From owner-freebsd-ports-bugs@FreeBSD.ORG  Sun May 30 20:20:42 2004
Return-Path: <owner-freebsd-ports-bugs@FreeBSD.ORG>
Delivered-To: freebsd-ports-bugs@hub.freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id ECFCA16A4CE
	for <freebsd-ports-bugs@hub.freebsd.org>;
	Sun, 30 May 2004 20:20:42 -0700 (PDT)
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 6C84543D1D
	for <freebsd-ports-bugs@hub.freebsd.org>;
	Sun, 30 May 2004 20:20:42 -0700 (PDT)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	i4V3KXYf018669	for <freebsd-ports-bugs@freefall.freebsd.org>;
	Sun, 30 May 2004 20:20:33 -0700 (PDT)
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.12.11/8.12.11/Submit) id i4V3KXI7018663;
	Sun, 30 May 2004 20:20:33 -0700 (PDT)
	(envelope-from gnats)
Resent-Date: Sun, 30 May 2004 20:20:33 -0700 (PDT)
Resent-Message-Id: <200405310320.i4V3KXI7018663@freefall.freebsd.org>
Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer)
Resent-To: freebsd-ports-bugs@FreeBSD.org
Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org,
	Cyrille Lefevre <cyrille.lefevre@laposte.net>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 8287116A4CF
	for <FreeBSD-gnats-submit@freebsd.org>;
	Sun, 30 May 2004 20:18:56 -0700 (PDT)
Received: from ioskeha.hittite.isp.9tel.net (ioskeha.hittite.isp.9tel.net
	[62.62.156.27])	by mx1.FreeBSD.org (Postfix) with ESMTP id 3076343D58
	for <FreeBSD-gnats-submit@freebsd.org>;
	Sun, 30 May 2004 20:18:55 -0700 (PDT)
	(envelope-from cyrille.lefevre@laposte.net)
Received: from mail.gits.dyndns.org (200-62-118-80.kaptech.net
	[80.118.62.200])
	by ioskeha.hittite.isp.9tel.net (Postfix) with ESMTP id 3ADE217B432
	for <FreeBSD-gnats-submit@freebsd.org>;
	Mon, 31 May 2004 05:19:15 +0200 (CEST)
Received: from gits.gits.fr.invalid (IDENT:yax3b1vrqn504xe0@localhost
	[127.0.0.1])i4V2I6VX068590	for <FreeBSD-gnats-submit@freebsd.org>;
	Mon, 31 May 2004 04:18:22 +0200 (CEST)
	(envelope-from cyrille.lefevre@laposte.net)
Received: by gits.gits.fr.invalid (tmda-sendmail, from uid 0);
	Mon, 31 May 2004 04:18:06 +0200 (CEST)
Message-Id: <20040531021759.GA49177@gits.dyndns.org>
Date: Mon, 31 May 2004 04:17:59 +0200
From: Cyrille Lefevre <cyrille.lefevre@laposte.net>
To: FreeBSD-gnats-submit@FreeBSD.org
X-Send-Pr-Version: 3.113
cc: Ari Edelkind <edelkind@phri.nyu.edu>
cc: Andrea Cocito <andrea.cocito@ieo-research.it>
Subject: ports/67407: Maintainer update: net/isc-dhcp3-server (paranoia and
	jail patch)
X-BeenThere: freebsd-ports-bugs@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
Reply-To: Cyrille Lefevre <cyrille.lefevre@laposte.net>
List-Id: Ports bug reports <freebsd-ports-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports-bugs>,
	<mailto:freebsd-ports-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports-bugs>
List-Post: <mailto:freebsd-ports-bugs@freebsd.org>
List-Help: <mailto:freebsd-ports-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports-bugs>,
	<mailto:freebsd-ports-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 31 May 2004 03:20:43 -0000


>Number:         67407
>Category:       ports
>Synopsis:       Maintainer update: net/isc-dhcp3-server (paranoia and jail patch)
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          maintainer-update
>Submitter-Id:   current-users
>Arrival-Date:   Sun May 30 20:20:32 PDT 2004
>Closed-Date:
>Last-Modified:
>Originator:     Cyrille Lefevre
>Release:        FreeBSD 5.2-CURRENT i386
>Organization:
ACME
>Environment:
System: FreeBSD gits 5.2-CURRENT FreeBSD 5.2-CURRENT #28: Thu May 13 00:19:50 CEST 2004 root@gits:/disk3/freebsd/current/obj/disk3/freebsd/current/src/sys/CUSTOM i386
>Description:
	to the auhors patches (CC'ed), if you have no objection, I
	dissociated the paranoia patch from the jail one. you can
	now choose between both -DPARANOIA -DJAIL, -DPARANOIA only
	or -DJAIL only.

	Makefile
		PORTREVISION bumped
		WITHOUT_DHCP_PARANOIA and WITHOUT_DHCP_JAIL added.
	pkg-message
		updated to inform about the new options.
	files/patch-server::dhcpd.c
		new file
>How-To-Repeat:
	n/a
>Fix:
	take care, this patch is in two parts, the first
	one againt /dev/null and the second one a cvs diff.

--- /dev/null	Sun May 30 23:25:55 2004
+++ files/patch-server::dhcpd.c	Sun May 30 23:14:45 2004
@@ -0,0 +1,250 @@
+--- server/dhcpd.c.orig	Wed Jan 15 00:15:24 2003
++++ server/dhcpd.c	Sun May 30 23:14:42 2004
+@@ -56,6 +56,22 @@
+ #include "version.h"
+ #include <omapip/omapip_p.h>
+ 
++#if defined (PARANOIA)
++#include <sys/types.h>
++#include <unistd.h>
++#include <pwd.h>
++/* get around the ISC declaration of group */
++#define group real_group 
++#include <grp.h>
++#undef group
++#endif /* PARANOIA */
++#if defined (JAIL)
++#include <sys/param.h>
++#include <sys/jail.h>
++#include <netinet/in.h>
++#include <arpa/inet.h>
++#endif /* JAIL */
++
+ static void usage PROTO ((void));
+ 
+ TIME cur_time;
+@@ -204,6 +220,35 @@
+ 	omapi_object_dereference (&listener, MDL);
+ }
+ 
++#if defined (PARANOIA)
++/* to be used in one of two possible scenarios */
++static void setup_chroot (char *chroot_dir)
++{
++	if (geteuid ())
++		log_fatal ("you must be root to use chroot");
++	if (chroot (chroot_dir))
++		log_fatal ("chroot(\"%s\"): %m", chroot_dir);
++	if (chdir ("/"))
++		/* probably permission denied */
++		log_fatal ("chdir(\"/\"): %m");
++}
++#endif /* PARANOIA */
++
++#if defined (JAIL)
++static void setup_jail (char *chroot_dir, char *hostname, u_int32_t ip_number)
++{
++      struct jail j;
++
++      j.version = 0;
++      j.path = chroot_dir;
++      j.hostname = hostname;
++      j.ip_number = ip_number;
++
++      if (jail (&j) < 0)
++              log_fatal ("jail(%s, %s): %m", chroot_dir, hostname);
++}
++#endif /* JAIL */
++
+ int main (argc, argv, envp)
+ 	int argc;
+ 	char **argv, **envp;
+@@ -236,6 +281,20 @@
+ 	char *traceinfile = (char *)0;
+ 	char *traceoutfile = (char *)0;
+ #endif
++#if defined (PARANOIA)
++	char *set_user   = 0;
++	char *set_group  = 0;
++	uid_t set_uid = 0;
++	gid_t set_gid = 0;
++	int early_chroot = 0;
++#endif /* PARANOIA */
++#if defined (PARANOIA) || defined (JAIL)
++	char *set_chroot = 0;
++#endif /* PARANOIA || JAIL */
++#if defined (JAIL)
++	char *set_jail = 0;
++	u_int32_t jail_ip_address = 0; /* Good as long as it's IPv4 ... */
++#endif /* JAIL */
+ 
+ 	/* Make sure we have stdin, stdout and stderr. */
+ 	status = open ("/dev/null", O_RDWR);
+@@ -298,6 +357,35 @@
+ 			if (++i == argc)
+ 				usage ();
+ 			server = argv [i];
++#if defined (PARANOIA)
++		} else if (!strcmp (argv [i], "-user")) {
++			if (++i == argc)
++				usage ();
++			set_user = argv [i];
++		} else if (!strcmp (argv [i], "-group")) {
++			if (++i == argc)
++				usage ();
++			set_group = argv [i];
++		} else if (!strcmp (argv [i], "-early_chroot")) {
++			early_chroot = 1;
++#endif /* PARANOIA */
++#if defined (PARANOIA) || defined (JAIL)
++		} else if (!strcmp (argv [i], "-chroot")) {
++			if (++i == argc)
++				usage ();
++			set_chroot = argv [i];
++#endif /* PARANOIA || JAIL */
++#if defined (JAIL)
++		} else if (!strcmp (argv [i], "-jail")) {
++			if (++i == argc)
++				usage ();
++			set_jail = argv [i];
++			if (++i == argc)
++				usage ();
++			if (ascii2addr (AF_INET, argv[i], &jail_ip_address) < 0)
++				usage();
++			jail_ip_address = ntohl (jail_ip_address);
++#endif /* JAIL */
+ 		} else if (!strcmp (argv [i], "-cf")) {
+ 			if (++i == argc)
+ 				usage ();
+@@ -397,6 +485,57 @@
+ 					     trace_seed_stop, MDL);
+ #endif
+ 
++#if defined (PARANOIA)
++	/* get user and group info if those options were given */
++	if (set_user) {
++		struct passwd *tmp_pwd;
++
++		if (geteuid ())
++			log_fatal ("you must be root to set user");
++
++		if (!(tmp_pwd = getpwnam (set_user)))
++			log_fatal ("no such user: %s", set_user);
++
++		set_uid = tmp_pwd->pw_uid;
++
++		/* use the user's group as the default gid */
++		if (!set_group)
++			set_gid = tmp_pwd->pw_gid;
++	}
++
++	if (set_group) {
++/* get around the ISC declaration of group */
++#define group real_group
++		struct group *tmp_grp;
++
++		if (geteuid ())
++			log_fatal ("you must be root to set group");
++
++		if (!(tmp_grp = getgrnam (set_group)))
++			log_fatal ("no such group: %s", set_group);
++
++		set_gid = tmp_grp->gr_gid;
++#undef group
++	}
++#endif /* PARANOIA */
++#if defined (JAIL)
++	if (set_jail) {
++		/* Initialize icmp support... */
++		if (!cftest && !lftest)
++			icmp_startup (1, lease_pinged);
++		if(!set_chroot)
++			set_chroot = "/";
++		setup_jail (set_chroot, set_jail, jail_ip_address);
++	}
++#endif /* JAIL */
++#if defined (PARANOIA) && defined (JAIL)
++	else
++#endif /* PARANOIA && JAIL */
++#if defined (PARANOIA)
++	if (early_chroot && set_chroot)
++		setup_chroot (set_chroot);
++#endif /* PARANOIA */
++
+ 	/* Default to the DHCP/BOOTP port. */
+ 	if (!local_port)
+ 	{
+@@ -471,6 +610,9 @@
+ #endif
+ 
+ 	/* Initialize icmp support... */
++#if defined (JAIL)
++	if (!set_jail)
++#endif /* JAIL */
+ 	if (!cftest && !lftest)
+ 		icmp_startup (1, lease_pinged);
+ 
+@@ -500,6 +642,14 @@
+ 
+ 	postconf_initialization (quiet);
+ 
++#if defined (PARANOIA)
++#if defined (JAIL)
++	if (!set_jail)
++#endif /* JAIL */
++	if (!early_chroot && set_chroot)
++		setup_chroot (set_chroot);
++#endif /* PARANOIA */
++
+         /* test option should cause an early exit */
+  	if (cftest && !lftest) 
+  		exit(0);
+@@ -542,7 +692,22 @@
+ 		else if (pid)
+ 			exit (0);
+ 	}
++  
++#if defined (PARANOIA)
++	/* change uid to the specified one */
++	if (set_gid) {
++		if (setgroups (0, (void *)0))
++			log_fatal ("setgroups: %m");
++		if (setgid (set_gid))
++			log_fatal ("setgid(%d): %m", (int) set_gid);
++	}
+ 
++	if (set_uid) {
++		if (setuid (set_uid))
++			log_fatal ("setuid(%d): %m", (int) set_uid);
++	}
++#endif /* PARANOIA */
++  
+ 	/* Read previous pid file. */
+ 	if ((i = open (path_dhcpd_pid, O_RDONLY)) >= 0) {
+ 		status = read (i, pbuf, (sizeof pbuf) - 1);
+@@ -886,8 +1051,24 @@
+ 	log_info (copyright);
+ 	log_info (arr);
+ 
+-	log_fatal ("Usage: dhcpd [-p <UDP port #>] [-d] [-f]%s%s%s%s",
++	log_fatal ("Usage: dhcpd [-p <UDP port #>] [-d] [-f]%s%s%s%s%s%s%s",
+ 		   "\n             [-cf config-file] [-lf lease-file]",
++
++#if defined (PARANOIA)
++		   /* meld into the following string */
++		   "\n             [-user user] [-group group]",
++		   "\n             [-chroot dir] [-early_chroot]",
++#else /* PARANOIA */
++		   "", "",
++#endif /* PARANOIA */
++
++#if defined (JAIL)
++		   /* then also these ones */
++		   "\n             [-jail name ip]",
++#else /* JAIL */
++		   "",
++#endif /* JAIL */
++
+ #if defined (TRACING)
+ 		   "\n		   [-tf trace-output-file]",
+ 		   "\n		   [-play trace-input-file]",
Index: Makefile
===================================================================
RCS file: /home/ncvs/ports/net/isc-dhcp3-server/Makefile,v
retrieving revision 1.94
diff -u -I$Id.*$ -I$.+BSD.*$ -r1.94 Makefile
--- Makefile	22 Mar 2004 23:33:08 -0000	1.94
+++ Makefile	31 May 2004 00:37:55 -0000
@@ -8,7 +8,7 @@
 
