Mercurial > hg > dhcpcd
annotate src/privsep.h @ 5526:b1a3d9055662 draft
privsep: Allow logfile reopening in a chroot
Now that only the privileged actioneer does the actual logging
we can safely reopen the file we are logging to.
This also closes and re-opens the syslog connection.
| author | Roy Marples <roy@marples.name> |
|---|---|
| date | Fri, 30 Oct 2020 14:19:16 +0000 |
| parents | 41d06921177b |
| children |
| rev | line source |
|---|---|
|
4840
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
1 /* SPDX-License-Identifier: BSD-2-Clause */ |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
2 /* |
|
5060
4539ffcdd656
spelling: Correct both privilege and separation
Roy Marples <roy@marples.name>
parents:
4991
diff
changeset
|
3 * Privilege Separation for dhcpcd |
| 4922 | 4 * Copyright (c) 2006-2020 Roy Marples <roy@marples.name> |
|
4840
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
5 * All rights reserved |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
6 |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
7 * Redistribution and use in source and binary forms, with or without |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
8 * modification, are permitted provided that the following conditions |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
9 * are met: |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
10 * 1. Redistributions of source code must retain the above copyright |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
11 * notice, this list of conditions and the following disclaimer. |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
12 * 2. Redistributions in binary form must reproduce the above copyright |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
13 * notice, this list of conditions and the following disclaimer in the |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
14 * documentation and/or other materials provided with the distribution. |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
15 * |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
17 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
19 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
20 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
26 * SUCH DAMAGE. |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
27 */ |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
28 |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
29 #ifndef PRIVSEP_H |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
30 #define PRIVSEP_H |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
31 |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
32 //#define PRIVSEP_DEBUG |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
33 |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
34 /* Start flags */ |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
35 #define PSF_DROPPRIVS 0x01 |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
36 |
|
5207
84b63f09c8a4
privsep: Handle all file IO in the Priviledged Actioneer
Roy Marples <roy@marples.name>
parents:
5204
diff
changeset
|
37 /* Protocols */ |
|
84b63f09c8a4
privsep: Handle all file IO in the Priviledged Actioneer
Roy Marples <roy@marples.name>
parents:
5204
diff
changeset
|
38 #define PS_BOOTP 0x0001 |
|
84b63f09c8a4
privsep: Handle all file IO in the Priviledged Actioneer
Roy Marples <roy@marples.name>
parents:
5204
diff
changeset
|
39 #define PS_ND 0x0002 |
|
84b63f09c8a4
privsep: Handle all file IO in the Priviledged Actioneer
Roy Marples <roy@marples.name>
parents:
5204
diff
changeset
|
40 #define PS_DHCP6 0x0003 |
|
84b63f09c8a4
privsep: Handle all file IO in the Priviledged Actioneer
