dhcpcd
2 years agoRelease dhcpcd-9.1.3 dhcpcd-9.1.3
Roy Marples [Thu, 2 Jul 2020 13:42:57 +0000 (14:42 +0100)]
Release dhcpcd-9.1.3

2 years agomake: clean before import-src
Roy Marples [Thu, 2 Jul 2020 13:05:19 +0000 (14:05 +0100)]
make: clean before import-src

2 years agoDHCP6: Restore lease timings
Roy Marples [Wed, 1 Jul 2020 19:09:42 +0000 (20:09 +0100)]
DHCP6: Restore lease timings

Erroneously changed in 060f5a9e93, only seems to affect
INFORM getting into a loop.

2 years agoBSD: Setup sysctls before redirecting stderr
Roy Marples [Wed, 1 Jul 2020 10:46:01 +0000 (11:46 +0100)]
BSD: Setup sysctls before redirecting stderr

Need to do this as early as.

2 years agoprivsep: Don't limit file writes if logging to a file
Roy Marples [Wed, 1 Jul 2020 10:45:06 +0000 (11:45 +0100)]
privsep: Don't limit file writes if logging to a file

stderr could be redirected.

While here, there is no longer a need to redirect stderr or stdout
as they already have been in dhcpcd.

2 years agodhcpcd: improve prior to log to another fd
Roy Marples [Tue, 30 Jun 2020 21:06:00 +0000 (22:06 +0100)]
dhcpcd: improve prior to log to another fd

This allows stderr and stdout to be redirected to /dev/null.

2 years agodhcpcd: Turn off stderr logging rather than closing stderr
Roy Marples [Tue, 30 Jun 2020 20:33:24 +0000 (21:33 +0100)]
dhcpcd: Turn off stderr logging rather than closing stderr

And only turn it off when stderr is a tty.
A better approach might to open an fd just to log to and
redirect stdout/stderr to /dev/null alongside stdin at program
start, but that's more code.

2 years agoprivsep: check return of freopen(3)
Roy Marples [Mon, 29 Jun 2020 12:14:21 +0000 (13:14 +0100)]
privsep: check return of freopen(3)

So shutup some compilers who complain we don't do anything with it.

2 years agooptions: rework prior to use macros
Roy Marples [Mon, 29 Jun 2020 10:54:29 +0000 (11:54 +0100)]
options: rework prior to use macros

Can't use DHCPCD_MASTER because a config option sets it - duh.
This allows us to use a different config option which makes little
sense in options but makes sense in the code.

2 years agoinet6: Don't regen temp addresses we didn't add.
Roy Marples [Sat, 27 Jun 2020 12:58:44 +0000 (13:58 +0100)]
inet6: Don't regen temp addresses we didn't add.

Helps with interopability with OpenBSD's slaacd(8).

2 years agooptions: use DHCPCD_MASTER to guard global options
Roy Marples [Sat, 27 Jun 2020 12:46:25 +0000 (13:46 +0100)]
options: use DHCPCD_MASTER to guard global options

As ifname generally always set.

2 years agoLinux: restore fix when no address is returned by getifaddrs(3)
Roy Marples [Wed, 24 Jun 2020 19:53:20 +0000 (20:53 +0100)]
Linux: restore fix when no address is returned by getifaddrs(3)

Suck sucky sucky, but it fixes PPP links again.

2 years agoLinux: redefine NLA_ALIGNTO as 4U
Roy Marples [Tue, 23 Jun 2020 10:31:25 +0000 (11:31 +0100)]
Linux: redefine NLA_ALIGNTO as 4U

This removes the last of the alignment issues reported by clang
in the linux driver for dhcpcd.
Upstream has no interest in fixing this and local testing
shows it works fine on all platforms I have.

https://www.spinics.net/lists/netdev/msg646934.html

2 years agoLinux: Warn if netlink(7) seq number doesn't match expectation.
Roy Marples [Mon, 22 Jun 2020 21:09:31 +0000 (22:09 +0100)]
Linux: Warn if netlink(7) seq number doesn't match expectation.

While here, ensure it never goes out of scope.

2 years agoLinux: keep the generic netlink socket around to get ssid with privsep
Roy Marples [Mon, 22 Jun 2020 20:56:16 +0000 (21:56 +0100)]
Linux: keep the generic netlink socket around to get ssid with privsep

While here, improve our reading of netlink(7) and terminate on either
ERROR or DONE. If neither are in the message, read again unless it's
the link receiving socket.
Also, only callback if this is the sequence number expected.

2 years agoprivsep: init more fd -1
Roy Marples [Mon, 22 Jun 2020 16:31:58 +0000 (17:31 +0100)]
privsep: init more fd -1

2 years agoLinux: Sweep errors about disabling autogeneration of LL addrs
Roy Marples [Mon, 22 Jun 2020 12:22:16 +0000 (13:22 +0100)]
Linux: Sweep errors about disabling autogeneration of LL addrs

under the table.
I tire of this report.

2 years agoLinux: fix a compile warning for older compilers
Roy Marples [Mon, 22 Jun 2020 12:18:26 +0000 (13:18 +0100)]
Linux: fix a compile warning for older compilers

2 years agoLinux: support aarch64 for reading cpu info
Roy Marples [Mon, 22 Jun 2020 12:17:25 +0000 (13:17 +0100)]
Linux: support aarch64 for reading cpu info

2 years agolinux: ignore unsupported interfaces by default, such as sit0
Roy Marples [Mon, 22 Jun 2020 12:08:25 +0000 (13:08 +0100)]
linux: ignore unsupported interfaces by default, such as sit0

2 years agodhcpcd: Report error when caching vendor
Roy Marples [Mon, 22 Jun 2020 11:52:42 +0000 (12:52 +0100)]
dhcpcd: Report error when caching vendor

2 years agoscript: Make visible some link level parameters to lease dumping
Roy Marples [Mon, 22 Jun 2020 11:45:37 +0000 (12:45 +0100)]
script: Make visible some link level parameters to lease dumping

protocol, ssid and profile are now visible

2 years agoLibc implementations are allowed to require the explicit inclusion of
Ismael Luceno [Sun, 21 Jun 2020 14:06:14 +0000 (15:06 +0100)]
Libc implementations are allowed to require the explicit inclusion of
either <sys/types.h> (where it should be defined) or <sys/stat.h>
(prototypes requiring it) to expose mode_t.

Without that it fails to be exposed in musl libc, and potentially other
implementations.

Signed-off-by: Ismael Luceno <ismael@iodev.co.uk>
2 years agodhcpcd: Only poll after mac randomisation
Roy Marples [Fri, 19 Jun 2020 08:36:55 +0000 (09:36 +0100)]
dhcpcd: Only poll after mac randomisation

That will cause a delay and poll instantly rather than
an initial wait.

2 years agodhcpcd: Add an option to poll the interface carrier state
Roy Marples [Thu, 18 Jun 2020 20:15:15 +0000 (21:15 +0100)]
dhcpcd: Add an option to poll the interface carrier state

Only to be used if the interface does not report carrier state
changes for whatever reason.

2 years agoQuick change for pior
Roy Marples [Wed, 17 Jun 2020 14:17:58 +0000 (15:17 +0100)]
Quick change for pior

2 years agoconfigure: add --with-eghook=foo
Roy Marples [Wed, 17 Jun 2020 14:12:13 +0000 (15:12 +0100)]
configure: add --with-eghook=foo

Allows to force for example ypbind if it's not installed.

2 years agodhcpcd: preserve the STARTED option when reloading options
Roy Marples [Wed, 17 Jun 2020 10:25:58 +0000 (11:25 +0100)]
dhcpcd: preserve the STARTED option when reloading options

This avoids the truncated read when the launcher process exists
after the main process handles SIGHUP.

2 years agoinet6: No flags on the prefix means the prefix is via the router
Roy Marples [Wed, 17 Jun 2020 08:42:32 +0000 (09:42 +0100)]
inet6: No flags on the prefix means the prefix is via the router

Fixes a minor regression from prior.

2 years agoprivsep: Simplyfy signal handling
Roy Marples [Tue, 16 Jun 2020 19:58:17 +0000 (20:58 +0100)]
privsep: Simplyfy signal handling

All privsep processes only need to act on SIGTERM.
The privileged actioneer also needs to act on SIGCHLD.

2 years agoeloop: Add rationale for ELOOP_NSIGNALS
Roy Marples [Tue, 16 Jun 2020 16:31:47 +0000 (17:31 +0100)]
eloop: Add rationale for ELOOP_NSIGNALS

2 years agoAlign
Roy Marples [Tue, 16 Jun 2020 16:21:20 +0000 (17:21 +0100)]
Align

2 years agoeloop: Guard diagnostic in prior with ELOOP_DEBUG
Roy Marples [Tue, 16 Jun 2020 16:12:58 +0000 (17:12 +0100)]
eloop: Guard diagnostic in prior with ELOOP_DEBUG

2 years agoprivsep: Use root signal_cb for all signals here.
Roy Marples [Tue, 16 Jun 2020 16:07:10 +0000 (17:07 +0100)]
privsep: Use root signal_cb for all signals here.

