(user, gid))

+		log_fatal("Failed to lower privileges: initgroups: %s/%u: %m",

+			  user, (unsigned) gid);

+

+	endpwent();

+

+	if (*dir && (chdir(dir) || chroot(".")))

+		log_fatal("Failed to lower privileges: chroot: %s: %m", dir);

+

+	if (setgid(gid))

+		log_fatal("Failed to lower privileges: setgid: %s/%u: %m",

+			  user, (unsigned) gid);

+

+	if (setuid(uid))

+		log_fatal("Failed to lower privileges: setuid: %s/%u: %m",

+			  user, (unsigned) uid);

+}

+

+

+void

+dhcpd_priv_drop(const char *user, const char *dir)

+{

+	if (!*user)

+		return;

+

+	if (minimized)

+		drop_minimized();

+	else

+		drop_all(user, dir);

+}

diff --git a/dhcp/dhcpctl/omshell.c b/dhcp/dhcpctl/omshell.c

index defaced..defaced 100644

--- a/dhcp/dhcpctl/omshell.c

+++ b/dhcp/dhcpctl/omshell.c

@@ -191,7 +191,7 @@ main(int argc, char **argv) {

 	    check(status, "new_parse()");

 	    token = next_token (&val, (unsigned *)0, cfile);

-	    switch (token) {

+	    switch ((int) token) {

 		  default:

 		    parse_warn (cfile, "unknown token: %s", val);

 		    skip_to_semi (cfile);

diff --git a/dhcp/includes/dhcpd.h b/dhcp/includes/dhcpd.h

index defaced..defaced 100644

--- a/dhcp/includes/dhcpd.h

+++ b/dhcp/includes/dhcpd.h

@@ -1562,19 +1562,19 @@ typedef unsigned char option_mask [16];

 #endif /* DEBUG */

 #ifndef _PATH_DHCPD_DB

-#define _PATH_DHCPD_DB		LOCALSTATEDIR"/db/dhcpd.leases"

+#define _PATH_DHCPD_DB		"/state/dhcpd.leases"

 #endif

 #ifndef _PATH_DHCPD6_DB

-#define _PATH_DHCPD6_DB		LOCALSTATEDIR"/db/dhcpd6.leases"

+#define _PATH_DHCPD6_DB		"/state/dhcpd6.leases"

 #endif

 #ifndef _PATH_DHCPD_PID

-#define _PATH_DHCPD_PID		LOCALSTATEDIR"/run/dhcpd.pid"

+#define _PATH_DHCPD_PID		"/var/run/dhcpd.pid"

 #endif

 #ifndef _PATH_DHCPD6_PID

-#define _PATH_DHCPD6_PID	LOCALSTATEDIR"/run/dhcpd6.pid"

+#define _PATH_DHCPD6_PID	"/var/run/dhcpd6.pid"

 #endif

 #endif /* DEBUG */

@@ -1588,19 +1588,19 @@ typedef unsigned char option_mask [16];

 #endif

 #ifndef _PATH_DHCLIENT_PID

-#define _PATH_DHCLIENT_PID	LOCALSTATEDIR"/run/dhclient.pid"

+#define _PATH_DHCLIENT_PID	"/var/run/dhclient.pid"

 #endif

 #ifndef _PATH_DHCLIENT6_PID

-#define _PATH_DHCLIENT6_PID	LOCALSTATEDIR"/run/dhclient6.pid"

+#define _PATH_DHCLIENT6_PID	"/var/run/dhclient6.pid"

 #endif

 #ifndef _PATH_DHCLIENT_DB

-#define _PATH_DHCLIENT_DB	LOCALSTATEDIR"/db/dhclient.leases"

+#define _PATH_DHCLIENT_DB	"/var/lib/dhcp/dhclient/state/dhclient.leases"

 #endif

 #ifndef _PATH_DHCLIENT6_DB

-#define _PATH_DHCLIENT6_DB	LOCALSTATEDIR"/db/dhclient6.leases"

+#define _PATH_DHCLIENT6_DB	"/var/lib/dhcp/dhclient/state/dhclient6.leases"

 #endif

 #ifndef _PATH_RESOLV_CONF

@@ -1608,11 +1608,11 @@ typedef unsigned char option_mask [16];

 #endif

 #ifndef _PATH_DHCRELAY_PID

-#define _PATH_DHCRELAY_PID	LOCALSTATEDIR"/run/dhcrelay.pid"

+#define _PATH_DHCRELAY_PID	"/var/run/dhcrelay.pid"

 #endif

 #ifndef _PATH_DHCRELAY6_PID

-#define _PATH_DHCRELAY6_PID	LOCALSTATEDIR"/run/dhcrelay6.pid"

+#define _PATH_DHCRELAY6_PID	"/var/run/dhcrelay6.pid"

 #endif

 #ifndef DHCPD_LOG_FACILITY

@@ -3780,6 +3780,9 @@ int find_client_in_ldap (struct host_decl **, struct packet*,

                struct option_state *, const char *, int);

 #endif

+extern void dhcpd_priv_minimize(const char *server_user, const char *server_jail);

+extern void dhcpd_priv_drop(const char *server_user, const char *server_jail);

+

 /* mdb6.c */

 HASH_FUNCTIONS_DECL(ia, unsigned char *, struct ia_xx, ia_hash_t)

