Mercurial > hg > dhcpcd
annotate src/privsep-bpf.c @ 5523:357fddea9365 draft
privsep: Close BPF socket on ENXIO.
This stops log spam if RTM_IFANNOUNCE is delayed for the departing
interface.
| author | Roy Marples <roy@marples.name> |
|---|---|
| date | Sun, 25 Oct 2020 15:30:13 +0000 |
| parents | 5aedb51585b6 |
| children | 99bfd2eb77ab |
| rev | line source |
|---|---|
|
4840
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
1 /* SPDX-License-Identifier: BSD-2-Clause */ |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
2 /* |
|
5060
4539ffcdd656
spelling: Correct both privilege and separation
Roy Marples <roy@marples.name>
parents:
5028
diff
changeset
|
3 * Privilege Separation BPF Initiator |
| 4922 | 4 * Copyright (c) 2006-2020 Roy Marples <roy@marples.name> |
|
4840
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
5 * All rights reserved |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
6 |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
7 * Redistribution and use in source and binary forms, with or without |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
8 * modification, are permitted provided that the following conditions |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
9 * are met: |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
10 * 1. Redistributions of source code must retain the above copyright |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
11 * notice, this list of conditions and the following disclaimer. |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
12 * 2. Redistributions in binary form must reproduce the above copyright |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
13 * notice, this list of conditions and the following disclaimer in the |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
14 * documentation and/or other materials provided with the distribution. |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
15 * |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
17 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
19 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
20 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
26 * SUCH DAMAGE. |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
27 */ |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
28 |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
29 #include <sys/socket.h> |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
30 #include <sys/types.h> |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
31 |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
32 /* Need these headers just for if_ether on some OS. */ |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
33 #ifndef __NetBSD__ |
|
4842
efc22a0dde81
Solaris: start privsep support
Roy Marples <roy@marples.name>
parents:
4840
diff
changeset
|
34 #include <net/if.h> |
|
4840
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
35 #include <net/if_arp.h> |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
36 #include <netinet/in.h> |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
37 #endif |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
38 #include <netinet/if_ether.h> |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
39 |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
40 #include <assert.h> |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
41 #include <pwd.h> |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
42 #include <errno.h> |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
43 #include <stdlib.h> |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
44 #include <string.h> |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
45 #include <unistd.h> |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
46 |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
47 #include "arp.h" |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
48 #include "bpf.h" |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
49 #include "dhcp.h" |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
50 #include "dhcp6.h" |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
51 #include "eloop.h" |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
52 #include "ipv6nd.h" |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
53 #include "logerr.h" |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
54 #include "privsep.h" |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
55 |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
56 static void |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
57 ps_bpf_recvbpf(void *arg) |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
58 { |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
59 struct ps_process *psp = arg; |
|
5231
a2c342295221
privsep: Enable Capsicum for all processes.
Roy Marples <roy@marples.name>
parents:
5229
diff
changeset
|
60 struct bpf *bpf = psp->psp_bpf; |
|
5261
33324d44a2e8
privsep: Pass BPF flags via ps_flags
Roy Marples <roy@marples.name>
parents:
5242
diff
changeset
|
61 uint8_t buf[FRAMELEN_MAX]; |
|
4840
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
62 ssize_t len; |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
63 struct ps_msghdr psm = { |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
64 .ps_id = psp->psp_id, |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
65 .ps_cmd = psp->psp_id.psi_cmd, |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
66 }; |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
67 |
|
5231
a2c342295221
privsep: Enable Capsicum for all processes.
Roy Marples <roy@marples.name>
parents:
5229
diff
changeset
|
68 bpf->bpf_flags &= ~BPF_EOF; |
|
4840
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
69 /* A BPF read can read more than one filtered packet at time. |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
70 * This mechanism allows us to read each packet from the buffer. */ |
|
5231
a2c342295221
privsep: Enable Capsicum for all processes.
Roy Marples <roy@marples.name>
parents:
5229
diff
changeset
|
71 while (!(bpf->bpf_flags & BPF_EOF)) { |
|
5261
33324d44a2e8
privsep: Pass BPF flags via ps_flags
Roy Marples <roy@marples.name>
parents:
5242
diff
changeset
|
72 len = bpf_read(bpf, buf, sizeof(buf)); |
|
5523
357fddea9365
privsep: Close BPF socket on ENXIO.
Roy Marples <roy@marples.name>
parents:
5505
diff
changeset
|
73 if (len == -1) { |
|
357fddea9365
privsep: Close BPF socket on ENXIO.
