Mercurial > hg > dhcpcd
annotate src/privsep-root.h @ 5526:b1a3d9055662 draft
privsep: Allow logfile reopening in a chroot
Now that only the privileged actioneer does the actual logging
we can safely reopen the file we are logging to.
This also closes and re-opens the syslog connection.
| author | Roy Marples <roy@marples.name> |
|---|---|
| date | Fri, 30 Oct 2020 14:19:16 +0000 |
| parents | 7fb0274b9127 |
| children |
| rev | line source |
|---|---|
|
4840
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
1 /* SPDX-License-Identifier: BSD-2-Clause */ |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
2 /* |
|
5060
4539ffcdd656
spelling: Correct both privilege and separation
Roy Marples <roy@marples.name>
parents:
4997
diff
changeset
|
3 * Privilege Separation for dhcpcd |
| 4922 | 4 * Copyright (c) 2006-2020 Roy Marples <roy@marples.name> |
|
4840
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
5 * All rights reserved |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
6 |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
7 * Redistribution and use in source and binary forms, with or without |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
8 * modification, are permitted provided that the following conditions |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
9 * are met: |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
10 * 1. Redistributions of source code must retain the above copyright |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
11 * notice, this list of conditions and the following disclaimer. |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
12 * 2. Redistributions in binary form must reproduce the above copyright |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
13 * notice, this list of conditions and the following disclaimer in the |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
14 * documentation and/or other materials provided with the distribution. |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
15 * |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
17 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
19 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
20 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
26 * SUCH DAMAGE. |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
27 */ |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
28 |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
29 #ifndef PRIVSEP_ROOT_H |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
30 #define PRIVSEP_ROOT_H |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
31 |
|
4948
b664b38faf10
ioctl: The POSIX signature differs from BSD and glibc
Roy Marples <roy@marples.name>
parents:
4922
diff
changeset
|
32 #include "if.h" |
|
b664b38faf10
ioctl: The POSIX signature differs from BSD and glibc
Roy Marples <roy@marples.name>
parents:
4922
diff
changeset
|
33 |
|
5316
0a99cd624a1c
Linux: make resource limits work by using getifaddrs over privsep
Roy Marples <roy@marples.name>
parents:
5310
diff
changeset
|
34 #if defined(PRIVSEP) && (defined(HAVE_CAPSICUM) || defined(__linux__)) |
|
0a99cd624a1c
Linux: make resource limits work by using getifaddrs over privsep
Roy Marples <roy@marples.name>
parents:
5310
diff
changeset
|
35 #define PRIVSEP_GETIFADDRS |
|
0a99cd624a1c
Linux: make resource limits work by using getifaddrs over privsep
Roy Marples <roy@marples.name>
parents:
5310
diff
changeset
|
36 #endif |
|
0a99cd624a1c
Linux: make resource limits work by using getifaddrs over privsep
Roy Marples <roy@marples.name>
parents:
5310
diff
changeset
|
37 |
|
4840
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
38 pid_t ps_root_start(struct dhcpcd_ctx *ctx); |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
39 int ps_root_stop(struct dhcpcd_ctx *ctx); |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
40 |
|
5202
318cd9e48312
privsep: Copy back ioctl data
Roy Marples <roy@marples.name>
parents:
5060
diff
changeset
|
41 ssize_t ps_root_readerror(struct dhcpcd_ctx *, void *, size_t); |
|
5223
333f66ce84bd
privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents:
5208
diff
changeset
|
42 ssize_t ps_root_mreaderror(struct dhcpcd_ctx *, void **, size_t *); |
|
4948
b664b38faf10
ioctl: The POSIX signature differs from BSD and glibc
Roy Marples <roy@marples.name>
parents:
4922
diff
changeset
|
43 ssize_t ps_root_ioctl(struct dhcpcd_ctx *, ioctl_request_t, void *, size_t); |
|
5258
f29e384aa13e
privsep: Allow Linux to work without needing any mounts
Roy Marples <roy@marples.name>
parents:
5255
diff
changeset
|
44 ssize_t ps_root_ip6forwarding(struct dhcpcd_ctx *, const char *); |
|
4989
ca9234046989
privsep: chroot the master process
Roy Marples <roy@marples.name>
parents:
4958
diff
changeset
|
45 ssize_t ps_root_unlink(struct dhcpcd_ctx *, const char *); |
|
5208
6e53055c9989
Fix compile warnings with prior.
Roy Marples <roy@marples.name>
parents:
5207
diff
changeset
|
46 ssize_t ps_root_filemtime(struct dhcpcd_ctx *, const char *, time_t *); |
|
5207
84b63f09c8a4
privsep: Handle all file IO in the Priviledged Actioneer
Roy Marples <roy@marples.name>
parents:
5204
diff
changeset
|
47 ssize_t ps_root_readfile(struct dhcpcd_ctx *, const char *, void *, size_t); |
|
84b63f09c8a4
privsep: Handle all file IO in the Priviledged Actioneer
Roy Marples <roy@marples.name>
parents:
5204
diff
changeset
|
48 ssize_t ps_root_writefile(struct dhcpcd_ctx *, const char *, mode_t, |
|
84b63f09c8a4
privsep: Handle all file IO in the Priviledged Actioneer
Roy Marples <roy@marples.name>
parents:
5204
diff
changeset
|
49 const void *, size_t); |
|
5526
b1a3d9055662
privsep: Allow logfile reopening in a chroot
Roy Marples <roy@marples.name>
parents:
5457
diff
changeset
|
50 ssize_t ps_root_logreopen(struct dhcpcd_ctx *); |
|
5255
ee23398a68db
dhcpcd: Move the script file from per interface to global context
Roy Marples <roy@marples.name>
parents:
5223
diff
changeset
|
51 ssize_t ps_root_script(struct dhcpcd_ctx *, const void *, size_t); |
|
5299
b7e676ac73c1
privsep: Access the RDM monotic file via IPC
Roy Marples <roy@marples.name>
parents:
5260
diff
changeset
|
52 int ps_root_getauthrdm(struct dhcpcd_ctx *, uint64_t *); |
|
5316
0a99cd624a1c
Linux: make resource limits work by using getifaddrs over privsep
Roy Marples <roy@marples.name>
parents:
5310
diff
changeset
|
53 #ifdef PRIVSEP_GETIFADDRS |
|
5223
333f66ce84bd
privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents:
5208
diff
changeset
|
54 int ps_root_getifaddrs(struct dhcpcd_ctx *, struct ifaddrs **); |
|
5316
0a99cd624a1c
Linux: make resource limits work by using getifaddrs over privsep
Roy Marples <roy@marples.name>
parents:
5310
diff
changeset
|
55 #endif |
|
5223
333f66ce84bd
privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents:
5208
diff
changeset
|
56 |
|
5302
ef799c0ff5cb
privsep: Fix returning indirect ioctl data
Roy Marples <roy@marples.name>
parents:
5299
diff
changeset
|
57 ssize_t ps_root_os(struct ps_msghdr *, struct msghdr *, void **, size_t *); |
|
4842
efc22a0dde81
Solaris: start privsep support
Roy Marples <roy@marples.name>
parents:
4840
diff
changeset
|
58 #if defined(BSD) || defined(__sun) |
|
4840
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
59 ssize_t ps_root_route(struct dhcpcd_ctx *, void *, size_t); |
|
4958
a120f447fe74
Implement Anonymity Profiles for DHCP Clients, RFC 7844
Roy Marples <roy@marples.name>
parents:
4948
diff
changeset
|
60 ssize_t ps_root_ioctllink(struct dhcpcd_ctx *, unsigned long, void *, size_t); |
|
4840
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
61 ssize_t ps_root_ioctl6(struct dhcpcd_ctx *, unsigned long, void *, size_t); |
|
5203
9d2d76abda6a
privsep: Add function for indirect ioctl
Roy Marples <roy@marples.name>
parents:
5202
diff
changeset
|
62 ssize_t ps_root_indirectioctl(struct dhcpcd_ctx *, unsigned long, const char *, |
|
9d2d76abda6a
privsep: Add function for indirect ioctl
Roy Marples <roy@marples.name>
parents:
5202
diff
changeset
|
63 void *, size_t); |
|
5310
0a6bde63868b
privsep: Remove pledges inet and dns from the master process
Roy Marples <roy@marples.name>
parents:
5302
diff
changeset
|
64 ssize_t ps_root_ifignoregroup(struct dhcpcd_ctx *, const char *); |
|
4840
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
65 #endif |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
66 #ifdef __linux__ |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
67 ssize_t ps_root_sendnetlink(struct dhcpcd_ctx *, int, struct msghdr *); |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
68 #endif |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
69 |
|
5260
7571d82b48da
privsep: Allow dev plugins to work
Roy Marples <roy@marples.name>
parents:
5258
diff
changeset
|
70 #ifdef PLUGIN_DEV |
|
5457
7fb0274b9127
Linux: detect network namespace and deny udev in one
Roy Marples <roy@marples.name>
parents:
5331
diff
changeset
|
71 int ps_root_dev_initialised(struct dhcpcd_ctx *, const char *); |
|
5260
7571d82b48da
privsep: Allow dev plugins to work
Roy Marples <roy@marples.name>
parents:
5258
diff
changeset
|
72 int ps_root_dev_listening(struct dhcpcd_ctx *); |
|
4840
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
73 #endif |
|
5260
7571d82b48da
privsep: Allow dev plugins to work
Roy Marples <roy@marples.name>
parents:
5258
diff
changeset
|
74 |
|
7571d82b48da
privsep: Allow dev plugins to work
Roy Marples <roy@marples.name>
parents:
5258
diff
changeset
|
75 #endif |