Here is a crude fix (compiles, NOT runtime tested) that enables the port
to build, and use the newer jail API.  It adapts the setup_jail()
function to cope with the new struct jail format.

An improvement would be to use the example code in usr.sbin/jail/jail.c
to enable parsing multiple IPv4 and IPv6 addresses, but that is probably
overkill in this case.  Would anybody need that functionality?

Replace net/isc-dhcp30-server/files/patch-server::dhcpd.c with the
attached file, and the port should now be able to build with jail
enabled.

Hi Dimitry,

I can confirm that your patch does allow isc-dhcp30-server to build on
-STABLE (as of this past weekend). I can also confirm that dhcpd worked
after building and installing. I can confirm that my client PCs were able to
get DHCP addresses buy releasing and renewing.

I will be upgrading my -STABLE box soon because of FreeBSD-SA-09:05.telnetd.
I will report back if there are any issues, as I run a portupgrade -a after
every -STABLE upgrade.

Comment 3 Felippe de Meirelles Motta 2009-02-23 21:33:32 UTC

Responsible Changed
From-To: freebsd-ports-bugs->lippe

I'll take it.

Hi all,

This patch was applied but it cause an error, if you can, take a look:

http://rex.goodking.ca/tb/errors/7-lippe/isc-dhcp30-server-3.0.7_4.log

> cc -O2 -fno-strict-aliasing -pipe  -D_PATH_DHCPD_CONF=\"/usr/local/etc/dhcpd.conf\" -D_PATH_DHCPD_DB=\"/var/db/dhcpd.leases\" -D_PATH_DHCPD_PID=\"/var/run/dhcpd.pid\" -D_PATH_DHCRELAY_PID=\"/var/run/dhcrelay.pid\" -D_PATH_DHCLIENT_CONF=\"/usr/local/etc/dhclient.conf\" -D_PATH_DHCLIENT_SCRIPT=\"/usr/local/sbin/dhclient-script\" -D_PATH_DHCLIENT_DB=\"/var/db/dhclient.leases\" -D_PATH_DHCLIENT_PID=\"/var/run/dhclient.pid\" -Dwarn=dhcp_warn -DNOMINUM -DPARANOIA -DJAIL   -I/work/a/ports/net/isc-dhcp30-server/ work/dhcp-3.0.7  -I/work/a/ports/net/isc-dhcp30-server/work/dhcp-3.0.7/includes -O -Wall -Wno-unused   -c dhcpd.c
> dhcpd.c: In function 'setup_jail':
> dhcpd.c:233: error: 'JAIL_API_VERSION' undeclared (first use in this function)

This is if you build with FreeBSD RELENG_7 before r188281 only.  Is the
port supposed to build with older versions of FreeBSD?  If so, we should
probably look at __FreeBSD_version, which changes to 701103 for the jail
API v2 MFC.

Comment 6 Bjoern A. Zeeb 2009-03-21 17:56:34 UTC

Hi,

I have a few comments:

1) you need to make the patch checking __FreeBSD_version. Older 7 or
    6.x do not have support for this. See
    http://www.freebsd.org/cgi/query-pr.cgi?pr=131512
    http://www.freebsd.org/cgi/cvsweb.cgi/ports/www/mod_jail/files/patch-mod_jail.c
    for example.

2) I am really worried about those patches.  I am not sure if they
    were properly audited or give the user some false security that
    does not exist due to possible escalations breaking out of the
    chroot/jails.

    For example, I cannot see how the startup script would properly
    deal with devfs restricting what is visible inside a chroot/jail.
    So if you have raw device disk access I say horray breaking the
    dhcpd.

3) The startup script could possibly make a lot use of /etc/rc.subr
    functions that /etc/rc.d/jail and /etc/rc.d/named for exmaple use
    as well instead of doing hand-crafted things.

4) I wonder if the proper way to handle this would be to let the user
    setup a proper chroot or jail enviroment and use chroot(8)/jail(8)
    to restrict dhcpd.  At least for jail I think this would make a lot
    more sense.  Together with what I said in 2) I vote for dropping
    as much C as possible here.  Noone started to patch all random
    deamons out there to support jail(2); why would dhcpd need to be
    different?

-- 
Bjoern A. Zeeb                      The greatest risk is not taking one.

Okay, please try the following patch instead.  This has a check for the
correct __FreeBSD_versions in the patch-server::dhcpd.c file.  For me,
this builds on 7-STABLE, but I am after the jail API MFC...

If anyone can confirm this builds on e.g. 7-RELEASE, or anything before
the MFC, please let us know.

This bug also impacts building this port on 7.2-RC1:

    FreeBSD nick.4gh.net 7.2-RC1 FreeBSD 7.2-RC1 #0: Wed Apr 15 20:34:10 UTC 2009     root@walker.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC  i386

jail.h seems to have changed a lot between 7.1 and 7.2.

Probably need a bump in priority and/or severity and needs to be fixed
before 7.2-RELEASE.

Comment 9 Felippe de Meirelles Motta 2009-04-26 16:58:48 UTC

Responsible Changed
From-To: lippe->freebsd-ports-bugs

I dont have time to work in this PR and believe that needs of a special 
attention, but I cant give at this time for now. Im sorry!

Comment 10 Wesley Shields 2009-05-04 00:06:57 UTC

Responsible Changed
From-To: freebsd-ports-bugs->wxs

I will have time this week to work on this.

Comment 11 dfilter service 2009-05-10 16:38:14 UTC

wxs         2009-05-10 15:38:05 UTC

  FreeBSD ports repository

  Modified files:
    net/isc-dhcp30-server Makefile 
    net/isc-dhcp30-server/files patch-server::dhcpd.c 
  Log:
  - Fix build when using DHCP_JAIL.
  
  PR:             ports/131515
  Submitted by:   rallenh <rallenh@hotmail.com>
  Approved by:    maintainer timeout
  
  Revision  Changes    Path
  1.132     +0 -4      ports/net/isc-dhcp30-server/Makefile
  1.4       +36 -20    ports/net/isc-dhcp30-server/files/patch-server::dhcpd.c
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"

Comment 12 Wesley Shields 2009-05-10 16:38:20 UTC

State Changed
From-To: open->closed

Committed. Thanks!