2 years agoeloop: Try and survive a signal storm
Roy Marples [Tue, 16 Jun 2020 13:35:49 +0000 (14:35 +0100)]
eloop: Try and survive a signal storm

Shouldn't happen in production, but you never know.

2 years agoprivsep: Don't handle any signals meant for the main process
Roy Marples [Tue, 16 Jun 2020 11:58:16 +0000 (11:58 +0000)]
privsep: Don't handle any signals meant for the main process

Just incase someone issues a killall -HUP dhcpcd

2 years agoBSD: Allow non NetBSD and OpenBSD to set IN6_IFF_AUTOCONF
Roy Marples [Tue, 16 Jun 2020 10:26:25 +0000 (10:26 +0000)]
BSD: Allow non NetBSD and OpenBSD to set IN6_IFF_AUTOCONF

I don't think FreeBSD or DragonFly ever filtered it out, so
all the BSD family should now have parity here.

2 years agoinet6: Report RA Proxy flag if set
Roy Marples [Mon, 15 Jun 2020 23:48:42 +0000 (00:48 +0100)]
inet6: Report RA Proxy flag if set

2 years agoinet6: Add support for reporting Mobile IPv6 RA's
Roy Marples [Mon, 15 Jun 2020 21:43:39 +0000 (22:43 +0100)]
inet6: Add support for reporting Mobile IPv6 RA's

This is RFC6275. dhcpcd is not a client suitable for this,
but it will at least decode the information properly.

2 years agoconfigure: Fix fallout with disabling embedded config
Roy Marples [Mon, 15 Jun 2020 21:04:37 +0000 (22:04 +0100)]
configure: Fix fallout with disabling embedded config

2 years agoRelease dhcpcd-9.1.2 dhcpcd-9.1.2
Roy Marples [Mon, 15 Jun 2020 15:28:31 +0000 (16:28 +0100)]
Release dhcpcd-9.1.2

2 years agoDHCP6: Use sla setting when calculating delegated prefix length
Roy Marples [Mon, 15 Jun 2020 14:51:17 +0000 (15:51 +0100)]
DHCP6: Use sla setting when calculating delegated prefix length

This is fine as we have a limited list of interfaces we're
delegating to so we know all the numbers.
This fixes an issue where an interface index could exceed 8 bits.

While here change sla_set to a boolean.

2 years agoprivsep: don't abort if setrlimit fails
Roy Marples [Mon, 15 Jun 2020 14:14:53 +0000 (15:14 +0100)]
privsep: don't abort if setrlimit fails

Just log the error.
This allows valgrind to be used still as it uses big fd numbers in
the client.

2 years agoDHCP6: Add requested addresses after freeing all state addresses
Roy Marples [Mon, 15 Jun 2020 11:52:55 +0000 (12:52 +0100)]
DHCP6: Add requested addresses after freeing all state addresses

Otherwise we don't request the correct prefix delegation length
for example....

2 years agoBSD: Mark routes as static only from static config
Roy Marples [Mon, 15 Jun 2020 08:49:34 +0000 (09:49 +0100)]
BSD: Mark routes as static only from static config

Rather than if genered by an address.
This allows RA prefix routes without an address to be non static,
so you could derive whether a route came from something autoconf
or not.

2 years agoBSD: Mark address AUTOCONF if no kernel RA
Roy Marples [Sun, 14 Jun 2020 14:26:59 +0000 (15:26 +0100)]
BSD: Mark address AUTOCONF if no kernel RA

2 years agoWarn if the OS lacks support to lock down BPF or equivalent
Roy Marples [Thu, 11 Jun 2020 14:37:33 +0000 (15:37 +0100)]
Warn if the OS lacks support to lock down BPF or equivalent

2 years agoudev: disable for non Linux systems
Roy Marples [Thu, 11 Jun 2020 10:35:20 +0000 (11:35 +0100)]
udev: disable for non Linux systems

On FreeBSD udev, the function udev_device_new_from_subsystem_sysname
exists but is not implemented.
As such it breaks our device initialisation detection.

Disabled by default, but can be enabled with ./configure --with-udev

2 years agoIPv4LL: free the arp state once announced for RFC 5227 kernels
Roy Marples [Wed, 10 Jun 2020 18:00:45 +0000 (19:00 +0100)]
IPv4LL: free the arp state once announced for RFC 5227 kernels

Otherwise the BPF process will hang around

2 years agoprivsep: Fix a shutdown race
Roy Marples [Wed, 10 Jun 2020 15:32:04 +0000 (16:32 +0100)]
privsep: Fix a shutdown race

Only test a successful stop IPC command.
By the time we shutdown the socket to be extra nice, the
process we sent stop to could have already exited, therefore
we can discard any error.

2 years agoprivsep: fix size of rdm
Roy Marples [Wed, 10 Jun 2020 13:47:00 +0000 (14:47 +0100)]
privsep: fix size of rdm

2 years agoFix some logic
Roy Marples [Wed, 10 Jun 2020 13:42:08 +0000 (14:42 +0100)]
Fix some logic

2 years agodhcpcd: Ensure dump is terminated
Roy Marples [Wed, 10 Jun 2020 13:38:46 +0000 (14:38 +0100)]
dhcpcd: Ensure dump is terminated

2 years agologerr: Remove setvbuf diagnostic - it's not critical
Roy Marples [Wed, 10 Jun 2020 13:31:03 +0000 (14:31 +0100)]
logerr: Remove setvbuf diagnostic - it's not critical

2 years agominor cleanup
Roy Marples [Wed, 10 Jun 2020 13:16:08 +0000 (14:16 +0100)]
minor cleanup

2 years agoTry and guard against impossibly large data.
Roy Marples [Wed, 10 Jun 2020 10:16:14 +0000 (11:16 +0100)]
Try and guard against impossibly large data.

2 years agoprivsep: RLIMIT_FSIZE works fine on pledge and capsicum
Roy Marples [Wed, 10 Jun 2020 07:30:28 +0000 (08:30 +0100)]
privsep: RLIMIT_FSIZE works fine on pledge and capsicum

If you don't use the dhcpcd logfile option.
Duh.

2 years agoDHCP6: Apply delegations to interface on carrier up
Roy Marples [Wed, 10 Jun 2020 06:34:18 +0000 (07:34 +0100)]
DHCP6: Apply delegations to interface on carrier up

Even with DHCP6 turned off for the interface.
As long as it was activated by another interface this is fine.

2 years agoLinux: Fix compile for systems without route preference
Roy Marples [Wed, 10 Jun 2020 06:16:41 +0000 (07:16 +0100)]
Linux: Fix compile for systems without route preference

2 years agoLinux: fix compile on old ones
Roy Marples [Wed, 10 Jun 2020 06:13:21 +0000 (07:13 +0100)]
Linux: fix compile on old ones

2 years agoprivsep: Disable RLIMIT_FSIZE when using the logfile option
Roy Marples [Wed, 10 Jun 2020 06:04:29 +0000 (07:04 +0100)]
privsep: Disable RLIMIT_FSIZE when using the logfile option

We cannot offload it to the root process either because not all
sandboxes have access to that.....
Really need to fix syslog so that it starts before dhcpcd.

2 years agoprivsep: Fix compile on alpine linux
Roy Marples [Wed, 10 Jun 2020 05:35:54 +0000 (06:35 +0100)]
privsep: Fix compile on alpine linux

2 years agoprivsep: Apply resource limits to OpenBSD as well where we can
Roy Marples [Wed, 10 Jun 2020 04:46:19 +0000 (05:46 +0100)]
privsep: Apply resource limits to OpenBSD as well where we can

After all, pledge or capsicum could have bugs.

2 years agoprivsep: Apply what resource limits we can to capsicum
Roy Marples [Wed, 10 Jun 2020 04:27:25 +0000 (05:27 +0100)]
privsep: Apply what resource limits we can to capsicum

2 years agoprivsep: Fix prior for capsicum
Roy Marples [Wed, 10 Jun 2020 04:04:02 +0000 (05:04 +0100)]
privsep: Fix prior for capsicum

2 years agoprivsep: control proxy is no longer optional
Roy Marples [Wed, 10 Jun 2020 03:57:02 +0000 (04:57 +0100)]
privsep: control proxy is no longer optional

It's required for pledge.
It *could* be optional for capsicum but I'd like to try and
keep the sandboxing the same for now.

2 years agoprivsep: For Linux and Solaris, set RLIMIT_NOFILES to nevents
Roy Marples [Tue, 9 Jun 2020 21:39:05 +0000 (22:39 +0100)]
privsep: For Linux and Solaris, set RLIMIT_NOFILES to nevents

Because poll(2) returns EINVAL if nfds is higher.
This really blows chunks, but it is what it is.
An attacker could close a fd and open something else, but it's
the best we can do.

2 years agoprivsep: Fix bogus warnings without inet.
Roy Marples [Tue, 9 Jun 2020 19:36:22 +0000 (20:36 +0100)]
privsep: Fix bogus warnings without inet.

2 years agoprivsep: limit psr_datalen to SSIZE_MAX
Roy Marples [Tue, 9 Jun 2020 18:33:23 +0000 (19:33 +0100)]
privsep: limit psr_datalen to SSIZE_MAX

2 years agoprivsep: Implement a resource limited sandbox
Roy Marples [Tue, 9 Jun 2020 17:25:18 +0000 (18:25 +0100)]
privsep: Implement a resource limited sandbox

For systems without Capsicum or Pledge we can create a resource
limited sandbox provided that either ppoll(2) or works with
RLIMIT_NOFILES set to zero.

As far as dhcpcd is concerned, that means Linux and Solaris
won't work with this, but NetBSD and DragonFlyBSD will.

To achieve this, a special control proxy process will be spawned
just to accept new connections over the control socket because
this *cannot* be limited by RLIMIT_NOFILES.

2 years agoThis hook no longer exists
Roy Marples [Tue, 9 Jun 2020 16:56:03 +0000 (17:56 +0100)]
This hook no longer exists

2 years agologerr: buffer stderr as we now have many processes
Roy Marples [Tue, 9 Jun 2020 16:49:51 +0000 (17:49 +0100)]
logerr: buffer stderr as we now have many processes

2 years agoeloop: Fix making the initial event listener
Roy Marples [Tue, 9 Jun 2020 16:48:59 +0000 (17:48 +0100)]
eloop: Fix making the initial event listener

2 years agoeloop: Don't remove existing callbacks when adding events
Roy Marples [Mon, 8 Jun 2020 20:41:42 +0000 (21:41 +0100)]
eloop: Don't remove existing callbacks when adding events

While here, add some debug when dealing with many sockets.

2 years agoeloop: if we take a free event, add it to the main queue
Roy Marples [Sun, 7 Jun 2020 22:39:46 +0000 (23:39 +0100)]
eloop: if we take a free event, add it to the main queue

Otherwise it goes into the ether....

2 years agoRA: Abort if no state
Roy Marples [Sat, 6 Jun 2020 19:52:28 +0000 (20:52 +0100)]
RA: Abort if no state

We might have received data for an interface before
its been initialised.

2 years agoprivsep: Limit rights generically rather than Capsicum specifc
Roy Marples [Fri, 5 Jun 2020 19:24:21 +0000 (20:24 +0100)]
privsep: Limit rights generically rather than Capsicum specifc

You never know when another sandbox tech comes around.
While here, add limits for every socket in the unpriviledged
processes. Some were absent before.

Also, note that RLIMIT_NOFILE breaks our control socket so
temporary disable that.

2 years agoARP: gc stale function arp_cancel
Roy Marples [Fri, 5 Jun 2020 13:52:35 +0000 (14:52 +0100)]
ARP: gc stale function arp_cancel

2 years agoBSD: In privsep with no GIFALIAS support? getifaddrs over privsep
Roy Marples [Fri, 5 Jun 2020 13:39:06 +0000 (14:39 +0100)]
BSD: In privsep with no GIFALIAS support? getifaddrs over privsep

This makes the heavy weight call even more heavy weight :(

2 years agoLinux: more freeifaddrs
Roy Marples [Fri, 5 Jun 2020 13:28:27 +0000 (14:28 +0100)]
Linux: more freeifaddrs

2 years agoprivsep: Only use freeifaddrs if not using privsep
Roy Marples [Fri, 5 Jun 2020 13:20:55 +0000 (14:20 +0100)]
privsep: Only use freeifaddrs if not using privsep

2 years agoLinux: make resource limits work by using getifaddrs over privsep
Roy Marples [Fri, 5 Jun 2020 13:12:23 +0000 (14:12 +0100)]
Linux: make resource limits work by using getifaddrs over privsep

2 years agoLinux: resource limits don't easily work here either....
Roy Marples [Fri, 5 Jun 2020 12:51:51 +0000 (13:51 +0100)]
Linux: resource limits don't easily work here either....

2 years agoFreeBSD: Fix prior for capsicum as well.
Roy Marples [Fri, 5 Jun 2020 12:15:51 +0000 (13:15 +0100)]
FreeBSD: Fix prior for capsicum as well.

2 years agoOpenBSD: disable setting resource limits as we have pledge.
Roy Marples [Fri, 5 Jun 2020 12:02:32 +0000 (13:02 +0100)]
OpenBSD: disable setting resource limits as we have pledge.

2 years agoprivsep: Set resource limits when dropping privs
Roy Marples [Fri, 5 Jun 2020 11:24:44 +0000 (12:24 +0100)]
privsep: Set resource limits when dropping privs

Disables forking, new files, sockets and writing large files.

2 years agoif: Keep the PF_LINK socket open throughout
Roy Marples [Fri, 5 Jun 2020 11:23:51 +0000 (12:23 +0100)]
if: Keep the PF_LINK socket open throughout

Saves opening it and closing it each time we discover interfaces.

2 years agoprivsep: Remove pledges inet and dns from the master process
Roy Marples [Fri, 5 Jun 2020 10:12:21 +0000 (11:12 +0100)]
privsep: Remove pledges inet and dns from the master process

Achieved by adding IPC to ignore interfaces names based on
the interface group.

This means every process just pledges stdio for IPC which the
exception of the master process which also pledges route so it
can access the routing table.

2 years agoFix installing the embedded config as a file.
Roy Marples [Thu, 4 Jun 2020 20:49:37 +0000 (21:49 +0100)]
Fix installing the embedded config as a file.

2 years agoRelease dhcpcd-9.1.1 dhcpcd-9.1.1
Roy Marples [Thu, 4 Jun 2020 12:35:46 +0000 (13:35 +0100)]
Release dhcpcd-9.1.1

2 years agoprivsep: Remove this error masking as well.
Roy Marples [Thu, 4 Jun 2020 11:36:10 +0000 (12:36 +0100)]
privsep: Remove this error masking as well.

2 years agoprivsep: Log ECONNRESET errors again
Roy Marples [Thu, 4 Jun 2020 11:31:24 +0000 (12:31 +0100)]
privsep: Log ECONNRESET errors again

Now that we've improved the robustness of the IPC this is important.

2 years agoprivsep: Set buffer sizes before setting rights.
Roy Marples [Thu, 4 Jun 2020 11:22:40 +0000 (12:22 +0100)]
privsep: Set buffer sizes before setting rights.

2 years agoprivsep: Don't wait for the process to finish when stopping it
Roy Marples [Thu, 4 Jun 2020 11:15:20 +0000 (12:15 +0100)]
privsep: Don't wait for the process to finish when stopping it

Instead, wait on receipt of SIGCHLD so we're not blocked.

2 years agoFix warning for prior on Linux
Roy Marples [Thu, 4 Jun 2020 10:30:20 +0000 (11:30 +0100)]
Fix warning for prior on Linux

2 years agoprivsep: Fix returning indirect ioctl data
Roy Marples [Thu, 4 Jun 2020 10:25:11 +0000 (11:25 +0100)]
privsep: Fix returning indirect ioctl data

2 years agoeloop: Just use ppoll(2)
Roy Marples [Wed, 3 Jun 2020 22:30:08 +0000 (23:30 +0100)]
eloop: Just use ppoll(2)

epoll and kqueue are really too heavy weight.
With privsep, we now favour more processes for BPF and per address sockets.
As such, the number of fds to monitor will always be quite small.

All modern OS now have ppoll(2) (NetBSD has pollts, which is the same)
which works perfectly for us.
If neither are present, the a wrapper around pselect(2) is provided,
which can be found on all POSIX systems.

This makes the code a lot smaller and easier to follow.
The reduced binary size and memory usage is a nice win here.

2 years agoauth: Fix warning for non privsep builds
Roy Marples [Wed, 3 Jun 2020 22:12:59 +0000 (23:12 +0100)]
auth: Fix warning for non privsep builds

2 years agoprivsep: Access the RDM monotic file via IPC
Roy Marples [Tue, 2 Jun 2020 16:48:34 +0000 (17:48 +0100)]
privsep: Access the RDM monotic file via IPC

As we can't get at it in the chroot.
While here, harden the file.

2 years agoBSD: Ignore fwip(4)
Roy Marples [Tue, 2 Jun 2020 16:07:12 +0000 (17:07 +0100)]
BSD: Ignore fwip(4)