mirror of
https://github.com/rsmarples/dhcpcd.git
synced 2024-12-12 03:13:52 +08:00
privsep: Allow priviledge separation user to be specified by configure
This commit is contained in:
parent
8a7aa9822d
commit
d7cb42ad79
9
configure
vendored
9
configure
vendored
@ -12,6 +12,7 @@ ARPING=
|
||||
IPV4LL=
|
||||
INET6=
|
||||
PRIVSEP=
|
||||
PRIVSEP_USER=_dhcpcd
|
||||
ARC4RANDOM=
|
||||
CLOSEFROM=
|
||||
RBTREE=
|
||||
@ -68,6 +69,7 @@ for x do
|
||||
--enable-auth) AUTH=yes;;
|
||||
--disable-privsep) PRIVSEP=no;;
|
||||
--enable-privsep) PRIVSEP=yes;;
|
||||
--privsepuser) PRIVSEP_USER=$var;;
|
||||
--prefix) PREFIX=$var;;
|
||||
--sysconfdir) SYSCONFDIR=$var;;
|
||||
--bindir|--sbindir) SBINDIR=$var;;
|
||||
@ -538,6 +540,9 @@ fi
|
||||
if [ "$PRIVSEP" = yes ]; then
|
||||
echo "Enabling Priviledge Separation"
|
||||
echo "CPPFLAGS+= -DPRIVSEP" >>$CONFIG_MK
|
||||
echo "#ifndef PRIVSEP_USER" >>$CONFIG_H
|
||||
echo "#define PRIVSEP_USER \"$PRIVSEP_USER\"" >>$CONFIG_H
|
||||
echo "#endif" >>$CONFIG_H
|
||||
echo "DHCPCD_SRCS+= privsep.c privsep-root.c privsep-inet.c" \
|
||||
>>$CONFIG_MK
|
||||
if [ -z "$INET" ] || [ "$INET" = yes ]; then
|
||||
@ -573,6 +578,7 @@ if $XCC _test.c -o _test >/dev/null 2>&3; then
|
||||
fi
|
||||
rm -f _test.c _test
|
||||
if ! $_CC; then
|
||||
echo $XCC
|
||||
echo "$CC does not create executables" >&2
|
||||
exit 1
|
||||
fi
|
||||
@ -1685,6 +1691,9 @@ echo " DATADIR = $DATADIR"
|
||||
echo " HOOKSCRIPTS = $HOOKS"
|
||||
echo " EGHOOKSCRIPTS = $EGHOOKS"
|
||||
echo " STATUSARG = $STATUSARG"
|
||||
if [ "$PRIVSEP" = yes ]; then
|
||||
echo " PRIVSEPUSER = $PRIVSEP_USER"
|
||||
fi
|
||||
echo
|
||||
|
||||
rm -f dhcpcd tests/test
|
||||
|
@ -31,8 +31,8 @@
|
||||
#define PACKAGE "dhcpcd"
|
||||
#define VERSION "8.99.0"
|
||||
|
||||
#ifndef DHCPCD_USER
|
||||
# define DHCPCD_USER "_" PACKAGE
|
||||
#ifndef PRIVSEP_USER
|
||||
# define PRIVSEP_USER "_" PACKAGE
|
||||
#endif
|
||||
|
||||
#ifndef CONFIG
|
||||
|
@ -82,11 +82,11 @@ ps_dostart(struct dhcpcd_ctx *ctx,
|
||||
/* Even if we're not dropping privs, we need to ensure that the unpriv
|
||||
* user exists so the processes that do need it startup just fine. */
|
||||
errno = 0;
|
||||
if ((pw = getpwnam(DHCPCD_USER)) == NULL) {
|
||||
if ((pw = getpwnam(PRIVSEP_USER)) == NULL) {
|
||||
ctx->options &= ~DHCPCD_PRIVSEP;
|
||||
if (errno == 0) {
|
||||
if (ctx == recv_ctx) /* Only log the once. */
|
||||
logerrx("no such user %s", DHCPCD_USER);
|
||||
logerrx("no such user %s", PRIVSEP_USER);
|
||||
} else
|
||||
logerr("getpwnam");
|
||||
return -1;
|
||||
|
Loading…
Reference in New Issue
Block a user