diff options
| author | Roy Marples <roy@marples.name> | 2020-05-12 10:26:35 +0100 |
|---|---|---|
| committer | Roy Marples <roy@marples.name> | 2020-05-12 10:26:35 +0100 |
| commit | cf85354d04d98ba2117ac413edd97a46cda05293 (patch) | |
| tree | 5c79c1346f9b7435837be856798f8aa0099be3be /src/privsep.h | |
| parent | 123d78292563042e643024fc9abf154d631b0cad (diff) | |
| download | dhcpcd-cf85354d04d98ba2117ac413edd97a46cda05293.tar.xz | |
privsep: Handle all file IO in the Priviledged Actioneer
This allows us to move the database directory back into the
root of the filesystem.
While here, harden the files by denying any user read access to them.
As part of this change, init the DUID from any machine data and
cache the default DHCP vendor field before dropping priviledges as we
may lose access to this later.
Diffstat (limited to 'src/privsep.h')
| -rw-r--r-- | src/privsep.h | 61 |
1 files changed, 32 insertions, 29 deletions
diff --git a/src/privsep.h b/src/privsep.h index d64210cd..6fdbfdc8 100644 --- a/src/privsep.h +++ b/src/privsep.h @@ -36,32 +36,36 @@ #define PSF_CAP_ENTER 0x02 #define PSF_PLEDGE 0x04 -/* Commands */ -#define PS_BOOTP 0x01 -#define PS_ND 0x02 -#define PS_DHCP6 0x03 -#define PS_BPF_BOOTP 0x04 -#define PS_BPF_ARP 0x05 -#define PS_BPF_ARP_ADDR 0x06 - -#define PS_IOCTL 0x10 -#define PS_ROUTE 0x11 /* Also used for NETLINK */ -#define PS_SCRIPT 0x12 -#define PS_UNLINK 0x13 -#define PS_COPY 0x14 +/* Protocols */ +#define PS_BOOTP 0x0001 +#define PS_ND 0x0002 +#define PS_DHCP6 0x0003 +#define PS_BPF_BOOTP 0x0004 +#define PS_BPF_ARP 0x0005 +#define PS_BPF_ARP_ADDR 0x0006 + +/* Generic commands */ +#define PS_IOCTL 0x0010 +#define PS_ROUTE 0x0011 /* Also used for NETLINK */ +#define PS_SCRIPT 0x0012 +#define PS_UNLINK 0x0013 +#define PS_READFILE 0x0014 +#define PS_WRITEFILE 0x0015 +#define PS_FILEMTIME 0x0016 /* BSD Commands */ -#define PS_IOCTLLINK 0x15 -#define PS_IOCTL6 0x16 -#define PS_IOCTLINDIRECT 0x17 -#define PS_IP6FORWARDING 0x18 +#define PS_IOCTLLINK 0x0101 +#define PS_IOCTL6 0x0102 +#define PS_IOCTLINDIRECT 0x0103 +#define PS_IP6FORWARDING 0x0104 /* Linux commands */ -#define PS_WRITEPATHUINT 0x19 +#define PS_WRITEPATHUINT 0x0201 -#define PS_DELETE 0x20 -#define PS_START 0x40 -#define PS_STOP 0x80 +/* Process commands */ +#define PS_DELETE 0x2000 +#define PS_START 0x4000 +#define PS_STOP 0x8000 /* Max INET message size + meta data for IPC */ #define PS_BUFLEN ((64 * 1024) + \ @@ -96,13 +100,13 @@ struct ps_addr { struct ps_id { struct ps_addr psi_addr; unsigned int psi_ifindex; - uint8_t psi_cmd; - uint8_t psi_pad[3]; + uint16_t psi_cmd; + uint8_t psi_pad[2]; }; struct ps_msghdr { - uint8_t ps_cmd; - uint8_t ps_pad[sizeof(unsigned long) - 1]; + uint16_t ps_cmd; + uint8_t ps_pad[sizeof(unsigned long) - sizeof(uint16_t)]; unsigned long ps_flags; struct ps_id ps_id; socklen_t ps_namelen; @@ -141,7 +145,6 @@ TAILQ_HEAD(ps_process_head, ps_process); #include "privsep-bpf.h" #endif -int ps_mkdir(char *); int ps_init(struct dhcpcd_ctx *); int ps_dropprivs(struct dhcpcd_ctx *, unsigned int); int ps_start(struct dhcpcd_ctx *); @@ -152,11 +155,11 @@ ssize_t ps_sendpsmmsg(struct dhcpcd_ctx *, int, struct ps_msghdr *, const struct msghdr *); ssize_t ps_sendpsmdata(struct dhcpcd_ctx *, int, struct ps_msghdr *, const void *, size_t); -ssize_t ps_sendmsg(struct dhcpcd_ctx *, int, uint8_t, unsigned long, +ssize_t ps_sendmsg(struct dhcpcd_ctx *, int, uint16_t, unsigned long, const struct msghdr *); -ssize_t ps_sendcmd(struct dhcpcd_ctx *, int, uint8_t, unsigned long, +ssize_t ps_sendcmd(struct dhcpcd_ctx *, int, uint16_t, unsigned long, const void *data, size_t len); -ssize_t ps_recvmsg(struct dhcpcd_ctx *, int, uint8_t, int); +ssize_t ps_recvmsg(struct dhcpcd_ctx *, int, uint16_t, int); ssize_t ps_recvpsmsg(struct dhcpcd_ctx *, int, ssize_t (*callback)(void *, struct ps_msghdr *, struct msghdr *), void *); |