 PORTNAME=	dhcp
 PORTVERSION=	3.0.1.r12
-PORTREVISION=	2
+PORTREVISION=	3
 CATEGORIES=	net
 MASTER_SITES=	${MASTER_SITE_ISC}
 MASTER_SITE_SUBDIR=	dhcp dhcp/dhcp-3.0-history
@@ -117,15 +117,12 @@
 RCSCRIPTS_SUB=	PREFIX=${PREFIX} RC_SUBR=${RC_SUBR}
 PKGMESSAGE_SUB=	PREFIX=${PREFIX} MAN1PREFIX=${MAN1PREFIX}
 
-# Pre-everything
-#
-
-.if ${SUBSYS} == client && !defined(WITHOUT_INTERFACE_POLLING)
-pre-everything::
-	@${ECHO_MSG}
-	@${ECHO_MSG} "If you want to compile without interface polling support."
-	@${ECHO_MSG} "hit Ctrl-C right now and use \"make WITHOUT_INTERFACE_POLLING=yes\""
-	@${ECHO_MSG}
+.if ${SUBSYS} == client
+OPTIONS=	INTERFACE_POLLING "interface polling support" on
+.endif
+.if ${SUBSYS} == server
+OPTIONS=	DHCP_PARANOIA "add -user, -group and -chroot options" on \
+		DHCP_JAIL "add -chroot and -jail options" on
 .endif
 
 # Post-extract
@@ -156,6 +153,14 @@
 .if ${SUBSYS} == client && !defined(WITHOUT_INTERFACE_POLLING)
 	@${ECHO_CMD} CFLAGS += -DENABLE_POLLING_MODE >> ${WRKSRC}/site.conf
 .endif
+.if ${SUBSYS} == server
+.if !defined(WITHOUT_DHCP_PARANOIA)
+	@${ECHO_CMD} CFLAGS += -DPARANOIA >> ${WRKSRC}/site.conf
+.endif
+.if !defined(WITHOUT_DHCP_JAIL)
+	@${ECHO_CMD} CFLAGS += -DJAIL >> ${WRKSRC}/site.conf
+.endif
+.endif
 
 patch-makefile-conf:
 	@${REINPLACE_CMD} -e 's|^DEBUG[ 	]*=|# DEBUG ?=|g' \
Index: pkg-message
===================================================================
RCS file: /home/ncvs/ports/net/isc-dhcp3-server/pkg-message,v
retrieving revision 1.4
diff -u -I$Id.*$ -I$.+BSD.*$ -r1.4 pkg-message
--- pkg-message	16 Mar 2004 20:31:15 -0000	1.4
+++ pkg-message	30 May 2004 21:16:10 -0000
@@ -9,7 +9,16 @@
 	    dhcpd_conf="%%PREFIX%%/etc/dhcpd.conf"	# configuration file
 	    dhcpd_ifaces=""				# ethernet interface(s)
 
-****  For instance, rc.conf like variables are still read from
-      %%PREFIX%%/etc/rc.isc-dhcpd.conf. They should be move into
-      /etc/rc.conf.  Also, the dhcpd_options variable must be
-      renamed dhcpd_flags.
+****  For instance, rc.conf like variables are still read from %%PREFIX%%\
+      /etc/rc.isc-dhcpd.conf. They should be move into /etc/rc.conf.  Also,
+      the dhcpd_options variable must be renamed dhcpd_flags.
+
+****  If compiled with paranoia support (the default), the following options
+      are also supported:
+
+            [-user user] [-group group] [-chroot dir] [-early_chroot]
+
+****  If compiled with jail support (the default), the following options are
+      also supported:
+
+            [-chroot dir] [-jail hostname ip_address]	# implies -early_chroot
>Release-Note:
>Audit-Trail:
>Unformatted: