Author: baggins Date: Fri Apr 20 11:41:28 2012 GMT Module: packages Tag: HEAD ---- Log message: - new
---- Files affected: packages/dhcp_probe: dhcp_probe-guignard-03_implicit_point_conv_bootp.c.patch (NONE -> 1.1) (NEW), dhcp_probe-guignard-04_linux_32_or_64bits.patch (NONE -> 1.1) (NEW), dhcp_probe-virta-01-pcap-loop.patch (NONE -> 1.1) (NEW), dhcp_probe-virta-02-keep-pcap.patch (NONE -> 1.1) (NEW), dhcp_probe-virta-03-drop-privs.patch (NONE -> 1.1) (NEW), dhcp_probe.init (NONE -> 1.1) (NEW), dhcp_probe.spec (NONE -> 1.1) (NEW), dhcp_probe.sysconfig (NONE -> 1.1) (NEW), [email protected] (NONE -> 1.1) (NEW) ---- Diffs: ================================================================ Index: packages/dhcp_probe/dhcp_probe-guignard-03_implicit_point_conv_bootp.c.patch diff -u /dev/null packages/dhcp_probe/dhcp_probe-guignard-03_implicit_point_conv_bootp.c.patch:1.1 --- /dev/null Fri Apr 20 13:41:28 2012 +++ packages/dhcp_probe/dhcp_probe-guignard-03_implicit_point_conv_bootp.c.patch Fri Apr 20 13:41:22 2012 @@ -0,0 +1,21 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 03_implicit_point_conv_bootp.c.dpatch by Laurent Guignard <[email protected]> +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Fix implicit Pointer Converstion in bootp.c file. +## Fix bug #529635 discovered by Dann Frazier <[email protected]> +## + +@DPATCH@ +diff -urNad src/bootp.c src/bootp.c +--- src/bootp.c 2009-03-31 14:19:06.000000000 +0200 ++++ src/bootp.c 2009-05-21 09:51:26.000000000 +0200 +@@ -11,7 +11,7 @@ + #include "bootp.h" + #include "configfile.h" + #include "report.h" +- ++#include "utils.h" + + + ================================================================ Index: packages/dhcp_probe/dhcp_probe-guignard-04_linux_32_or_64bits.patch diff -u /dev/null packages/dhcp_probe/dhcp_probe-guignard-04_linux_32_or_64bits.patch:1.1 --- /dev/null Fri Apr 20 13:41:28 2012 +++ packages/dhcp_probe/dhcp_probe-guignard-04_linux_32_or_64bits.patch Fri Apr 20 13:41:22 2012 @@ -0,0 +1,33 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 04_linux_32_or_64bits.dpatch by Laurent Guignard <[email protected]> +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: A solution to solve the bug #535361 +## May be this will be a solution with the right method ??? + +@DPATCH@ +diff -urNad src/get_myipaddr.c trunk/src/get_myipaddr.c +--- src/get_myipaddr.c 2009-09-03 13:10:32.000000000 +0200 ++++ src/get_myipaddr.c 2009-09-03 13:15:39.671451172 +0200 +@@ -118,7 +118,21 @@ + #endif /* not STRUCT_SOCKADDR_HAS_SA_LEN */ + + /* increment ptr to next interface for next time through the loop */ ++#ifdef __ARCH__ /* Debian GNU/Linux behavior for packaging goal */ ++ switch(__ARCH__) { ++ case 32: /* 32 bits architectures */ ++ ptr += sizeof(ifr->ifr_name) + len; ++ break; ++ case 64: /* 64 bits architectures */ ++ ptr += sizeof(struct ifreq); ++ break; ++ default: /* Default dhcp_probe behavior */ ++ ptr += sizeof(ifr->ifr_name) + len; ++ break; ++ } ++#else /* Default dhcp_probe behavior */ + ptr += sizeof(ifr->ifr_name) + len; ++#endif + + if (strcmp(ifname, ifr->ifr_name) != 0 ) /* is this the interface we're looking for? */ + continue; ================================================================ Index: packages/dhcp_probe/dhcp_probe-virta-01-pcap-loop.patch diff -u /dev/null packages/dhcp_probe/dhcp_probe-virta-01-pcap-loop.patch:1.1 --- /dev/null Fri Apr 20 13:41:28 2012 +++ packages/dhcp_probe/dhcp_probe-virta-01-pcap-loop.patch Fri Apr 20 13:41:22 2012 @@ -0,0 +1,164 @@ +##dhcp-probe-01-pcap-loop.patch - wrap pcap_dispatch in a loop +--- src/dhcp_probe.c 2009-08-16 12:24:10.000000000 +0300 ++++ src/dhcp_probe.c 2009-08-16 11:52:26.000000000 +0300 +@@ -59,6 +59,7 @@ + volatile sig_atomic_t reopen_log_file; /* for signal handler */ + volatile sig_atomic_t reopen_capture_file; /* for signal handler */ + volatile sig_atomic_t quit_requested; /* for signal requested */ ++volatile sig_atomic_t alarm_fired; /* for signal requested */ + + pcap_t *pd = NULL; /* libpcap - packet capture descriptor used for actual packet capture */ + pcap_t *pd_template = NULL; /* libpcap - packet capture descriptor just used as template */ +@@ -74,6 +75,27 @@ + int use_8021q = 0; + int vlan_id = 0; + ++/* capture packets from pcap for timeout seconds */ ++int ++loop_for_packets(int timeout) ++{ ++ int packets_recv = 0; ++ ++ alarm_fired = 0; ++ alarm(timeout); ++ ++ do { ++ int pcap_rc = pcap_dispatch(pd, -1, process_response, NULL); ++ if (pcap_rc == -1) ++ report(LOG_ERR, "pcap_dispatch(): %s", pcap_geterr(pd)); ++ else if (pcap_rc > 0) ++ packets_recv += pcap_rc; ++ } while(! alarm_fired && !quit_requested); ++ ++ return packets_recv; ++} ++ ++ + int + main(int argc, char **argv) + { +@@ -84,7 +106,6 @@ + struct sigaction sa; + FILE *pid_fp; + char *cwd = CWD; +- int i; + + int write_packet_len; + int bytes_written; +@@ -98,9 +119,6 @@ + int linktype; + char pcap_errbuf[PCAP_ERRBUF_SIZE], pcap_errbuf2[PCAP_ERRBUF_SIZE]; + +- /* for libnet */ +- char libnet_errbuf[LIBNET_ERRBUF_SIZE]; +- + /* get progname = last component of argv[0] */ + prog = strrchr(argv[0], '/'); + if (prog) +@@ -265,6 +283,8 @@ + reread_config_file = 0; /* set by signal handler */ + reopen_log_file = 0; /* set by signal handler */ + reopen_capture_file = 0; /* set by signal handler */ ++ quit_requested = 0; ++ alarm_fired = 0; + + ifname = strdup(argv[optind]); /* interface name is a required final argument */ + +@@ -332,6 +352,13 @@ + report(LOG_ERR, "sigaction: %s", get_errmsg()); + my_exit(1, 1, 1); + } ++ sigemptyset(&sa.sa_mask); ++ sa.sa_handler = catcher; ++ sa.sa_flags = 0; ++ if (sigaction(SIGALRM, &sa, NULL) < 0) { ++ report(LOG_ERR, "sigaction: %s", get_errmsg()); ++ my_exit(1, 1, 1); ++ } + + + +@@ -479,8 +506,9 @@ + + for (l = libnet_cq_head(); libnet_cq_last(); l = libnet_cq_next()) { /* write one flavor packet and listen for answers */ + +- int pcap_rc; ++ int packets_recv; + int pcap_open_retries; ++ + + /* We set up for packet capture BEFORE writing our packet, to minimize the delay + between our writing and when we are able to start capturing. (I cannot tell from +@@ -569,33 +597,16 @@ + report(LOG_DEBUG, "listening for answers for %d milliseconds", GetResponse_wait_time()); + + +- /* XXX I often find that pcap_dispatch() returns well before the timeout specified earlier. +- I ensure that there's no alarm() still left over before we start, and also ensure we don't +- get interrupted by SIGCHLD (possible since process_response() could fork an alert_program or alert_program2 child). +- But we STILL often return from pcap_dispatch() too soon! +- April 2001: An update to the pcap(3) man page around version 0.6 (?), along with postings +- on the tcpdump workers mailing list explains what's going on. The timeout specified in +- pcap_open_live() isn't a timeout in the sense one might expect. The pcap_dispatch() call +- can return sooner than expected (even immediately), or if no packets are received, might +- never return at all; the behavior is platform-dependant. I don't have a way to work +- around this issue; it means this program just won't work reliably (or at all) on some +- platforms. +- */ +- +- alarm(0); /* just in case a previous alarm was still left */ +- + sigemptyset(&new_sigset); + sigaddset(&new_sigset, SIGCHLD); + sigprocmask(SIG_BLOCK, &new_sigset, &old_sigset); /* block SIGCHLD */ + +- pcap_rc = pcap_dispatch(pd, -1, process_response, NULL); ++ packets_recv = loop_for_packets(GetResponse_wait_time() / 1000);; + + sigprocmask(SIG_SETMASK, &old_sigset, NULL); /* unblock SIGCHLD */ + +- if (pcap_rc < 0) +- report(LOG_ERR, "pcap_dispatch(): %s", pcap_geterr(pd)); +- else if (debug > 10) +- report(LOG_DEBUG, "done listening, captured %d packets", pcap_rc); ++ if (debug > 10) ++ report(LOG_DEBUG, "done listening, captured %d packets", packets_recv); + + /* I was hoping that perhaps pcap_stats() would return a nonzero number of packets dropped when + the buffer size specified to pcap_open_live() turns out to be too small -- so we could +@@ -688,6 +699,7 @@ + pcap_close(pd_template); + + my_exit(0, 1, 1); ++ return 0; /* make gcc happy */ + } + + +@@ -986,9 +998,6 @@ + /* Perform all necessary functions to handle a request to reconfigure. + Must not be called until after initial configuration is complete. + */ +- +- int i; +- + if (! read_configfile(config_file)) { + my_exit(1, 1, 1); + } +@@ -1050,8 +1059,14 @@ + + if ((sig == SIGINT) || (sig == SIGTERM) || (sig == SIGQUIT)) { /* quit gracefully */ + quit_requested = 1; ++ /* pcap wraps the socket read inside a loop, so the signal doesn't ++ interrupt it without an explicit call to pcap_breakloop */ ++ pcap_breakloop(pd); ++ return; ++ } else if (sig == SIGALRM) { /* timer */ ++ pcap_breakloop(pd); ++ alarm_fired = 1; + return; +- + } else if (sig == SIGHUP) { /* re-read config file */ + /* Doing the reread while in the signal handler is way too dangerous. + We'll do it at the start or end of the next main event loop. + + ================================================================ Index: packages/dhcp_probe/dhcp_probe-virta-02-keep-pcap.patch diff -u /dev/null packages/dhcp_probe/dhcp_probe-virta-02-keep-pcap.patch:1.1 --- /dev/null Fri Apr 20 13:41:28 2012 +++ packages/dhcp_probe/dhcp_probe-virta-02-keep-pcap.patch Fri Apr 20 13:41:22 2012 @@ -0,0 +1,286 @@ +##dhcp-probe-02-keep-pcap.patch - add option to keep pcap open all the time +--- src/dhcp_probe.c.01 2009-08-16 11:52:26.000000000 +0300 ++++ src/dhcp_probe.c 2009-08-16 12:31:22.000000000 +0300 +@@ -49,6 +49,7 @@ + */ + int snaplen = CAPTURE_BUFSIZE; + int socket_receive_timeout_feature = 0; ++int keep_pcap = 0; + + char *prog = NULL; + char *logfile_name = NULL; +@@ -75,6 +76,89 @@ + int use_8021q = 0; + int vlan_id = 0; + ++int need_promiscuous(void) ++{ ++ /* If we're going to claim a chaddr different than my_eaddr, some of the responses ++ may come back to chaddr (as opposed to my_eaddr or broadcast), so we'll need to ++ listen promiscuously. ++ If we're going to claim an ether_src different than my_eaddr, in theory that should ++ make no difference; bootp/dhcp servers should rely on chaddr, not ether_src. Still, ++ it's possible there's a server out there that does it wrong, and might therefore mistakenly ++ send responses to ether_src. So lets also listen promiscuously if ether_src != my_eaddr. ++ */ ++ int promiscuous = 0; ++ if (bcmp(GetChaddr(), &my_eaddr, sizeof(struct ether_addr)) || ++ bcmp(GetEther_src(), &my_eaddr, sizeof(struct ether_addr))) ++ promiscuous = 1; ++ return promiscuous; ++} ++ ++int init_pcap(int promiscuous, bpf_u_int32 netmask) ++{ ++ /* open packet capture descriptor */ ++ /* XXX On Solaris 7, sometimes pcap_open_live() fails with a message like: ++ pcap_open_live qfe0: recv_ack: info unexpected primitive ack 0x8 ++ It's not clear what causes this, or what the 0x8 code indicates. ++ The error appears to be transient; retrying sometimes will work, so I've wrapped the call in a retry loop. ++ I've also added a delay after each failure; perhaps the failure has something to do with the fact that ++ we call pcap_open_live() so soon after pcap_close() (for the second and succeeding packets in each cycle); ++ adding a delay might help in that case. ++ */ ++ struct bpf_program bpf_code; ++ char pcap_errbuf[PCAP_ERRBUF_SIZE]; ++ int linktype; ++ int pcap_open_retries = PCAP_OPEN_LIVE_RETRY_MAX; ++ ++ do { ++ pcap_errbuf[0] = '\0'; /* so we can tell if a warning was produced on success */ ++ if ((pd = pcap_open_live(ifname, snaplen, promiscuous, GetResponse_wait_time(), pcap_errbuf)) != NULL) { ++ break; /* success */ ++ } else { /* failure */ ++ if (pcap_open_retries == 0) { ++ report(LOG_DEBUG, "pcap_open_live(%s): %s; retry count (%d) exceeded, giving up", ifname, pcap_errbuf, PCAP_OPEN_LIVE_RETRY_MAX); ++ my_exit(1, 1, 1); ++ } else { ++ if (debug > 1) ++ report(LOG_DEBUG, "pcap_open_live(%s): %s; will retry", ifname, pcap_errbuf); ++ sleep(PCAP_OPEN_LIVE_RETRY_DELAY); /* before next retry */ ++ } ++ } /* failure */ ++ } while (pcap_open_retries--); ++ ++ ++ if (pcap_errbuf[0] != '\0') ++ /* even on success, a warning may be produced */ ++ report(LOG_WARNING, "pcap_open_live(%s): succeeded but with warning: %s", ifname, pcap_errbuf); ++ ++ /* make sure this interface is ethernet */ ++ linktype = pcap_datalink(pd); ++ if (linktype != DLT_EN10MB) { ++ report(LOG_ERR, "interface %s link layer type %d not ethernet", ifname, linktype); ++ my_exit(1, 1, 1); ++ } ++ /* compile bpf filter to select just udp/ip traffic to udp port bootpc */ ++ if (pcap_compile(pd, &bpf_code, "udp dst port bootpc", 1, netmask) < 0) { ++ report(LOG_ERR, "pcap_compile: %s", pcap_geterr(pd)); ++ my_exit(1, 1, 1); ++ } ++ /* install compiled filter */ ++ if (pcap_setfilter(pd, &bpf_code) < 0) { ++ report(LOG_ERR, "pcap_setfilter: %s", pcap_geterr(pd)); ++ my_exit(1, 1, 1); ++ } ++ if (socket_receive_timeout_feature) ++ set_pcap_timeout(pd); ++ ++ return 0; ++} ++ ++void ++reset_pcap() ++{ ++ /* close packet capture descriptor */ ++ pcap_close(pd); ++} ++ + /* capture packets from pcap for timeout seconds */ + int + loop_for_packets(int timeout) +@@ -115,8 +199,6 @@ + + /* for libpcap */ + bpf_u_int32 netnumber, netmask; +- struct bpf_program bpf_code; +- int linktype; + char pcap_errbuf[PCAP_ERRBUF_SIZE], pcap_errbuf2[PCAP_ERRBUF_SIZE]; + + /* get progname = last component of argv[0] */ +@@ -126,7 +208,7 @@ + else + prog = argv[0]; + +- while ((c = getopt(argc, argv, "c:d:fhl:o:p:Q:s:Tvw:")) != EOF) { ++ while ((c = getopt(argc, argv, "c:d:fhkl:o:p:Q:s:Tvw:")) != EOF) { + switch (c) { + case 'c': + if (optarg[0] != '/') { +@@ -151,6 +233,9 @@ + case 'h': + usage(); + my_exit(0, 0, 0); ++ case 'k': ++ keep_pcap = 1; ++ break; + case 'l': + if (optarg[0] != '/') { + fprintf(stderr, "%s: invalid log file '%s', must be an absolute pathname\n", prog, optarg); +@@ -447,8 +532,10 @@ + } + } + ++ if (keep_pcap) ++ init_pcap(need_promiscuous(), netmask); ++ + while (1) { /* MAIN EVENT LOOP */ +- int promiscuous; + libnet_t *l; /* to iterate through libnet context queue */ + /* struct pcap_stat ps; */ /* to hold pcap stats */ + +@@ -489,26 +576,9 @@ + interface in promiscuous mode as little as possible, since that can affect the host's performance. + */ + +- /* If we're going to claim a chaddr different than my_eaddr, some of the responses +- may come back to chaddr (as opposed to my_eaddr or broadcast), so we'll need to +- listen promiscuously. +- If we're going to claim an ether_src different than my_eaddr, in theory that should +- make no difference; bootp/dhcp servers should rely on chaddr, not ether_src. Still, +- it's possible there's a server out there that does it wrong, and might therefore mistakenly +- send responses to ether_src. So lets also listen promiscuously if ether_src != my_eaddr. +- */ +- if (bcmp(GetChaddr(), &my_eaddr, sizeof(struct ether_addr)) || +- bcmp(GetEther_src(), &my_eaddr, sizeof(struct ether_addr))) +- promiscuous = 1; +- else +- promiscuous = 0; +- +- + for (l = libnet_cq_head(); libnet_cq_last(); l = libnet_cq_next()) { /* write one flavor packet and listen for answers */ + + int packets_recv; +- int pcap_open_retries; +- + + /* We set up for packet capture BEFORE writing our packet, to minimize the delay + between our writing and when we are able to start capturing. (I cannot tell from +@@ -518,54 +588,9 @@ + we wanted! + */ + +- /* open packet capture descriptor */ +- /* XXX On Solaris 7, sometimes pcap_open_live() fails with a message like: +- pcap_open_live qfe0: recv_ack: info unexpected primitive ack 0x8 +- It's not clear what causes this, or what the 0x8 code indicates. +- The error appears to be transient; retrying sometimes will work, so I've wrapped the call in a retry loop. +- I've also added a delay after