annotate src/privsep-root.c @ 5526:b1a3d9055662 draft

privsep: Allow logfile reopening in a chroot Now that only the privileged actioneer does the actual logging we can safely reopen the file we are logging to. This also closes and re-opens the syslog connection.
author Roy Marples <roy@marples.name>
date Fri, 30 Oct 2020 14:19:16 +0000
parents 26b5d9bc2985
children 071a9ea18363
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
4840
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
1 /* SPDX-License-Identifier: BSD-2-Clause */
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
2 /*
5060
4539ffcdd656 spelling: Correct both privilege and separation
Roy Marples <roy@marples.name>
parents: 4997
diff changeset
3 * Privilege Separation for dhcpcd, privileged actioneer
4922
555d7d1a4939 Welcome to 2020!
Roy Marples <roy@marples.name>
parents: 4868
diff changeset
4 * Copyright (c) 2006-2020 Roy Marples <roy@marples.name>
4840
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
5 * All rights reserved
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
6
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
7 * Redistribution and use in source and binary forms, with or without
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
8 * modification, are permitted provided that the following conditions
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
9 * are met:
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
10 * 1. Redistributions of source code must retain the above copyright
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
11 * notice, this list of conditions and the following disclaimer.
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
12 * 2. Redistributions in binary form must reproduce the above copyright
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
13 * notice, this list of conditions and the following disclaimer in the
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
14 * documentation and/or other materials provided with the distribution.
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
15 *
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
17 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
19 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
20 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
26 * SUCH DAMAGE.
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
27 */
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
28
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
29 #include <sys/ioctl.h>
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
30 #include <sys/socket.h>
4991
45bd88c307ed privsep: copy configuration file into chroot
Roy Marples <roy@marples.name>
parents: 4989
diff changeset
31 #include <sys/stat.h>
45bd88c307ed privsep: copy configuration file into chroot
Roy Marples <roy@marples.name>
parents: 4989
diff changeset
32 #include <sys/time.h>
4840
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
33 #include <sys/types.h>
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
34 #include <sys/wait.h>
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
35
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
36 #include <assert.h>
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
37 #include <errno.h>
4991
45bd88c307ed privsep: copy configuration file into chroot
Roy Marples <roy@marples.name>
parents: 4989
diff changeset
38 #include <fcntl.h>
45bd88c307ed privsep: copy configuration file into chroot
Roy Marples <roy@marples.name>
parents: 4989
diff changeset
39 #include <pwd.h>
4840
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
40 #include <signal.h>
5231
a2c342295221 privsep: Enable Capsicum for all processes.
Roy Marples <roy@marples.name>
parents: 5225
diff changeset
41 #include <stddef.h>
4840
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
42 #include <stdlib.h>
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
43 #include <string.h>
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
44 #include <unistd.h>
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
45
5299
b7e676ac73c1 privsep: Access the RDM monotic file via IPC
Roy Marples <roy@marples.name>
parents: 5297
diff changeset
46 #include "auth.h"
4840
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
47 #include "common.h"
5260
7571d82b48da privsep: Allow dev plugins to work
Roy Marples <roy@marples.name>
parents: 5258
diff changeset
48 #include "dev.h"
4840
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
49 #include "dhcpcd.h"
5231
a2c342295221 privsep: Enable Capsicum for all processes.
Roy Marples <roy@marples.name>
parents: 5225
diff changeset
50 #include "dhcp6.h"
4840
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
51 #include "eloop.h"
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
52 #include "if.h"
5231
a2c342295221 privsep: Enable Capsicum for all processes.
Roy Marples <roy@marples.name>
parents: 5225
diff changeset
53 #include "ipv6nd.h"
4840
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
54 #include "logerr.h"
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
55 #include "privsep.h"
5223
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
56 #include "sa.h"
4840
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
57 #include "script.h"
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
58
4948
b664b38faf10 ioctl: The POSIX signature differs from BSD and glibc
Roy Marples <roy@marples.name>
parents: 4922
diff changeset
59 __CTASSERT(sizeof(ioctl_request_t) <= sizeof(unsigned long));
b664b38faf10 ioctl: The POSIX signature differs from BSD and glibc
Roy Marples <roy@marples.name>
parents: 4922
diff changeset
60
4840
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
61 struct psr_error
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
62 {
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
63 ssize_t psr_result;
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
64 int psr_errno;
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
65 char psr_pad[sizeof(ssize_t) - sizeof(int)];
5223
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
66 size_t psr_datalen;
4840
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
67 };
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
68
4851
b615d58905ad privsep: Use another eloop instead of a blocking read.
Roy Marples <roy@marples.name>
parents: 4844
diff changeset
69 struct psr_ctx {
b615d58905ad privsep: Use another eloop instead of a blocking read.
Roy Marples <roy@marples.name>
parents: 4844
diff changeset
70 struct dhcpcd_ctx *psr_ctx;
b615d58905ad privsep: Use another eloop instead of a blocking read.
Roy Marples <roy@marples.name>
parents: 4844
diff changeset
71 struct psr_error psr_error;
5202
318cd9e48312 privsep: Copy back ioctl data
Roy Marples <roy@marples.name>
parents: 5183
diff changeset
72 size_t psr_datalen;
318cd9e48312 privsep: Copy back ioctl data
Roy Marples <roy@marples.name>
parents: 5183
diff changeset
73 void *psr_data;
4851
b615d58905ad privsep: Use another eloop instead of a blocking read.
Roy Marples <roy@marples.name>
parents: 4844
diff changeset
74 };
b615d58905ad privsep: Use another eloop instead of a blocking read.
Roy Marples <roy@marples.name>
parents: 4844
diff changeset
75
b615d58905ad privsep: Use another eloop instead of a blocking read.
Roy Marples <roy@marples.name>
parents: 4844
diff changeset
76 static void
b615d58905ad privsep: Use another eloop instead of a blocking read.
Roy Marples <roy@marples.name>
parents: 4844
diff changeset
77 ps_root_readerrorcb(void *arg)
b615d58905ad privsep: Use another eloop instead of a blocking read.
Roy Marples <roy@marples.name>
parents: 4844
diff changeset
78 {
b615d58905ad privsep: Use another eloop instead of a blocking read.
Roy Marples <roy@marples.name>
parents: 4844
diff changeset
79 struct psr_ctx *psr_ctx = arg;
b615d58905ad privsep: Use another eloop instead of a blocking read.
Roy Marples <roy@marples.name>
parents: 4844
diff changeset
80 struct dhcpcd_ctx *ctx = psr_ctx->psr_ctx;
b615d58905ad privsep: Use another eloop instead of a blocking read.
Roy Marples <roy@marples.name>
parents: 4844
diff changeset
81 struct psr_error *psr_error = &psr_ctx->psr_error;
5202
318cd9e48312 privsep: Copy back ioctl data
Roy Marples <roy@marples.name>
parents: 5183
diff changeset
82 struct iovec iov[] = {
318cd9e48312 privsep: Copy back ioctl data
Roy Marples <roy@marples.name>
parents: 5183
diff changeset
83 { .iov_base = psr_error, .iov_len = sizeof(*psr_error) },
318cd9e48312 privsep: Copy back ioctl data
Roy Marples <roy@marples.name>
parents: 5183
diff changeset
84 { .iov_base = psr_ctx->psr_data,
318cd9e48312 privsep: Copy back ioctl data
Roy Marples <roy@marples.name>
parents: 5183
diff changeset
85 .iov_len = psr_ctx->psr_datalen },
318cd9e48312 privsep: Copy back ioctl data
Roy Marples <roy@marples.name>
parents: 5183
diff changeset
86 };
4851
b615d58905ad privsep: Use another eloop instead of a blocking read.
Roy Marples <roy@marples.name>
parents: 4844
diff changeset
87 ssize_t len;
b615d58905ad privsep: Use another eloop instead of a blocking read.
Roy Marples <roy@marples.name>
parents: 4844
diff changeset
88 int exit_code = EXIT_FAILURE;
b615d58905ad privsep: Use another eloop instead of a blocking read.
Roy Marples <roy@marples.name>
parents: 4844
diff changeset
89
5223
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
90 #define PSR_ERROR(e) \
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
91 do { \
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
92 psr_error->psr_result = -1; \
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
93 psr_error->psr_errno = (e); \
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
94 goto out; \
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
95 } while (0 /* CONSTCOND */)
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
96
5202
318cd9e48312 privsep: Copy back ioctl data
Roy Marples <roy@marples.name>
parents: 5183
diff changeset
97 len = readv(ctx->ps_root_fd, iov, __arraycount(iov));
5223
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
98 if (len == -1)
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
99 PSR_ERROR(errno);
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
100 else if ((size_t)len < sizeof(*psr_error))
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
101 PSR_ERROR(EINVAL);
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
102 exit_code = EXIT_SUCCESS;
4851
b615d58905ad privsep: Use another eloop instead of a blocking read.
Roy Marples <roy@marples.name>
parents: 4844
diff changeset
103
5223
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
104 out:
4851
b615d58905ad privsep: Use another eloop instead of a blocking read.
Roy Marples <roy@marples.name>
parents: 4844
diff changeset
105 eloop_exit(ctx->ps_eloop, exit_code);
b615d58905ad privsep: Use another eloop instead of a blocking read.
Roy Marples <roy@marples.name>
parents: 4844
diff changeset
106 }
b615d58905ad privsep: Use another eloop instead of a blocking read.
Roy Marples <roy@marples.name>
parents: 4844
diff changeset
107
4840
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
108 ssize_t
5202
318cd9e48312 privsep: Copy back ioctl data
Roy Marples <roy@marples.name>
parents: 5183
diff changeset
109 ps_root_readerror(struct dhcpcd_ctx *ctx, void *data, size_t len)
4840
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
110 {
5202
318cd9e48312 privsep: Copy back ioctl data
Roy Marples <roy@marples.name>
parents: 5183
diff changeset
111 struct psr_ctx psr_ctx = {
318cd9e48312 privsep: Copy back ioctl data
Roy Marples <roy@marples.name>
parents: 5183
diff changeset
112 .psr_ctx = ctx,
318cd9e48312 privsep: Copy back ioctl data
Roy Marples <roy@marples.name>
parents: 5183
diff changeset
113 .psr_data = data, .psr_datalen = len,
318cd9e48312 privsep: Copy back ioctl data
Roy Marples <roy@marples.name>
parents: 5183
diff changeset
114 };
4840
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
115
4851
b615d58905ad privsep: Use another eloop instead of a blocking read.
Roy Marples <roy@marples.name>
parents: 4844
diff changeset
116 if (eloop_event_add(ctx->ps_eloop, ctx->ps_root_fd,
b615d58905ad privsep: Use another eloop instead of a blocking read.
Roy Marples <roy@marples.name>
parents: 4844
diff changeset
117 ps_root_readerrorcb, &psr_ctx) == -1)
4840
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
118 return -1;
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
119
5297
477edd06fea7 privsep: harden process handling
Roy Marples <roy@marples.name>
parents: 5293
diff changeset
120 eloop_enter(ctx->ps_eloop);
4851
b615d58905ad privsep: Use another eloop instead of a blocking read.
Roy Marples <roy@marples.name>
parents: 4844
diff changeset
121 eloop_start(ctx->ps_eloop, &ctx->sigset);
b615d58905ad privsep: Use another eloop instead of a blocking read.
Roy Marples <roy@marples.name>
parents: 4844
diff changeset
122
b615d58905ad privsep: Use another eloop instead of a blocking read.
Roy Marples <roy@marples.name>
parents: 4844
diff changeset
123 errno = psr_ctx.psr_error.psr_errno;
b615d58905ad privsep: Use another eloop instead of a blocking read.
Roy Marples <roy@marples.name>
parents: 4844
diff changeset
124 return psr_ctx.psr_error.psr_result;
4840
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
125 }
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
126
5316
0a99cd624a1c Linux: make resource limits work by using getifaddrs over privsep
Roy Marples <roy@marples.name>
parents: 5309
diff changeset
127 #ifdef PRIVSEP_GETIFADDRS
5223
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
128 static void
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
129 ps_root_mreaderrorcb(void *arg)
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
130 {
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
131 struct psr_ctx *psr_ctx = arg;
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
132 struct dhcpcd_ctx *ctx = psr_ctx->psr_ctx;
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
133 struct psr_error *psr_error = &psr_ctx->psr_error;
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
134 struct iovec iov[] = {
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
135 { .iov_base = psr_error, .iov_len = sizeof(*psr_error) },
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
136 { .iov_base = NULL, .iov_len = 0 },
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
137 };
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
138 ssize_t len;
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
139 int exit_code = EXIT_FAILURE;
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
140
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
141 len = recv(ctx->ps_root_fd, psr_error, sizeof(*psr_error), MSG_PEEK);
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
142 if (len == -1)
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
143 PSR_ERROR(errno);
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
144 else if ((size_t)len < sizeof(*psr_error))
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
145 PSR_ERROR(EINVAL);
5345
f6051f78e441 Try and guard against impossibly large data.
Roy Marples <roy@marples.name>
parents: 5330
diff changeset
146
f6051f78e441 Try and guard against impossibly large data.
Roy Marples <roy@marples.name>
parents: 5330
diff changeset
147 if (psr_error->psr_datalen > SSIZE_MAX)
5329
cc6b3545c52c privsep: limit psr_datalen to SSIZE_MAX
Roy Marples <roy@marples.name>
parents: 5321
diff changeset
148 PSR_ERROR(ENOBUFS);
5345
f6051f78e441 Try and guard against impossibly large data.
Roy Marples <roy@marples.name>
parents: 5330
diff changeset
149 else if (psr_error->psr_datalen != 0) {
5223
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
150 psr_ctx->psr_data = malloc(psr_error->psr_datalen);
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
151 if (psr_ctx->psr_data == NULL)
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
152 PSR_ERROR(errno);
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
153 psr_ctx->psr_datalen = psr_error->psr_datalen;
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
154 iov[1].iov_base = psr_ctx->psr_data;
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
155 iov[1].iov_len = psr_ctx->psr_datalen;
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
156 }
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
157
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
158 len = readv(ctx->ps_root_fd, iov, __arraycount(iov));
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
159 if (len == -1)
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
160 PSR_ERROR(errno);
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
161 else if ((size_t)len != sizeof(*psr_error) + psr_ctx->psr_datalen)
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
162 PSR_ERROR(EINVAL);
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
163 exit_code = EXIT_SUCCESS;
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
164
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
165 out:
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
166 eloop_exit(ctx->ps_eloop, exit_code);
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
167 }
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
168
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
169 ssize_t
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
170 ps_root_mreaderror(struct dhcpcd_ctx *ctx, void **data, size_t *len)
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
171 {
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
172 struct psr_ctx psr_ctx = {
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
173 .psr_ctx = ctx,
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
174 };
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
175
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
176 if (eloop_event_add(ctx->ps_eloop, ctx->ps_root_fd,
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
177 ps_root_mreaderrorcb, &psr_ctx) == -1)
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
178 return -1;
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
179
5297
477edd06fea7 privsep: harden process handling
Roy Marples <roy@marples.name>
parents: 5293
diff changeset
180 eloop_enter(ctx->ps_eloop);
5223
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
181 eloop_start(ctx->ps_eloop, &ctx->sigset);
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
182
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
183 errno = psr_ctx.psr_error.psr_errno;
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
184 *data = psr_ctx.psr_data;
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
185 *len = psr_ctx.psr_datalen;
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
186 return psr_ctx.psr_error.psr_result;
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
187 }
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
188 #endif
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
189
4840
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
190 static ssize_t
5202
318cd9e48312 privsep: Copy back ioctl data
Roy Marples <roy@marples.name>
parents: 5183
diff changeset
191 ps_root_writeerror(struct dhcpcd_ctx *ctx, ssize_t result,
318cd9e48312 privsep: Copy back ioctl data
Roy Marples <roy@marples.name>
parents: 5183
diff changeset
192 void *data, size_t len)
4840
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
193 {
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
194 struct psr_error psr = {
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
195 .psr_result = result,
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
196 .psr_errno = errno,
5223
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
197 .psr_datalen = len,
4840
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
198 };
5202
318cd9e48312 privsep: Copy back ioctl data
Roy Marples <roy@marples.name>
parents: 5183
diff changeset
199 struct iovec iov[] = {
318cd9e48312 privsep: Copy back ioctl data
Roy Marples <roy@marples.name>
parents: 5183
diff changeset
200 { .iov_base = &psr, .iov_len = sizeof(psr) },
318cd9e48312 privsep: Copy back ioctl data
Roy Marples <roy@marples.name>
parents: 5183
diff changeset
201 { .iov_base = data, .iov_len = len },
318cd9e48312 privsep: Copy back ioctl data
Roy Marples <roy@marples.name>
parents: 5183
diff changeset
202 };
4840
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
203
4868
119c8986dfc8 privsep: Enable ARP BPF filtering for interesting addresses
Roy Marples <roy@marples.name>
parents: 4851
diff changeset
204 #ifdef PRIVSEP_DEBUG
119c8986dfc8 privsep: Enable ARP BPF filtering for interesting addresses
Roy Marples <roy@marples.name>
parents: 4851
diff changeset
205 logdebugx("%s: result %zd errno %d", __func__, result, errno);
119c8986dfc8 privsep: Enable ARP BPF filtering for interesting addresses
Roy Marples <roy@marples.name>
parents: 4851
diff changeset
206 #endif
119c8986dfc8 privsep: Enable ARP BPF filtering for interesting addresses
Roy Marples <roy@marples.name>
parents: 4851
diff changeset
207
5202
318cd9e48312 privsep: Copy back ioctl data
Roy Marples <roy@marples.name>
parents: 5183
diff changeset
208 return writev(ctx->ps_root_fd, iov, __arraycount(iov));
4840
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
209 }
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
210
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
211 static ssize_t
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
212 ps_root_doioctl(unsigned long req, void *data, size_t len)
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
213 {
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
214 int s, err;
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
215
5246
52a4070231c6 privsep: Filter ioctls to a known list.
Roy Marples <roy@marples.name>
parents: 5242
diff changeset
216 /* Only allow these ioctls */
52a4070231c6 privsep: Filter ioctls to a known list.
Roy Marples <roy@marples.name>
parents: 5242
diff changeset
217 switch(req) {
52a4070231c6 privsep: Filter ioctls to a known list.
Roy Marples <roy@marples.name>
parents: 5242
diff changeset
218 #ifdef SIOCAIFADDR
52a4070231c6 privsep: Filter ioctls to a known list.
Roy Marples <roy@marples.name>
parents: 5242
diff changeset
219 case SIOCAIFADDR: /* FALLTHROUGH */
52a4070231c6 privsep: Filter ioctls to a known list.
Roy Marples <roy@marples.name>
parents: 5242
diff changeset
220 case SIOCDIFADDR: /* FALLTHROUGH */
52a4070231c6 privsep: Filter ioctls to a known list.
Roy Marples <roy@marples.name>
parents: 5242
diff changeset
221 #endif
52a4070231c6 privsep: Filter ioctls to a known list.
Roy Marples <roy@marples.name>
parents: 5242
diff changeset
222 #ifdef SIOCSIFHWADDR
52a4070231c6 privsep: Filter ioctls to a known list.
Roy Marples <roy@marples.name>
parents: 5242
diff changeset
223 case SIOCSIFHWADDR: /* FALLTHROUGH */
52a4070231c6 privsep: Filter ioctls to a known list.
Roy Marples <roy@marples.name>
parents: 5242
diff changeset
224 #endif
52a4070231c6 privsep: Filter ioctls to a known list.
Roy Marples <roy@marples.name>
parents: 5242
diff changeset
225 #ifdef SIOCGIFPRIORITY
52a4070231c6 privsep: Filter ioctls to a known list.
Roy Marples <roy@marples.name>
parents: 5242
diff changeset
226 case SIOCGIFPRIORITY: /* FALLTHROUGH */
52a4070231c6 privsep: Filter ioctls to a known list.
Roy Marples <roy@marples.name>
parents: 5242
diff changeset
227 #endif
52a4070231c6 privsep: Filter ioctls to a known list.
Roy Marples <roy@marples.name>
parents: 5242
diff changeset
228 case SIOCSIFFLAGS: /* FALLTHROUGH */
52a4070231c6 privsep: Filter ioctls to a known list.
Roy Marples <roy@marples.name>
parents: 5242
diff changeset
229 case SIOCGIFMTU: /* FALLTHROUGH */
52a4070231c6 privsep: Filter ioctls to a known list.
Roy Marples <roy@marples.name>
parents: 5242
diff changeset
230 case SIOCSIFMTU:
52a4070231c6 privsep: Filter ioctls to a known list.
Roy Marples <roy@marples.name>
parents: 5242
diff changeset
231 break;
52a4070231c6 privsep: Filter ioctls to a known list.
Roy Marples <roy@marples.name>
parents: 5242
diff changeset
232 default:
52a4070231c6 privsep: Filter ioctls to a known list.
Roy Marples <roy@marples.name>
parents: 5242
diff changeset
233 errno = EPERM;
52a4070231c6 privsep: Filter ioctls to a known list.
Roy Marples <roy@marples.name>
parents: 5242
diff changeset
234 return -1;
52a4070231c6 privsep: Filter ioctls to a known list.
Roy Marples <roy@marples.name>
parents: 5242
diff changeset
235 }
52a4070231c6 privsep: Filter ioctls to a known list.
Roy Marples <roy@marples.name>
parents: 5242
diff changeset
236
4840
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
237 s = socket(PF_INET, SOCK_DGRAM, 0);
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
238 if (s != -1)
4948
b664b38faf10 ioctl: The POSIX signature differs from BSD and glibc
Roy Marples <roy@marples.name>
parents: 4922
diff changeset
239 #ifdef IOCTL_REQUEST_TYPE
b664b38faf10 ioctl: The POSIX signature differs from BSD and glibc
Roy Marples <roy@marples.name>
parents: 4922
diff changeset
240 {
b664b38faf10 ioctl: The POSIX signature differs from BSD and glibc
Roy Marples <roy@marples.name>
parents: 4922
diff changeset
241 ioctl_request_t reqt;
b664b38faf10 ioctl: The POSIX signature differs from BSD and glibc
Roy Marples <roy@marples.name>
parents: 4922
diff changeset
242
b664b38faf10 ioctl: The POSIX signature differs from BSD and glibc
Roy Marples <roy@marples.name>
parents: 4922
diff changeset
243 memcpy(&reqt, &req, sizeof(reqt));
b664b38faf10 ioctl: The POSIX signature differs from BSD and glibc
Roy Marples <roy@marples.name>
parents: 4922
diff changeset
244 err = ioctl(s, reqt, data, len);
b664b38faf10 ioctl: The POSIX signature differs from BSD and glibc
Roy Marples <roy@marples.name>
parents: 4922
diff changeset
245 }
b664b38faf10 ioctl: The POSIX signature differs from BSD and glibc
Roy Marples <roy@marples.name>
parents: 4922
diff changeset
246 #else
4840
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
247 err = ioctl(s, req, data, len);
4948
b664b38faf10 ioctl: The POSIX signature differs from BSD and glibc
Roy Marples <roy@marples.name>
parents: 4922
diff changeset
248 #endif
4840
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
249 else
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
250 err = -1;
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
251 if (s != -1)
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
252 close(s);
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
253 return err;
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
254 }
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
255
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
256 static ssize_t
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
257 ps_root_run_script(struct dhcpcd_ctx *ctx, const void *data, size_t len)
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
258 {
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
259 const char *envbuf = data;
5255
ee23398a68db dhcpcd: Move the script file from per interface to global context
Roy Marples <roy@marples.name>
parents: 5253
diff changeset
260 char * const argv[] = { ctx->script, NULL };
4840
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
261 pid_t pid;
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
262 int status;
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
263
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
264 if (len == 0)
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
265 return 0;
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
266
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
267 if (script_buftoenv(ctx, UNCONST(envbuf), len) == NULL)
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
268 return -1;
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
269
5123
9422e8c904d5 scripts: Run with an empty sigmask
Christos Zoulas <christos@zoulas.com>
parents: 5112
diff changeset
270 pid = script_exec(argv, ctx->script_env);
4840
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
271 if (pid == -1)
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
272 return -1;
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
273 /* Wait for the script to finish */
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
274 while (waitpid(pid, &status, 0) == -1) {
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
275 if (errno != EINTR) {
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
276 logerr(__func__);
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
277 status = 0;
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
278 break;
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
279 }
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
280 }
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
281 return status;
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
282 }
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
283
5249
a8c2969955f9 privsep: Only allow file IO to specific paths
Roy Marples <roy@marples.name>
parents: 5246
diff changeset
284 static bool
a8c2969955f9 privsep: Only allow file IO to specific paths
Roy Marples <roy@marples.name>
parents: 5246
diff changeset
285 ps_root_validpath(const struct dhcpcd_ctx *ctx, uint16_t cmd, const char *path)
a8c2969955f9 privsep: Only allow file IO to specific paths
Roy Marples <roy@marples.name>
parents: 5246
diff changeset
286 {
a8c2969955f9 privsep: Only allow file IO to specific paths
Roy Marples <roy@marples.name>
parents: 5246
diff changeset
287
5267
95976721c27d privsep: Avoid the /proc/../ escape
Roy Marples <roy@marples.name>
parents: 5263
diff changeset
288 /* Avoid a previous directory attack to avoid /proc/../
95976721c27d privsep: Avoid the /proc/../ escape
Roy Marples <roy@marples.name>
parents: 5263
diff changeset
289 * dhcpcd should never use a path with double dots. */
95976721c27d privsep: Avoid the /proc/../ escape
Roy Marples <roy@marples.name>
parents: 5263
diff changeset
290 if (strstr(path, "..") != NULL)
95976721c27d privsep: Avoid the /proc/../ escape
Roy Marples <roy@marples.name>
parents: 5263
diff changeset
291 return false;
95976721c27d privsep: Avoid the /proc/../ escape
Roy Marples <roy@marples.name>
parents: 5263
diff changeset
292
5249
a8c2969955f9 privsep: Only allow file IO to specific paths
Roy Marples <roy@marples.name>
parents: 5246
diff changeset
293 if (cmd == PS_READFILE) {
5309
700fa2afe696 Fix installing the embedded config as a file.
Roy Marples <roy@marples.name>
parents: 5306
diff changeset
294 #ifdef EMBEDDED_CONFIG
700fa2afe696 Fix installing the embedded config as a file.
Roy Marples <roy@marples.name>
parents: 5306
diff changeset
295 if (strcmp(ctx->cffile, EMBEDDED_CONFIG) == 0)
700fa2afe696 Fix installing the embedded config as a file.
Roy Marples <roy@marples.name>
parents: 5306
diff changeset
296 return true;
700fa2afe696 Fix installing the embedded config as a file.
Roy Marples <roy@marples.name>
parents: 5306
diff changeset
297 #endif
5249
a8c2969955f9 privsep: Only allow file IO to specific paths
Roy Marples <roy@marples.name>
parents: 5246
diff changeset
298 if (strcmp(ctx->cffile, path) == 0)
a8c2969955f9 privsep: Only allow file IO to specific paths
Roy Marples <roy@marples.name>
parents: 5246
diff changeset
299 return true;
a8c2969955f9 privsep: Only allow file IO to specific paths
Roy Marples <roy@marples.name>
parents: 5246
diff changeset
300 }
a8c2969955f9 privsep: Only allow file IO to specific paths
Roy Marples <roy@marples.name>
parents: 5246
diff changeset
301 if (strncmp(DBDIR, path, strlen(DBDIR)) == 0)
a8c2969955f9 privsep: Only allow file IO to specific paths
Roy Marples <roy@marples.name>
parents: 5246
diff changeset
302 return true;
a8c2969955f9 privsep: Only allow file IO to specific paths
Roy Marples <roy@marples.name>
parents: 5246
diff changeset
303 if (strncmp(RUNDIR, path, strlen(RUNDIR)) == 0)
a8c2969955f9 privsep: Only allow file IO to specific paths
Roy Marples <roy@marples.name>
parents: 5246
diff changeset
304 return true;
5258
f29e384aa13e privsep: Allow Linux to work without needing any mounts
Roy Marples <roy@marples.name>
parents: 5255
diff changeset
305
f29e384aa13e privsep: Allow Linux to work without needing any mounts
Roy Marples <roy@marples.name>
parents: 5255
diff changeset
306 #ifdef __linux__
f29e384aa13e privsep: Allow Linux to work without needing any mounts
Roy Marples <roy@marples.name>
parents: 5255
diff changeset
307 if (strncmp("/proc/net/", path, strlen("/proc/net/")) == 0 ||
f29e384aa13e privsep: Allow Linux to work without needing any mounts
Roy Marples <roy@marples.name>
parents: 5255
diff changeset
308 strncmp("/proc/sys/net/", path, strlen("/proc/sys/net/")) == 0 ||
f29e384aa13e privsep: Allow Linux to work without needing any mounts
Roy Marples <roy@marples.name>
parents: 5255
diff changeset
309 strncmp("/sys/class/net/", path, strlen("/sys/class/net/")) == 0)
f29e384aa13e privsep: Allow Linux to work without needing any mounts
Roy Marples <roy@marples.name>
parents: 5255
diff changeset
310 return true;
f29e384aa13e privsep: Allow Linux to work without needing any mounts
Roy Marples <roy@marples.name>
parents: 5255
diff changeset
311 #endif
f29e384aa13e privsep: Allow Linux to work without needing any mounts
Roy Marples <roy@marples.name>
parents: 5255
diff changeset
312
5249
a8c2969955f9 privsep: Only allow file IO to specific paths
Roy Marples <roy@marples.name>
parents: 5246
diff changeset
313 errno = EPERM;
a8c2969955f9 privsep: Only allow file IO to specific paths
Roy Marples <roy@marples.name>
parents: 5246
diff changeset
314 return false;
a8c2969955f9 privsep: Only allow file IO to specific paths
Roy Marples <roy@marples.name>
parents: 5246
diff changeset
315 }
a8c2969955f9 privsep: Only allow file IO to specific paths
Roy Marples <roy@marples.name>
parents: 5246
diff changeset
316
5207
84b63f09c8a4 privsep: Handle all file IO in the Priviledged Actioneer
Roy Marples <roy@marples.name>
parents: 5204
diff changeset
317 static ssize_t
5249
a8c2969955f9 privsep: Only allow file IO to specific paths
Roy Marples <roy@marples.name>
parents: 5246
diff changeset
318 ps_root_dowritefile(const struct dhcpcd_ctx *ctx,
a8c2969955f9 privsep: Only allow file IO to specific paths
Roy Marples <roy@marples.name>
parents: 5246
diff changeset
319 mode_t mode, void *data, size_t len)
4991
45bd88c307ed privsep: copy configuration file into chroot
Roy Marples <roy@marples.name>
parents: 4989
diff changeset
320 {
5207
84b63f09c8a4 privsep: Handle all file IO in the Priviledged Actioneer
Roy Marples <roy@marples.name>
parents: 5204
diff changeset
321 char *file = data, *nc;
4991
45bd88c307ed privsep: copy configuration file into chroot
Roy Marples <roy@marples.name>
parents: 4989
diff changeset
322
5207
84b63f09c8a4 privsep: Handle all file IO in the Priviledged Actioneer
Roy Marples <roy@marples.name>
parents: 5204
diff changeset
323 nc = memchr(file, '\0', len);
84b63f09c8a4 privsep: Handle all file IO in the Priviledged Actioneer
Roy Marples <roy@marples.name>
parents: 5204
diff changeset
324 if (nc == NULL) {
4989
ca9234046989 privsep: chroot the master process
Roy Marples <roy@marples.name>
parents: 4948
diff changeset
325 errno = EINVAL;
ca9234046989 privsep: chroot the master process
Roy Marples <roy@marples.name>
parents: 4948
diff changeset
326 return -1;
ca9234046989 privsep: chroot the master process
Roy Marples <roy@marples.name>
parents: 4948
diff changeset
327 }
5258
f29e384aa13e privsep: Allow Linux to work without needing any mounts
Roy Marples <roy@marples.name>
parents: 5255
diff changeset
328
5249
a8c2969955f9 privsep: Only allow file IO to specific paths
Roy Marples <roy@marples.name>
parents: 5246
diff changeset
329 if (!ps_root_validpath(ctx, PS_WRITEFILE, file))
a8c2969955f9 privsep: Only allow file IO to specific paths
Roy Marples <roy@marples.name>
parents: 5246
diff changeset
330 return -1;
5207
84b63f09c8a4 privsep: Handle all file IO in the Priviledged Actioneer
Roy Marples <roy@marples.name>
parents: 5204
diff changeset
331 nc++;
5208
6e53055c9989 Fix compile warnings with prior.
Roy Marples <roy@marples.name>
parents: 5207
diff changeset
332 return writefile(file, mode, nc, len - (size_t)(nc - file));
4989
ca9234046989 privsep: chroot the master process
Roy Marples <roy@marples.name>
parents: 4948
diff changeset
333 }
ca9234046989 privsep: chroot the master process
Roy Marples <roy@marples.name>
parents: 4948
diff changeset
334
5299
b7e676ac73c1 privsep: Access the RDM monotic file via IPC
Roy Marples <roy@marples.name>
parents: 5297
diff changeset
335 #ifdef AUTH
b7e676ac73c1 privsep: Access the RDM monotic file via IPC
Roy Marples <roy@marples.name>
parents: 5297
diff changeset
336 static ssize_t
b7e676ac73c1 privsep: Access the RDM monotic file via IPC
Roy Marples <roy@marples.name>
parents: 5297
diff changeset
337 ps_root_monordm(uint64_t *rdm, size_t len)
b7e676ac73c1 privsep: Access the RDM monotic file via IPC
Roy Marples <roy@marples.name>
parents: 5297
diff changeset
338 {
b7e676ac73c1 privsep: Access the RDM monotic file via IPC
Roy Marples <roy@marples.name>
parents: 5297
diff changeset
339
b7e676ac73c1 privsep: Access the RDM monotic file via IPC
Roy Marples <roy@marples.name>
parents: 5297
diff changeset
340 if (len != sizeof(*rdm)) {
b7e676ac73c1 privsep: Access the RDM monotic file via IPC
Roy Marples <roy@marples.name>
parents: 5297
diff changeset
341 errno = EINVAL;
b7e676ac73c1 privsep: Access the RDM monotic file via IPC
Roy Marples <roy@marples.name>
parents: 5297
diff changeset
342 return -1;
b7e676ac73c1 privsep: Access the RDM monotic file via IPC
Roy Marples <roy@marples.name>
parents: 5297
diff changeset
343 }
b7e676ac73c1 privsep: Access the RDM monotic file via IPC
Roy Marples <roy@marples.name>
parents: 5297
diff changeset
344 return auth_get_rdm_monotonic(rdm);
b7e676ac73c1 privsep: Access the RDM monotic file via IPC
Roy Marples <roy@marples.name>
parents: 5297
diff changeset
345 }
b7e676ac73c1 privsep: Access the RDM monotic file via IPC
Roy Marples <roy@marples.name>
parents: 5297
diff changeset
346 #endif
b7e676ac73c1 privsep: Access the RDM monotic file via IPC
Roy Marples <roy@marples.name>
parents: 5297
diff changeset
347
5316
0a99cd624a1c Linux: make resource limits work by using getifaddrs over privsep
Roy Marples <roy@marples.name>
parents: 5309
diff changeset
348 #ifdef PRIVSEP_GETIFADDRS
5491
6cd47402148f privsep: We now need to carry ifa_data for BSD
Roy Marples <roy@marples.name>
parents: 5457
diff changeset
349 #define IFA_NADDRS 4
5223
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
350 static ssize_t
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
351 ps_root_dogetifaddrs(void **rdata, size_t *rlen)
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
352 {
5491
6cd47402148f privsep: We now need to carry ifa_data for BSD
Roy Marples <roy@marples.name>
parents: 5457
diff changeset
353 struct ifaddrs *ifaddrs, *ifa;
5223
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
354 size_t len;
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
355 uint8_t *buf, *sap;
5225
2b18af138e24 privsep: sockaddr len should be socklen_t
Roy Marples <roy@marples.name>
parents: 5224
diff changeset
356 socklen_t salen;
5223
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
357
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
358 if (getifaddrs(&ifaddrs) == -1)
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
359 return -1;
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
360 if (ifaddrs == NULL) {
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
361 *rdata = NULL;
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
362 *rlen = 0;
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
363 return 0;
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
364 }
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
365
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
366 /* Work out the buffer length required.
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
367 * Ensure everything is aligned correctly, which does
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
368 * create a larger buffer than what is needed to send,
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
369 * but makes creating the same structure in the client
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
370 * much easier. */
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
371 len = 0;
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
372 for (ifa = ifaddrs; ifa != NULL; ifa = ifa->ifa_next) {
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
373 len += ALIGN(sizeof(*ifa));
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
374 len += ALIGN(IFNAMSIZ);
5225
2b18af138e24 privsep: sockaddr len should be socklen_t
Roy Marples <roy@marples.name>
parents: 5224
diff changeset
375 len += ALIGN(sizeof(salen) * IFA_NADDRS);
5223
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
376 if (ifa->ifa_addr != NULL)
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
377 len += ALIGN(sa_len(ifa->ifa_addr));
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
378 if (ifa->ifa_netmask != NULL)
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
379 len += ALIGN(sa_len(ifa->ifa_netmask));
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
380 if (ifa->ifa_broadaddr != NULL)
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
381 len += ALIGN(sa_len(ifa->ifa_broadaddr));
5491
6cd47402148f privsep: We now need to carry ifa_data for BSD
Roy Marples <roy@marples.name>
parents: 5457
diff changeset
382 #ifdef BSD
6cd47402148f privsep: We now need to carry ifa_data for BSD
Roy Marples <roy@marples.name>
parents: 5457
diff changeset
383 /*
6cd47402148f privsep: We now need to carry ifa_data for BSD
Roy Marples <roy@marples.name>
parents: 5457
diff changeset
384 * On BSD we need to carry ifa_data so we can access
6cd47402148f privsep: We now need to carry ifa_data for BSD
Roy Marples <roy@marples.name>
parents: 5457
diff changeset
385 * if_data->ifi_link_state
6cd47402148f privsep: We now need to carry ifa_data for BSD
Roy Marples <roy@marples.name>
parents: 5457
diff changeset
386 */
6cd47402148f privsep: We now need to carry ifa_data for BSD
Roy Marples <roy@marples.name>
parents: 5457
diff changeset
387 if (ifa->ifa_addr != NULL &&
6cd47402148f privsep: We now need to carry ifa_data for BSD
Roy Marples <roy@marples.name>
parents: 5457
diff changeset
388 ifa->ifa_addr->sa_family == AF_LINK)
6cd47402148f privsep: We now need to carry ifa_data for BSD
Roy Marples <roy@marples.name>
parents: 5457
diff changeset
389 len += ALIGN(sizeof(struct if_data));
6cd47402148f privsep: We now need to carry ifa_data for BSD
Roy Marples <roy@marples.name>
parents: 5457
diff changeset
390 #endif
5223
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
391 }
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
392
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
393 /* Use calloc to set everything to zero.
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
394 * This satisfies memory sanitizers because don't write
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
395 * where we don't need to. */
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
396 buf = calloc(1, len);
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
397 if (buf == NULL) {
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
398 freeifaddrs(ifaddrs);
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
399 return -1;
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
400 }
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
401 *rdata = buf;
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
402 *rlen = len;
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
403
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
404 for (ifa = ifaddrs; ifa != NULL; ifa = ifa->ifa_next) {
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
405 memcpy(buf, ifa, sizeof(*ifa));
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
406 buf += ALIGN(sizeof(*ifa));
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
407
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
408 strlcpy((char *)buf, ifa->ifa_name, IFNAMSIZ);
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
409 buf += ALIGN(IFNAMSIZ);
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
410 sap = buf;
5225
2b18af138e24 privsep: sockaddr len should be socklen_t
Roy Marples <roy@marples.name>
parents: 5224
diff changeset
411 buf += ALIGN(sizeof(salen) * IFA_NADDRS);
5223
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
412
5225
2b18af138e24 privsep: sockaddr len should be socklen_t
Roy Marples <roy@marples.name>
parents: 5224
diff changeset
413 #define COPYINSA(addr) \
2b18af138e24 privsep: sockaddr len should be socklen_t
Roy Marples <roy@marples.name>
parents: 5224
diff changeset
414 do { \
5491
6cd47402148f privsep: We now need to carry ifa_data for BSD
Roy Marples <roy@marples.name>
parents: 5457
diff changeset
415 if ((addr) != NULL) \
6cd47402148f privsep: We now need to carry ifa_data for BSD
Roy Marples <roy@marples.name>
parents: 5457
diff changeset
416 salen = sa_len((addr)); \
6cd47402148f privsep: We now need to carry ifa_data for BSD
Roy Marples <roy@marples.name>
parents: 5457
diff changeset
417 else \
6cd47402148f privsep: We now need to carry ifa_data for BSD
Roy Marples <roy@marples.name>
parents: 5457
diff changeset
418 salen = 0; \
5225
2b18af138e24 privsep: sockaddr len should be socklen_t
Roy Marples <roy@marples.name>
parents: 5224
diff changeset
419 if (salen != 0) { \
2b18af138e24 privsep: sockaddr len should be socklen_t
Roy Marples <roy@marples.name>
parents: 5224
diff changeset
420 memcpy(sap, &salen, sizeof(salen)); \
2b18af138e24 privsep: sockaddr len should be socklen_t
Roy Marples <roy@marples.name>
parents: 5224
diff changeset
421 memcpy(buf, (addr), salen); \
2b18af138e24 privsep: sockaddr len should be socklen_t
Roy Marples <roy@marples.name>
parents: 5224
diff changeset
422 buf += ALIGN(salen); \
2b18af138e24 privsep: sockaddr len should be socklen_t
Roy Marples <roy@marples.name>
parents: 5224
diff changeset
423 } \
2b18af138e24 privsep: sockaddr len should be socklen_t
Roy Marples <roy@marples.name>
parents: 5224
diff changeset
424 sap += sizeof(salen); \
5223
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
425 } while (0 /*CONSTCOND */)
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
426
5491
6cd47402148f privsep: We now need to carry ifa_data for BSD
Roy Marples <roy@marples.name>
parents: 5457
diff changeset
427 COPYINSA(ifa->ifa_addr);
6cd47402148f privsep: We now need to carry ifa_data for BSD
Roy Marples <roy@marples.name>
parents: 5457
diff changeset
428 COPYINSA(ifa->ifa_netmask);
6cd47402148f privsep: We now need to carry ifa_data for BSD
Roy Marples <roy@marples.name>
parents: 5457
diff changeset
429 COPYINSA(ifa->ifa_broadaddr);
6cd47402148f privsep: We now need to carry ifa_data for BSD
Roy Marples <roy@marples.name>
parents: 5457
diff changeset
430
6cd47402148f privsep: We now need to carry ifa_data for BSD
Roy Marples <roy@marples.name>
parents: 5457
diff changeset
431 #ifdef BSD
6cd47402148f privsep: We now need to carry ifa_data for BSD
Roy Marples <roy@marples.name>
parents: 5457
diff changeset
432 if (ifa->ifa_addr != NULL &&
6cd47402148f privsep: We now need to carry ifa_data for BSD
Roy Marples <roy@marples.name>
parents: 5457
diff changeset
433 ifa->ifa_addr->sa_family == AF_LINK)
6cd47402148f privsep: We now need to carry ifa_data for BSD
Roy Marples <roy@marples.name>
parents: 5457
diff changeset
434 {
6cd47402148f privsep: We now need to carry ifa_data for BSD
Roy Marples <roy@marples.name>
parents: 5457
diff changeset
435 salen = (socklen_t)sizeof(struct if_data);
6cd47402148f privsep: We now need to carry ifa_data for BSD
Roy Marples <roy@marples.name>
parents: 5457
diff changeset
436 memcpy(buf, ifa->ifa_data, salen);
6cd47402148f privsep: We now need to carry ifa_data for BSD
Roy Marples <roy@marples.name>
parents: 5457
diff changeset
437 buf += ALIGN(salen);
6cd47402148f privsep: We now need to carry ifa_data for BSD
Roy Marples <roy@marples.name>
parents: 5457
diff changeset
438 } else
6cd47402148f privsep: We now need to carry ifa_data for BSD
Roy Marples <roy@marples.name>
parents: 5457
diff changeset
439 #endif
6cd47402148f privsep: We now need to carry ifa_data for BSD
Roy Marples <roy@marples.name>
parents: 5457
diff changeset
440 salen = 0;
6cd47402148f privsep: We now need to carry ifa_data for BSD
Roy Marples <roy@marples.name>
parents: 5457
diff changeset
441 memcpy(sap, &salen, sizeof(salen));
5223
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
442 }
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
443
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
444 freeifaddrs(ifaddrs);
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
445 return 0;
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
446 }
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
447 #endif
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
448
4989
ca9234046989 privsep: chroot the master process
Roy Marples <roy@marples.name>
parents: 4948
diff changeset
449 static ssize_t
4840
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
450 ps_root_recvmsgcb(void *arg, struct ps_msghdr *psm, struct msghdr *msg)
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
451 {
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
452 struct dhcpcd_ctx *ctx = arg;
5207
84b63f09c8a4 privsep: Handle all file IO in the Priviledged Actioneer
Roy Marples <roy@marples.name>
parents: 5204
diff changeset
453 uint16_t cmd;
4840
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
454 struct ps_process *psp;
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
455 struct iovec *iov = msg->msg_iov;
5223
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
456 void *data = iov->iov_base, *rdata = NULL;
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
457 size_t len = iov->iov_len, rlen = 0;
5207
84b63f09c8a4 privsep: Handle all file IO in the Priviledged Actioneer
Roy Marples <roy@marples.name>
parents: 5204
diff changeset
458 uint8_t buf[PS_BUFLEN];
84b63f09c8a4 privsep: Handle all file IO in the Priviledged Actioneer
Roy Marples <roy@marples.name>
parents: 5204
diff changeset
459 time_t mtime;
4840
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
460 ssize_t err;
5253
7a0d53acbb06 privsep: Validate UDP ports
Roy Marples <roy@marples.name>
parents: 5249
diff changeset
461 bool free_rdata = false;
4840
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
462
5231
a2c342295221 privsep: Enable Capsicum for all processes.
Roy Marples <roy@marples.name>
parents: 5225
diff changeset
463 cmd = (uint16_t)(psm->ps_cmd & ~(PS_START | PS_STOP));
4840
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
464 psp = ps_findprocess(ctx, &psm->ps_id);
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
465
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
466 #ifdef PRIVSEP_DEBUG
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
467 logerrx("%s: IN cmd %x, psp %p", __func__, psm->ps_cmd, psp);
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
468 #endif
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
469
5231
a2c342295221 privsep: Enable Capsicum for all processes.
Roy Marples <roy@marples.name>
parents: 5225
diff changeset
470 if (psp != NULL) {
4840
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
471 if (psm->ps_cmd & PS_STOP) {
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
472 int ret = ps_dostop(ctx, &psp->psp_pid, &psp->psp_fd);
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
473
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
474 ps_freeprocess(psp);
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
475 return ret;
5297
477edd06fea7 privsep: harden process handling
Roy Marples <roy@marples.name>
parents: 5293
diff changeset
476 } else if (psm->ps_cmd & PS_START) {
477edd06fea7 privsep: harden process handling
Roy Marples <roy@marples.name>
parents: 5293
diff changeset
477 /* Process has already started .... */
477edd06fea7 privsep: harden process handling
Roy Marples <roy@marples.name>
parents: 5293
diff changeset
478 return 0;
477edd06fea7 privsep: harden process handling
Roy Marples <roy@marples.name>
parents: 5293
diff changeset
479 }
477edd06fea7 privsep: harden process handling
Roy Marples <roy@marples.name>
parents: 5293
diff changeset
480
477edd06fea7 privsep: harden process handling
Roy Marples <roy@marples.name>
parents: 5293
diff changeset
481 err = ps_sendpsmmsg(ctx, psp->psp_fd, psm, msg);
477edd06fea7 privsep: harden process handling
Roy Marples <roy@marples.name>
parents: 5293
diff changeset
482 if (err == -1) {
477edd06fea7 privsep: harden process handling
Roy Marples <roy@marples.name>
parents: 5293
diff changeset
483 logerr("%s: failed to send message to pid %d",
477edd06fea7 privsep: harden process handling
Roy Marples <roy@marples.name>
parents: 5293
diff changeset
484 __func__, psp->psp_pid);
477edd06fea7 privsep: harden process handling
Roy Marples <roy@marples.name>
parents: 5293
diff changeset
485 shutdown(psp->psp_fd, SHUT_RDWR);
477edd06fea7 privsep: harden process handling
Roy Marples <roy@marples.name>
parents: 5293
diff changeset
486 close(psp->psp_fd);
477edd06fea7 privsep: harden process handling
Roy Marples <roy@marples.name>
parents: 5293
diff changeset
487 psp->psp_fd = -1;
477edd06fea7 privsep: harden process handling
Roy Marples <roy@marples.name>
parents: 5293
diff changeset
488 ps_freeprocess(psp);
477edd06fea7 privsep: harden process handling
Roy Marples <roy@marples.name>
parents: 5293
diff changeset
489 }
5242
0dd9b7f7cf6b privsep: Ensure we don't scribble garbage to BPF
Roy Marples <roy@marples.name>
parents: 5231
diff changeset
490 return 0;
4840
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
491 }
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
492
5231
a2c342295221 privsep: Enable Capsicum for all processes.
Roy Marples <roy@marples.name>
parents: 5225
diff changeset
493 if (psm->ps_cmd & PS_STOP && psp == NULL)
4840
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
494 return 0;
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
495
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
496 switch (cmd) {
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
497 #ifdef INET
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
498 #ifdef ARP
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
499 case PS_BPF_ARP: /* FALLTHROUGH */
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
500 #endif
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
501 case PS_BPF_BOOTP:
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
502 return ps_bpf_cmd(ctx, psm, msg);
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
503 #endif
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
504 #ifdef INET
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
505 case PS_BOOTP:
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
506 return ps_inet_cmd(ctx, psm, msg);
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
507 #endif
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
508 #ifdef INET6
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
509 #ifdef DHCP6
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
510 case PS_DHCP6: /* FALLTHROUGH */
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
511 #endif
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
512 case PS_ND:
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
513 return ps_inet_cmd(ctx, psm, msg);
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
514 #endif
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
515 default:
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
516 break;
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
517 }
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
518
5204
47f18579daae privsep: Implement pledge(2) support as found on OpenBSD
Roy Marples <roy@marples.name>
parents: 5202
diff changeset
519 assert(msg->msg_iovlen == 0 || msg->msg_iovlen == 1);
4840
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
520
4844
2281307b0ef5 privsep: Expect errors from ioctl so dont log them.
Roy Marples <roy@marples.name>
parents: 4840
diff changeset
521 /* Reset errno */
2281307b0ef5 privsep: Expect errors from ioctl so dont log them.
Roy Marples <roy@marples.name>
parents: 4840
diff changeset
522 errno = 0;
2281307b0ef5 privsep: Expect errors from ioctl so dont log them.
Roy Marples <roy@marples.name>
parents: 4840
diff changeset
523
4840
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
524 switch (psm->ps_cmd) {
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
525 case PS_IOCTL:
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
526 err = ps_root_doioctl(psm->ps_flags, data, len);
5223
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
527 if (err != -1) {
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
528 rdata = data;
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
529 rlen = len;
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
530 }
4840
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
531 break;
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
532 case PS_SCRIPT:
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
533 err = ps_root_run_script(ctx, data, len);
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
534 break;
4989
ca9234046989 privsep: chroot the master process
Roy Marples <roy@marples.name>
parents: 4948
diff changeset
535 case PS_UNLINK:
5249
a8c2969955f9 privsep: Only allow file IO to specific paths
Roy Marples <roy@marples.name>
parents: 5246
diff changeset
536 if (!ps_root_validpath(ctx, psm->ps_cmd, data)) {
a8c2969955f9 privsep: Only allow file IO to specific paths
Roy Marples <roy@marples.name>
parents: 5246
diff changeset
537 err = -1;
a8c2969955f9 privsep: Only allow file IO to specific paths
Roy Marples <roy@marples.name>
parents: 5246
diff changeset
538 break;
a8c2969955f9 privsep: Only allow file IO to specific paths
Roy Marples <roy@marples.name>
parents: 5246
diff changeset
539 }
5207
84b63f09c8a4 privsep: Handle all file IO in the Priviledged Actioneer
Roy Marples <roy@marples.name>
parents: 5204
diff changeset
540 err = unlink(data);
84b63f09c8a4 privsep: Handle all file IO in the Priviledged Actioneer
Roy Marples <roy@marples.name>
parents: 5204
diff changeset
541 break;
84b63f09c8a4 privsep: Handle all file IO in the Priviledged Actioneer
Roy Marples <roy@marples.name>
parents: 5204
diff changeset
542 case PS_READFILE:
5249
a8c2969955f9 privsep: Only allow file IO to specific paths
Roy Marples <roy@marples.name>
parents: 5246
diff changeset
543 if (!ps_root_validpath(ctx, psm->ps_cmd, data)) {
a8c2969955f9 privsep: Only allow file IO to specific paths
Roy Marples <roy@marples.name>
parents: 5246
diff changeset
544 err = -1;
a8c2969955f9 privsep: Only allow file IO to specific paths
Roy Marples <roy@marples.name>
parents: 5246
diff changeset
545 break;
a8c2969955f9 privsep: Only allow file IO to specific paths
Roy Marples <roy@marples.name>
parents: 5246
diff changeset
546 }
5207
84b63f09c8a4 privsep: Handle all file IO in the Priviledged Actioneer
Roy Marples <roy@marples.name>
parents: 5204
diff changeset
547 err = readfile(data, buf, sizeof(buf));
84b63f09c8a4 privsep: Handle all file IO in the Priviledged Actioneer
Roy Marples <roy@marples.name>
parents: 5204
diff changeset
548 if (err != -1) {
5223
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
549 rdata = buf;
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
550 rlen = (size_t)err;
5207
84b63f09c8a4 privsep: Handle all file IO in the Priviledged Actioneer
Roy Marples <roy@marples.name>
parents: 5204
diff changeset
551 }
84b63f09c8a4 privsep: Handle all file IO in the Priviledged Actioneer
Roy Marples <roy@marples.name>
parents: 5204
diff changeset
552 break;
84b63f09c8a4 privsep: Handle all file IO in the Priviledged Actioneer
Roy Marples <roy@marples.name>
parents: 5204
diff changeset
553 case PS_WRITEFILE:
5249
a8c2969955f9 privsep: Only allow file IO to specific paths
Roy Marples <roy@marples.name>
parents: 5246
diff changeset
554 err = ps_root_dowritefile(ctx, (mode_t)psm->ps_flags,
a8c2969955f9 privsep: Only allow file IO to specific paths
Roy Marples <roy@marples.name>
parents: 5246
diff changeset
555 data, len);
5207
84b63f09c8a4 privsep: Handle all file IO in the Priviledged Actioneer
Roy Marples <roy@marples.name>
parents: 5204
diff changeset
556 break;
84b63f09c8a4 privsep: Handle all file IO in the Priviledged Actioneer
Roy Marples <roy@marples.name>
parents: 5204
diff changeset
557 case PS_FILEMTIME:
84b63f09c8a4 privsep: Handle all file IO in the Priviledged Actioneer
Roy Marples <roy@marples.name>
parents: 5204
diff changeset
558 err = filemtime(data, &mtime);
84b63f09c8a4 privsep: Handle all file IO in the Priviledged Actioneer
Roy Marples <roy@marples.name>
parents: 5204
diff changeset
559 if (err != -1) {
5223
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
560 rdata = &mtime;
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
561 rlen = sizeof(mtime);
5207
84b63f09c8a4 privsep: Handle all file IO in the Priviledged Actioneer
Roy Marples <roy@marples.name>
parents: 5204
diff changeset
562 }
4989
ca9234046989 privsep: chroot the master process
Roy Marples <roy@marples.name>
parents: 4948
diff changeset
563 break;
5526
b1a3d9055662 privsep: Allow logfile reopening in a chroot
Roy Marples <roy@marples.name>
parents: 5525
diff changeset
564 case PS_LOGREOPEN:
b1a3d9055662 privsep: Allow logfile reopening in a chroot
Roy Marples <roy@marples.name>
parents: 5525
diff changeset
565 logclose();
b1a3d9055662 privsep: Allow logfile reopening in a chroot
Roy Marples <roy@marples.name>
parents: 5525
diff changeset
566 err = logopen(ctx->logfile);
b1a3d9055662 privsep: Allow logfile reopening in a chroot
Roy Marples <roy@marples.name>
parents: 5525
diff changeset
567 break;
5299
b7e676ac73c1 privsep: Access the RDM monotic file via IPC
Roy Marples <roy@marples.name>
parents: 5297
diff changeset
568 #ifdef AUTH
b7e676ac73c1 privsep: Access the RDM monotic file via IPC
Roy Marples <roy@marples.name>
parents: 5297
diff changeset
569 case PS_AUTH_MONORDM:
b7e676ac73c1 privsep: Access the RDM monotic file via IPC
Roy Marples <roy@marples.name>
parents: 5297
diff changeset
570 err = ps_root_monordm(data, len);
b7e676ac73c1 privsep: Access the RDM monotic file via IPC
Roy Marples <roy@marples.name>
parents: 5297
diff changeset
571 if (err != -1) {
b7e676ac73c1 privsep: Access the RDM monotic file via IPC
Roy Marples <roy@marples.name>
parents: 5297
diff changeset
572 rdata = data;
b7e676ac73c1 privsep: Access the RDM monotic file via IPC
Roy Marples <roy@marples.name>
parents: 5297
diff changeset
573 rlen = len;
b7e676ac73c1 privsep: Access the RDM monotic file via IPC
Roy Marples <roy@marples.name>
parents: 5297
diff changeset
574 }
b7e676ac73c1 privsep: Access the RDM monotic file via IPC
Roy Marples <roy@marples.name>
parents: 5297
diff changeset
575 break;
b7e676ac73c1 privsep: Access the RDM monotic file via IPC
Roy Marples <roy@marples.name>
parents: 5297
diff changeset
576 #endif
5316
0a99cd624a1c Linux: make resource limits work by using getifaddrs over privsep
Roy Marples <roy@marples.name>
parents: 5309
diff changeset
577 #ifdef PRIVSEP_GETIFADDRS
5223
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
578 case PS_GETIFADDRS:
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
579 err = ps_root_dogetifaddrs(&rdata, &rlen);
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
580 free_rdata = true;
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
581 break;
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
582 #endif
5286
b820f26385b7 Fix compile with inet or inet6 disabled
Roy Marples <roy@marples.name>
parents: 5267
diff changeset
583 #if defined(INET6) && (defined(__linux__) || defined(HAVE_PLEDGE))
5258
f29e384aa13e privsep: Allow Linux to work without needing any mounts
Roy Marples <roy@marples.name>
parents: 5255
diff changeset
584 case PS_IP6FORWARDING:
f29e384aa13e privsep: Allow Linux to work without needing any mounts
Roy Marples <roy@marples.name>
parents: 5255
diff changeset
585 err = ip6_forwarding(data);
f29e384aa13e privsep: Allow Linux to work without needing any mounts
Roy Marples <roy@marples.name>
parents: 5255
diff changeset
586 break;
f29e384aa13e privsep: Allow Linux to work without needing any mounts
Roy Marples <roy@marples.name>
parents: 5255
diff changeset
587 #endif
5260
7571d82b48da privsep: Allow dev plugins to work
Roy Marples <roy@marples.name>
parents: 5258
diff changeset
588 #ifdef PLUGIN_DEV
7571d82b48da privsep: Allow dev plugins to work
Roy Marples <roy@marples.name>
parents: 5258
diff changeset
589 case PS_DEV_INITTED:
5457
7fb0274b9127 Linux: detect network namespace and deny udev in one
Roy Marples <roy@marples.name>
parents: 5425
diff changeset
590 err = dev_initialised(ctx, data);
5260
7571d82b48da privsep: Allow dev plugins to work
Roy Marples <roy@marples.name>
parents: 5258
diff changeset
591 break;
7571d82b48da privsep: Allow dev plugins to work
Roy Marples <roy@marples.name>
parents: 5258
diff changeset
592 case PS_DEV_LISTENING:
7571d82b48da privsep: Allow dev plugins to work
Roy Marples <roy@marples.name>
parents: 5258
diff changeset
593 err = dev_listening(ctx);
7571d82b48da privsep: Allow dev plugins to work
Roy Marples <roy@marples.name>
parents: 5258
diff changeset
594 break;
7571d82b48da privsep: Allow dev plugins to work
Roy Marples <roy@marples.name>
parents: 5258
diff changeset
595 #endif
4840
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
596 default:
5302
ef799c0ff5cb privsep: Fix returning indirect ioctl data
Roy Marples <roy@marples.name>
parents: 5301
diff changeset
597 err = ps_root_os(psm, msg, &rdata, &rlen);
4840
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
598 break;
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
599 }
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
600
5223
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
601 err = ps_root_writeerror(ctx, err, rlen != 0 ? rdata : 0, rlen);
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
602 if (free_rdata)
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
603 free(rdata);
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
604 return err;
4840
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
605 }
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
606
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
607 /* Receive from state engine, do an action. */
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
608 static void
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
609 ps_root_recvmsg(void *arg)
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
610 {
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
611 struct dhcpcd_ctx *ctx = arg;
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
612
5306
d10b3ad73215 privsep: Log ECONNRESET errors again
Roy Marples <roy@marples.name>
parents: 5304
diff changeset
613 if (ps_recvpsmsg(ctx, ctx->ps_root_fd, ps_root_recvmsgcb, ctx) == -1)
4840
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
614 logerr(__func__);
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
615 }
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
616
5262
f168a25dd330 privsep: Fix compile for prior without dev plugins
Roy Marples <roy@marples.name>
parents: 5260
diff changeset
617 #ifdef PLUGIN_DEV
4840
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
618 static int
5260
7571d82b48da privsep: Allow dev plugins to work
Roy Marples <roy@marples.name>
parents: 5258
diff changeset
619 ps_root_handleinterface(void *arg, int action, const char *ifname)
7571d82b48da privsep: Allow dev plugins to work
Roy Marples <roy@marples.name>
parents: 5258
diff changeset
620 {
7571d82b48da privsep: Allow dev plugins to work
Roy Marples <roy@marples.name>
parents: 5258
diff changeset
621 struct dhcpcd_ctx *ctx = arg;
7571d82b48da privsep: Allow dev plugins to work
Roy Marples <roy@marples.name>
parents: 5258
diff changeset
622 unsigned long flag;
7571d82b48da privsep: Allow dev plugins to work
Roy Marples <roy@marples.name>
parents: 5258
diff changeset
623
7571d82b48da privsep: Allow dev plugins to work
Roy Marples <roy@marples.name>
parents: 5258
diff changeset
624 if (action == 1)
7571d82b48da privsep: Allow dev plugins to work
Roy Marples <roy@marples.name>
parents: 5258
diff changeset
625 flag = PS_DEV_IFADDED;
7571d82b48da privsep: Allow dev plugins to work
Roy Marples <roy@marples.name>
parents: 5258
diff changeset
626 else if (action == -1)
7571d82b48da privsep: Allow dev plugins to work
Roy Marples <roy@marples.name>
parents: 5258
diff changeset
627 flag = PS_DEV_IFREMOVED;
7571d82b48da privsep: Allow dev plugins to work
Roy Marples <roy@marples.name>
parents: 5258
diff changeset
628 else if (action == 0)
7571d82b48da privsep: Allow dev plugins to work
Roy Marples <roy@marples.name>
parents: 5258
diff changeset
629 flag = PS_DEV_IFUPDATED;
7571d82b48da privsep: Allow dev plugins to work
Roy Marples <roy@marples.name>
parents: 5258
diff changeset
630 else {
7571d82b48da privsep: Allow dev plugins to work
Roy Marples <roy@marples.name>
parents: 5258
diff changeset
631 errno = EINVAL;
7571d82b48da privsep: Allow dev plugins to work
Roy Marples <roy@marples.name>
parents: 5258
diff changeset
632 return -1;
7571d82b48da privsep: Allow dev plugins to work
Roy Marples <roy@marples.name>
parents: 5258
diff changeset
633 }
7571d82b48da privsep: Allow dev plugins to work
Roy Marples <roy@marples.name>
parents: 5258
diff changeset
634
7571d82b48da privsep: Allow dev plugins to work
Roy Marples <roy@marples.name>
parents: 5258
diff changeset
635 return (int)ps_sendcmd(ctx, ctx->ps_data_fd, PS_DEV_IFCMD, flag,
7571d82b48da privsep: Allow dev plugins to work
Roy Marples <roy@marples.name>
parents: 5258
diff changeset
636 ifname, strlen(ifname) + 1);
7571d82b48da privsep: Allow dev plugins to work
Roy Marples <roy@marples.name>
parents: 5258
diff changeset
637 }
5262
f168a25dd330 privsep: Fix compile for prior without dev plugins
Roy Marples <roy@marples.name>
parents: 5260
diff changeset
638 #endif
5260
7571d82b48da privsep: Allow dev plugins to work
Roy Marples <roy@marples.name>
parents: 5258
diff changeset
639
7571d82b48da privsep: Allow dev plugins to work
Roy Marples <roy@marples.name>
parents: 5258
diff changeset
640 static int
4840
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
641 ps_root_startcb(void *arg)
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
642 {
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
643 struct dhcpcd_ctx *ctx = arg;
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
644
5169
f1a2ce25a64b dhcpcd: Fix separation of per interface and per family
Roy Marples <roy@marples.name>
parents: 5123
diff changeset
645 if (ctx->options & DHCPCD_MASTER)
f1a2ce25a64b dhcpcd: Fix separation of per interface and per family
Roy Marples <roy@marples.name>
parents: 5123
diff changeset
646 setproctitle("[privileged actioneer]");
f1a2ce25a64b dhcpcd: Fix separation of per interface and per family
Roy Marples <roy@marples.name>
parents: 5123
diff changeset
647 else
f1a2ce25a64b dhcpcd: Fix separation of per interface and per family
Roy Marples <roy@marples.name>
parents: 5123
diff changeset
648 setproctitle("[privileged actioneer] %s%s%s",
f1a2ce25a64b dhcpcd: Fix separation of per interface and per family
Roy Marples <roy@marples.name>
parents: 5123
diff changeset
649 ctx->ifv[0],
f1a2ce25a64b dhcpcd: Fix separation of per interface and per family
Roy Marples <roy@marples.name>
parents: 5123
diff changeset
650 ctx->options & DHCPCD_IPV4 ? " [ip4]" : "",
f1a2ce25a64b dhcpcd: Fix separation of per interface and per family
Roy Marples <roy@marples.name>
parents: 5123
diff changeset
651 ctx->options & DHCPCD_IPV6 ? " [ip6]" : "");
4840
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
652 ctx->ps_root_pid = getpid();
5207
84b63f09c8a4 privsep: Handle all file IO in the Priviledged Actioneer
Roy Marples <roy@marples.name>
parents: 5204
diff changeset
653 ctx->options |= DHCPCD_PRIVSEPROOT;
5231
a2c342295221 privsep: Enable Capsicum for all processes.
Roy Marples <roy@marples.name>
parents: 5225
diff changeset
654
5417
96a086beb655 Revert "privsep: shutdown read end of the write only sockets"
Roy Marples <roy@marples.name>
parents: 5408
diff changeset
655 /* Open network sockets for sending.
5231
a2c342295221 privsep: Enable Capsicum for all processes.
Roy Marples <roy@marples.name>
parents: 5225
diff changeset
656 * This is a small bit wasteful for non sandboxed OS's
a2c342295221 privsep: Enable Capsicum for all processes.
Roy Marples <roy@marples.name>
parents: 5225
diff changeset
657 * but makes life very easy for unicasting DHCPv6 in non master
5421
0229b76cea16 privsep: Set a zero length receive buffer for write only sockets
Roy Marples <roy@marples.name>
parents: 5417
diff changeset
658 * mode as we no longer care about address selection.
0229b76cea16 privsep: Set a zero length receive buffer for write only sockets
Roy Marples <roy@marples.name>
parents: 5417
diff changeset
659 * We can't call shutdown SHUT_RD on the socket because it's
0229b76cea16 privsep: Set a zero length receive buffer for write only sockets
Roy Marples <roy@marples.name>
parents: 5417
diff changeset
660 * not connectd. All we can do is try and set a zero sized
0229b76cea16 privsep: Set a zero length receive buffer for write only sockets
Roy Marples <roy@marples.name>
parents: 5417
diff changeset
661 * receive buffer and just let it overflow.
0229b76cea16 privsep: Set a zero length receive buffer for write only sockets
Roy Marples <roy@marples.name>
parents: 5417
diff changeset
662 * Reading from it just to drain it is a waste of CPU time. */
5231
a2c342295221 privsep: Enable Capsicum for all processes.
Roy Marples <roy@marples.name>
parents: 5225
diff changeset
663 #ifdef INET
5293
b161ecf0b891 privsep: Only open raw sockets for the needed protocols.
Roy Marples <roy@marples.name>
parents: 5289
diff changeset
664 if (ctx->options & DHCPCD_IPV4) {
5422
66a1c1c34366 Use a minimum bufsize of 1 as 0 doesn't work on some OS.
Roy Marples <roy@marples.name>
parents: 5421
diff changeset
665 int buflen = 1;
5421
0229b76cea16 privsep: Set a zero length receive buffer for write only sockets
Roy Marples <roy@marples.name>
parents: 5417
diff changeset
666
5293
b161ecf0b891 privsep: Only open raw sockets for the needed protocols.
Roy Marples <roy@marples.name>
parents: 5289
diff changeset
667 ctx->udp_wfd = xsocket(PF_INET,
b161ecf0b891 privsep: Only open raw sockets for the needed protocols.
Roy Marples <roy@marples.name>
parents: 5289
diff changeset
668 SOCK_RAW | SOCK_CXNB, IPPROTO_UDP);
b161ecf0b891 privsep: Only open raw sockets for the needed protocols.
Roy Marples <roy@marples.name>
parents: 5289
diff changeset
669 if (ctx->udp_wfd == -1)
b161ecf0b891 privsep: Only open raw sockets for the needed protocols.
Roy Marples <roy@marples.name>
parents: 5289
diff changeset
670 logerr("%s: dhcp_openraw", __func__);
5421
0229b76cea16 privsep: Set a zero length receive buffer for write only sockets
Roy Marples <roy@marples.name>
parents: 5417
diff changeset
671 else if (setsockopt(ctx->udp_wfd, SOL_SOCKET, SO_RCVBUF,
0229b76cea16 privsep: Set a zero length receive buffer for write only sockets
Roy Marples <roy@marples.name>
parents: 5417
diff changeset
672 &buflen, sizeof(buflen)) == -1)
0229b76cea16 privsep: Set a zero length receive buffer for write only sockets
Roy Marples <roy@marples.name>
parents: 5417
diff changeset
673 logerr("%s: setsockopt SO_RCVBUF DHCP", __func__);
5293
b161ecf0b891 privsep: Only open raw sockets for the needed protocols.
Roy Marples <roy@marples.name>
parents: 5289
diff changeset
674 }
5231
a2c342295221 privsep: Enable Capsicum for all processes.
Roy Marples <roy@marples.name>
parents: 5225
diff changeset
675 #endif
a2c342295221 privsep: Enable Capsicum for all processes.
Roy Marples <roy@marples.name>
parents: 5225
diff changeset
676 #ifdef INET6
5293
b161ecf0b891 privsep: Only open raw sockets for the needed protocols.
Roy Marples <roy@marples.name>
parents: 5289
diff changeset
677 if (ctx->options & DHCPCD_IPV6) {
5422
66a1c1c34366 Use a minimum bufsize of 1 as 0 doesn't work on some OS.
Roy Marples <roy@marples.name>
parents: 5421
diff changeset
678 int buflen = 1;
5421
0229b76cea16 privsep: Set a zero length receive buffer for write only sockets
Roy Marples <roy@marples.name>
parents: 5417
diff changeset
679
5293
b161ecf0b891 privsep: Only open raw sockets for the needed protocols.
Roy Marples <roy@marples.name>
parents: 5289
diff changeset
680 ctx->nd_fd = ipv6nd_open(false);
5330
7b6f2daea002 privsep: Fix bogus warnings without inet.
Roy Marples <roy@marples.name>
parents: 5329
diff changeset
681 if (ctx->nd_fd == -1)
5293
b161ecf0b891 privsep: Only open raw sockets for the needed protocols.
Roy Marples <roy@marples.name>
parents: 5289
diff changeset
682 logerr("%s: ipv6nd_open", __func__);
5421
0229b76cea16 privsep: Set a zero length receive buffer for write only sockets
Roy Marples <roy@marples.name>
parents: 5417
diff changeset
683 else if (setsockopt(ctx->nd_fd, SOL_SOCKET, SO_RCVBUF,
0229b76cea16 privsep: Set a zero length receive buffer for write only sockets
Roy Marples <roy@marples.name>
parents: 5417
diff changeset
684 &buflen, sizeof(buflen)) == -1)
0229b76cea16 privsep: Set a zero length receive buffer for write only sockets
Roy Marples <roy@marples.name>
parents: 5417
diff changeset
685 logerr("%s: setsockopt SO_RCVBUF ND", __func__);
5293
b161ecf0b891 privsep: Only open raw sockets for the needed protocols.
Roy Marples <roy@marples.name>
parents: 5289
diff changeset
686 }
5231
a2c342295221 privsep: Enable Capsicum for all processes.
Roy Marples <roy@marples.name>
parents: 5225
diff changeset
687 #endif
a2c342295221 privsep: Enable Capsicum for all processes.
Roy Marples <roy@marples.name>
parents: 5225
diff changeset
688 #ifdef DHCP6
5293
b161ecf0b891 privsep: Only open raw sockets for the needed protocols.
Roy Marples <roy@marples.name>
parents: 5289
diff changeset
689 if (ctx->options & DHCPCD_IPV6) {
5422
66a1c1c34366 Use a minimum bufsize of 1 as 0 doesn't work on some OS.
Roy Marples <roy@marples.name>
parents: 5421
diff changeset
690 int buflen = 1;
5421
0229b76cea16 privsep: Set a zero length receive buffer for write only sockets
Roy Marples <roy@marples.name>
parents: 5417
diff changeset
691
5293
b161ecf0b891 privsep: Only open raw sockets for the needed protocols.
Roy Marples <roy@marples.name>
parents: 5289
diff changeset
692 ctx->dhcp6_wfd = dhcp6_openraw();
5330
7b6f2daea002 privsep: Fix bogus warnings without inet.
Roy Marples <roy@marples.name>
parents: 5329
diff changeset
693 if (ctx->dhcp6_wfd == -1)
5293
b161ecf0b891 privsep: Only open raw sockets for the needed protocols.
Roy Marples <roy@marples.name>
parents: 5289
diff changeset
694 logerr("%s: dhcp6_openraw", __func__);
5421
0229b76cea16 privsep: Set a zero length receive buffer for write only sockets
Roy Marples <roy@marples.name>
parents: 5417
diff changeset
695 else if (setsockopt(ctx->dhcp6_wfd, SOL_SOCKET, SO_RCVBUF,
0229b76cea16 privsep: Set a zero length receive buffer for write only sockets
Roy Marples <roy@marples.name>
parents: 5417
diff changeset
696 &buflen, sizeof(buflen)) == -1)
0229b76cea16 privsep: Set a zero length receive buffer for write only sockets
Roy Marples <roy@marples.name>
parents: 5417
diff changeset
697 logerr("%s: setsockopt SO_RCVBUF DHCP6", __func__);
5293
b161ecf0b891 privsep: Only open raw sockets for the needed protocols.
Roy Marples <roy@marples.name>
parents: 5289
diff changeset
698 }
5231
a2c342295221 privsep: Enable Capsicum for all processes.
Roy Marples <roy@marples.name>
parents: 5225
diff changeset
699 #endif
a2c342295221 privsep: Enable Capsicum for all processes.
Roy Marples <roy@marples.name>
parents: 5225
diff changeset
700
5262
f168a25dd330 privsep: Fix compile for prior without dev plugins
Roy Marples <roy@marples.name>
parents: 5260
diff changeset
701 #ifdef PLUGIN_DEV
5260
7571d82b48da privsep: Allow dev plugins to work
Roy Marples <roy@marples.name>
parents: 5258
diff changeset
702 /* Start any dev listening plugin which may want to
7571d82b48da privsep: Allow dev plugins to work
Roy Marples <roy@marples.name>
parents: 5258
diff changeset
703 * change the interface name provided by the kernel */
7571d82b48da privsep: Allow dev plugins to work
Roy Marples <roy@marples.name>
parents: 5258
diff changeset
704 if ((ctx->options & (DHCPCD_MASTER | DHCPCD_DEV)) ==
7571d82b48da privsep: Allow dev plugins to work
Roy Marples <roy@marples.name>
parents: 5258
diff changeset
705 (DHCPCD_MASTER | DHCPCD_DEV))
7571d82b48da privsep: Allow dev plugins to work
Roy Marples <roy@marples.name>
parents: 5258
diff changeset
706 dev_start(ctx, ps_root_handleinterface);
5262
f168a25dd330 privsep: Fix compile for prior without dev plugins
Roy Marples <roy@marples.name>
parents: 5260
diff changeset
707 #endif
5260
7571d82b48da privsep: Allow dev plugins to work
Roy Marples <roy@marples.name>
parents: 5258
diff changeset
708
4840
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
709 return 0;
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
710 }
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
711
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
712 static void
5425
9edfc000a89b privsep: Only the master process accepts signals
Roy Marples <roy@marples.name>
parents: 5422
diff changeset
713 ps_root_signalcb(int sig, __unused void *arg)
4840
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
714 {
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
715
5371
0c4a9b4da8e6 privsep: Simplyfy signal handling
Roy Marples <roy@marples.name>
parents: 5367
diff changeset
716 if (sig == SIGCHLD) {
5304
04f26d9f1885 privsep: Don't wait for the process to finish when stopping it
Roy Marples <roy@marples.name>
parents: 5302
diff changeset
717 while (waitpid(-1, NULL, WNOHANG) > 0)
04f26d9f1885 privsep: Don't wait for the process to finish when stopping it
Roy Marples <roy@marples.name>
parents: 5302
diff changeset
718 ;
04f26d9f1885 privsep: Don't wait for the process to finish when stopping it
Roy Marples <roy@marples.name>
parents: 5302
diff changeset
719 return;
04f26d9f1885 privsep: Don't wait for the process to finish when stopping it
Roy Marples <roy@marples.name>
parents: 5302
diff changeset
720 }
4840
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
721 }
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
722
5260
7571d82b48da privsep: Allow dev plugins to work
Roy Marples <roy@marples.name>
parents: 5258
diff changeset
723 int (*handle_interface)(void *, int, const char *);
7571d82b48da privsep: Allow dev plugins to work
Roy Marples <roy@marples.name>
parents: 5258
diff changeset
724
7571d82b48da privsep: Allow dev plugins to work
Roy Marples <roy@marples.name>
parents: 5258
diff changeset
725 #ifdef PLUGIN_DEV
7571d82b48da privsep: Allow dev plugins to work
Roy Marples <roy@marples.name>
parents: 5258
diff changeset
726 static ssize_t
7571d82b48da privsep: Allow dev plugins to work
Roy Marples <roy@marples.name>
parents: 5258
diff changeset
727 ps_root_devcb(struct dhcpcd_ctx *ctx, struct ps_msghdr *psm, struct msghdr *msg)
7571d82b48da privsep: Allow dev plugins to work
Roy Marples <roy@marples.name>
parents: 5258
diff changeset
728 {
7571d82b48da privsep: Allow dev plugins to work
Roy Marples <roy@marples.name>
parents: 5258
diff changeset
729 int action;
7571d82b48da privsep: Allow dev plugins to work
Roy Marples <roy@marples.name>
parents: 5258
diff changeset
730 struct iovec *iov = msg->msg_iov;
7571d82b48da privsep: Allow dev plugins to work
Roy Marples <roy@marples.name>
parents: 5258
diff changeset
731
7571d82b48da privsep: Allow dev plugins to work
Roy Marples <roy@marples.name>
parents: 5258
diff changeset
732 if (msg->msg_iovlen != 1) {
7571d82b48da privsep: Allow dev plugins to work
Roy Marples <roy@marples.name>
parents: 5258
diff changeset
733 errno = EINVAL;
7571d82b48da privsep: Allow dev plugins to work
Roy Marples <roy@marples.name>
parents: 5258
diff changeset
734 return -1;
7571d82b48da privsep: Allow dev plugins to work
Roy Marples <roy@marples.name>
parents: 5258
diff changeset
735 }
7571d82b48da privsep: Allow dev plugins to work
Roy Marples <roy@marples.name>
parents: 5258
diff changeset
736
7571d82b48da privsep: Allow dev plugins to work
Roy Marples <roy@marples.name>
parents: 5258
diff changeset
737 switch(psm->ps_flags) {
7571d82b48da privsep: Allow dev plugins to work
Roy Marples <roy@marples.name>
parents: 5258
diff changeset
738 case PS_DEV_IFADDED:
7571d82b48da privsep: Allow dev plugins to work
Roy Marples <roy@marples.name>
parents: 5258
diff changeset
739 action = 1;
7571d82b48da privsep: Allow dev plugins to work
Roy Marples <roy@marples.name>
parents: 5258
diff changeset
740 break;
7571d82b48da privsep: Allow dev plugins to work
Roy Marples <roy@marples.name>
parents: 5258
diff changeset
741 case PS_DEV_IFREMOVED:
7571d82b48da privsep: Allow dev plugins to work
Roy Marples <roy@marples.name>
parents: 5258
diff changeset
742 action = -1;
7571d82b48da privsep: Allow dev plugins to work
Roy Marples <roy@marples.name>
parents: 5258
diff changeset
743 break;
7571d82b48da privsep: Allow dev plugins to work
Roy Marples <roy@marples.name>
parents: 5258
diff changeset
744 case PS_DEV_IFUPDATED:
7571d82b48da privsep: Allow dev plugins to work
Roy Marples <roy@marples.name>
parents: 5258
diff changeset
745 action = 0;
7571d82b48da privsep: Allow dev plugins to work
Roy Marples <roy@marples.name>
parents: 5258
diff changeset
746 break;
7571d82b48da privsep: Allow dev plugins to work
Roy Marples <roy@marples.name>
parents: 5258
diff changeset
747 default:
7571d82b48da privsep: Allow dev plugins to work
Roy Marples <roy@marples.name>
parents: 5258
diff changeset
748 errno = EINVAL;
7571d82b48da privsep: Allow dev plugins to work
Roy Marples <roy@marples.name>
parents: 5258
diff changeset
749 return -1;
7571d82b48da privsep: Allow dev plugins to work
Roy Marples <roy@marples.name>
parents: 5258
diff changeset
750 }
7571d82b48da privsep: Allow dev plugins to work
Roy Marples <roy@marples.name>
parents: 5258
diff changeset
751
7571d82b48da privsep: Allow dev plugins to work
Roy Marples <roy@marples.name>
parents: 5258
diff changeset
752 return dhcpcd_handleinterface(ctx, action, iov->iov_base);
7571d82b48da privsep: Allow dev plugins to work
Roy Marples <roy@marples.name>
parents: 5258
diff changeset
753 }
7571d82b48da privsep: Allow dev plugins to work
Roy Marples <roy@marples.name>
parents: 5258
diff changeset
754 #endif
7571d82b48da privsep: Allow dev plugins to work
Roy Marples <roy@marples.name>
parents: 5258
diff changeset
755
4840
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
756 static ssize_t
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
757 ps_root_dispatchcb(void *arg, struct ps_msghdr *psm, struct msghdr *msg)
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
758 {
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
759 struct dhcpcd_ctx *ctx = arg;
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
760 ssize_t err;
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
761
5260
7571d82b48da privsep: Allow dev plugins to work
Roy Marples <roy@marples.name>
parents: 5258
diff changeset
762 switch(psm->ps_cmd) {
7571d82b48da privsep: Allow dev plugins to work
Roy Marples <roy@marples.name>
parents: 5258
diff changeset
763 #ifdef PLUGIN_DEV
7571d82b48da privsep: Allow dev plugins to work
Roy Marples <roy@marples.name>
parents: 5258
diff changeset
764 case PS_DEV_IFCMD:
7571d82b48da privsep: Allow dev plugins to work
Roy Marples <roy@marples.name>
parents: 5258
diff changeset
765 err = ps_root_devcb(ctx, psm, msg);
7571d82b48da privsep: Allow dev plugins to work
Roy Marples <roy@marples.name>
parents: 5258
diff changeset
766 break;
7571d82b48da privsep: Allow dev plugins to work
Roy Marples <roy@marples.name>
parents: 5258
diff changeset
767 #endif
7571d82b48da privsep: Allow dev plugins to work
Roy Marples <roy@marples.name>
parents: 5258
diff changeset
768 default:
5286
b820f26385b7 Fix compile with inet or inet6 disabled
Roy Marples <roy@marples.name>
parents: 5267
diff changeset
769 #ifdef INET
5260
7571d82b48da privsep: Allow dev plugins to work
Roy Marples <roy@marples.name>
parents: 5258
diff changeset
770 err = ps_bpf_dispatch(ctx, psm, msg);
7571d82b48da privsep: Allow dev plugins to work
Roy Marples <roy@marples.name>
parents: 5258
diff changeset
771 if (err == -1 && errno == ENOTSUP)
5112
899adcd7f449 Fix build without INET or INET6
Roy Marples <roy@marples.name>
parents: 5060
diff changeset
772 #endif
5260
7571d82b48da privsep: Allow dev plugins to work
Roy Marples <roy@marples.name>
parents: 5258
diff changeset
773 err = ps_inet_dispatch(ctx, psm, msg);
7571d82b48da privsep: Allow dev plugins to work
Roy Marples <roy@marples.name>
parents: 5258
diff changeset
774 }
4840
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
775 return err;
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
776 }
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
777
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
778 static void
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
779 ps_root_dispatch(void *arg)
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
780 {
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
781 struct dhcpcd_ctx *ctx = arg;
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
782
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
783 if (ps_recvpsmsg(ctx, ctx->ps_data_fd, ps_root_dispatchcb, ctx) == -1)
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
784 logerr(__func__);
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
785 }
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
786
5525
26b5d9bc2985 privsep: Send all log messages to the privileged actioneer
Roy Marples <roy@marples.name>
parents: 5491
diff changeset
787 static void
5526
b1a3d9055662 privsep: Allow logfile reopening in a chroot
Roy Marples <roy@marples.name>
parents: 5525
diff changeset
788 ps_root_log(void *arg)
5525
26b5d9bc2985 privsep: Send all log messages to the privileged actioneer
Roy Marples <roy@marples.name>
parents: 5491
diff changeset
789 {
26b5d9bc2985 privsep: Send all log messages to the privileged actioneer
Roy Marples <roy@marples.name>
parents: 5491
diff changeset
790 struct dhcpcd_ctx *ctx = arg;
26b5d9bc2985 privsep: Send all log messages to the privileged actioneer
Roy Marples <roy@marples.name>
parents: 5491
diff changeset
791
5526
b1a3d9055662 privsep: Allow logfile reopening in a chroot
Roy Marples <roy@marples.name>
parents: 5525
diff changeset
792 if (logreadfd(ctx->ps_log_fd) == -1)
5525
26b5d9bc2985 privsep: Send all log messages to the privileged actioneer
Roy Marples <roy@marples.name>
parents: 5491
diff changeset
793 logerr(__func__);
26b5d9bc2985 privsep: Send all log messages to the privileged actioneer
Roy Marples <roy@marples.name>
parents: 5491
diff changeset
794 }
26b5d9bc2985 privsep: Send all log messages to the privileged actioneer
Roy Marples <roy@marples.name>
parents: 5491
diff changeset
795
4840
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
796 pid_t
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
797 ps_root_start(struct dhcpcd_ctx *ctx)
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
798 {
5525
26b5d9bc2985 privsep: Send all log messages to the privileged actioneer
Roy Marples <roy@marples.name>
parents: 5491
diff changeset
799 int logfd[2], datafd[2];
4840
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
800 pid_t pid;
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
801
5525
26b5d9bc2985 privsep: Send all log messages to the privileged actioneer
Roy Marples <roy@marples.name>
parents: 5491
diff changeset
802 if (xsocketpair(AF_UNIX, SOCK_DGRAM | SOCK_CXNB, 0, logfd) == -1)
5321
41b99a2a12cf privsep: Limit rights generically rather than Capsicum specifc
Roy Marples <roy@marples.name>
parents: 5316
diff changeset
803 return -1;
41b99a2a12cf privsep: Limit rights generically rather than Capsicum specifc
Roy Marples <roy@marples.name>
parents: 5316
diff changeset
804 #ifdef PRIVSEP_RIGHTS
5525
26b5d9bc2985 privsep: Send all log messages to the privileged actioneer
Roy Marples <roy@marples.name>
parents: 5491
diff changeset
805 if (ps_rights_limit_fdpair(logfd) == -1)
26b5d9bc2985 privsep: Send all log messages to the privileged actioneer
Roy Marples <roy@marples.name>
parents: 5491
diff changeset
806 return -1;
26b5d9bc2985 privsep: Send all log messages to the privileged actioneer
Roy Marples <roy@marples.name>
parents: 5491
diff changeset
807 #endif
26b5d9bc2985 privsep: Send all log messages to the privileged actioneer
Roy Marples <roy@marples.name>
parents: 5491
diff changeset
808
26b5d9bc2985 privsep: Send all log messages to the privileged actioneer
Roy Marples <roy@marples.name>
parents: 5491
diff changeset
809 if (socketpair(AF_UNIX, SOCK_DGRAM | SOCK_CXNB, 0, datafd) == -1)
26b5d9bc2985 privsep: Send all log messages to the privileged actioneer
Roy Marples <roy@marples.name>
parents: 5491
diff changeset
810 return -1;
26b5d9bc2985 privsep: Send all log messages to the privileged actioneer
Roy Marples <roy@marples.name>
parents: 5491
diff changeset
811 if (ps_setbuf_fdpair(datafd) == -1)
26b5d9bc2985 privsep: Send all log messages to the privileged actioneer
Roy Marples <roy@marples.name>
parents: 5491
diff changeset
812 return -1;
26b5d9bc2985 privsep: Send all log messages to the privileged actioneer
Roy Marples <roy@marples.name>
parents: 5491
diff changeset
813 #ifdef PRIVSEP_RIGHTS
26b5d9bc2985 privsep: Send all log messages to the privileged actioneer
Roy Marples <roy@marples.name>
parents: 5491
diff changeset
814 if (ps_rights_limit_fdpair(datafd) == -1)
5321
41b99a2a12cf privsep: Limit rights generically rather than Capsicum specifc
Roy Marples <roy@marples.name>
parents: 5316
diff changeset
815 return -1;
41b99a2a12cf privsep: Limit rights generically rather than Capsicum specifc
Roy Marples <roy@marples.name>
parents: 5316
diff changeset
816 #endif
4840
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
817
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
818 pid = ps_dostart(ctx, &ctx->ps_root_pid, &ctx->ps_root_fd,
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
819 ps_root_recvmsg, NULL, ctx,
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
820 ps_root_startcb, ps_root_signalcb, 0);
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
821
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
822 if (pid == 0) {
5526
b1a3d9055662 privsep: Allow logfile reopening in a chroot
Roy Marples <roy@marples.name>
parents: 5525
diff changeset
823 ctx->ps_log_fd = logfd[1];
b1a3d9055662 privsep: Allow logfile reopening in a chroot
Roy Marples <roy@marples.name>
parents: 5525
diff changeset
824 if (eloop_event_add(ctx->eloop, ctx->ps_log_fd,
b1a3d9055662 privsep: Allow logfile reopening in a chroot
Roy Marples <roy@marples.name>
parents: 5525
diff changeset
825 ps_root_log, ctx) == -1)
5525
26b5d9bc2985 privsep: Send all log messages to the privileged actioneer
Roy Marples <roy@marples.name>
parents: 5491
diff changeset
826 return -1;
26b5d9bc2985 privsep: Send all log messages to the privileged actioneer
Roy Marples <roy@marples.name>
parents: 5491
diff changeset
827 close(logfd[0]);
26b5d9bc2985 privsep: Send all log messages to the privileged actioneer
Roy Marples <roy@marples.name>
parents: 5491
diff changeset
828 ctx->ps_data_fd = datafd[1];
26b5d9bc2985 privsep: Send all log messages to the privileged actioneer
Roy Marples <roy@marples.name>
parents: 5491
diff changeset
829 close(datafd[0]);
4851
b615d58905ad privsep: Use another eloop instead of a blocking read.
Roy Marples <roy@marples.name>
parents: 4844
diff changeset
830 return 0;
b615d58905ad privsep: Use another eloop instead of a blocking read.
Roy Marples <roy@marples.name>
parents: 4844
diff changeset
831 } else if (pid == -1)
b615d58905ad privsep: Use another eloop instead of a blocking read.
Roy Marples <roy@marples.name>
parents: 4844
diff changeset
832 return -1;
b615d58905ad privsep: Use another eloop instead of a blocking read.
Roy Marples <roy@marples.name>
parents: 4844
diff changeset
833
5526
b1a3d9055662 privsep: Allow logfile reopening in a chroot
Roy Marples <roy@marples.name>
parents: 5525
diff changeset
834 logsetfd(logfd[0]);
5525
26b5d9bc2985 privsep: Send all log messages to the privileged actioneer
Roy Marples <roy@marples.name>
parents: 5491
diff changeset
835 close(logfd[1]);
26b5d9bc2985 privsep: Send all log messages to the privileged actioneer
Roy Marples <roy@marples.name>
parents: 5491
diff changeset
836
26b5d9bc2985 privsep: Send all log messages to the privileged actioneer
Roy Marples <roy@marples.name>
parents: 5491
diff changeset
837 ctx->ps_data_fd = datafd[0];
26b5d9bc2985 privsep: Send all log messages to the privileged actioneer
Roy Marples <roy@marples.name>
parents: 5491
diff changeset
838 close(datafd[1]);
4851
b615d58905ad privsep: Use another eloop instead of a blocking read.
Roy Marples <roy@marples.name>
parents: 4844
diff changeset
839 if (eloop_event_add(ctx->eloop, ctx->ps_data_fd,
b615d58905ad privsep: Use another eloop instead of a blocking read.
Roy Marples <roy@marples.name>
parents: 4844
diff changeset
840 ps_root_dispatch, ctx) == -1)
5231
a2c342295221 privsep: Enable Capsicum for all processes.
Roy Marples <roy@marples.name>
parents: 5225
diff changeset
841 return -1;
4851
b615d58905ad privsep: Use another eloop instead of a blocking read.
Roy Marples <roy@marples.name>
parents: 4844
diff changeset
842
5231
a2c342295221 privsep: Enable Capsicum for all processes.
Roy Marples <roy@marples.name>
parents: 5225
diff changeset
843 if ((ctx->ps_eloop = eloop_new()) == NULL)
4851
b615d58905ad privsep: Use another eloop instead of a blocking read.
Roy Marples <roy@marples.name>
parents: 4844
diff changeset
844 return -1;
b615d58905ad privsep: Use another eloop instead of a blocking read.
Roy Marples <roy@marples.name>
parents: 4844
diff changeset
845
5301
e6f1372f2cf0 eloop: Just use ppoll(2)
Roy Marples <roy@marples.name>
parents: 5299
diff changeset
846 eloop_signal_set_cb(ctx->ps_eloop,
4851
b615d58905ad privsep: Use another eloop instead of a blocking read.
Roy Marples <roy@marples.name>
parents: 4844
diff changeset
847 dhcpcd_signals, dhcpcd_signals_len,
5367
fce20bebb28a privsep: Use root signal_cb for all signals here.
Roy Marples <roy@marples.name>
parents: 5365
diff changeset
848 ps_root_signalcb, ctx);
5231
a2c342295221 privsep: Enable Capsicum for all processes.
Roy Marples <roy@marples.name>
parents: 5225
diff changeset
849
4840
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
850 return pid;
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
851 }
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
852
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
853 int
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
854 ps_root_stop(struct dhcpcd_ctx *ctx)
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
855 {
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
856
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
857 return ps_dostop(ctx, &ctx->ps_root_pid, &ctx->ps_root_fd);
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
858 }
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
859
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
860 ssize_t
5255
ee23398a68db dhcpcd: Move the script file from per interface to global context
Roy Marples <roy@marples.name>
parents: 5253
diff changeset
861 ps_root_script(struct dhcpcd_ctx *ctx, const void *data, size_t len)
4840
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
862 {
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
863
5255
ee23398a68db dhcpcd: Move the script file from per interface to global context
Roy Marples <roy@marples.name>
parents: 5253
diff changeset
864 if (ps_sendcmd(ctx, ctx->ps_root_fd, PS_SCRIPT, 0, data, len) == -1)
4840
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
865 return -1;
5255
ee23398a68db dhcpcd: Move the script file from per interface to global context
Roy Marples <roy@marples.name>
parents: 5253
diff changeset
866 return ps_root_readerror(ctx, NULL, 0);
4840
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
867 }
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
868
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
869 ssize_t
4948
b664b38faf10 ioctl: The POSIX signature differs from BSD and glibc
Roy Marples <roy@marples.name>
parents: 4922
diff changeset
870 ps_root_ioctl(struct dhcpcd_ctx *ctx, ioctl_request_t req, void *data,
b664b38faf10 ioctl: The POSIX signature differs from BSD and glibc
Roy Marples <roy@marples.name>
parents: 4922
diff changeset
871 size_t len)
4840
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
872 {
4948
b664b38faf10 ioctl: The POSIX signature differs from BSD and glibc
Roy Marples <roy@marples.name>
parents: 4922
diff changeset
873 #ifdef IOCTL_REQUEST_TYPE
b664b38faf10 ioctl: The POSIX signature differs from BSD and glibc
Roy Marples <roy@marples.name>
parents: 4922
diff changeset
874 unsigned long ulreq = 0;
b664b38faf10 ioctl: The POSIX signature differs from BSD and glibc
Roy Marples <roy@marples.name>
parents: 4922
diff changeset
875
b664b38faf10 ioctl: The POSIX signature differs from BSD and glibc
Roy Marples <roy@marples.name>
parents: 4922
diff changeset
876 memcpy(&ulreq, &req, sizeof(req));
b664b38faf10 ioctl: The POSIX signature differs from BSD and glibc
Roy Marples <roy@marples.name>
parents: 4922
diff changeset
877 if (ps_sendcmd(ctx, ctx->ps_root_fd, PS_IOCTL, ulreq, data, len) == -1)
b664b38faf10 ioctl: The POSIX signature differs from BSD and glibc
Roy Marples <roy@marples.name>
parents: 4922
diff changeset
878 return -1;
b664b38faf10 ioctl: The POSIX signature differs from BSD and glibc
Roy Marples <roy@marples.name>
parents: 4922
diff changeset
879 #else
4840
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
880 if (ps_sendcmd(ctx, ctx->ps_root_fd, PS_IOCTL, req, data, len) == -1)
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
881 return -1;
4948
b664b38faf10 ioctl: The POSIX signature differs from BSD and glibc
Roy Marples <roy@marples.name>
parents: 4922
diff changeset
882 #endif
5202
318cd9e48312 privsep: Copy back ioctl data
Roy Marples <roy@marples.name>
parents: 5183
diff changeset
883 return ps_root_readerror(ctx, data, len);
4840
073fcd86db9b privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff changeset
884 }
4989
ca9234046989 privsep: chroot the master process
Roy Marples <roy@marples.name>
parents: 4948
diff changeset
885
5207
84b63f09c8a4 privsep: Handle all file IO in the Priviledged Actioneer
Roy Marples <roy@marples.name>
parents: 5204
diff changeset
886 ssize_t
84b63f09c8a4 privsep: Handle all file IO in the Priviledged Actioneer
Roy Marples <roy@marples.name>
parents: 5204
diff changeset
887 ps_root_unlink(struct dhcpcd_ctx *ctx, const char *file)
4989
ca9234046989 privsep: chroot the master process
Roy Marples <roy@marples.name>
parents: 4948
diff changeset
888 {
ca9234046989 privsep: chroot the master process
Roy Marples <roy@marples.name>
parents: 4948
diff changeset
889
5207
84b63f09c8a4 privsep: Handle all file IO in the Priviledged Actioneer
Roy Marples <roy@marples.name>
parents: 5204
diff changeset
890 if (ps_sendcmd(ctx, ctx->ps_root_fd, PS_UNLINK, 0,
84b63f09c8a4 privsep: Handle all file IO in the Priviledged Actioneer
Roy Marples <roy@marples.name>
parents: 5204
diff changeset
891 file, strlen(file) + 1) == -1)
4989
ca9234046989 privsep: chroot the master process
Roy Marples <roy@marples.name>
parents: 4948
diff changeset
892 return -1;
5202
318cd9e48312 privsep: Copy back ioctl data
Roy Marples <roy@marples.name>
parents: 5183
diff changeset
893 return ps_root_readerror(ctx, NULL, 0);
4989
ca9234046989 privsep: chroot the master process
Roy Marples <roy@marples.name>
parents: 4948
diff changeset
894 }
4991
45bd88c307ed privsep: copy configuration file into chroot
Roy Marples <roy@marples.name>
parents: 4989
diff changeset
895
45bd88c307ed privsep: copy configuration file into chroot
Roy Marples <roy@marples.name>
parents: 4989
diff changeset
896 ssize_t
5207
84b63f09c8a4 privsep: Handle all file IO in the Priviledged Actioneer
Roy Marples <roy@marples.name>
parents: 5204
diff changeset
897 ps_root_readfile(struct dhcpcd_ctx *ctx, const char *file,
84b63f09c8a4 privsep: Handle all file IO in the Priviledged Actioneer
Roy Marples <roy@marples.name>
parents: 5204
diff changeset
898 void *data, size_t len)
4991
45bd88c307ed privsep: copy configuration file into chroot
Roy Marples <roy@marples.name>
parents: 4989
diff changeset
899 {
5207
84b63f09c8a4 privsep: Handle all file IO in the Priviledged Actioneer
Roy Marples <roy@marples.name>
parents: 5204
diff changeset
900 if (ps_sendcmd(ctx, ctx->ps_root_fd, PS_READFILE, 0,
84b63f09c8a4 privsep: Handle all file IO in the Priviledged Actioneer
Roy Marples <roy@marples.name>
parents: 5204
diff changeset
901 file, strlen(file) + 1) == -1)
84b63f09c8a4 privsep: Handle all file IO in the Priviledged Actioneer
Roy Marples <roy@marples.name>
parents: 5204
diff changeset
902 return -1;
84b63f09c8a4 privsep: Handle all file IO in the Priviledged Actioneer
Roy Marples <roy@marples.name>
parents: 5204
diff changeset
903 return ps_root_readerror(ctx, data, len);
4991
45bd88c307ed privsep: copy configuration file into chroot
Roy Marples <roy@marples.name>
parents: 4989
diff changeset
904 }
45bd88c307ed privsep: copy configuration file into chroot
Roy Marples <roy@marples.name>
parents: 4989
diff changeset
905
45bd88c307ed privsep: copy configuration file into chroot
Roy Marples <roy@marples.name>
parents: 4989
diff changeset
906 ssize_t
5207
84b63f09c8a4 privsep: Handle all file IO in the Priviledged Actioneer
Roy Marples <roy@marples.name>
parents: 5204
diff changeset
907 ps_root_writefile(struct dhcpcd_ctx *ctx, const char *file, mode_t mode,
84b63f09c8a4 privsep: Handle all file IO in the Priviledged Actioneer
Roy Marples <roy@marples.name>
parents: 5204
diff changeset
908 const void *data, size_t len)
84b63f09c8a4 privsep: Handle all file IO in the Priviledged Actioneer
Roy Marples <roy@marples.name>
parents: 5204
diff changeset
909 {
84b63f09c8a4 privsep: Handle all file IO in the Priviledged Actioneer
Roy Marples <roy@marples.name>
parents: 5204
diff changeset
910 char buf[PS_BUFLEN];
84b63f09c8a4 privsep: Handle all file IO in the Priviledged Actioneer
Roy Marples <roy@marples.name>
parents: 5204
diff changeset
911 size_t flen;
84b63f09c8a4 privsep: Handle all file IO in the Priviledged Actioneer
Roy Marples <roy@marples.name>
parents: 5204
diff changeset
912
84b63f09c8a4 privsep: Handle all file IO in the Priviledged Actioneer
Roy Marples <roy@marples.name>
parents: 5204
diff changeset
913 flen = strlcpy(buf, file, sizeof(buf));
84b63f09c8a4 privsep: Handle all file IO in the Priviledged Actioneer
Roy Marples <roy@marples.name>
parents: 5204
diff changeset
914 flen += 1;
84b63f09c8a4 privsep: Handle all file IO in the Priviledged Actioneer
Roy Marples <roy@marples.name>
parents: 5204
diff changeset
915 if (flen > sizeof(buf) || flen + len > sizeof(buf)) {
84b63f09c8a4 privsep: Handle all file IO in the Priviledged Actioneer
Roy Marples <roy@marples.name>
parents: 5204
diff changeset
916 errno = ENOBUFS;
84b63f09c8a4 privsep: Handle all file IO in the Priviledged Actioneer
Roy Marples <roy@marples.name>
parents: 5204
diff changeset
917 return -1;
84b63f09c8a4 privsep: Handle all file IO in the Priviledged Actioneer
Roy Marples <roy@marples.name>
parents: 5204
diff changeset
918 }
84b63f09c8a4 privsep: Handle all file IO in the Priviledged Actioneer
Roy Marples <roy@marples.name>
parents: 5204
diff changeset
919 memcpy(buf + flen, data, len);
84b63f09c8a4 privsep: Handle all file IO in the Priviledged Actioneer
Roy Marples <roy@marples.name>
parents: 5204
diff changeset
920
84b63f09c8a4 privsep: Handle all file IO in the Priviledged Actioneer
Roy Marples <roy@marples.name>
parents: 5204
diff changeset
921 if (ps_sendcmd(ctx, ctx->ps_root_fd, PS_WRITEFILE, mode,
84b63f09c8a4 privsep: Handle all file IO in the Priviledged Actioneer
Roy Marples <roy@marples.name>
parents: 5204
diff changeset
922 buf, flen + len) == -1)
84b63f09c8a4 privsep: Handle all file IO in the Priviledged Actioneer
Roy Marples <roy@marples.name>
parents: 5204
diff changeset
923 return -1;
84b63f09c8a4 privsep: Handle all file IO in the Priviledged Actioneer
Roy Marples <roy@marples.name>
parents: 5204
diff changeset
924 return ps_root_readerror(ctx, NULL, 0);
84b63f09c8a4 privsep: Handle all file IO in the Priviledged Actioneer
Roy Marples <roy@marples.name>
parents: 5204
diff changeset
925 }
84b63f09c8a4 privsep: Handle all file IO in the Priviledged Actioneer
Roy Marples <roy@marples.name>
parents: 5204
diff changeset
926
5208
6e53055c9989 Fix compile warnings with prior.
Roy Marples <roy@marples.name>
parents: 5207
diff changeset
927 ssize_t
5207
84b63f09c8a4 privsep: Handle all file IO in the Priviledged Actioneer
Roy Marples <roy@marples.name>
parents: 5204
diff changeset
928 ps_root_filemtime(struct dhcpcd_ctx *ctx, const char *file, time_t *time)
4991
45bd88c307ed privsep: copy configuration file into chroot
Roy Marples <roy@marples.name>
parents: 4989
diff changeset
929 {
45bd88c307ed privsep: copy configuration file into chroot
Roy Marples <roy@marples.name>
parents: 4989
diff changeset
930
5207
84b63f09c8a4 privsep: Handle all file IO in the Priviledged Actioneer
Roy Marples <roy@marples.name>
parents: 5204
diff changeset
931 if (ps_sendcmd(ctx, ctx->ps_root_fd, PS_FILEMTIME, 0,
84b63f09c8a4 privsep: Handle all file IO in the Priviledged Actioneer
Roy Marples <roy@marples.name>
parents: 5204
diff changeset
932 file, strlen(file) + 1) == -1)
84b63f09c8a4 privsep: Handle all file IO in the Priviledged Actioneer
Roy Marples <roy@marples.name>
parents: 5204
diff changeset
933 return -1;
84b63f09c8a4 privsep: Handle all file IO in the Priviledged Actioneer
Roy Marples <roy@marples.name>
parents: 5204
diff changeset
934 return ps_root_readerror(ctx, time, sizeof(*time));
4991
45bd88c307ed privsep: copy configuration file into chroot
Roy Marples <roy@marples.name>
parents: 4989
diff changeset
935 }
5223
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
936
5526
b1a3d9055662 privsep: Allow logfile reopening in a chroot
Roy Marples <roy@marples.name>
parents: 5525
diff changeset
937 ssize_t
b1a3d9055662 privsep: Allow logfile reopening in a chroot
Roy Marples <roy@marples.name>
parents: 5525
diff changeset
938 ps_root_logreopen(struct dhcpcd_ctx *ctx)
b1a3d9055662 privsep: Allow logfile reopening in a chroot
Roy Marples <roy@marples.name>
parents: 5525
diff changeset
939 {
b1a3d9055662 privsep: Allow logfile reopening in a chroot
Roy Marples <roy@marples.name>
parents: 5525
diff changeset
940
b1a3d9055662 privsep: Allow logfile reopening in a chroot
Roy Marples <roy@marples.name>
parents: 5525
diff changeset
941 if (ps_sendcmd(ctx, ctx->ps_root_fd, PS_LOGREOPEN, 0, NULL, 0) == -1)
b1a3d9055662 privsep: Allow logfile reopening in a chroot
Roy Marples <roy@marples.name>
parents: 5525
diff changeset
942 return -1;
b1a3d9055662 privsep: Allow logfile reopening in a chroot
Roy Marples <roy@marples.name>
parents: 5525
diff changeset
943 return ps_root_readerror(ctx, NULL, 0);
b1a3d9055662 privsep: Allow logfile reopening in a chroot
Roy Marples <roy@marples.name>
parents: 5525
diff changeset
944 }
b1a3d9055662 privsep: Allow logfile reopening in a chroot
Roy Marples <roy@marples.name>
parents: 5525
diff changeset
945
5316
0a99cd624a1c Linux: make resource limits work by using getifaddrs over privsep
Roy Marples <roy@marples.name>
parents: 5309
diff changeset
946 #ifdef PRIVSEP_GETIFADDRS
5223
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
947 int
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
948 ps_root_getifaddrs(struct dhcpcd_ctx *ctx, struct ifaddrs **ifahead)
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
949 {
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
950 struct ifaddrs *ifa;
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
951 void *buf = NULL;
5225
2b18af138e24 privsep: sockaddr len should be socklen_t
Roy Marples <roy@marples.name>
parents: 5224
diff changeset
952 char *bp, *sap;
2b18af138e24 privsep: sockaddr len should be socklen_t
Roy Marples <roy@marples.name>
parents: 5224
diff changeset
953 socklen_t salen;
5223
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
954 size_t len;
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
955 ssize_t err;
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
956
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
957 if (ps_sendcmd(ctx, ctx->ps_root_fd,
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
958 PS_GETIFADDRS, 0, NULL, 0) == -1)
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
959 return -1;
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
960 err = ps_root_mreaderror(ctx, &buf, &len);
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
961
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
962 if (err == -1)
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
963 return -1;
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
964
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
965 /* Should be impossible - lo0 will always exist. */
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
966 if (len == 0) {
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
967 *ifahead = NULL;
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
968 return 0;
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
969 }
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
970
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
971 bp = buf;
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
972 *ifahead = (struct ifaddrs *)(void *)bp;
5316
0a99cd624a1c Linux: make resource limits work by using getifaddrs over privsep
Roy Marples <roy@marples.name>
parents: 5309
diff changeset
973 for (ifa = *ifahead; ifa != NULL; ifa = ifa->ifa_next) {
5223
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
974 if (len < ALIGN(sizeof(*ifa)) +
5225
2b18af138e24 privsep: sockaddr len should be socklen_t
Roy Marples <roy@marples.name>
parents: 5224
diff changeset
975 ALIGN(IFNAMSIZ) + ALIGN(sizeof(salen) * IFA_NADDRS))
5223
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
976 goto err;
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
977 bp += ALIGN(sizeof(*ifa));
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
978 ifa->ifa_name = bp;
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
979 bp += ALIGN(IFNAMSIZ);
5225
2b18af138e24 privsep: sockaddr len should be socklen_t
Roy Marples <roy@marples.name>
parents: 5224
diff changeset
980 sap = bp;
2b18af138e24 privsep: sockaddr len should be socklen_t
Roy Marples <roy@marples.name>
parents: 5224
diff changeset
981 bp += ALIGN(sizeof(salen) * IFA_NADDRS);
5223
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
982 len -= ALIGN(sizeof(*ifa)) +
5225
2b18af138e24 privsep: sockaddr len should be socklen_t
Roy Marples <roy@marples.name>
parents: 5224
diff changeset
983 ALIGN(IFNAMSIZ) + ALIGN(sizeof(salen) * IFA_NADDRS);
5223
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
984
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
985 #define COPYOUTSA(addr) \
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
986 do { \
5225
2b18af138e24 privsep: sockaddr len should be socklen_t
Roy Marples <roy@marples.name>
parents: 5224
diff changeset
987 memcpy(&salen, sap, sizeof(salen)); \
2b18af138e24 privsep: sockaddr len should be socklen_t
Roy Marples <roy@marples.name>
parents: 5224
diff changeset
988 if (len < salen) \
5223
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
989 goto err; \
5225
2b18af138e24 privsep: sockaddr len should be socklen_t
Roy Marples <roy@marples.name>
parents: 5224
diff changeset
990 if (salen != 0) { \
5223
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
991 (addr) = (struct sockaddr *)bp; \
5225
2b18af138e24 privsep: sockaddr len should be socklen_t
Roy Marples <roy@marples.name>
parents: 5224
diff changeset
992 bp += ALIGN(salen); \
2b18af138e24 privsep: sockaddr len should be socklen_t
Roy Marples <roy@marples.name>
parents: 5224
diff changeset
993 len -= ALIGN(salen); \
5223
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
994 } \
5225
2b18af138e24 privsep: sockaddr len should be socklen_t
Roy Marples <roy@marples.name>
parents: 5224
diff changeset
995 sap += sizeof(salen); \
5223
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
996 } while (0 /* CONSTCOND */)
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
997
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
998 COPYOUTSA(ifa->ifa_addr);
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
999 COPYOUTSA(ifa->ifa_netmask);
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
1000 COPYOUTSA(ifa->ifa_broadaddr);
5491
6cd47402148f privsep: We now need to carry ifa_data for BSD
Roy Marples <roy@marples.name>
parents: 5457
diff changeset
1001
6cd47402148f privsep: We now need to carry ifa_data for BSD
Roy Marples <roy@marples.name>
parents: 5457
diff changeset
1002 memcpy(&salen, sap, sizeof(salen));
6cd47402148f privsep: We now need to carry ifa_data for BSD
Roy Marples <roy@marples.name>
parents: 5457
diff changeset
1003 if (len < salen)
6cd47402148f privsep: We now need to carry ifa_data for BSD
Roy Marples <roy@marples.name>
parents: 5457
diff changeset
1004 goto err;
6cd47402148f privsep: We now need to carry ifa_data for BSD
Roy Marples <roy@marples.name>
parents: 5457
diff changeset
1005 if (salen != 0) {
6cd47402148f privsep: We now need to carry ifa_data for BSD
Roy Marples <roy@marples.name>
parents: 5457
diff changeset
1006 ifa->ifa_data = bp;
6cd47402148f privsep: We now need to carry ifa_data for BSD
Roy Marples <roy@marples.name>
parents: 5457
diff changeset
1007 bp += ALIGN(salen);
6cd47402148f privsep: We now need to carry ifa_data for BSD
Roy Marples <roy@marples.name>
parents: 5457
diff changeset
1008 len -= ALIGN(salen);
6cd47402148f privsep: We now need to carry ifa_data for BSD
Roy Marples <roy@marples.name>
parents: 5457
diff changeset
1009 } else
6cd47402148f privsep: We now need to carry ifa_data for BSD
Roy Marples <roy@marples.name>
parents: 5457
diff changeset
1010 ifa->ifa_data = NULL;
6cd47402148f privsep: We now need to carry ifa_data for BSD
Roy Marples <roy@marples.name>
parents: 5457
diff changeset
1011
5316
0a99cd624a1c Linux: make resource limits work by using getifaddrs over privsep
Roy Marples <roy@marples.name>
parents: 5309
diff changeset
1012 if (len != 0)
0a99cd624a1c Linux: make resource limits work by using getifaddrs over privsep
Roy Marples <roy@marples.name>
parents: 5309
diff changeset
1013 ifa->ifa_next = (struct ifaddrs *)(void *)bp;
0a99cd624a1c Linux: make resource limits work by using getifaddrs over privsep
Roy Marples <roy@marples.name>
parents: 5309
diff changeset
1014 else
0a99cd624a1c Linux: make resource limits work by using getifaddrs over privsep
Roy Marples <roy@marples.name>
parents: 5309
diff changeset
1015 ifa->ifa_next = NULL;
5223
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
1016 }
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
1017 return 0;
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
1018
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
1019 err:
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
1020 free(buf);
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
1021 *ifahead = NULL;
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
1022 errno = EINVAL;
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
1023 return -1;
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
1024 }
333f66ce84bd privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents: 5208
diff changeset
1025 #endif
5258
f29e384aa13e privsep: Allow Linux to work without needing any mounts
Roy Marples <roy@marples.name>
parents: 5255
diff changeset
1026
f29e384aa13e privsep: Allow Linux to work without needing any mounts
Roy Marples <roy@marples.name>
parents: 5255
diff changeset
1027 #if defined(__linux__) || defined(HAVE_PLEDGE)
f29e384aa13e privsep: Allow Linux to work without needing any mounts
Roy Marples <roy@marples.name>
parents: 5255
diff changeset
1028 ssize_t
f29e384aa13e privsep: Allow Linux to work without needing any mounts
Roy Marples <roy@marples.name>
parents: 5255
diff changeset
1029 ps_root_ip6forwarding(struct dhcpcd_ctx *ctx, const char *ifname)
f29e384aa13e privsep: Allow Linux to work without needing any mounts
Roy Marples <roy@marples.name>
parents: 5255
diff changeset
1030 {
f29e384aa13e privsep: Allow Linux to work without needing any mounts
Roy Marples <roy@marples.name>
parents: 5255
diff changeset
1031
5263
1e7ce40ed871 Fix prior for BSD
Roy Marples <roy@marples.name>
parents: 5262
diff changeset
1032 if (ps_sendcmd(ctx, ctx->ps_root_fd, PS_IP6FORWARDING, 0,
1e7ce40ed871 Fix prior for BSD
Roy Marples <roy@marples.name>
parents: 5262
diff changeset
1033 ifname, ifname != NULL ? strlen(ifname) + 1 : 0) == -1)
5258
f29e384aa13e privsep: Allow Linux to work without needing any mounts
Roy Marples <roy@marples.name>
parents: 5255
diff changeset
1034 return -1;
f29e384aa13e privsep: Allow Linux to work without needing any mounts
Roy Marples <roy@marples.name>
parents: 5255
diff changeset
1035 return ps_root_readerror(ctx, NULL, 0);
f29e384aa13e privsep: Allow Linux to work without needing any mounts
Roy Marples <roy@marples.name>
parents: 5255
diff changeset
1036 }
f29e384aa13e privsep: Allow Linux to work without needing any mounts
Roy Marples <roy@marples.name>
parents: 5255
diff changeset
1037 #endif
5260
7571d82b48da privsep: Allow dev plugins to work
Roy Marples <roy@marples.name>
parents: 5258
diff changeset
1038
5299
b7e676ac73c1 privsep: Access the RDM monotic file via IPC
Roy Marples <roy@marples.name>
parents: 5297
diff changeset
1039 #ifdef AUTH
b7e676ac73c1 privsep: Access the RDM monotic file via IPC
Roy Marples <roy@marples.name>
parents: 5297
diff changeset
1040 int
b7e676ac73c1 privsep: Access the RDM monotic file via IPC
Roy Marples <roy@marples.name>
parents: 5297
diff changeset
1041 ps_root_getauthrdm(struct dhcpcd_ctx *ctx, uint64_t *rdm)
b7e676ac73c1 privsep: Access the RDM monotic file via IPC
Roy Marples <roy@marples.name>
parents: 5297
diff changeset
1042 {
b7e676ac73c1 privsep: Access the RDM monotic file via IPC
Roy Marples <roy@marples.name>
parents: 5297
diff changeset
1043
b7e676ac73c1 privsep: Access the RDM monotic file via IPC
Roy Marples <roy@marples.name>
parents: 5297
diff changeset
1044 if (ps_sendcmd(ctx, ctx->ps_root_fd, PS_AUTH_MONORDM, 0,
5350
f97d9554afb4 privsep: fix size of rdm
Roy Marples <roy@marples.name>
parents: 5345
diff changeset
1045 rdm, sizeof(*rdm))== -1)
5299
b7e676ac73c1 privsep: Access the RDM monotic file via IPC
Roy Marples <roy@marples.name>
parents: 5297
diff changeset
1046 return -1;
b7e676ac73c1 privsep: Access the RDM monotic file via IPC
Roy Marples <roy@marples.name>
parents: 5297
diff changeset
1047 return (int)ps_root_readerror(ctx, rdm, sizeof(*rdm));
b7e676ac73c1 privsep: Access the RDM monotic file via IPC
Roy Marples <roy@marples.name>
parents: 5297
diff changeset
1048 }
b7e676ac73c1 privsep: Access the RDM monotic file via IPC
Roy Marples <roy@marples.name>
parents: 5297
diff changeset
1049 #endif
b7e676ac73c1 privsep: Access the RDM monotic file via IPC
Roy Marples <roy@marples.name>
parents: 5297
diff changeset
1050
5260
7571d82b48da privsep: Allow dev plugins to work
Roy Marples <roy@marples.name>
parents: 5258
diff changeset
1051 #ifdef PLUGIN_DEV
7571d82b48da privsep: Allow dev plugins to work
Roy Marples <roy@marples.name>
parents: 5258
diff changeset
1052 int
5457
7fb0274b9127 Linux: detect network namespace and deny udev in one
Roy Marples <roy@marples.name>
parents: 5425
diff changeset
1053 ps_root_dev_initialised(struct dhcpcd_ctx *ctx, const char *ifname)
5260
7571d82b48da privsep: Allow dev plugins to work
Roy Marples <roy@marples.name>
parents: 5258
diff changeset
1054 {
7571d82b48da privsep: Allow dev plugins to work
Roy Marples <roy@marples.name>
parents: 5258
diff changeset
1055
7571d82b48da privsep: Allow dev plugins to work
Roy Marples <roy@marples.name>
parents: 5258
diff changeset
1056 if (ps_sendcmd(ctx, ctx->ps_root_fd, PS_DEV_INITTED, 0,
7571d82b48da privsep: Allow dev plugins to work
Roy Marples <roy@marples.name>
parents: 5258
diff changeset
1057 ifname, strlen(ifname) + 1)== -1)
7571d82b48da privsep: Allow dev plugins to work
Roy Marples <roy@marples.name>
parents: 5258
diff changeset
1058 return -1;
7571d82b48da privsep: Allow dev plugins to work
Roy Marples <roy@marples.name>
parents: 5258
diff changeset
1059 return (int)ps_root_readerror(ctx, NULL, 0);
7571d82b48da privsep: Allow dev plugins to work
Roy Marples <roy@marples.name>
parents: 5258
diff changeset
1060 }
7571d82b48da privsep: Allow dev plugins to work
Roy Marples <roy@marples.name>
parents: 5258
diff changeset
1061
7571d82b48da privsep: Allow dev plugins to work
Roy Marples <roy@marples.name>
parents: 5258
diff changeset
1062 int
7571d82b48da privsep: Allow dev plugins to work
Roy Marples <roy@marples.name>
parents: 5258
diff changeset
1063 ps_root_dev_listening(struct dhcpcd_ctx * ctx)
7571d82b48da privsep: Allow dev plugins to work
Roy Marples <roy@marples.name>
parents: 5258
diff changeset
1064 {
7571d82b48da privsep: Allow dev plugins to work
Roy Marples <roy@marples.name>
parents: 5258
diff changeset
1065
7571d82b48da privsep: Allow dev plugins to work
Roy Marples <roy@marples.name>
parents: 5258
diff changeset
1066 if (ps_sendcmd(ctx, ctx->ps_root_fd, PS_DEV_LISTENING, 0, NULL, 0)== -1)
7571d82b48da privsep: Allow dev plugins to work
Roy Marples <roy@marples.name>
parents: 5258
diff changeset
1067 return -1;
7571d82b48da privsep: Allow dev plugins to work
Roy Marples <roy@marples.name>
parents: 5258
diff changeset
1068 return (int)ps_root_readerror(ctx, NULL, 0);
7571d82b48da privsep: Allow dev plugins to work
Roy Marples <roy@marples.name>
parents: 5258
diff changeset
1069 }
7571d82b48da privsep: Allow dev plugins to work
Roy Marples <roy@marples.name>
parents: 5258
diff changeset
1070 #endif