Roy Marples <roy@marples.name>
parents:
5204
diff
changeset
|
41 #define PS_BPF_BOOTP 0x0004 |
|
84b63f09c8a4
privsep: Handle all file IO in the Priviledged Actioneer
Roy Marples <roy@marples.name>
parents:
5204
diff
changeset
|
42 #define PS_BPF_ARP 0x0005 |
|
4840
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
43 |
|
5207
84b63f09c8a4
privsep: Handle all file IO in the Priviledged Actioneer
Roy Marples <roy@marples.name>
parents:
5204
diff
changeset
|
44 /* Generic commands */ |
|
84b63f09c8a4
privsep: Handle all file IO in the Priviledged Actioneer
Roy Marples <roy@marples.name>
parents:
5204
diff
changeset
|
45 #define PS_IOCTL 0x0010 |
|
84b63f09c8a4
privsep: Handle all file IO in the Priviledged Actioneer
Roy Marples <roy@marples.name>
parents:
5204
diff
changeset
|
46 #define PS_ROUTE 0x0011 /* Also used for NETLINK */ |
|
84b63f09c8a4
privsep: Handle all file IO in the Priviledged Actioneer
Roy Marples <roy@marples.name>
parents:
5204
diff
changeset
|
47 #define PS_SCRIPT 0x0012 |
|
84b63f09c8a4
privsep: Handle all file IO in the Priviledged Actioneer
Roy Marples <roy@marples.name>
parents:
5204
diff
changeset
|
48 #define PS_UNLINK 0x0013 |
|
84b63f09c8a4
privsep: Handle all file IO in the Priviledged Actioneer
Roy Marples <roy@marples.name>
parents:
5204
diff
changeset
|
49 #define PS_READFILE 0x0014 |
|
84b63f09c8a4
privsep: Handle all file IO in the Priviledged Actioneer
Roy Marples <roy@marples.name>
parents:
5204
diff
changeset
|
50 #define PS_WRITEFILE 0x0015 |
|
84b63f09c8a4
privsep: Handle all file IO in the Priviledged Actioneer
Roy Marples <roy@marples.name>
parents:
5204
diff
changeset
|
51 #define PS_FILEMTIME 0x0016 |
|
5299
b7e676ac73c1
privsep: Access the RDM monotic file via IPC
Roy Marples <roy@marples.name>
parents:
5260
diff
changeset
|
52 #define PS_AUTH_MONORDM 0x0017 |
|
5328
ea68407e5ac8
privsep: Implement a resource limited sandbox
Roy Marples <roy@marples.name>
parents:
5321
diff
changeset
|
53 #define PS_CTL 0x0018 |
|
ea68407e5ac8
privsep: Implement a resource limited sandbox
Roy Marples <roy@marples.name>
parents:
5321
diff
changeset
|
54 #define PS_CTL_EOF 0x0019 |
|
5526
b1a3d9055662
privsep: Allow logfile reopening in a chroot
Roy Marples <roy@marples.name>
parents:
5493
diff
changeset
|
55 #define PS_LOGREOPEN 0x0020 |
|
4989
ca9234046989
privsep: chroot the master process
Roy Marples <roy@marples.name>
parents:
4958
diff
changeset
|
56 |
|
ca9234046989
privsep: chroot the master process
Roy Marples <roy@marples.name>
parents:
4958
diff
changeset
|
57 /* BSD Commands */ |
|
5207
84b63f09c8a4
privsep: Handle all file IO in the Priviledged Actioneer
Roy Marples <roy@marples.name>
parents:
5204
diff
changeset
|
58 #define PS_IOCTLLINK 0x0101 |
|
84b63f09c8a4
privsep: Handle all file IO in the Priviledged Actioneer
Roy Marples <roy@marples.name>
parents:
5204
diff
changeset
|
59 #define PS_IOCTL6 0x0102 |
|
84b63f09c8a4
privsep: Handle all file IO in the Priviledged Actioneer
Roy Marples <roy@marples.name>
parents:
5204
diff
changeset
|
60 #define PS_IOCTLINDIRECT 0x0103 |
|
84b63f09c8a4
privsep: Handle all file IO in the Priviledged Actioneer
Roy Marples <roy@marples.name>
parents:
5204
diff
changeset
|
61 #define PS_IP6FORWARDING 0x0104 |
|
5223
333f66ce84bd
privsep: Add a generic wrapper for getifaddrs(3)
Roy Marples <roy@marples.name>
parents:
5207
diff
changeset
|
62 #define PS_GETIFADDRS 0x0105 |
|
5310
0a6bde63868b
privsep: Remove pledges inet and dns from the master process
Roy Marples <roy@marples.name>
parents:
5299
diff
changeset
|
63 #define PS_IFIGNOREGRP 0x0106 |
|
4989
ca9234046989
privsep: chroot the master process
Roy Marples <roy@marples.name>
parents:
4958
diff
changeset
|
64 |
|
5260
7571d82b48da
privsep: Allow dev plugins to work
Roy Marples <roy@marples.name>
parents:
5258
diff
changeset
|
65 /* Dev Commands */ |
|
5331
d075e31eb148
privsep: For Linux and Solaris, set RLIMIT_NOFILES to nevents
Roy Marples <roy@marples.name>
parents:
5328
diff
changeset
|
66 #define PS_DEV_LISTENING 0x1001 |
|
d075e31eb148
privsep: For Linux and Solaris, set RLIMIT_NOFILES to nevents
Roy Marples <roy@marples.name>
parents:
5328
diff
changeset
|
67 #define PS_DEV_INITTED 0x1002 |
|
d075e31eb148
privsep: For Linux and Solaris, set RLIMIT_NOFILES to nevents
Roy Marples <roy@marples.name>
parents:
5328
diff
changeset
|
68 #define PS_DEV_IFCMD 0x1003 |
|
5260
7571d82b48da
privsep: Allow dev plugins to work
Roy Marples <roy@marples.name>
parents:
5258
diff
changeset
|
69 |
|
7571d82b48da
privsep: Allow dev plugins to work
Roy Marples <roy@marples.name>
parents:
5258
diff
changeset
|
70 /* Dev Interface Commands (via flags) */ |
|
7571d82b48da
privsep: Allow dev plugins to work
Roy Marples <roy@marples.name>
parents:
5258
diff
changeset
|
71 #define PS_DEV_IFADDED 0x0001 |
|
7571d82b48da
privsep: Allow dev plugins to work
Roy Marples <roy@marples.name>
parents:
5258
diff
changeset
|
72 #define PS_DEV_IFREMOVED 0x0002 |
|
7571d82b48da
privsep: Allow dev plugins to work
Roy Marples <roy@marples.name>
parents:
5258
diff
changeset
|
73 #define PS_DEV_IFUPDATED 0x0003 |
|
7571d82b48da
privsep: Allow dev plugins to work
Roy Marples <roy@marples.name>
parents:
5258
diff
changeset
|
74 |
|
5328
ea68407e5ac8
privsep: Implement a resource limited sandbox
Roy Marples <roy@marples.name>
parents:
5321
diff
changeset
|
75 /* Control Type (via flags) */ |
|
5331
d075e31eb148
privsep: For Linux and Solaris, set RLIMIT_NOFILES to nevents
Roy Marples <roy@marples.name>
parents:
5328
diff
changeset
|
76 #define PS_CTL_PRIV 0x0004 |
|
d075e31eb148
privsep: For Linux and Solaris, set RLIMIT_NOFILES to nevents
Roy Marples <roy@marples.name>
parents:
5328
diff
changeset
|
77 #define PS_CTL_UNPRIV 0x0005 |
|
5328
ea68407e5ac8
privsep: Implement a resource limited sandbox
Roy Marples <roy@marples.name>
parents:
5321
diff
changeset
|
78 |
|
5207
84b63f09c8a4
privsep: Handle all file IO in the Priviledged Actioneer
Roy Marples <roy@marples.name>
parents:
5204
diff
changeset
|
79 /* Process commands */ |
|
84b63f09c8a4
privsep: Handle all file IO in the Priviledged Actioneer
Roy Marples <roy@marples.name>
parents:
5204
diff
changeset
|
80 #define PS_START 0x4000 |
|
84b63f09c8a4
privsep: Handle all file IO in the Priviledged Actioneer
Roy Marples <roy@marples.name>
parents:
5204
diff
changeset
|
81 #define PS_STOP 0x8000 |
|
4840
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
82 |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
83 /* Max INET message size + meta data for IPC */ |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
84 #define PS_BUFLEN ((64 * 1024) + \ |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
85 sizeof(struct ps_msghdr) + \ |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
86 sizeof(struct msghdr) + \ |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
87 CMSG_SPACE(sizeof(struct in6_pktinfo) + \ |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
88 sizeof(int))) |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
89 |
|
4868
119c8986dfc8
privsep: Enable ARP BPF filtering for interesting addresses
Roy Marples <roy@marples.name>
parents:
4848
diff
changeset
|
90 /* Handy macro to work out if in the privsep engine or not. */ |
|
119c8986dfc8
privsep: Enable ARP BPF filtering for interesting addresses
Roy Marples <roy@marples.name>
parents:
4848
diff
changeset
|
91 #define IN_PRIVSEP(ctx) \ |
|
119c8986dfc8
privsep: Enable ARP BPF filtering for interesting addresses
Roy Marples <roy@marples.name>
parents:
4848
diff
changeset
|
92 ((ctx)->options & DHCPCD_PRIVSEP) |
|
119c8986dfc8
privsep: Enable ARP BPF filtering for interesting addresses
Roy Marples <roy@marples.name>
parents:
4848
diff
changeset
|
93 #define IN_PRIVSEP_SE(ctx) \ |
|
119c8986dfc8
privsep: Enable ARP BPF filtering for interesting addresses
Roy Marples <roy@marples.name>
parents:
4848
diff
changeset
|
94 (((ctx)->options & (DHCPCD_PRIVSEP | DHCPCD_FORKED)) == DHCPCD_PRIVSEP) |
|
119c8986dfc8
privsep: Enable ARP BPF filtering for interesting addresses
Roy Marples <roy@marples.name>
parents:
4848
diff
changeset
|
95 |
|
5321
41b99a2a12cf
privsep: Limit rights generically rather than Capsicum specifc
Roy Marples <roy@marples.name>
parents:
5310
diff
changeset
|
96 #if defined(PRIVSEP) && defined(HAVE_CAPSICUM) |
|
41b99a2a12cf
privsep: Limit rights generically rather than Capsicum specifc
Roy Marples <roy@marples.name>
parents:
5310
diff
changeset
|
97 #define PRIVSEP_RIGHTS |
|
41b99a2a12cf
privsep: Limit rights generically rather than Capsicum specifc
Roy Marples <roy@marples.name>
parents:
5310
diff
changeset
|
98 #endif |
|
41b99a2a12cf
privsep: Limit rights generically rather than Capsicum specifc
Roy Marples <roy@marples.name>
parents:
5310
diff
changeset
|
99 |
|
5461
30f55aaa5fd6
privsep: Add the SECCOMP BPF sandbox for Linux
Roy Marples <roy@marples.name>
parents:
5459
diff
changeset
|
100 #ifdef __linux__ |
|
30f55aaa5fd6
privsep: Add the SECCOMP BPF sandbox for Linux
Roy Marples <roy@marples.name>
parents:
5459
diff
changeset
|
101 # include <linux/version.h> |
|
30f55aaa5fd6
privsep: Add the SECCOMP BPF sandbox for Linux
Roy Marples <roy@marples.name>
parents:
5459
diff
changeset
|
102 # if LINUX_VERSION_CODE >= KERNEL_VERSION(3, 5, 0) |
|
30f55aaa5fd6
privsep: Add the SECCOMP BPF sandbox for Linux
Roy Marples <roy@marples.name>
parents:
5459
diff
changeset
|
103 # define HAVE_SECCOMP |
|
30f55aaa5fd6
privsep: Add the SECCOMP BPF sandbox for Linux
Roy Marples <roy@marples.name>
parents:
5459
diff
changeset
|
104 # endif |
|
30f55aaa5fd6
privsep: Add the SECCOMP BPF sandbox for Linux
Roy Marples <roy@marples.name>
parents:
5459
diff
changeset
|
105 #endif |
|
30f55aaa5fd6
privsep: Add the SECCOMP BPF sandbox for Linux
Roy Marples <roy@marples.name>
parents:
5459
diff
changeset
|
106 |
|
4840
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
107 #include "config.h" |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
108 #include "arp.h" |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
109 #include "dhcp.h" |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
110 #include "dhcpcd.h" |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
111 |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
112 struct ps_addr { |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
113 sa_family_t psa_family; |
|
4951
3a8e7a111dd9
privsep: sa_family_t can be a different size
Roy Marples <roy@marples.name>
parents:
4946
diff
changeset
|
114 uint8_t psa_pad[4 - sizeof(sa_family_t)]; |
|
4840
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
115 union { |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
116 struct in_addr psau_in_addr; |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
117 struct in6_addr psau_in6_addr; |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
118 } psa_u; |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
119 #define psa_in_addr psa_u.psau_in_addr |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
120 #define psa_in6_addr psa_u.psau_in6_addr |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
121 }; |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
122 |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
123 /* Uniquely identify a process */ |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
124 struct ps_id { |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
125 struct ps_addr psi_addr; |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
126 unsigned int psi_ifindex; |
|
5207
84b63f09c8a4
privsep: Handle all file IO in the Priviledged Actioneer
Roy Marples <roy@marples.name>
parents:
5204
diff
changeset
|
127 uint16_t psi_cmd; |
|
84b63f09c8a4
privsep: Handle all file IO in the Priviledged Actioneer
Roy Marples <roy@marples.name>
parents:
5204
diff
changeset
|
128 uint8_t psi_pad[2]; |
|
4946
c80386966f1f
privsep: Pad structs out so there are no uninited memory issues
Roy Marples <roy@marples.name>
parents:
4922
diff
changeset
|
129 }; |
|
c80386966f1f
privsep: Pad structs out so there are no uninited memory issues
Roy Marples <roy@marples.name>
parents:
4922
diff
changeset
|
130 |
|
c80386966f1f
privsep: Pad structs out so there are no uninited memory issues
Roy Marples <roy@marples.name>
parents:
4922
diff
changeset
|
131 struct ps_msghdr { |
|
5207
84b63f09c8a4
privsep: Handle all file IO in the Priviledged Actioneer
Roy Marples <roy@marples.name>
parents:
5204
diff
changeset
|
132 uint16_t ps_cmd; |
|
84b63f09c8a4
privsep: Handle all file IO in the Priviledged Actioneer
Roy Marples <roy@marples.name>
parents:
5204
diff
changeset
|
133 uint8_t ps_pad[sizeof(unsigned long) - sizeof(uint16_t)]; |
|
4946
c80386966f1f
privsep: Pad structs out so there are no uninited memory issues
Roy Marples <roy@marples.name>
parents:
4922
diff
changeset
|
134 unsigned long ps_flags; |
|
c80386966f1f
privsep: Pad structs out so there are no uninited memory issues
Roy Marples <roy@marples.name>
parents:
4922
diff
changeset
|
135 struct ps_id ps_id; |
|
c80386966f1f
privsep: Pad structs out so there are no uninited memory issues
Roy Marples <roy@marples.name>
parents:
4922
diff
changeset
|
136 socklen_t ps_namelen; |
|
c80386966f1f
privsep: Pad structs out so there are no uninited memory issues
Roy Marples <roy@marples.name>
parents:
4922
diff
changeset
|
137 socklen_t ps_controllen; |
|
c80386966f1f
privsep: Pad structs out so there are no uninited memory issues
Roy Marples <roy@marples.name>
parents:
4922
diff
changeset
|
138 uint8_t ps_pad2[sizeof(size_t) - sizeof(socklen_t)]; |
|
c80386966f1f
privsep: Pad structs out so there are no uninited memory issues
Roy Marples <roy@marples.name>
parents:
4922
diff
changeset
|
139 size_t ps_datalen; |
|
c80386966f1f
privsep: Pad structs out so there are no uninited memory issues
Roy Marples <roy@marples.name>
parents:
4922
diff
changeset
|
140 }; |
|
c80386966f1f
privsep: Pad structs out so there are no uninited memory issues
Roy Marples <roy@marples.name>
parents:
4922
diff
changeset
|
141 |
|
c80386966f1f
privsep: Pad structs out so there are no uninited memory issues
Roy Marples <roy@marples.name>
parents:
4922
diff
changeset
|
142 struct ps_msg { |
|
c80386966f1f
privsep: Pad structs out so there are no uninited memory issues
Roy Marples <roy@marples.name>
parents:
4922
diff
changeset
|
143 struct ps_msghdr psm_hdr; |
|
c80386966f1f
privsep: Pad structs out so there are no uninited memory issues
Roy Marples <roy@marples.name>
parents:
4922
diff
changeset
|
144 uint8_t psm_data[PS_BUFLEN]; |
|
4840
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
145 }; |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
146 |
|
5231
a2c342295221
privsep: Enable Capsicum for all processes.
Roy Marples <roy@marples.name>
parents:
5228
diff
changeset
|
147 struct bpf; |
|
4840
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
148 struct ps_process { |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
149 TAILQ_ENTRY(ps_process) next; |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
150 struct dhcpcd_ctx *psp_ctx; |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
151 struct ps_id psp_id; |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
152 pid_t psp_pid; |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
153 int psp_fd; |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
154 int psp_work_fd; |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
155 unsigned int psp_ifindex; |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
156 char psp_ifname[IF_NAMESIZE]; |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
157 uint16_t psp_proto; |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
158 const char *psp_protostr; |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
159 |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
160 #ifdef INET |
|
5231
a2c342295221
privsep: Enable Capsicum for all processes.
Roy Marples <roy@marples.name>
parents:
5228
diff
changeset
|
161 int (*psp_filter)(const struct bpf *, const struct in_addr *); |
|
4840
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
162 struct interface psp_ifp; /* Move BPF gubbins elsewhere */ |
|
5231
a2c342295221
privsep: Enable Capsicum for all processes.
Roy Marples <roy@marples.name>
parents:
5228
diff
changeset
|
163 struct bpf *psp_bpf; |
|
4840
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
164 #endif |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
165 }; |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
166 TAILQ_HEAD(ps_process_head, ps_process); |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
167 |
|
5332
b22045bba8b9
privsep: control proxy is no longer optional
Roy Marples <roy@marples.name>
parents:
5331
diff
changeset
|
168 #include "privsep-control.h" |
|
4840
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
169 #include "privsep-inet.h" |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
170 #include "privsep-root.h" |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
171 #ifdef INET |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
172 #include "privsep-bpf.h" |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
173 #endif |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
174 |
|
4953
109206a59cc6
privsep: Delay control startup after starting privsep
Roy Marples <roy@marples.name>
parents:
4951
diff
changeset
|
175 int ps_init(struct dhcpcd_ctx *); |
|
4840
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
176 int ps_start(struct dhcpcd_ctx *); |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
177 int ps_stop(struct dhcpcd_ctx *); |
|
5462
6e80b8c6f70c
privsep: Log if the platform sandbox is unavailable or available
Roy Marples <roy@marples.name>
parents:
5461
diff
changeset
|
178 int ps_entersandbox(const char *, const char **); |
|
5466
8bf1ce29152c
privsep: sandbox the launcher process
Roy Marples <roy@marples.name>
parents:
5462
diff
changeset
|
179 int ps_mastersandbox(struct dhcpcd_ctx *, const char *); |
|
4840
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
180 |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
181 int ps_unrollmsg(struct msghdr *, struct ps_msghdr *, const void *, size_t); |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
182 ssize_t ps_sendpsmmsg(struct dhcpcd_ctx *, int, |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
183 struct ps_msghdr *, const struct msghdr *); |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
184 ssize_t ps_sendpsmdata(struct dhcpcd_ctx *, int, |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
185 struct ps_msghdr *, const void *, size_t); |
|
5207
84b63f09c8a4
privsep: Handle all file IO in the Priviledged Actioneer
Roy Marples <roy@marples.name>
parents:
5204
diff
changeset
|
186 ssize_t ps_sendmsg(struct dhcpcd_ctx *, int, uint16_t, unsigned long, |
|
4840
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
187 const struct msghdr *); |
|
5207
84b63f09c8a4
privsep: Handle all file IO in the Priviledged Actioneer
Roy Marples <roy@marples.name>
parents:
5204
diff
changeset
|
188 ssize_t ps_sendcmd(struct dhcpcd_ctx *, int, uint16_t, unsigned long, |
|
4840
