Index: head/net/isc-dhcp31-server/Makefile =================================================================== --- head/net/isc-dhcp31-server/Makefile (revision 238470) +++ head/net/isc-dhcp31-server/Makefile (revision 238471) @@ -1,289 +1,264 @@ # ex:ts=8 # Ports collection makefile for: dhcp # Date created: 7 Mar 1996 # Whom: se # # $FreeBSD$ # PORTNAME= dhcp -PORTVERSION= 3.1.1 +PORTVERSION= 3.1.2p1 PORTREVISION= ${DHCP_PORTREVISION} CATEGORIES= net MASTER_SITES= ${MASTER_SITE_ISC} MASTER_SITE_SUBDIR= dhcp dhcp/dhcp-3.1-history PKGNAMEPREFIX= isc- PKGNAMESUFFIX= 31-${SUBSYS} -DISTNAME= ${PORTNAME}-${RELEASE}${VERSION}${PATCHLEVEL} +DISTNAME= ${PORTNAME}-${PORTVERSION} MAINTAINER= jpaetzel@FreeBSD.org COMMENT?= The ISC Dynamic Host Configuration Protocol server -BROKEN= Not yet integrated and tested - PORTREVISION_SERVER= 0 PORTREVISION_CLIENT= 0 PORTREVISION_RELAY= 0 PORTREVISION_DEVEL= 0 SUBSYS?= server UNIQUENAME= ${PKGNAMEPREFIX}${PORTNAME}${PKGNAMESUFFIX} .if ${SUBSYS} == client OPTIONS= INTERFACE_POLLING "interface polling support" on .endif .if ${SUBSYS} == server OPTIONS= DHCP_PARANOIA "add -user, -group and -chroot options" on \ DHCP_JAIL "add -chroot and -jail options" on \ DHCP_SOCKETS "use sockets instead of /dev/bpf (jail-only)" off \ OPENSSL_BASE "use the base system OpenSSL (required by TLS)" on \ OPENSSL_PORT "use OpenSSL from ports (required by TLS)" off .endif # PORTREVISION handling .if ${SUBSYS} == client DHCP_PORTREVISION= ${PORTREVISION_CLIENT} .elif ${SUBSYS} == relay DHCP_PORTREVISION= ${PORTREVISION_RELAY} .elif ${SUBSYS} == devel DHCP_PORTREVISION= ${PORTREVISION_DEVEL} .else DHCP_PORTREVISION= ${PORTREVISION_SERVER} .endif .include # Global variables # HAS_CONFIGURE= yes CONFIGURE_ARGS= --subsys ${SUBSYS} ALL_TARGET= all.${SUBSYS} INSTALL_TARGET= install.${SUBSYS} SCRIPTS_ENV+= PKG_PREFIX=${PREFIX} .if ${SUBSYS} == client MAN5= dhclient.conf.5 dhclient.leases.5 MAN8= dhclient.8 dhclient-script.8 .elif ${SUBSYS} == server MAN1= omshell.1 MAN5= dhcpd.conf.5 dhcpd.leases.5 MAN8= dhcpd.8 .elif ${SUBSYS} == relay MAN8= dhcrelay.8 .else MAN3= dhcpctl.3 omapi.3 .endif .if ${SUBSYS} != relay MAN5+= dhcp-eval.5 dhcp-options.5 .endif MSG_FILE= ${.CURDIR}/pkg-message DESCR= ${.CURDIR}/pkg-descr PKGINSTALL= ${.CURDIR}/pkg-install PKGDEINSTALL= ${PKGINSTALL} PKGMESSAGE= ${WRKDIR}/pkg-message PLIST= ${.CURDIR}/pkg-plist -# Local variables -# - -# for instance, possible versions are: -# 1.2.r3.4 (or 1.2.b3.4), 1.2.r3 (or 1.2.b3), 1.2.3, 1.2 -# which have to become: -# 1.2rc3pl4 (or 1.2beta3pl4), 1.2rc3 (or 1.2beta3), 1.2.3, 1.2 -# so, the magic things are: -VERSION= -PATCHLEVEL= -.if ${PORTVERSION:R:E:M[br]*} != "" -RELEASE= ${PORTVERSION:R:R} -VERSION= ${PORTVERSION:R:E:S/b/beta/:S/r/rc/} -PATCHLEVEL= pl${PORTVERSION:E} -.elif ${PORTVERSION:E:M[br]*} != "" -RELEASE= ${PORTVERSION:R} -VERSION= ${PORTVERSION:E:S/b/beta/:S/r/rc/} -#.elif ${PORTVERSION:R:E} != "" -#RELEASE= ${PORTVERSION:R} -#PATCHLEVEL= pl${PORTVERSION:E} -.else -RELEASE= ${PORTVERSION} -.endif PATCH_SUBDIRS= common minires dst omapip .if ${SUBSYS} == server || ${SUBSYS} == devel PATCH_SUBDIRS+= dhcpctl .endif .if ${SUBSYS} != devel PATCH_SUBDIRS+= ${SUBSYS} .endif .if ${SUBSYS} == server PATCH_SUBDIRS+= omshell .endif .if !defined(NOPORTDOCS) PORTDOCS= LICENSE README RELNOTES .endif .if ${SUBSYS} == client BIN_FILES= dhclient LOCAL_CONF_FILES= dhclient.conf SAMP_FILES= client/dhclient.conf DATA_FILES= dhclient.leases .elif ${SUBSYS} == server BIN_FILES= dhcpd omshell USE_RC_SUBR= isc-dhcpd SAMP_FILES= server/dhcpd.conf DATA_FILES= dhcpd.leases .elif ${SUBSYS} == relay BIN_FILES= dhcrelay USE_RC_SUBR= isc-dhcrelay .endif SAMP_SUFX= .sample CONF_DIR= ${PREFIX}/etc SCHEMA_DIR= ${PREFIX}/share/${PKGBASE} DOCSDIR= ${PREFIX}/share/doc/${PKGBASE} DATADIR= /var/db PLIST_SUB+= SCHEMA_DIR="${SCHEMA_DIR:S,^${PREFIX}/,,}" PLIST_SUB+= LDAP="@comment " REINPLACE_SUB= PREFIX=${PREFIX} .if !defined(WITHOUT_DHCP_PARANOIA) SUB_LIST+= PARANOIA=YES .else SUB_LIST+= PARANOIA=NO .endif .if !defined(WITHOUT_DHCP_JAIL) SUB_LIST+= JAIL=YES .else SUB_LIST+= JAIL=NO .endif PKGMESSAGE_SUB= PREFIX="${PREFIX}" MAN1PREFIX="${MAN1PREFIX}" \ DOCSDIR="${DOCSDIR}" SCHEMA_DIR="${SCHEMA_DIR}" # Post-extract # post-extract: extract-omshell extract-script extract-omshell: @${MKDIR} ${WRKSRC}/omshell @${MV} ${WRKSRC}/dhcpctl/omshell.? ${WRKSRC}/omshell @${CP} ${FILESDIR}/omshell::Makefile.dist \ ${WRKSRC}/omshell/Makefile.dist extract-script: @${CP} ${FILESDIR}/client::scripts::freebsd ${WRKSRC}/client/scripts/freebsd # Post-patch # post-patch: patch-scripts patch-makefile-conf \ patch-makefiles-dist patch-man-pages \ patch-pkgmessage patch-site-conf patch-scripts: @${REINPLACE_CMD} ${REINPLACE_SUB:S/$/!g/:S/^/ -e s!%%/:S/=/%%!/} \ ${WRKSRC}/client/dhclient.conf \ ${WRKSRC}/client/scripts/freebsd patch-site-conf: .if ${SUBSYS} == client && !defined(WITHOUT_INTERFACE_POLLING) @${ECHO_CMD} CFLAGS += -DENABLE_POLLING_MODE >> ${WRKSRC}/site.conf .endif .if ${SUBSYS} == server .if !defined(WITHOUT_DHCP_PARANOIA) @${ECHO_CMD} CFLAGS += -DPARANOIA >> ${WRKSRC}/site.conf .endif .if !defined(WITHOUT_DHCP_JAIL) @${ECHO_CMD} CFLAGS += -DJAIL >> ${WRKSRC}/site.conf .if defined(WITH_DHCP_SOCKETS) @${ECHO_CMD} CFLAGS += -DUSE_SOCKETS >> ${WRKSRC}/site.conf .endif .endif .endif patch-makefile-conf: @${REINPLACE_CMD} -e 's|^DEBUG[ ]*=|# DEBUG ?=|g' \ ${WRKSRC}/Makefile.conf patch-makefiles-dist: .for subdir in ${PATCH_SUBDIRS} @${REINPLACE_CMD} -e 's|^CFLAGS[ ]*=|CFLAGS +=|g' \ ${WRKSRC}/${subdir}/Makefile.dist .endfor # temporary hack - no patch file needed for this typo. patch-man-pages: @${REINPLACE_CMD} -e '/^\.Fd$$/d' ${WRKSRC}/dhcpctl/dhcpctl.3 patch-pkgmessage: .if ${SUBSYS} != devel @${SED} ${PKGMESSAGE_SUB:S/$/!g/:S/^/ -e s!%%/:S/=/%%!/} \ ${MSG_FILE} > ${PKGMESSAGE} @${REINPLACE_CMD} -e '/^%%LDAP%%/d' ${PKGMESSAGE} .endif # Post-install # POST-INSTALL= parallel-post-install install-rc-script configure-package \ display-message .ORDER: ${POST-INSTALL} post-install: ${POST-INSTALL} parallel-post-install: \ strip-binary-files \ install-doc-files install-sample-files \ create-conf-files create-data-files strip-binary-files: .for f in ${BIN_FILES} .if exists(${PREFIX}/bin/${f}) @${STRIP_CMD} ${PREFIX}/bin/${f} .endif .if exists(${PREFIX}/sbin/${f}) @${STRIP_CMD} ${PREFIX}/sbin/${f} .endif .endfor install-doc-files: .if !defined(NOPORTDOCS) @${MKDIR} ${DOCSDIR} .for f in ${PORTDOCS} @${INSTALL_DATA} ${WRKSRC}/${f} ${DOCSDIR} .endfor .endif install-sample-files: .for f in ${SAMP_FILES} @${INSTALL_DATA} ${WRKSRC}/${f} ${CONF_DIR}/${f:T}${SAMP_SUFX} .endfor create-conf-files: .for f in ${LOCAL_CONF_FILES} .if !exists(${CONF_DIR}/${f}) @${TOUCH} ${CONF_DIR}/${f} .endif .endfor create-data-files: .for f in ${DATA_FILES} .if !exists(${DATADIR}/${f}) @${TOUCH} ${DATADIR}/${f} .endif .endfor configure-package: .if ${SUBSYS} == server @${SETENV} ${SCRIPTS_ENV} ${SH} ${PKGINSTALL} ${PKGNAME} POST-INSTALL .endif display-message: .if ${SUBSYS} != devel @${ECHO_MSG} @${CAT} ${PKGMESSAGE} @${ECHO_MSG} .endif .include Property changes on: head/net/isc-dhcp31-server/Makefile ___________________________________________________________________ Modified: cvs2svn:cvs-rev ## -1 +1 ## -1.126 \ No newline at end of property +1.127 \ No newline at end of property Index: head/net/isc-dhcp31-server/distinfo =================================================================== --- head/net/isc-dhcp31-server/distinfo (revision 238470) +++ head/net/isc-dhcp31-server/distinfo (revision 238471) @@ -1,3 +1,3 @@ -MD5 (dhcp-3.1.1.tar.gz) = fcc19330a9c3a0efb5620409214652a9 -SHA256 (dhcp-3.1.1.tar.gz) = 129024c7545e3e8d37e75cd5d534b50c53955592c4935189a57916e216355f6d -SIZE (dhcp-3.1.1.tar.gz) = 798228 +MD5 (dhcp-3.1.2p1.tar.gz) = 787b2924a1965f0d8558521b36dca73d +SHA256 (dhcp-3.1.2p1.tar.gz) = e0cb405e0fef0ecebec7aaed294032a06178ff28be87498596e6069ccda4341e +SIZE (dhcp-3.1.2p1.tar.gz) = 792355 Property changes on: head/net/isc-dhcp31-server/distinfo ___________________________________________________________________ Modified: cvs2svn:cvs-rev ## -1 +1 ## -1.60 \ No newline at end of property +1.61 \ No newline at end of property Index: head/net/isc-dhcp31-server/files/isc-dhcpd.in =================================================================== --- head/net/isc-dhcp31-server/files/isc-dhcpd.in (revision 238470) +++ head/net/isc-dhcp31-server/files/isc-dhcpd.in (revision 238471) @@ -1,732 +1,747 @@ #! /bin/sh # # $FreeBSD$ # # PROVIDE: dhcpd # REQUIRE: DAEMON # BEFORE: LOGIN # KEYWORD: shutdown # # Add the following line to /etc/rc.conf to enable dhcpd: # # dhcpd_enable="YES" # . %%RC_SUBR%% name=dhcpd paranoia=%%PARANOIA%% # compiled in paranoia? jail=%%JAIL%% # compiled in jail? load_rc_config ${name} # override these variables in /etc/rc.conf dhcpd_enable=${dhcpd_enable:-"NO"} # dhcpd_flags="" # -q -early_chroot # command option(s) # dhcpd_ifaces="" # ethernet interface(s) dhcpd_conf=${dhcpd_conf:-%%PREFIX%%/etc/${name}.conf} # configuration file dhcpd_withumask=${dhcpd_withumask:-022} # file creation mask dhcpd_chuser_enable=${dhcpd_chuser_enable:-"%%PARANOIA%%"} # runs w/o privileges? dhcpd_withuser=${dhcpd_withuser:-${name}} # user name to run as dhcpd_withgroup=${dhcpd_withgroup:-${name}} # group name to run as dhcpd_chroot_enable=${dhcpd_chroot_enable:-"NO"} # runs chrooted? dhcpd_devfs_enable=${dhcpd_devfs_enable:-"YES"} # devfs if available? dhcpd_makedev_enable=${dhcpd_makedev_enable:-"NO"} # MAKEDEV instead of devfs? dhcpd_rootdir=${dhcpd_rootdir:-/var/db/${name}} # directory to run in # dhcpd_includedir="" # directory for included config files # untested dhcpd_jail_enable=${dhcpd_jail_enable:-"NO"} # runs imprisoned? # dhcpd_hostname="" # jail hostname # dhcpd_ipaddress="" # jail ip address safe_run () # rc command [args...] { local _rc _rc=$1 shift if [ "${_rc}" -eq 0 ]; then debug safe_run: "$@" "$@" || _rc=1 else warn safe_run: "$@" fi return ${_rc} } precious () # entry... { local _entry _rc _rc=0 for _entry; do # do nothing if /dev, /var/run or /var/db echo ${_entry} | egrep -q '^//*(dev|var//*(run|db))?/*$' || _rc=1 done debug precious: "$@" rc=${_rc} return ${_rc} } lsmod () # user group file... { local _entry _user _group _rc _user=$1 _group=$2 shift 2 _rc=0 for _entry; do ls -ld ${_entry} 2> /dev/null | awk -v u=${_user} -v g=${_group} '{ exit ((u && $3 != u) || (g && $4 != g)) }' || _rc=1 done debug lsmod: "$@" rc=${_rc} return ${_rc} } safe_chmog () # entry... { local _entry _user _group _usergroup _rc _user=${dhcpd_withuser} _group=${dhcpd_withgroup} _rc=0 if [ -n "${_user}" -o -n "${_group}" ]; then _usergroup=${_user}${_group:+:${_group}} for _entry; do if [ -d ${_entry} ] && mounted ${_entry}; then continue fi if [ -e ${_entry} ] && ! precious ${_entry} && ! lsmod ${_user} ${_group} ${_entry} && ! safe_run ${_rc} chown ${_usergroup} ${_entry}; then warn "unable to change permissions of ${_entry}" _rc=1 fi done fi return ${_rc} } safe_mkdir () # dir... { local _dir _rc _rc=0 for _dir; do if [ ! -d ${_dir} ] && ! precious ${_dir} && ! safe_run ${_rc} mkdir -p ${_dir}; then err 1 "unable to create directory ${_dir}" _rc=1 fi done safe_run ${_rc} safe_chmog "$@" || _rc=1 return ${_rc} } safe_rmdir () # dir... { local _dir _rc _rc=0 for _dir; do if [ -d ${_dir} ] && ! precious ${_dir} && ! mounted ${_dir}; then if safe_run ${_rc} rmdir ${_dir}; then safe_run ${_rc} safe_rmdir ${_dir%/*} || _rc=1 else warn "unable to remove directory ${_dir}" _rc=1 fi fi done return ${_rc} } safe_touch () # file... { local _file _rc _rc=0 for _file; do if [ ! -e ${_file} ] && ! safe_run ${_rc} touch ${_file}; then err 1 "unable to create file ${_file}" _rc=1 fi done safe_run ${_rc} safe_chmog "$@" || _rc=1 return ${_rc} } safe_remove () # entry... { local _entry _rc _rc=0 for _entry; do if [ -f ${_entry} ]; then if ! safe_run ${_rc} rm -f ${_entry}; then warn "unable to remove file ${_entry}" _rc=1 fi elif [ -d ${_entry} ] && ! precious ${_entry} && ! mounted ${_entry}; then if ! safe_run ${_rc} rm -rf ${_entry}; then warn "unable to remove directory ${_entry}" _rc=1 fi fi done return ${_rc} } safe_copy () # src dst { local _src _dst _rc _src=$1 _dst=$2 _rc=0 if [ -f ${_src} ]; then if ! safe_run ${_rc} safe_remove ${_dst} || ! safe_run ${_rc} cp -p ${_src} ${_dst}; then err 1 "unable to copy file ${_src} to ${_dst}" _rc=1 fi safe_run ${_rc} safe_chmog ${_dst} || _rc=1 elif [ -d ${_src} ] && ! precious ${_dst} && ! mounted ${_dst}; then if ! safe_run ${_rc} pax -rw -pe -ts "|^${_src}||" \ ${_src} ${_dst}; then err 1 "unable to copy directory ${_src} to ${_dst}" _rc=1 fi else err 1 "unable to copy ${_src} to ${_dst}" \ "-- not a file or a directory" _rc=1 fi return ${_rc} } mounted () # dir... { local _rc _rc=1 if checkyesno dhcpd_devfs_enable || checkyesno dhcpd_jail_enable; then mount -t devfs | awk ' BEGIN { n = ARGC; ARGC = 2 } { for (i = 2; i != n; i++) if ($3 == ARGV[i]) exit 1 } ' - "$@" || _rc=0 fi debug mounted: "$@" rc=${_rc} return ${_rc} } safe_mount () # dir { local _dir _rc _dir=$1 _rc=0 if checkyesno dhcpd_devfs_enable && ! mounted ${_dir} && ! safe_run ${_rc} mount -t devfs devfs ${_dir}; then err 1 "unable to mount ${_dir}" _rc=1 fi return ${_rc} } safe_umount () # dir { local _dir _rc _dir=$1 _rc=0 if checkyesno dhcpd_devfs_enable && mounted ${_dir} && ! safe_run ${_rc} umount ${_dir}; then warn "unable to unmount ${_dir}" _rc=1 fi return ${_rc} } safe_useradd () { local _user _group _home _shell _gecos _user=$1 _group=$2 _gecos=${3:-"& daemon"} _home=${4:-/nonexistent} _shell=${5:-/usr/sbin/nologin} if [ -n "${_group}" ]; then if pw group show ${_group} 2>/dev/null; then echo "You already have a group \"${_group}\"," \ "so I will use it." elif pw groupadd ${_group} -h -; then echo "Added group \"${_group}\"." else echo "Adding group \"${_group}\" failed..." echo "Please create it, and try again." exit 1 fi fi if [ -n "${_user}" ]; then if pw user show ${_user} 2>/dev/null; then echo "You already have a user \"${_user}\"," \ "so I will use it." elif pw useradd ${_user} -g ${_group} -h - \ -d ${_home} -s ${_shell} -c "${_gecos}"; then echo "Added user \"${_user}\"." else echo "Adding user \"${_user}\" failed..." echo "Please create it, and try again." exit 1 fi fi } check_chuser () { if checkyesno paranoia; then if checkyesno dhcpd_chuser_enable && [ -z "${dhcpd_withuser}" -a -z "${dhcpd_withgroup}" ]; then err 1 "one of dhcpd_withuser and dhcpd_withgroup" \ "must be set if dhcpd_chuser_enable is enabled" fi else if checkyesno dhcpd_chuser_enable; then warn "dhcpd_chuser_enable disabled -- not compiled in" dhcpd_chuser_enable=NO fi fi } check_jail () { if checkyesno paranoia && checkyesno jail; then if checkyesno dhcpd_jail_enable && ! checkyesno dhcpd_chroot_enable; then warn "dhcpd_chroot_enable implied by dhcpd_jail_enable" dhcpd_chroot_enable=YES fi if checkyesno dhcpd_jail_enable && [ -n "${dhcpd_hostname}" -a -z "${dhcpd_ipaddress}" ] || [ -z "${dhcpd_hostname}" -a -n "${dhcpd_ipaddress}" ]; then err 1 "both dhcpd_hostname and dhcpd_ipaddress" \ "must be set if dhcpd_jail_enable is enabled" fi else if checkyesno dhcpd_jail_enable; then warn "dhcpd_jail_enable disabled -- not compiled in" dhcpd_jail_enable=NO fi fi } check_chroot () { if checkyesno paranoia; then if checkyesno dhcpd_chroot_enable; then if [ -z "${dhcpd_rootdir}" ]; then err 1 "dhcpd_rootdir must be set" \ "if dhcpd_chroot_enable is enabled" fi if checkyesno dhcpd_devfs_enable && checkyesno dhcpd_makedev_enable; then err 1 "dhcpd_devfs_enable and dhcpd_makedev_enable" \ "are mutually exclusive. enable only one!" fi if test `uname -r | cut -c 1` -le 6; then if checkyesno dhcpd_devfs_enable && ! ( type mount_devfs ) > /dev/null 2>&1; then warn "dhcpd_devfs_enable disabled" \ "-- not available" dhcpd_devfs_enable=NO fi fi if checkyesno dhcpd_makedev_enable && ! [ -x ${__dhcpd_devdir}/MAKEDEV ]; then warn "dhcpd_makedev_enable disabled" \ "-- not available" dhcpd_makedev_enable=NO fi else dhcpd_devfs_enable=NO dhcpd_makedev_enable=NO fi else if checkyesno dhcpd_chroot_enable; then warn "dhcpd_chroot_enable disabled -- not compiled in" dhcpd_chroot_enable=NO fi dhcpd_devfs_enable=NO dhcpd_makedev_enable=NO fi } rcvar_chuser () { if checkyesno paranoia && checkyesno dhcpd_chuser_enable; then dhcpd_piddir=${__dhcpd_piddir}/${name} dhcpd_leasesdir=${__dhcpd_leasesdir}/${name} else dhcpd_withuser= dhcpd_withgroup= fi } rcvar_jail () { if ! checkyesno paranoia || ! checkyesno jail || ! checkyesno dhcpd_jail_enable; then dhcpd_hostname= dhcpd_ipaddress= fi } rcvar_chroot () { if ! checkyesno paranoia || ! checkyesno dhcpd_chroot_enable; then dhcpd_rootdir= elif checkyesno paranoia && checkyesno dhcpd_chroot_enable; then dhcpd_devdir=${__dhcpd_devdir} dhcpd_etcdir=${__dhcpd_etcdir} fi } rcvar_pidnleases () { if ! checkyesno dhcpd_chuser_enable; then dhcpd_piddir=${__dhcpd_piddir} dhcpd_leasesdir=${__dhcpd_leasesdir} fi dhcpd_pidfile=${dhcpd_piddir}/${name}.pid dhcpd_leasesfile=${dhcpd_leasesdir}/${name}.leases dhcpd_conffile=${dhcpd_conf} # for convenience only dhcpd_confdir=$(dirname ${dhcpd_conffile}) } rcvar_rooted () { _dhcpd_rootdir=${dhcpd_rootdir} _dhcpd_devdir=${dhcpd_rootdir}${dhcpd_devdir} _dhcpd_etcdir=${dhcpd_rootdir}${dhcpd_etcdir} _dhcpd_confdir=${dhcpd_rootdir}${dhcpd_confdir} _dhcpd_includedir=${dhcpd_rootdir}${dhcpd_includedir} _dhcpd_piddir=${dhcpd_rootdir}${dhcpd_piddir} _dhcpd_leasesdir=${dhcpd_rootdir}${dhcpd_leasesdir} _dhcpd_conffile=${dhcpd_rootdir}${dhcpd_conffile} _dhcpd_pidfile=${dhcpd_rootdir}${dhcpd_pidfile} _dhcpd_leasesfile=${dhcpd_rootdir}${dhcpd_leasesfile} } setup_compat () { local dhcpd_rcconf # suck in old configuration file and variables # dhcpd_rcconf=${dhcpd_confdir}/rc.isc-dhcpd.conf if [ -f ${dhcpd_rcconf} ]; then warn "${dhcpd_rcconf} is obsolete, use /etc/rc.conf and/or" \ "/etc/rc.conf.d/${name} instead." . ${dhcpd_rcconf} if [ -n "${dhcpd_options}" -a -z "${rc_flags}" ]; then warn "dhcpd_options is obsolete," \ "use dhcpd_flags instead." rc_flags=${dhcpd_options} fi fi } setup_umask () { if [ -n "${dhcpd_withumask}" ]; then umask ${dhcpd_withumask} fi } setup_chroot () { local _mdev _hconf _hosts _ltime _rconf _mdev=MAKEDEV _hconf=host.conf _hosts=hosts _ltime=localtime _rconf=resolv.conf if checkyesno paranoia && checkyesno dhcpd_chroot_enable; then if ! mounted ${_dhcpd_devdir}; then safe_mkdir ${_dhcpd_devdir}/_ # XXX /_ hack! so, .../dev is root owned. fi safe_mkdir ${_dhcpd_rootdir} ${_dhcpd_etcdir}/_ ${_dhcpd_confdir} # XXX /_ hack! so, .../etc is root owned. if checkyesno dhcpd_devfs_enable; then safe_mount ${_dhcpd_devdir} elif checkyesno dhcpd_makedev_enable; then safe_copy ${dhcpd_devdir}/$_mdev ${_dhcpd_devdir}/$_mdev safe_run 0 sh -c "cd ${_dhcpd_devdir} && ./$_mdev jail bpf4" else safe_copy ${dhcpd_devdir} ${_dhcpd_devdir} fi safe_copy ${dhcpd_conffile} ${_dhcpd_conffile} safe_copy ${dhcpd_etcdir}/$_hconf ${_dhcpd_etcdir}/$_hconf safe_copy ${dhcpd_etcdir}/$_hosts ${_dhcpd_etcdir}/$_hosts safe_copy ${dhcpd_etcdir}/$_ltime ${_dhcpd_etcdir}/$_ltime safe_copy ${dhcpd_etcdir}/$_rconf ${_dhcpd_etcdir}/$_rconf # copy dhcpd_includedir if defined and available if [ -d "${dhcpd_includedir}" ]; then safe_mkdir ${_dhcpd_includedir} safe_copy ${dhcpd_includedir} ${_dhcpd_includedir} fi fi } setup_chuser () { if checkyesno paranoia && { checkyesno dhcpd_chuser_enable || checkyesno dhcpd_chroot_enable }; then safe_mkdir ${_dhcpd_piddir} ${_dhcpd_leasesdir} fi } setup_leases () { safe_touch ${_dhcpd_leasesfile} } setup_flags () { if [ -n "${dhcpd_conf}" ]; then rc_flags="${rc_flags} -cf ${dhcpd_conf}" fi if [ -n "${dhcpd_leasesfile}" ]; then rc_flags="${rc_flags} -lf ${dhcpd_leasesfile}" fi if [ -n "${dhcpd_pidfile}" ]; then rc_flags="${rc_flags} -pf ${dhcpd_pidfile}" fi if [ -n "${dhcpd_withuser}" ]; then rc_flags="${rc_flags} -user ${dhcpd_withuser}" fi if [ -n "${dhcpd_withgroup}" ]; then rc_flags="${rc_flags} -group ${dhcpd_withgroup}" fi if [ -n "${dhcpd_rootdir}" ]; then rc_flags="${rc_flags} -chroot ${dhcpd_rootdir}" fi if [ -n "${dhcpd_hostname}" -a -n "${dhcpd_ipaddress}" ]; then rc_flags="${rc_flags} -jail ${dhcpd_hostname} ${dhcpd_ipaddress}" fi rc_flags="${rc_flags} ${dhcpd_ifaces}" } cleanup_chroot () { if checkyesno paranoia && checkyesno dhcpd_chroot_enable; then safe_umount ${_dhcpd_devdir} fi } dhcpd_stop () { if sh $0 forcestatus; then sh $0 forcestop fi } remove_pid () { if [ -e ${_dhcpd_pidfile} ]; then warn "${_dhcpd_pidfile} still exists! -- removing anyway" fi safe_remove ${_dhcpd_pidfile} } remove_leases () { if [ -s ${_dhcpd_leasesfile} ]; then warn "${_dhcpd_leasesfile} not empty -- not removed --" \ "futher warning messages expected, don't care." else safe_remove ${_dhcpd_leasesfile} ${_dhcpd_leasesfile}~ fi } remove_chuser () { if checkyesno paranoia && { checkyesno dhcpd_chuser_enable || checkyesno dhcpd_chroot_enable }; then safe_rmdir ${_dhcpd_piddir} ${_dhcpd_leasesdir} fi } remove_chroot () { if checkyesno paranoia && checkyesno dhcpd_chroot_enable; then safe_remove ${_dhcpd_conffile} ${_dhcpd_includedir} \ ${_dhcpd_etcdir} if checkyesno dhcpd_devfs_enable; then safe_umount ${_dhcpd_devdir} safe_rmdir ${_dhcpd_devdir}/_ # XXX /_ hack! elif checkyesno dhcpd_jail_enable; then if ! mounted ${_dhcpd_devdir}; then safe_remove ${_dhcpd_devdir} fi else safe_remove ${_dhcpd_devdir} fi safe_rmdir ${_dhcpd_confdir} ${_dhcpd_rootdir} # XXX /_ hack! fi } dhcpd_check () { check_chuser check_jail check_chroot } dhcpd_rcvar () { rcvar_chuser rcvar_jail rcvar_chroot rcvar_pidnleases rcvar_rooted } dhcpd_precmd () { setup_compat setup_umask setup_chroot setup_chuser setup_leases setup_flags } dhcpd_postcmd () { cleanup_chroot } dhcpd_install () { if checkyesno paranoia; then safe_useradd "${dhcpd_withuser}" "${dhcpd_withgroup}" \ "DHCP Daemon" fi } _dhcpd_uninstall () # user group root { local _user _group _root _user=$1 _group=$2 _root=$3 if [ -n "${_user}" -o -n "${_group}" ]; then dhcpd_chuser_enable=YES dhcpd_withuser=${_user} dhcpd_withgroup=${_group} else dhcpd_chuser_enable=NO fi if [ -n "${_root}" ]; then dhcpd_chroot_enable=YES dhcpd_rootdir=${_root} else dhcpd_chroot_enable=NO fi dhcpd_check dhcpd_rcvar dhcpd_uninstall } dhcpd_uninstall () { if checkyesno __dhcpd_uninstall; then dhcpd_stop remove_pid remove_leases remove_chuser remove_chroot else local _user _group _root __dhcpd_uninstall=YES _user=${dhcpd_withuser} _group=${dhcpd_withgroup} _root=${dhcpd_rootdir} _dhcpd_uninstall "" "" "" if checkyesno paranoia; then if [ -n "${_user}" -o -n "${_group}" ]; then _dhcpd_uninstall "${_user}" "${_group}" "" fi if [ -n "${_root}" ]; then _dhcpd_uninstall "" "" "${_root}" fi if [ -n "${_user}" -o -n "${_group}" ] && [ -n "${_root}" ]; then _dhcpd_uninstall "${_user}" "${_group}" "${_root}" fi fi fi } +dhcpd_checkconfig () +{ + local rc_flags_mod + setup_flags + rc_flags_mod="$rc_flags" + # Eliminate '-q' flag if it is present + case "$rc_flags" in + "-q") rc_flags_mod=`echo "$(rc_flags)" | sed -Ee 's/(^-q|-q|-q$)'//` ;; + esac + if ! ${command} -t -q ${rc_flags_mod}; then + err 1 "`${command} -t ${rc_flags_mod}` Configuration file sanity check failed" + fi +} + rcvar=${name}_enable load_rc_config ${name} __dhcpd_uninstall="NO" # internal use only __dhcpd_devdir=/dev # devices directory __dhcpd_etcdir=/etc # etc directory __dhcpd_piddir=/var/run # pid file directory __dhcpd_leasesdir=/var/db # leases file directory #__dhcpd_rootdir=/var/db/${name} # root directory dhcpd_check dhcpd_rcvar command=%%PREFIX%%/sbin/${name} pidfile=${_dhcpd_pidfile} required_files=${dhcpd_conf} start_precmd=${name}_precmd stop_postcmd=${name}_postcmd +restart_precmd="dhcpd_checkconfig" install_cmd=dhcpd_install uninstall_cmd=dhcpd_uninstall extra_commands="install uninstall" # Override /etc/rc.subr JID determiniation, because it doesn't # work when we launch dhcpd in a jail. if checkyesno dhcpd_jail_enable ; then read pid junk < $pidfile 2>/dev/null [ -n "$pid" ] && JID=`ps -o jid= -p $pid` fi run_rc_command "$1" Property changes on: head/net/isc-dhcp31-server/files/isc-dhcpd.in ___________________________________________________________________ Modified: cvs2svn:cvs-rev ## -1 +1 ## -1.5 \ No newline at end of property +1.6 \ No newline at end of property Index: head/net/isc-dhcp31-server/files/patch-server::dhcpd.c =================================================================== --- head/net/isc-dhcp31-server/files/patch-server::dhcpd.c (revision 238470) +++ head/net/isc-dhcp31-server/files/patch-server::dhcpd.c (revision 238471) @@ -1,288 +1,297 @@ ---- server/dhcpd.c.orig Thu Jun 10 19:59:52 2004 -+++ server/dhcpd.c Fri Jun 25 15:49:09 2004 +--- server/dhcpd.c.orig 2009-07-18 12:17:49.000000000 +0000 ++++ server/dhcpd.c 2009-07-18 12:16:17.000000000 +0000 @@ -47,6 +47,22 @@ #include "version.h" #include +#if defined (PARANOIA) +#include +#include +#include +/* get around the ISC declaration of group */ +#define group real_group +#include +#undef group +#endif /* PARANOIA */ +#if defined (JAIL) +#include +#include +#include +#include +#endif /* JAIL */ + static void usage PROTO ((void)); - TIME cur_time; -@@ -195,6 +211,35 @@ + struct iaddr server_identifier; +@@ -193,6 +209,46 @@ omapi_object_dereference (&listener, MDL); } +#if defined (PARANOIA) +/* to be used in one of two possible scenarios */ +static void setup_chroot (char *chroot_dir) +{ + if (geteuid ()) + log_fatal ("you must be root to use chroot"); + if (chroot (chroot_dir)) + log_fatal ("chroot(\"%s\"): %m", chroot_dir); + if (chdir ("/")) + /* probably permission denied */ + log_fatal ("chdir(\"/\"): %m"); +} +#endif /* PARANOIA */ + +#if defined (JAIL) -+static void setup_jail (char *chroot_dir, char *hostname, u_int32_t ip_number) ++#if !defined(JAIL_API_VERSION) ++#define JAIL_API_VERSION 0 ++#endif ++static void setup_jail (char *chroot_dir, char *hostname, struct in_addr ip_addr) +{ + struct jail j; + -+ j.version = 0; ++ memset(&j, 0, sizeof(j)); ++ j.version = JAIL_API_VERSION; + j.path = chroot_dir; + j.hostname = hostname; -+ j.ip_number = ip_number; ++#if JAIL_API_VERSION == 0 ++ j.ip_number = ntoh1(ip_addr.s_addr); ++#elif JAIL_API_VERSION ==2 ++ j.ip4s = 1; ++ j.ip4 = &ip_addr; ++#else ++#error Unsupported jail API ++#endif + + if (jail (&j) < 0) + log_fatal ("jail(%s, %s): %m", chroot_dir, hostname); +} +#endif /* JAIL */ + int main (argc, argv, envp) int argc; char **argv, **envp; -@@ -227,6 +272,25 @@ +@@ -225,6 +281,25 @@ char *traceinfile = (char *)0; char *traceoutfile = (char *)0; #endif +#if defined (PARANOIA) + char *set_user = 0; + char *set_group = 0; + uid_t set_uid = 0; + gid_t set_gid = 0; + int early_chroot = 0; + int no_dhcpd_user = 0; + int no_dhcpd_group = 0; +#endif /* PARANOIA */ +#if defined (PARANOIA) || defined (JAIL) + char *set_chroot = 0; + int no_dhcpd_chroot = 0; +#endif /* PARANOIA || JAIL */ +#if defined (JAIL) + char *set_jail = 0; -+ u_int32_t jail_ip_address = 0; /* Good as long as it's IPv4 ... */ ++ struct in_addr jail_ip_address; + int no_dhcpd_jail = 0; + char *s2; +#endif /* JAIL */ - /* Make sure we have stdin, stdout and stderr. */ - status = open ("/dev/null", O_RDWR); -@@ -289,6 +353,39 @@ + /* Make sure that file descriptors 0 (stdin), 1, (stdout), and + 2 (stderr) are open. To do this, we assume that when we +@@ -290,6 +365,38 @@ if (++i == argc) usage (); server = argv [i]; +#if defined (PARANOIA) + } else if (!strcmp (argv [i], "-user")) { + if (++i == argc) + usage (); + set_user = argv [i]; + no_dhcpd_user = 1; + } else if (!strcmp (argv [i], "-group")) { + if (++i == argc) + usage (); + set_group = argv [i]; + no_dhcpd_group = 1; + } else if (!strcmp (argv [i], "-early_chroot")) { + early_chroot = 1; +#endif /* PARANOIA */ +#if defined (PARANOIA) || defined (JAIL) + } else if (!strcmp (argv [i], "-chroot")) { + if (++i == argc) + usage (); + set_chroot = argv [i]; + no_dhcpd_chroot = 1; +#endif /* PARANOIA || JAIL */ +#if defined (JAIL) + } else if (!strcmp (argv [i], "-jail")) { + if (++i == argc) + usage (); + set_jail = argv [i]; + if (++i == argc) + usage (); + if (inet_pton (AF_INET, argv[i], &jail_ip_address) < 0) + log_fatal ("invalid ip address: %s", argv[i]); -+ jail_ip_address = ntohl (jail_ip_address); + no_dhcpd_jail = 1; +#endif /* JAIL */ } else if (!strcmp (argv [i], "-cf")) { if (++i == argc) usage (); -@@ -366,6 +463,28 @@ +@@ -367,6 +474,27 @@ if (!no_dhcpd_pid && (s = getenv ("PATH_DHCPD_PID"))) { path_dhcpd_pid = s; } +#if defined (PARANOIA) + if (!no_dhcpd_user && (s = getenv ("DHCPD_USER"))) { + set_user = s; + } + if (!no_dhcpd_group && (s = getenv ("DHCPD_GROUP"))) { + set_group = s; + } +#endif /* PARANOIA */ +#if defined (PARANOIA) || defined (JAIL) + if (!no_dhcpd_chroot && (s = getenv ("PATH_DHCPD_CHROOT"))) { + set_chroot = s; + } +#endif /* PARANOIA || JAIL */ +#if defined (JAIL) + if (!no_dhcpd_jail && (s = getenv ("DHCPD_JAIL_HOSTNAME")) && + (s2 = getenv ("DHCPD_JAIL_IPADDRESS"))) { + set_jail = s; + if (inet_pton (AF_INET, s2, &jail_ip_address) < 0) + log_fatal ("invalid ip address: %s", s2); -+ jail_ip_address = ntohl (jail_ip_address); + } +#endif /* JAIL */ if (!quiet) { log_info ("%s %s", message, DHCP_VERSION); -@@ -388,6 +507,57 @@ +@@ -393,6 +521,57 @@ trace_seed_stop, MDL); #endif +#if defined (PARANOIA) + /* get user and group info if those options were given */ + if (set_user) { + struct passwd *tmp_pwd; + + if (geteuid ()) + log_fatal ("you must be root to set user"); + + if (!(tmp_pwd = getpwnam (set_user))) + log_fatal ("no such user: %s", set_user); + + set_uid = tmp_pwd->pw_uid; + + /* use the user's group as the default gid */ + if (!set_group) + set_gid = tmp_pwd->pw_gid; + } + + if (set_group) { +/* get around the ISC declaration of group */ +#define group real_group + struct group *tmp_grp; + + if (geteuid ()) + log_fatal ("you must be root to set group"); + + if (!(tmp_grp = getgrnam (set_group))) + log_fatal ("no such group: %s", set_group); + + set_gid = tmp_grp->gr_gid; +#undef group + } +#endif /* PARANOIA */ +#if defined (JAIL) + if (set_jail) { + /* Initialize icmp support... */ + if (!cftest && !lftest) + icmp_startup (1, lease_pinged); + if(!set_chroot) + set_chroot = "/"; + setup_jail (set_chroot, set_jail, jail_ip_address); + } +#endif /* JAIL */ +#if defined (PARANOIA) && defined (JAIL) + else +#endif /* PARANOIA && JAIL */ +#if defined (PARANOIA) + if (early_chroot && set_chroot) + setup_chroot (set_chroot); +#endif /* PARANOIA */ + /* Default to the DHCP/BOOTP port. */ if (!local_port) { -@@ -462,6 +632,9 @@ +@@ -467,6 +646,9 @@ #endif /* Initialize icmp support... */ +#if defined (JAIL) + if (!set_jail) +#endif /* JAIL */ if (!cftest && !lftest) icmp_startup (1, lease_pinged); -@@ -491,6 +664,14 @@ +@@ -496,6 +678,14 @@ postconf_initialization (quiet); +#if defined (PARANOIA) +#if defined (JAIL) + if (!set_jail) +#endif /* JAIL */ + if (!early_chroot && set_chroot) + setup_chroot (set_chroot); +#endif /* PARANOIA */ + /* test option should cause an early exit */ if (cftest && !lftest) exit(0); -@@ -533,7 +714,22 @@ +@@ -538,7 +728,22 @@ else if (pid) exit (0); } + +#if defined (PARANOIA) + /* change uid to the specified one */ + if (set_gid) { + if (setgroups (0, (void *)0)) + log_fatal ("setgroups: %m"); + if (setgid (set_gid)) + log_fatal ("setgid(%d): %m", (int) set_gid); + } + if (set_uid) { + if (setuid (set_uid)) + log_fatal ("setuid(%d): %m", (int) set_uid); + } +#endif /* PARANOIA */ + /* Read previous pid file. */ if ((i = open (path_dhcpd_pid, O_RDONLY)) >= 0) { - status = read (i, pbuf, (sizeof pbuf) - 1); -@@ -877,8 +1073,24 @@ + status = read(i, pbuf, (sizeof pbuf) - 1); +@@ -877,8 +1082,24 @@ log_info (copyright); log_info (arr); - log_fatal ("Usage: dhcpd [-p ] [-d] [-f]%s%s%s%s", + log_fatal ("Usage: dhcpd [-p ] [-d] [-f]%s%s%s%s%s%s%s", "\n [-cf config-file] [-lf lease-file]", + +#if defined (PARANOIA) + /* meld into the following string */ + "\n [-user user] [-group group]", + "\n [-chroot dir] [-early_chroot]", +#else /* PARANOIA */ + "", "", +#endif /* PARANOIA */ + +#if defined (JAIL) + /* then also these ones */ + "\n [-jail name ip]", +#else /* JAIL */ + "", +#endif /* JAIL */ + #if defined (TRACING) "\n [-tf trace-output-file]", "\n [-play trace-input-file]", Property changes on: head/net/isc-dhcp31-server/files/patch-server::dhcpd.c ___________________________________________________________________ Modified: cvs2svn:cvs-rev ## -1 +1 ## -1.3 \ No newline at end of property +1.4 \ No newline at end of property