 HASH_FUNCTIONS_DECL(iasubopt, struct in6_addr *, struct iasubopt,

diff --git a/dhcp/relay/Makefile.am b/dhcp/relay/Makefile.am

index defaced..defaced 100644

--- a/dhcp/relay/Makefile.am

+++ b/dhcp/relay/Makefile.am

@@ -4,6 +4,7 @@ AM_CPPFLAGS = -DLOCALSTATEDIR='"@localstatedir@"'

 sbin_PROGRAMS = dhcrelay

 dhcrelay_SOURCES = dhcrelay.c

+dhcrelay_LDFLAGS = -pie

 dhcrelay_LDADD = ../common/libdhcp.@A@ ../omapip/libomapi.@A@ \

 		 @BINDLIBIRSDIR@/libirs.@A@ \

 		 @BINDLIBDNSDIR@/libdns.@A@ \

diff --git a/dhcp/relay/dhcrelay.8 b/dhcp/relay/dhcrelay.8

index defaced..defaced 100644

--- a/dhcp/relay/dhcrelay.8

+++ b/dhcp/relay/dhcrelay.8

@@ -102,6 +102,12 @@ dhcrelay - Dynamic Host Configuration Protocol Relay Agent

 [

 .B -U

 .I interface

+.B -Un

+.I user

+]

+[

+.B -j

+.I chroot-dir

 ]

 [

 .B -g

@@ -164,6 +170,11 @@ other relay agents on one or more interfaces, passing them along to

 ``upstream'' servers or relay agents as specified on the command line.

 When a reply is received from upstream, it is multicast or unicast back

 downstream to the source of the original request.

+.PP

+Upon startup, this version of dhcrelay will switch to a non-root

+pseudo-user and enter a chroot jail.  The default username (\fIdhcrelay\fR)

+and the default chroot jail directory path (\fI/var/empty\fR)

+may be overridden with the \fB-U\fR and \fB-j\fR options, respectively.

 .SH COMMAND LINE

 .PP

 \fIProtocol selection options:\fR

@@ -352,4 +363,9 @@ The loopback interface is not (yet) recognized as a valid interface.

 .SH AUTHOR

 .B dhcrelay(8)

 To learn more about Internet Systems Consortium, see

-.B https://www.isc.org

+.BR https://www.isc.org .

+.PP

+This version of dhcrelay has been modified for ALT Linux

+.RB ( http://www.altlinux.com/ ).

+In particular, the privilege reduction functionality and the \fB-u\fR

+and \fB-j\fR options are Openwall/ALT Linux extensions.

diff --git a/dhcp/server/Makefile.am b/dhcp/server/Makefile.am

index defaced..defaced 100644

--- a/dhcp/server/Makefile.am

+++ b/dhcp/server/Makefile.am

@@ -13,12 +13,15 @@ dhcpd_SOURCES = dhcpd.c dhcp.c bootp.c confpars.c db.c class.c failover.c \

 		dhcpv6.c mdb6.c ldap.c ldap_casa.c leasechain.c ldap_krb_helper.c

 dhcpd_CFLAGS = $(LDAP_CFLAGS)

+dhcpd_LDFLAGS = -pie

 dhcpd_LDADD = ../common/libdhcp.@A@ ../omapip/libomapi.@A@ \

 	      ../dhcpctl/libdhcpctl.@A@ \

 	      $(BINDLIBIRSDIR)/libirs.@A@ \

 	      $(BINDLIBDNSDIR)/libdns.@A@ \

 	      $(BINDLIBISCCFGDIR)/libisccfg.@A@ \

-	      $(BINDLIBISCDIR)/libisc.@A@ $(LDAP_LIBS)

+	      $(BINDLIBISCDIR)/libisc.@A@ \

+	      -lcap \

+		  $(LDAP_LIBS)

 man_MANS = dhcpd.8 dhcpd.conf.5 dhcpd.leases.5

 EXTRA_DIST = $(man_MANS)

diff --git a/dhcp/server/dhcpd.8 b/dhcp/server/dhcpd.8

index defaced..defaced 100644

--- a/dhcp/server/dhcpd.8

+++ b/dhcp/server/dhcpd.8

@@ -101,6 +101,14 @@ dhcpd - Dynamic Host Configuration Protocol Server

 .I trace-playback-file

 ]

 [

+.B -u

+.I user

+]

+[

+.B -j

+.I chroot-dir

+]

+[

 .I if0

 [

 .I ...ifN

@@ -192,6 +200,11 @@ require a great deal of work, our resources are extremely limited, and

 they can be better spent elsewhere.  So please don't complain about

 this on the mailing list unless you're prepared to fund a project to

 implement this feature, or prepared to do it yourself.

+.PP

+Upon startup, this version of the DHCP server will switch to a non-root

+pseudo-user and enter a chroot jail.  The default username (\fIdhcpd\fR)

+and the default chroot jail directory path (\fI/var/lib/dhcp/dhcpd\fR)

+may be overridden with the \fB-u\fR and \fB-j\fR options, respectively.

 .SH COMMAND LINE

 .PP

 The names of the network interfaces on which dhcpd should listen for

@@ -887,3 +900,8 @@ Funding for this project was provided by Internet Systems

 Consortium.  Version 3 of the DHCP server was funded by Nominum, Inc.

 Information about Internet Systems Consortium is available at

 .B https://www.isc.org/\fR.

+.PP

+This version of dhcpd has been modified for ALT Linux

+.RB ( http://www.altlinux.com/ ).

+In particular, the privilege reduction functionality and the \fB-u\fR

+and \fB-j\fR options are Openwall/ALT Linux extensions.