mirrors/dhcpcd
0
0
Fork 0
mirror of https://github.com/rsmarples/dhcpcd.git synced 2024-12-04 15:34:33 +08:00
Code Issues Packages Projects Releases Wiki Activity

privsep: Allow priviledge separation user to be specified by configure

Browse Source
This commit is contained in:
Roy Marples 2019-12-02 00:43:07 +00:00
parent 8a7aa9822d
commit d7cb42ad79
3 changed files with 13 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
configure vendored
View File

@ -12,6 +12,7 @@ ARPING=
IPV4LL= IPV4LL=
INET6= INET6=
PRIVSEP= PRIVSEP=
PRIVSEP_USER=_dhcpcd
ARC4RANDOM= ARC4RANDOM=
CLOSEFROM= CLOSEFROM=
RBTREE= RBTREE=
@ -68,6 +69,7 @@ for x do
--enable-auth) AUTH=yes;; --enable-auth) AUTH=yes;;
--disable-privsep) PRIVSEP=no;; --disable-privsep) PRIVSEP=no;;
--enable-privsep) PRIVSEP=yes;; --enable-privsep) PRIVSEP=yes;;
--privsepuser) PRIVSEP_USER=$var;;
--prefix) PREFIX=$var;; --prefix) PREFIX=$var;;
--sysconfdir) SYSCONFDIR=$var;; --sysconfdir) SYSCONFDIR=$var;;
--bindir|--sbindir) SBINDIR=$var;; --bindir|--sbindir) SBINDIR=$var;;
@ -538,6 +540,9 @@ fi
if [ "$PRIVSEP" = yes ]; then if [ "$PRIVSEP" = yes ]; then
echo "Enabling Priviledge Separation" echo "Enabling Priviledge Separation"
echo "CPPFLAGS+= -DPRIVSEP" >>$CONFIG_MK echo "CPPFLAGS+= -DPRIVSEP" >>$CONFIG_MK
echo "#ifndef PRIVSEP_USER" >>$CONFIG_H
echo "#define PRIVSEP_USER \"$PRIVSEP_USER\"" >>$CONFIG_H
echo "#endif" >>$CONFIG_H
echo "DHCPCD_SRCS+= privsep.c privsep-root.c privsep-inet.c" \ echo "DHCPCD_SRCS+= privsep.c privsep-root.c privsep-inet.c" \
>>$CONFIG_MK >>$CONFIG_MK
if [ -z "$INET" ] || [ "$INET" = yes ]; then if [ -z "$INET" ] || [ "$INET" = yes ]; then
@ -573,6 +578,7 @@ if $XCC _test.c -o _test >/dev/null 2>&3; then
fi fi
rm -f _test.c _test rm -f _test.c _test
if ! $_CC; then if ! $_CC; then
echo $XCC
echo "$CC does not create executables" >&2 echo "$CC does not create executables" >&2
exit 1 exit 1
fi fi
@ -1685,6 +1691,9 @@ echo " DATADIR = $DATADIR"
echo " HOOKSCRIPTS = $HOOKS" echo " HOOKSCRIPTS = $HOOKS"
echo " EGHOOKSCRIPTS = $EGHOOKS" echo " EGHOOKSCRIPTS = $EGHOOKS"
echo " STATUSARG = $STATUSARG" echo " STATUSARG = $STATUSARG"
if [ "$PRIVSEP" = yes ]; then
echo " PRIVSEPUSER = $PRIVSEP_USER"
fi
echo echo
rm -f dhcpcd tests/test rm -f dhcpcd tests/test

4
src/defs.h
View File

@ -31,8 +31,8 @@
#define PACKAGE "dhcpcd" #define PACKAGE "dhcpcd"
#define VERSION "8.99.0" #define VERSION "8.99.0"
#ifndef DHCPCD_USER #ifndef PRIVSEP_USER
# define DHCPCD_USER "_" PACKAGE # define PRIVSEP_USER "_" PACKAGE
#endif #endif
#ifndef CONFIG #ifndef CONFIG

4
src/privsep.c
View File

@ -82,11 +82,11 @@ ps_dostart(struct dhcpcd_ctx *ctx,
/* Even if we're not dropping privs, we need to ensure that the unpriv /* Even if we're not dropping privs, we need to ensure that the unpriv
* user exists so the processes that do need it startup just fine. */ * user exists so the processes that do need it startup just fine. */
errno = 0; errno = 0;
if ((pw = getpwnam(DHCPCD_USER)) == NULL) { if ((pw = getpwnam(PRIVSEP_USER)) == NULL) {
ctx->options &= ~DHCPCD_PRIVSEP; ctx->options &= ~DHCPCD_PRIVSEP;
if (errno == 0) { if (errno == 0) {
if (ctx == recv_ctx) /* Only log the once. */ if (ctx == recv_ctx) /* Only log the once. */
logerrx("no such user %s", DHCPCD_USER); logerrx("no such user %s", PRIVSEP_USER);
} else } else
logerr("getpwnam"); logerr("getpwnam");
return -1; return -1;