Roy Marples <roy@marples.name>
parents:
5505
diff
changeset
|
74 int error = errno; |
|
357fddea9365
privsep: Close BPF socket on ENXIO.
Roy Marples <roy@marples.name>
parents:
5505
diff
changeset
|
75 |
|
357fddea9365
privsep: Close BPF socket on ENXIO.
Roy Marples <roy@marples.name>
parents:
5505
diff
changeset
|
76 logerr("%s: %s", psp->psp_ifname, __func__); |
|
357fddea9365
privsep: Close BPF socket on ENXIO.
Roy Marples <roy@marples.name>
parents:
5505
diff
changeset
|
77 if (error != ENXIO) |
|
357fddea9365
privsep: Close BPF socket on ENXIO.
Roy Marples <roy@marples.name>
parents:
5505
diff
changeset
|
78 break; |
|
357fddea9365
privsep: Close BPF socket on ENXIO.
Roy Marples <roy@marples.name>
parents:
5505
diff
changeset
|
79 /* If the interface has departed, close the BPF |
|
357fddea9365
privsep: Close BPF socket on ENXIO.
Roy Marples <roy@marples.name>
parents:
5505
diff
changeset
|
80 * socket. This stops log spam if RTM_IFANNOUNCE is |
|
357fddea9365
privsep: Close BPF socket on ENXIO.
Roy Marples <roy@marples.name>
parents:
5505
diff
changeset
|
81 * delayed in announcing the departing interface. */ |
|
357fddea9365
privsep: Close BPF socket on ENXIO.
Roy Marples <roy@marples.name>
parents:
5505
diff
changeset
|
82 eloop_event_delete(psp->psp_ctx->eloop, bpf->bpf_fd); |
|
357fddea9365
privsep: Close BPF socket on ENXIO.
Roy Marples <roy@marples.name>
parents:
5505
diff
changeset
|
83 bpf_close(bpf); |
|
357fddea9365
privsep: Close BPF socket on ENXIO.
Roy Marples <roy@marples.name>
parents:
5505
diff
changeset
|
84 psp->psp_bpf = NULL; |
|
357fddea9365
privsep: Close BPF socket on ENXIO.
Roy Marples <roy@marples.name>
parents:
5505
diff
changeset
|
85 break; |
|
357fddea9365
privsep: Close BPF socket on ENXIO.
Roy Marples <roy@marples.name>
parents:
5505
diff
changeset
|
86 } |
|
357fddea9365
privsep: Close BPF socket on ENXIO.
Roy Marples <roy@marples.name>
parents:
5505
diff
changeset
|
87 if (len == 0) |
|
4840
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
88 break; |
|
5261
33324d44a2e8
privsep: Pass BPF flags via ps_flags
Roy Marples <roy@marples.name>
parents:
5242
diff
changeset
|
89 psm.ps_flags = bpf->bpf_flags; |
|
4840
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
90 len = ps_sendpsmdata(psp->psp_ctx, psp->psp_ctx->ps_data_fd, |
|
5264
868ac20cdbad
Fix some memory issues with prior
Roy Marples <roy@marples.name>
parents:
5261
diff
changeset
|
91 &psm, buf, (size_t)len); |
|
5306
d10b3ad73215
privsep: Log ECONNRESET errors again
Roy Marples <roy@marples.name>
parents:
5264
diff
changeset
|
92 if (len == -1) |
|
4840
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
93 logerr(__func__); |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
94 if (len == -1 || len == 0) |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
95 break; |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
96 } |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
97 } |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
98 |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
99 static ssize_t |
|
5242
0dd9b7f7cf6b
privsep: Ensure we don't scribble garbage to BPF
Roy Marples <roy@marples.name>
parents:
5240
diff
changeset
|
100 ps_bpf_recvmsgcb(void *arg, struct ps_msghdr *psm, struct msghdr *msg) |
|
4840
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
101 { |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
102 struct ps_process *psp = arg; |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