each failure; perhaps the failure has something to do with the fact that +- we call pcap_open_live() so soon after pcap_close() (for the second and succeeding packets in each cycle); +- adding a delay might help in that case. +- */ +- pcap_open_retries = PCAP_OPEN_LIVE_RETRY_MAX; +- while (pcap_open_retries--) { +- pcap_errbuf[0] = '\0'; /* so we can tell if a warning was produced on success */ +- if ((pd = pcap_open_live(ifname, snaplen, promiscuous, GetResponse_wait_time(), pcap_errbuf)) != NULL) { +- break; /* success */ +- } else { /* failure */ +- if (pcap_open_retries == 0) { +- report(LOG_DEBUG, "pcap_open_live(%s): %s; retry count (%d) exceeded, giving up", ifname, pcap_errbuf, PCAP_OPEN_LIVE_RETRY_MAX); +- my_exit(1, 1, 1); +- } else { +- if (debug > 1) +- report(LOG_DEBUG, "pcap_open_live(%s): %s; will retry", ifname, pcap_errbuf); +- sleep(PCAP_OPEN_LIVE_RETRY_DELAY); /* before next retry */ +- } +- } /* failure */ +- } +- if (pcap_errbuf[0] != '\0') +- /* even on success, a warning may be produced */ +- report(LOG_WARNING, "pcap_open_live(%s): succeeded but with warning: %s", ifname, pcap_errbuf); +- +- /* make sure this interface is ethernet */ +- linktype = pcap_datalink(pd); +- if (linktype != DLT_EN10MB) { +- report(LOG_ERR, "interface %s link layer type %d not ethernet", ifname, linktype); +- my_exit(1, 1, 1); +- } +- /* compile bpf filter to select just udp/ip traffic to udp port bootpc */ +- if (pcap_compile(pd, &bpf_code, "udp dst port bootpc", 1, netmask) < 0) { +- report(LOG_ERR, "pcap_compile: %s", pcap_geterr(pd)); +- my_exit(1, 1, 1); +- } +- /* install compiled filter */ +- if (pcap_setfilter(pd, &bpf_code) < 0) { +- report(LOG_ERR, "pcap_setfilter: %s", pcap_geterr(pd)); +- my_exit(1, 1, 1); +- } +- if (socket_receive_timeout_feature) +- set_pcap_timeout(pd); +- ++ if (! keep_pcap) ++ init_pcap(need_promiscuous(), netmask); ++ + /* write one packet */ + + if (debug > 10) +@@ -621,7 +646,8 @@ + */ + + /* close packet capture descriptor */ +- pcap_close(pd); ++ if (! keep_pcap) ++ reset_pcap(); + + /* check for 'quit' request after each packet, since waiting until end of probe cycle + would impose a substantial delay. */ +@@ -669,7 +695,7 @@ + reconfigure(write_packet_len); + reread_config_file = 0; + } +- ++ + /* We allow must signals that come in during our sleep() to interrupt us. E.g. we want to cut short + our sleep when we're signalled to exit. But we must block SIGCHLD during our sleep. That's because + if we forked an alert_program or alert_program2 child above, its termination will likely happen while we're sleeping; +@@ -684,7 +710,19 @@ + sigaddset(&new_sigset, SIGCHLD); + sigprocmask(SIG_BLOCK, &new_sigset, &old_sigset); /* block SIGCHLD */ + +- sleep(time_to_sleep); ++ if (keep_pcap) { ++ /* If we're going to keep the packet capture running, ++ we might as well read off all the packets received while ++ waiting. We shouldn't get any since we don't send any requests ++ but this should prevent any buffers from accidentally filling ++ with unhandled packets. */ ++ int packets_recv = loop_for_packets(time_to_sleep); ++ ++ if (packets_recv && debug > 10) ++ report(LOG_DEBUG, "captured %d packets while sleeping", packets_recv); ++ } else { ++ sleep(time_to_sleep); ++ } + + sigprocmask(SIG_SETMASK, &old_sigset, NULL); /* unblock SIGCHLD */ + +@@ -692,8 +730,10 @@ + + } /* MAIN EVENT LOOP */ + +- + /* we only reach here after receiving a signal requesting we quit */ ++ ++ if (keep_pcap) ++ reset_pcap(); + + if (pd_template) /* only used if a capture file requested */ + pcap_close(pd_template); +@@ -1142,6 +1182,7 @@ + fprintf(stderr, " -d debuglevel enable debugging at specified level\n"); + fprintf(stderr, " -f don't fork (only use for debugging)\n"); + fprintf(stderr, " -h display this help message then exit\n"); ++ fprintf(stderr, " -k keep pcap open constantly (don't recreate on each cycle)\n"); + fprintf(stderr, " -l log_file log to file instead of syslog\n"); + fprintf(stderr, " -o capture_file enable capturing of unexpected answers\n"); + fprintf(stderr, " -p pid_file override default pid file [%s]\n", PID_FILE); ================================================================ Index: packages/dhcp_probe/dhcp_probe-virta-03-drop-privs.patch diff -u /dev/null packages/dhcp_probe/dhcp_probe-virta-03-drop-privs.patch:1.1 --- /dev/null Fri Apr 20 13:41:28 2012 +++ packages/dhcp_probe/dhcp_probe-virta-03-drop-privs.patch Fri Apr 20 13:41:22 2012 @@ -0,0 +1,129 @@ +##dhcp-probe-03-drop-privs.patch - add option to change uid after setup +--- src/dhcp_probe.c.02 2009-08-16 12:31:22.000000000 +0300 ++++ src/dhcp_probe.c 2009-08-16 13:47:29.000000000 +0300 +@@ -26,6 +26,9 @@ + #include "report.h" + #include "utils.h" + ++#include <sys/types.h> ++#include <pwd.h> ++ + #ifndef lint + static const char rcsid[] = "dhcp_probe version " VERSION; + static const char copyright[] = "Copyright 2000-2008, The Trustees of Princeton University. All rights reserved."; +@@ -50,6 +53,8 @@ + int snaplen = CAPTURE_BUFSIZE; + int socket_receive_timeout_feature = 0; + int keep_pcap = 0; ++int drop_privs = 0; ++char *username = NULL; + + char *prog = NULL; + char *logfile_name = NULL; +@@ -179,6 +184,40 @@ + return packets_recv; + } + ++/* drop privileges */ ++void ++drop_privileges(const char *username) ++{ ++ struct passwd *pw; ++ pw = getpwnam(username); ++ if (pw == NULL) { ++ report(LOG_ERR, "getpwnam: %s", get_errmsg()); ++ my_exit(1, 1, 1); ++ } ++ if (debug > 1) ++ report(LOG_INFO, "changing to uid %d gid %d", pw->pw_uid, pw->pw_gid); ++ ++ if (setregid(pw->pw_gid, pw->pw_gid)) { ++ report(LOG_ERR, "setregid: %s", get_errmsg()); ++ my_exit(1, 1, 1); ++ } ++ if (setreuid(pw->pw_uid, pw->pw_uid)) { ++ report(LOG_ERR, "setreuid: %s", get_errmsg()); ++ my_exit(1, 1, 1); ++ } ++} ++ ++void write_pidfile(void) ++{ ++ FILE *pid_fp; ++ if ((pid_fp = open_for_writing(pid_file)) == NULL) { ++ report(LOG_ERR, "could not open pid file %s for writing", pid_file); ++ my_exit(1, 0, 1); ++ } else { ++ fprintf(pid_fp, "%d\n", (int) getpid()); ++ fclose(pid_fp); ++ } ++} + + int + main(int argc, char **argv) <<Diff was trimmed, longer than 597 lines>> _______________________________________________ pld-cvs-commit mailing list [email protected] http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit
