~ubuntu-branches/ubuntu/dapper/dhcp3/dapper : contents of debian/patches/droppriv.dpatch at revision 9

~ubuntu-branches/ubuntu/dapper/dhcp3/dapper : (revision 9)

#! /bin/sh /usr/share/dpatch/dpatch-run
## droppriv.dpatch by  <martin.pitt@ubuntu.com>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: No description.

@DPATCH@
diff -urNad --exclude=CVS --exclude=.svn ./common/droppriv.c /tmp/dpep-work.4TQMRS/dhcp3-3.0.2/common/droppriv.c
--- ./common/droppriv.c	1970-01-01 01:00:00.000000000 +0100
+++ /tmp/dpep-work.4TQMRS/dhcp3-3.0.2/common/droppriv.c	2005-07-21 18:57:23.000000000 +0200
@@ -0,0 +1,96 @@
+/**
+ * droppriv.c - drop privileges of a program running as root
+ * 
+ * (C) 2004 Martin Pitt <martin@piware.de>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ */
+
+#include "droppriv.h"
+#include <sys/prctl.h>
+#include <stdio.h>
+#include <unistd.h>
+#include <pwd.h>
+#include <grp.h>
+
+void
+drop_privileges( const char* user, const char* group, int numcaps,
+	cap_value_t* caps, int errorexit )
+{
+    cap_t cap;
+    struct passwd *pw = NULL;
+    struct group *gr = NULL;
+
+    /* determine user and group id */
+    if( user != NULL ) {
+	pw = getpwnam( user );
+	if( !pw )  {
+	    fprintf( stderr, "drop_privileges: user %s does not exist\n", user );
+	    exit( errorexit );
+	}
+    }
+
+    if( group != NULL ) {
+	gr = getgrnam( group );
+	if( !gr ) {
+	    fprintf( stderr, "drop_privileges: group %s does not exist\n", group );
+	    exit( errorexit );
+	}
+    }
+
+    /* keep capabilities */
+    if( numcaps > 0 ) {
+        int result;
+
+        if( prctl( PR_SET_KEEPCAPS, 1, 0, 0, 0 ) ) {
+            perror( "drop_privileges: could not keep capabilities" );
+            exit( errorexit );
+        }
+
+        /* test whether cap_set_proc works */
+        cap = cap_get_proc();
+        if( cap ) {
+            result = cap_set_proc( cap );
+            cap_free( cap );
+            if( result )
+                return;
+        } else
+            return;
+    }
+
+
+    /* change uid/gid */
+    if( gr != NULL && setgid( gr->gr_gid ) ) {
+	perror( "drop_privileges: could not set group id" );
+	exit( errorexit );
+    }
+
+    if( pw != NULL && setuid( pw->pw_uid ) ) {
+	perror( "drop_privileges: could not set user id" );
+	exit( errorexit );
+    }
+
+    /* set necessary capabilities */
+    if( numcaps > 0 ) {
+        cap = cap_init();
+        if( cap_set_flag( cap, CAP_PERMITTED, numcaps, caps, CAP_SET ) ||
+            cap_set_flag( cap, CAP_EFFECTIVE, numcaps, caps, CAP_SET ) ) {
+            perror( "drop_privileges: cap_set_flag" );
+            exit( errorexit );
+        }
+
+        if( cap_set_proc( cap ) ) {
+            perror( "drop_privileges: could not install capabilities" );
+            exit( errorexit );
+        }
+
+        if( cap_free( cap ) ) {
+            perror( "drop_privileges: cap_free" );
+            exit( errorexit );
+        }
+    }
+}
+
diff -urNad --exclude=CVS --exclude=.svn ./common/Makefile.dist /tmp/dpep-work.4TQMRS/dhcp3-3.0.2/common/Makefile.dist
--- ./common/Makefile.dist	2004-09-21 22:33:35.000000000 +0200
+++ /tmp/dpep-work.4TQMRS/dhcp3-3.0.2/common/Makefile.dist	2005-07-21 18:57:59.000000000 +0200
@@ -25,11 +25,11 @@
 SRC    = raw.c parse.c nit.c icmp.c dispatch.c conflex.c upf.c bpf.c socket.c \
 	 lpf.c dlpi.c packet.c tr.c ethernet.c memory.c print.c options.c \
 	 inet.c tree.c tables.c alloc.c fddi.c ctrace.c dns.c resolv.c \
-	 execute.c discover.c comapi.c
+	 execute.c discover.c comapi.c droppriv.c
 OBJ    = raw.o parse.o nit.o icmp.o dispatch.o conflex.o upf.o bpf.o socket.o \
 	 lpf.o dlpi.o packet.o tr.o ethernet.o memory.o print.o options.o \
 	 inet.o tree.o tables.o alloc.o fddi.o ctrace.o dns.o resolv.o \
-	 execute.o discover.o comapi.o
+	 execute.o discover.o comapi.o droppriv.o
 MAN    = dhcp-options.5 dhcp-eval.5
 
 INCLUDES = -I$(TOP) $(BINDINC) -I$(TOP)/includes
diff -urNad --exclude=CVS --exclude=.svn ./includes/droppriv.h /tmp/dpep-work.4TQMRS/dhcp3-3.0.2/includes/droppriv.h
--- ./includes/droppriv.h	1970-01-01 01:00:00.000000000 +0100
+++ /tmp/dpep-work.4TQMRS/dhcp3-3.0.2/includes/droppriv.h	2005-07-21 18:57:23.000000000 +0200
@@ -0,0 +1,31 @@
+/**
+ * droppriv.h - drop privileges of a program running as root
+ *
+ * (C) 2004 Martin Pitt <martin@piware.de>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ */
+
+#ifndef _DROPPRIV_H
+#define _DROPPRIV_H
+
+#include <sys/capability.h>
+
+/**
+ * Drop all but necessary privileges from a program that is started as
+ * root. Set the running user id and group id to the corresponding
+ * values of 'user' and 'group' (NULL values cause the current
+ * user/group not to change). Drops all capabilities but the
+ * ones specified in caps. numcaps is the number of entries in
+ * caps. On error, a message is printed to stderr and the program
+ * terminates with exit code 'errorexit'.
+ */
+void
+drop_privileges( const char* user, const char* group, int numcaps,
+       cap_value_t* caps, int errorexit );
+
+#endif
+

4 by Oliver Grawert added the missing dependency on lsb-base to dhcp3-server	1	#! /bin/sh /usr/share/dpatch/dpatch-run
	2	## droppriv.dpatch by <martin.pitt@ubuntu.com>
	3	##
	4	## All lines beginning with `## DP:' are a description of the patch.
	5	## DP: No description.
	6
	7	@DPATCH@
	8	diff -urNad --exclude=CVS --exclude=.svn ./common/droppriv.c /tmp/dpep-work.4TQMRS/dhcp3-3.0.2/common/droppriv.c
	9	--- ./common/droppriv.c 1970-01-01 01:00:00.000000000 +0100
	10	+++ /tmp/dpep-work.4TQMRS/dhcp3-3.0.2/common/droppriv.c 2005-07-21 18:57:23.000000000 +0200
	11	@@ -0,0 +1,96 @@
	12	+/**
	13	+ * droppriv.c - drop privileges of a program running as root
	14	+ *
	15	+ * (C) 2004 Martin Pitt <martin@piware.de>
	16	+ *
	17	+ * Permission to use, copy, modify, and distribute this software for any
	18	+ * purpose with or without fee is hereby granted, provided that the above
	19	+ * copyright notice and this permission notice appear in all copies.
	20	+ *
	21	+ */
	22	+
	23	+#include "droppriv.h"
	24	+#include <sys/prctl.h>
	25	+#include <stdio.h>
	26	+#include <unistd.h>
	27	+#include <pwd.h>
	28	+#include <grp.h>
	29	+
	30	+void
	31	+drop_privileges( const char* user, const char* group, int numcaps,
	32	+ cap_value_t* caps, int errorexit )
	33	+{
	34	+ cap_t cap;
	35	+ struct passwd *pw = NULL;
	36	+ struct group *gr = NULL;
	37	+
	38	+ /* determine user and group id */
	39	+ if( user != NULL ) {
	40	+ pw = getpwnam( user );
	41	+ if( !pw ) {
	42	+ fprintf( stderr, "drop_privileges: user %s does not exist\n", user );
	43	+ exit( errorexit );
	44	+ }
	45	+ }
	46	+
	47	+ if( group != NULL ) {
	48	+ gr = getgrnam( group );
	49	+ if( !gr ) {
	50	+ fprintf( stderr, "drop_privileges: group %s does not exist\n", group );
	51	+ exit( errorexit );
	52	+ }
	53	+ }
	54	+
	55	+ /* keep capabilities */
	56	+ if( numcaps > 0 ) {
	57	+ int result;
	58	+
	59	+ if( prctl( PR_SET_KEEPCAPS, 1, 0, 0, 0 ) ) {
	60	+ perror( "drop_privileges: could not keep capabilities" );
	61	+ exit( errorexit );
	62	+ }
	63	+
	64	+ /* test whether cap_set_proc works */
65	+ cap = cap_get_proc();
66	+ if( cap ) {
67	+ result = cap_set_proc( cap );
68	+ cap_free( cap );
69	+ if( result )
70	+ return;
71	+ } else
72	+ return;
73	+ }
74	+
75	+
76	+ /* change uid/gid */
77	+ if( gr != NULL && setgid( gr->gr_gid ) ) {
78	+ perror( "drop_privileges: could not set group id" );
79	+ exit( errorexit );
80	+ }
81	+
82	+ if( pw != NULL && setuid( pw->pw_uid ) ) {
83	+ perror( "drop_privileges: could not set user id" );
84	+ exit( errorexit );
85	+ }
86	+
87	+ /* set necessary capabilities */
88	+ if( numcaps > 0 ) {
89	+ cap = cap_init();
90	+ if( cap_set_flag( cap, CAP_PERMITTED, numcaps, caps, CAP_SET ) \|\|
91	+ cap_set_flag( cap, CAP_EFFECTIVE, numcaps, caps, CAP_SET ) ) {
92	+ perror( "drop_privileges: cap_set_flag" );
93	+ exit( errorexit );
94	+ }
95	+
96	+ if( cap_set_proc( cap ) ) {
97	+ perror( "drop_privileges: could not install capabilities" );
98	+ exit( errorexit );
99	+ }
100	+
101	+ if( cap_free( cap ) ) {
102	+ perror( "drop_privileges: cap_free" );
103	+ exit( errorexit );
104	+ }
105	+ }
106	+}
107	+
108	diff -urNad --exclude=CVS --exclude=.svn ./common/Makefile.dist /tmp/dpep-work.4TQMRS/dhcp3-3.0.2/common/Makefile.dist
109	--- ./common/Makefile.dist 2004-09-21 22:33:35.000000000 +0200
110	+++ /tmp/dpep-work.4TQMRS/dhcp3-3.0.2/common/Makefile.dist 2005-07-21 18:57:59.000000000 +0200
111	@@ -25,11 +25,11 @@
112	SRC = raw.c parse.c nit.c icmp.c dispatch.c conflex.c upf.c bpf.c socket.c \
113	lpf.c dlpi.c packet.c tr.c ethernet.c memory.c print.c options.c \
114	inet.c tree.c tables.c alloc.c fddi.c ctrace.c dns.c resolv.c \
115	- execute.c discover.c comapi.c
116	+ execute.c discover.c comapi.c droppriv.c
117	OBJ = raw.o parse.o nit.o icmp.o dispatch.o conflex.o upf.o bpf.o socket.o \
118	lpf.o dlpi.o packet.o tr.o ethernet.o memory.o print.o options.o \
119	inet.o tree.o tables.o alloc.o fddi.o ctrace.o dns.o resolv.o \
120	- execute.o discover.o comapi.o
121	+ execute.o discover.o comapi.o droppriv.o
122	MAN = dhcp-options.5 dhcp-eval.5
123
124	INCLUDES = -I$(TOP) $(BINDINC) -I$(TOP)/includes
125	diff -urNad --exclude=CVS --exclude=.svn ./includes/droppriv.h /tmp/dpep-work.4TQMRS/dhcp3-3.0.2/includes/droppriv.h
126	--- ./includes/droppriv.h 1970-01-01 01:00:00.000000000 +0100
127	+++ /tmp/dpep-work.4TQMRS/dhcp3-3.0.2/includes/droppriv.h 2005-07-21 18:57:23.000000000 +0200
128	@@ -0,0 +1,31 @@
129	+/**
130	+ * droppriv.h - drop privileges of a program running as root
131	+ *
132	+ * (C) 2004 Martin Pitt <martin@piware.de>
133	+ *
134	+ * Permission to use, copy, modify, and distribute this software for any
135	+ * purpose with or without fee is hereby granted, provided that the above
136	+ * copyright notice and this permission notice appear in all copies.
137	+ *
138	+ */
139	+
140	+#ifndef _DROPPRIV_H
141	+#define _DROPPRIV_H
142	+
143	+#include <sys/capability.h>
144	+
145	+/**
146	+ * Drop all but necessary privileges from a program that is started as
147	+ * root. Set the running user id and group id to the corresponding
148	+ * values of 'user' and 'group' (NULL values cause the current
149	+ * user/group not to change). Drops all capabilities but the
150	+ * ones specified in caps. numcaps is the number of entries in
151	+ * caps. On error, a message is printed to stderr and the program
152	+ * terminates with exit code 'errorexit'.
153	+ */
154	+void
155	+drop_privileges( const char* user, const char* group, int numcaps,
156	+ cap_value_t* caps, int errorexit );
157	+
158	+#endif
159	+