mirrors/dhcpcd
0
0
Fork 0
mirror of https://github.com/rsmarples/dhcpcd.git synced 2024-12-03 23:14:25 +08:00
Code Issues Packages Projects Releases Wiki Activity

privsep: Allow priviledge separation user to be specified by configure

Browse Source
This commit is contained in:
Roy Marples 2019-12-02 00:43:07 +00:00
parent 8a7aa9822d
commit d7cb42ad79
3 changed files with 13 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
configure vendored
View File

@ -12,6 +12,7 @@ ARPING=
IPV4LL=
INET6=
PRIVSEP=
PRIVSEP_USER=_dhcpcd
ARC4RANDOM=
CLOSEFROM=
RBTREE=
@ -68,6 +69,7 @@ for x do
--enable-auth) AUTH=yes;;
--disable-privsep) PRIVSEP=no;;
--enable-privsep) PRIVSEP=yes;;
--privsepuser) PRIVSEP_USER=$var;;
--prefix) PREFIX=$var;;
--sysconfdir) SYSCONFDIR=$var;;
--bindir|--sbindir) SBINDIR=$var;;
@ -538,6 +540,9 @@ fi
if [ "$PRIVSEP" = yes ]; then
echo "Enabling Priviledge Separation"
echo "CPPFLAGS+= -DPRIVSEP" >>$CONFIG_MK
echo "#ifndef PRIVSEP_USER" >>$CONFIG_H
echo "#define PRIVSEP_USER \"$PRIVSEP_USER\"" >>$CONFIG_H
echo "#endif" >>$CONFIG_H
echo "DHCPCD_SRCS+= privsep.c privsep-root.c privsep-inet.c" \
>>$CONFIG_MK
if [ -z "$INET" ] || [ "$INET" = yes ]; then
@ -573,6 +578,7 @@ if $XCC _test.c -o _test >/dev/null 2>&3; then
fi
rm -f _test.c _test
if ! $_CC; then
echo $XCC
echo "$CC does not create executables" >&2
exit 1
fi
@ -1685,6 +1691,9 @@ echo " DATADIR = $DATADIR"
echo " HOOKSCRIPTS = $HOOKS"
echo " EGHOOKSCRIPTS = $EGHOOKS"
echo " STATUSARG = $STATUSARG"
if [ "$PRIVSEP" = yes ]; then
echo " PRIVSEPUSER = $PRIVSEP_USER"
fi
echo
rm -f dhcpcd tests/test

4
src/defs.h
View File

@ -31,8 +31,8 @@
#define PACKAGE "dhcpcd"
#define VERSION "8.99.0"
#ifndef DHCPCD_USER
# define DHCPCD_USER "_" PACKAGE
#ifndef PRIVSEP_USER
# define PRIVSEP_USER "_" PACKAGE
#endif
#ifndef CONFIG

4
src/privsep.c
View File

@ -82,11 +82,11 @@ ps_dostart(struct dhcpcd_ctx *ctx,
/* Even if we're not dropping privs, we need to ensure that the unpriv
* user exists so the processes that do need it startup just fine. */
errno = 0;
if ((pw = getpwnam(DHCPCD_USER)) == NULL) {
if ((pw = getpwnam(PRIVSEP_USER)) == NULL) {
ctx->options &= ~DHCPCD_PRIVSEP;
if (errno == 0) {
if (ctx == recv_ctx) /* Only log the once. */
logerrx("no such user %s", DHCPCD_USER);
logerrx("no such user %s", PRIVSEP_USER);
} else
logerr("getpwnam");
return -1;