103 struct iovec *iov = msg->msg_iov; |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
104 |
|
5242
0dd9b7f7cf6b
privsep: Ensure we don't scribble garbage to BPF
Roy Marples <roy@marples.name>
parents:
5240
diff
changeset
|
105 #ifdef PRIVSEP_DEBUG |
|
0dd9b7f7cf6b
privsep: Ensure we don't scribble garbage to BPF
Roy Marples <roy@marples.name>
parents:
5240
diff
changeset
|
106 logerrx("%s: IN cmd %x, psp %p", __func__, psm->ps_cmd, psp); |
|
0dd9b7f7cf6b
privsep: Ensure we don't scribble garbage to BPF
Roy Marples <roy@marples.name>
parents:
5240
diff
changeset
|
107 #endif |
|
0dd9b7f7cf6b
privsep: Ensure we don't scribble garbage to BPF
Roy Marples <roy@marples.name>
parents:
5240
diff
changeset
|
108 |
|
0dd9b7f7cf6b
privsep: Ensure we don't scribble garbage to BPF
Roy Marples <roy@marples.name>
parents:
5240
diff
changeset
|
109 switch(psm->ps_cmd) { |
|
0dd9b7f7cf6b
privsep: Ensure we don't scribble garbage to BPF
Roy Marples <roy@marples.name>
parents:
5240
diff
changeset
|
110 #ifdef ARP |
|
0dd9b7f7cf6b
privsep: Ensure we don't scribble garbage to BPF
Roy Marples <roy@marples.name>
parents:
5240
diff
changeset
|
111 case PS_BPF_ARP: /* FALLTHROUGH */ |
|
0dd9b7f7cf6b
privsep: Ensure we don't scribble garbage to BPF
Roy Marples <roy@marples.name>
parents:
5240
diff
changeset
|
112 #endif |
|
0dd9b7f7cf6b
privsep: Ensure we don't scribble garbage to BPF
Roy Marples <roy@marples.name>
parents:
5240
diff
changeset
|
113 case PS_BPF_BOOTP: |
|
0dd9b7f7cf6b
privsep: Ensure we don't scribble garbage to BPF
Roy Marples <roy@marples.name>
parents:
5240
diff
changeset
|
114 break; |
|
0dd9b7f7cf6b
privsep: Ensure we don't scribble garbage to BPF
Roy Marples <roy@marples.name>
parents:
5240
diff
changeset
|
115 default: |
|
0dd9b7f7cf6b
privsep: Ensure we don't scribble garbage to BPF
Roy Marples <roy@marples.name>
parents:
5240
diff
changeset
|
116 /* IPC failure, we should not be processing any commands |
|
0dd9b7f7cf6b
privsep: Ensure we don't scribble garbage to BPF
Roy Marples <roy@marples.name>
parents:
5240
diff
changeset
|
117 * at this point!/ */ |
|
0dd9b7f7cf6b
privsep: Ensure we don't scribble garbage to BPF
Roy Marples <roy@marples.name>
parents:
5240
diff
changeset
|
118 errno = EINVAL; |
|
0dd9b7f7cf6b
privsep: Ensure we don't scribble garbage to BPF
Roy Marples <roy@marples.name>
parents:
5240
diff
changeset
|
119 return -1; |
|
0dd9b7f7cf6b
privsep: Ensure we don't scribble garbage to BPF
Roy Marples <roy@marples.name>
parents:
5240
diff
changeset
|
120 } |
|
0dd9b7f7cf6b
privsep: Ensure we don't scribble garbage to BPF
Roy Marples <roy@marples.name>
parents:
5240
diff
changeset
|
121 |
|
5523
357fddea9365
privsep: Close BPF socket on ENXIO.
Roy Marples <roy@marples.name>
parents:
5505
diff
changeset
|
122 /* We might have had an earlier ENXIO error. */ |
|
357fddea9365
privsep: Close BPF socket on ENXIO.
Roy Marples <roy@marples.name>
parents:
5505
diff
changeset
|
123 if (psp->psp_bpf == NULL) { |
|
357fddea9365
privsep: Close BPF socket on ENXIO.
Roy Marples <roy@marples.name>
parents:
5505
diff
changeset
|
124 errno = ENXIO; |
|
357fddea9365
privsep: Close BPF socket on ENXIO.
Roy Marples <roy@marples.name>
parents:
5505
diff
changeset
|
125 return -1; |
|
357fddea9365
privsep: Close BPF socket on ENXIO.
Roy Marples <roy@marples.name>
parents:
5505
diff
changeset
|
126 } |
|
357fddea9365
privsep: Close BPF socket on ENXIO.
Roy Marples <roy@marples.name>
parents:
5505
diff
changeset
|
127 |
|
5231
a2c342295221
privsep: Enable Capsicum for all processes.
Roy Marples <roy@marples.name>
parents:
5229
diff
changeset
|
128 return bpf_send(psp->psp_bpf, psp->psp_proto, |
|
4840
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
129 iov->iov_base, iov->iov_len); |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
130 } |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
131 |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
132 static void |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
133 ps_bpf_recvmsg(void *arg) |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
134 { |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
135 struct ps_process *psp = arg; |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
136 |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
137 if (ps_recvpsmsg(psp->psp_ctx, psp->psp_fd, |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
138 ps_bpf_recvmsgcb, arg) == -1) |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
139 logerr(__func__); |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
140 } |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
141 |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
142 static int |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
143 ps_bpf_start_bpf(void *arg) |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
144 { |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
145 struct ps_process *psp = arg; |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
146 struct dhcpcd_ctx *ctx = psp->psp_ctx; |
|
5231
a2c342295221
privsep: Enable Capsicum for all processes.
Roy Marples <roy@marples.name>
parents:
5229
diff
changeset
|
147 char *addr; |
|
a2c342295221
privsep: Enable Capsicum for all processes.
Roy Marples <roy@marples.name>
parents:
5229
diff
changeset
|
148 struct in_addr *ia = &psp->psp_id.psi_addr.psa_in_addr; |
|
4840
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
149 |
|
5231
a2c342295221
privsep: Enable Capsicum for all processes.
Roy Marples <roy@marples.name>
parents:
5229
diff
changeset
|
150 if (ia->s_addr == INADDR_ANY) { |
|
a2c342295221
privsep: Enable Capsicum for all processes.
Roy Marples <roy@marples.name>
parents:
5229
diff
changeset
|
151 ia = NULL; |
|
a2c342295221
privsep: Enable Capsicum for all processes.
Roy Marples <roy@marples.name>
parents:
5229
diff
changeset
|
152 addr = NULL; |
|
a2c342295221
privsep: Enable Capsicum for all processes.
Roy Marples <roy@marples.name>
parents:
5229
diff
changeset
|
153 } else |
|
a2c342295221
privsep: Enable Capsicum for all processes.
Roy Marples <roy@marples.name>
parents:
5229
diff
changeset
|
154 addr = inet_ntoa(*ia); |
|
a2c342295221
privsep: Enable Capsicum for all processes.
Roy Marples <roy@marples.name>
parents:
5229
diff
changeset
|
155 setproctitle("[BPF %s] %s%s%s", psp->psp_protostr, psp->psp_ifname, |
|
a2c342295221
privsep: Enable Capsicum for all processes.
Roy Marples <roy@marples.name>
parents:
5229
diff
changeset
|
156 addr != NULL ? " " : "", addr != NULL ? addr : ""); |
|
4840
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
157 ps_freeprocesses(ctx, psp); |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
158 |
|
5231
a2c342295221
privsep: Enable Capsicum for all processes.
Roy Marples <roy@marples.name>
parents:
5229
diff
changeset
|
159 psp->psp_bpf = bpf_open(&psp->psp_ifp, psp->psp_filter, ia); |
|
a2c342295221
privsep: Enable Capsicum for all processes.
Roy Marples <roy@marples.name>
parents:
5229
diff
changeset
|
160 if (psp->psp_bpf == NULL) |
|
4840
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
161 logerr("%s: bpf_open",__func__); |
|
5495
3332f8a99658
privsep: Remove capsicum specific hooks from BPF
Roy Marples <roy@marples.name>
parents:
5487
diff
changeset
|
162 #ifdef PRIVSEP_RIGHTS |
|
3332f8a99658
privsep: Remove capsicum specific hooks from BPF
Roy Marples <roy@marples.name>
parents:
5487
diff
changeset
|
163 else if (ps_rights_limit_fd(psp->psp_bpf->bpf_fd) == -1) |
|
3332f8a99658
privsep: Remove capsicum specific hooks from BPF
Roy Marples <roy@marples.name>
parents:
5487
diff
changeset
|
164 logerr("%s: ps_rights_limit_fd", __func__); |
|
5197
b02566d71169
privsep: Enable capsicum for network facing processes
Roy Marples <roy@marples.name>
parents:
5073
diff
changeset
|
165 #endif |
|
4840
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
166 else if (eloop_event_add(ctx->eloop, |
|
5231
a2c342295221
privsep: Enable Capsicum for all processes.
Roy Marples <roy@marples.name>
parents:
5229
diff
changeset
|
167 psp->psp_bpf->bpf_fd, ps_bpf_recvbpf, psp) == -1) |
|
4840
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
168 logerr("%s: eloop_event_add", __func__); |
|
5231
a2c342295221
privsep: Enable Capsicum for all processes.
Roy Marples <roy@marples.name>
parents:
5229
diff
changeset
|
169 else { |
|
a2c342295221
privsep: Enable Capsicum for all processes.
Roy Marples <roy@marples.name>
parents:
5229
diff
changeset
|
170 psp->psp_work_fd = psp->psp_bpf->bpf_fd; |
|
4840
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
171 return 0; |
|
5231
a2c342295221
privsep: Enable Capsicum for all processes.
Roy Marples <roy@marples.name>
parents:
5229
diff
changeset
|
172 } |
|
4840
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
173 |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
174 eloop_exit(ctx->eloop, EXIT_FAILURE); |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
175 return -1; |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
176 } |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
177 |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
178 ssize_t |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
179 ps_bpf_cmd(struct dhcpcd_ctx *ctx, struct ps_msghdr *psm, struct msghdr *msg) |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
180 { |
|
5207
84b63f09c8a4
privsep: Handle all file IO in the Priviledged Actioneer
Roy Marples <roy@marples.name>
parents:
5204
diff
changeset
|
181 uint16_t cmd; |
|
4840
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
182 struct ps_process *psp; |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
183 pid_t start; |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
184 struct iovec *iov = msg->msg_iov; |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
185 struct interface *ifp; |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
186 |
|
5207
84b63f09c8a4
privsep: Handle all file IO in the Priviledged Actioneer
Roy Marples <roy@marples.name>
parents:
5204
diff
changeset
|
187 cmd = (uint16_t)(psm->ps_cmd & ~(PS_START | PS_STOP)); |
|
4840
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
188 psp = ps_findprocess(ctx, &psm->ps_id); |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
189 |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
190 #ifdef PRIVSEP_DEBUG |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
191 logerrx("%s: IN cmd %x, psp %p", __func__, psm->ps_cmd, psp); |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
192 #endif |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
193 |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
194 switch (cmd) { |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
195 #ifdef ARP |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
196 case PS_BPF_ARP: /* FALLTHROUGH */ |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
197 #endif |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
198 case PS_BPF_BOOTP: |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
199 break; |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
200 default: |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
201 logerrx("%s: unknown command %x", __func__, psm->ps_cmd); |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
202 errno = ENOTSUP; |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
203 return -1; |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
204 } |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
205 |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
206 if (!(psm->ps_cmd & PS_START)) { |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
207 errno = EINVAL; |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
208 return -1; |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
209 } |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
210 |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
211 if (psp != NULL) |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
212 return 1; |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
213 |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
214 psp = ps_newprocess(ctx, &psm->ps_id); |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
215 if (psp == NULL) |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
216 return -1; |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
217 |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
218 ifp = &psp->psp_ifp; |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
219 assert(msg->msg_iovlen == 1); |
|
4865
a9f942033a87
privsep: Fix an assertation
Roy Marples <roy@marples.name>
parents:
4854
diff
changeset
|
220 assert(iov->iov_len == sizeof(*ifp)); |
|
4840
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
221 memcpy(ifp, iov->iov_base, sizeof(*ifp)); |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
222 ifp->ctx = psp->psp_ctx; |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
223 ifp->options = NULL; |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
224 memset(ifp->if_data, 0, sizeof(ifp->if_data)); |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
225 |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
226 memcpy(psp->psp_ifname, ifp->name, sizeof(psp->psp_ifname)); |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
227 |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
228 switch (cmd) { |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
229 #ifdef ARP |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
230 case PS_BPF_ARP: |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
231 psp->psp_proto = ETHERTYPE_ARP; |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
232 psp->psp_protostr = "ARP"; |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
233 psp->psp_filter = bpf_arp; |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
234 break; |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
235 #endif |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
236 case PS_BPF_BOOTP: |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
237 psp->psp_proto = ETHERTYPE_IP; |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
238 psp->psp_protostr = "BOOTP"; |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
239 psp->psp_filter = bpf_bootp; |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
240 break; |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
241 } |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
242 |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
243 start = ps_dostart(ctx, |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
244 &psp->psp_pid, &psp->psp_fd, |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
245 ps_bpf_recvmsg, NULL, psp, |
|
5425
9edfc000a89b
privsep: Only the master process accepts signals
Roy Marples <roy@marples.name>
parents:
5371
diff
changeset
|
246 ps_bpf_start_bpf, NULL, |
|
5228
82c7e8204e9b
BPF: Set write filters where supported
Roy Marples <roy@marples.name>
parents:
5207
diff
changeset
|
247 PSF_DROPPRIVS); |
|
4840
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
248 switch (start) { |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
249 case -1: |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
250 ps_freeprocess(psp); |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
251 return -1; |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
252 case 0: |
|
5462
6e80b8c6f70c
privsep: Log if the platform sandbox is unavailable or available
Roy Marples <roy@marples.name>
parents:
5459
diff
changeset
|
253 ps_entersandbox("stdio", NULL); |
|
4840
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
254 break; |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
255 default: |
|
4854
def5c1de1e16
privsep: guard spawn debug messages behind PRIVSEP_DEBUG
Roy Marples <roy@marples.name>
parents:
4842
diff
changeset
|
256 #ifdef PRIVSEP_DEBUG |
|
4840
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
257 logdebugx("%s: spawned BPF %s on PID %d", |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
258 psp->psp_ifname, psp->psp_protostr, start); |
|
4854
def5c1de1e16
privsep: guard spawn debug messages behind PRIVSEP_DEBUG
Roy Marples <roy@marples.name>
parents:
4842
diff
changeset
|
259 #endif |
|
4840
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
260 break; |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
261 } |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
262 return start; |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
263 } |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
264 |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
265 ssize_t |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
266 ps_bpf_dispatch(struct dhcpcd_ctx *ctx, |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
267 struct ps_msghdr *psm, struct msghdr *msg) |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
268 { |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
269 struct iovec *iov = msg->msg_iov; |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
270 struct interface *ifp; |
| 5234 | 271 uint8_t *bpf; |
|
5231
a2c342295221
privsep: Enable Capsicum for all processes.
Roy Marples <roy@marples.name>
parents:
5229
diff
changeset
|
272 size_t bpf_len; |
|
4840
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
273 |
|
5505
5aedb51585b6
privsep: Ensure command is for BPF first and interface valid second
Roy Marples <roy@marples.name>
parents:
5495
diff
changeset
|
274 switch (psm->ps_cmd) { |
|
5aedb51585b6
privsep: Ensure command is for BPF first and interface valid second
Roy Marples <roy@marples.name>
parents:
5495
diff
changeset
|
275 #ifdef ARP |
|
5aedb51585b6
privsep: Ensure command is for BPF first and interface valid second
Roy Marples <roy@marples.name>
parents:
5495
diff
changeset
|
276 case PS_BPF_ARP: |
|
5aedb51585b6
privsep: Ensure command is for BPF first and interface valid second
Roy Marples <roy@marples.name>
parents:
5495
diff
changeset
|
277 #endif |
|
5aedb51585b6
privsep: Ensure command is for BPF first and interface valid second
Roy Marples <roy@marples.name>
parents:
5495
diff
changeset
|
278 case PS_BPF_BOOTP: |
|
5aedb51585b6
privsep: Ensure command is for BPF first and interface valid second
Roy Marples <roy@marples.name>
parents:
5495
diff
changeset
|
279 break; |
|
5aedb51585b6
privsep: Ensure command is for BPF first and interface valid second
Roy Marples <roy@marples.name>
parents:
5495
diff
changeset
|
280 default: |
|
5aedb51585b6
privsep: Ensure command is for BPF first and interface valid second
Roy Marples <roy@marples.name>
parents:
5495
diff
changeset
|
281 errno = ENOTSUP; |
|
5aedb51585b6
privsep: Ensure command is for BPF first and interface valid second
Roy Marples <roy@marples.name>
parents:
5495
diff
changeset
|
282 return -1; |
|
5aedb51585b6
privsep: Ensure command is for BPF first and interface valid second
Roy Marples <roy@marples.name>
parents:
5495
diff
changeset
|
283 } |
|
5aedb51585b6
privsep: Ensure command is for BPF first and interface valid second
Roy Marples <roy@marples.name>
parents:
5495
diff
changeset
|
284 |
|
4840
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
285 ifp = if_findindex(ctx->ifaces, psm->ps_id.psi_ifindex); |
|
5487
23f35ea1a34a
privsep: fix crash when interface departs before bpf returns for it
Roy Marples <roy@marples.name>
parents:
5465
diff
changeset
|
286 /* interface may have departed .... */ |
|
23f35ea1a34a
privsep: fix crash when interface departs before bpf returns for it
Roy Marples <roy@marples.name>
parents:
5465
diff
changeset
|
287 if (ifp == NULL) |
|
23f35ea1a34a
privsep: fix crash when interface departs before bpf returns for it
Roy Marples <roy@marples.name>
parents:
5465
diff
changeset
|
288 return -1; |
|
23f35ea1a34a
privsep: fix crash when interface departs before bpf returns for it
Roy Marples <roy@marples.name>
parents:
5465
diff
changeset
|
289 |
|
5231
a2c342295221
privsep: Enable Capsicum for all processes.
Roy Marples <roy@marples.name>
parents:
5229
diff
changeset
|
290 bpf = iov->iov_base; |
|
a2c342295221
privsep: Enable Capsicum for all processes.
Roy Marples <roy@marples.name>
parents:
5229
diff
changeset
|
291 bpf_len = iov->iov_len; |
|
4840
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
292 |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
293 switch (psm->ps_cmd) { |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
294 #ifdef ARP |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
295 case PS_BPF_ARP: |
|
5261
33324d44a2e8
privsep: Pass BPF flags via ps_flags
Roy Marples <roy@marples.name>
parents:
5242
diff
changeset
|
296 arp_packet(ifp, bpf, bpf_len, (unsigned int)psm->ps_flags); |
|
4840
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
297 break; |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
298 #endif |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
299 case PS_BPF_BOOTP: |
|
5261
33324d44a2e8
privsep: Pass BPF flags via ps_flags
Roy Marples <roy@marples.name>
parents:
5242
diff
changeset
|
300 dhcp_packet(ifp, bpf, bpf_len, (unsigned int)psm->ps_flags); |
|
4840
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
301 break; |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
302 } |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
303 |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
304 return 1; |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
305 } |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
306 |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
307 static ssize_t |
|
5231
a2c342295221
privsep: Enable Capsicum for all processes.
Roy Marples <roy@marples.name>
parents:
5229
diff
changeset
|
308 ps_bpf_send(const struct interface *ifp, const struct in_addr *ia, |
|
a2c342295221
privsep: Enable Capsicum for all processes.
Roy Marples <roy@marples.name>
parents:
5229
diff
changeset
|
309 uint16_t cmd, const void *data, size_t len) |
|
4840
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
310 { |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
311 struct dhcpcd_ctx *ctx = ifp->ctx; |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
312 struct ps_msghdr psm = { |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
313 .ps_cmd = cmd, |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
314 .ps_id = { |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
315 .psi_ifindex = ifp->index, |
|
5231
a2c342295221
privsep: Enable Capsicum for all processes.
Roy Marples <roy@marples.name>
parents:
5229
diff
changeset
|
316 .psi_cmd = (uint8_t)(cmd & ~(PS_START | PS_STOP)), |
|
4840
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
317 }, |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
318 }; |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
319 |
|
5231
a2c342295221
privsep: Enable Capsicum for all processes.
Roy Marples <roy@marples.name>
parents:
5229
diff
changeset
|
320 if (ia != NULL) |
|
a2c342295221
privsep: Enable Capsicum for all processes.
Roy Marples <roy@marples.name>
parents:
5229
diff
changeset
|
321 psm.ps_id.psi_addr.psa_in_addr = *ia; |
|
4868
119c8986dfc8
privsep: Enable ARP BPF filtering for interesting addresses
Roy Marples <roy@marples.name>
parents:
4865
diff
changeset
|
322 |
|
4840
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
323 return ps_sendpsmdata(ctx, ctx->ps_root_fd, &psm, data, len); |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
324 } |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
325 |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
326 #ifdef ARP |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
327 ssize_t |
|
5231
a2c342295221
privsep: Enable Capsicum for all processes.
Roy Marples <roy@marples.name>
parents:
5229
diff
changeset
|
328 ps_bpf_openarp(const struct interface *ifp, const struct in_addr *ia) |
|
4840
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
329 { |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
330 |
|
5231
a2c342295221
privsep: Enable Capsicum for all processes.
Roy Marples <roy@marples.name>
parents:
5229
diff
changeset
|
331 assert(ia != NULL); |
|
a2c342295221
privsep: Enable Capsicum for all processes.
Roy Marples <roy@marples.name>
parents:
5229
diff
changeset
|
332 return ps_bpf_send(ifp, ia, PS_BPF_ARP | PS_START, |
|
a2c342295221
privsep: Enable Capsicum for all processes.
Roy Marples <roy@marples.name>
parents:
5229
diff
changeset
|
333 ifp, sizeof(*ifp)); |
|
4868
119c8986dfc8
privsep: Enable ARP BPF filtering for interesting addresses
Roy Marples <roy@marples.name>
parents:
4865
diff
changeset
|
334 } |
|
119c8986dfc8
privsep: Enable ARP BPF filtering for interesting addresses
Roy Marples <roy@marples.name>
parents:
4865
diff
changeset
|
335 |
|
119c8986dfc8
privsep: Enable ARP BPF filtering for interesting addresses
Roy Marples <roy@marples.name>
parents:
4865
diff
changeset
|
336 ssize_t |
|
5231
a2c342295221
privsep: Enable Capsicum for all processes.
Roy Marples <roy@marples.name>
parents:
5229
diff
changeset
|
337 ps_bpf_closearp(const struct interface *ifp, const struct in_addr *ia) |
|
4868
119c8986dfc8
privsep: Enable ARP BPF filtering for interesting addresses
Roy Marples <roy@marples.name>
parents:
4865
diff
changeset
|
338 { |
|
119c8986dfc8
privsep: Enable ARP BPF filtering for interesting addresses
Roy Marples <roy@marples.name>
parents:
4865
diff
changeset
|
339 |
|
5231
a2c342295221
privsep: Enable Capsicum for all processes.
Roy Marples <roy@marples.name>
parents:
5229
diff
changeset
|
340 return ps_bpf_send(ifp, ia, PS_BPF_ARP | PS_STOP, NULL, 0); |
|
4868
119c8986dfc8
privsep: Enable ARP BPF filtering for interesting addresses
Roy Marples <roy@marples.name>
parents:
4865
diff
changeset
|
341 } |
|
119c8986dfc8
privsep: Enable ARP BPF filtering for interesting addresses
Roy Marples <roy@marples.name>
parents:
4865
diff
changeset
|
342 |
|
119c8986dfc8
privsep: Enable ARP BPF filtering for interesting addresses
Roy Marples <roy@marples.name>
parents:
4865
diff
changeset
|
343 ssize_t |
|
5231
a2c342295221
privsep: Enable Capsicum for all processes.
Roy Marples <roy@marples.name>
parents:
5229
diff
changeset
|
344 ps_bpf_sendarp(const struct interface *ifp, const struct in_addr *ia, |
|
a2c342295221
privsep: Enable Capsicum for all processes.
Roy Marples <roy@marples.name>
parents:
5229
diff
changeset
|
345 const void *data, size_t len) |
|
4840
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
346 { |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
347 |
|
5231
a2c342295221
privsep: Enable Capsicum for all processes.
Roy Marples <roy@marples.name>
parents:
5229
diff
changeset
|
348 assert(ia != NULL); |
|
a2c342295221
privsep: Enable Capsicum for all processes.
Roy Marples <roy@marples.name>
parents:
5229
diff
changeset
|
349 return ps_bpf_send(ifp, ia, PS_BPF_ARP, data, len); |
|
4840
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
350 } |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
351 #endif |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
352 |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
353 ssize_t |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
354 ps_bpf_openbootp(const struct interface *ifp) |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
355 { |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
356 |
|
5231
a2c342295221
privsep: Enable Capsicum for all processes.
Roy Marples <roy@marples.name>
parents:
5229
diff
changeset
|
357 return ps_bpf_send(ifp, NULL, PS_BPF_BOOTP | PS_START, |
|
a2c342295221
privsep: Enable Capsicum for all processes.
Roy Marples <roy@marples.name>
parents:
5229
diff
changeset
|
358 ifp, sizeof(*ifp)); |
|
4840
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
359 } |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
360 |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
361 ssize_t |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
362 ps_bpf_closebootp(const struct interface *ifp) |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
363 { |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
364 |
|
5231
a2c342295221
privsep: Enable Capsicum for all processes.
Roy Marples <roy@marples.name>
parents:
5229
diff
changeset
|
365 return ps_bpf_send(ifp, NULL, PS_BPF_BOOTP | PS_STOP, NULL, 0); |
|
4840
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
366 } |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
367 |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
368 ssize_t |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
369 ps_bpf_sendbootp(const struct interface *ifp, const void *data, size_t len) |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
370 { |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
371 |
|
5231
a2c342295221
privsep: Enable Capsicum for all processes.
Roy Marples <roy@marples.name>
parents:
5229
diff
changeset
|
372 return ps_bpf_send(ifp, NULL, PS_BPF_BOOTP, data, len); |
|
4840
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
373 } |