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
189 const void *data, size_t len); |
|
5207
84b63f09c8a4
privsep: Handle all file IO in the Priviledged Actioneer
Roy Marples <roy@marples.name>
parents:
5204
diff
changeset
|
190 ssize_t ps_recvmsg(struct dhcpcd_ctx *, int, uint16_t, int); |
|
4840
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
191 ssize_t ps_recvpsmsg(struct dhcpcd_ctx *, int, |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
192 ssize_t (*callback)(void *, struct ps_msghdr *, struct msghdr *), void *); |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
193 |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
194 /* Internal privsep functions. */ |
|
5321
41b99a2a12cf
privsep: Limit rights generically rather than Capsicum specifc
Roy Marples <roy@marples.name>
parents:
5310
diff
changeset
|
195 int ps_setbuf_fdpair(int []); |
|
5459
4ac77faa4990
privsep: Fold capsicum and pledge entry points into ps_entersandbox
Roy Marples <roy@marples.name>
parents:
5444
diff
changeset
|
196 |
|
5321
41b99a2a12cf
privsep: Limit rights generically rather than Capsicum specifc
Roy Marples <roy@marples.name>
parents:
5310
diff
changeset
|
197 #ifdef PRIVSEP_RIGHTS |
|
41b99a2a12cf
privsep: Limit rights generically rather than Capsicum specifc
Roy Marples <roy@marples.name>
parents:
5310
diff
changeset
|
198 int ps_rights_limit_ioctl(int); |
|
41b99a2a12cf
privsep: Limit rights generically rather than Capsicum specifc
Roy Marples <roy@marples.name>
parents:
5310
diff
changeset
|
199 int ps_rights_limit_fd_fctnl(int); |
|
41b99a2a12cf
privsep: Limit rights generically rather than Capsicum specifc
Roy Marples <roy@marples.name>
parents:
5310
diff
changeset
|
200 int ps_rights_limit_fd_rdonly(int); |
|
5493
41d06921177b
privsep: We need getsockopt as well as setsockopt on the link socket
Roy Marples <roy@marples.name>
parents:
5492
diff
changeset
|
201 int ps_rights_limit_fd_sockopt(int); |
|
5321
41b99a2a12cf
privsep: Limit rights generically rather than Capsicum specifc
Roy Marples <roy@marples.name>
parents:
5310
diff
changeset
|
202 int ps_rights_limit_fd(int); |
|
41b99a2a12cf
privsep: Limit rights generically rather than Capsicum specifc
Roy Marples <roy@marples.name>
parents:
5310
diff
changeset
|
203 int ps_rights_limit_fdpair(int []); |
|
41b99a2a12cf
privsep: Limit rights generically rather than Capsicum specifc
Roy Marples <roy@marples.name>
parents:
5310
diff
changeset
|
204 #endif |
|
5459
4ac77faa4990
privsep: Fold capsicum and pledge entry points into ps_entersandbox
Roy Marples <roy@marples.name>
parents:
5444
diff
changeset
|
205 |
|
5461
30f55aaa5fd6
privsep: Add the SECCOMP BPF sandbox for Linux
Roy Marples <roy@marples.name>
parents:
5459
diff
changeset
|
206 #ifdef HAVE_SECCOMP |
|
30f55aaa5fd6
privsep: Add the SECCOMP BPF sandbox for Linux
Roy Marples <roy@marples.name>
parents:
5459
diff
changeset
|
207 int ps_seccomp_enter(void); |
|
30f55aaa5fd6
privsep: Add the SECCOMP BPF sandbox for Linux
Roy Marples <roy@marples.name>
parents:
5459
diff
changeset
|
208 #endif |
|
30f55aaa5fd6
privsep: Add the SECCOMP BPF sandbox for Linux
Roy Marples <roy@marples.name>
parents:
5459
diff
changeset
|
209 |
|
4840
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
210 pid_t ps_dostart(struct dhcpcd_ctx * ctx, |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
211 pid_t *priv_pid, int *priv_fd, |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
212 void (*recv_msg)(void *), void (*recv_unpriv_msg), |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
213 void *recv_ctx, int (*callback)(void *), void (*)(int, void *), |
|
4989
ca9234046989
privsep: chroot the master process
Roy Marples <roy@marples.name>
parents:
4958
diff
changeset
|
214 unsigned int); |
|
4840
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
215 int ps_dostop(struct dhcpcd_ctx *ctx, pid_t *pid, int *fd); |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
216 |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
217 struct ps_process *ps_findprocess(struct dhcpcd_ctx *, struct ps_id *); |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
218 struct ps_process *ps_newprocess(struct dhcpcd_ctx *, struct ps_id *); |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
219 void ps_freeprocess(struct ps_process *); |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
220 void ps_freeprocesses(struct dhcpcd_ctx *, struct ps_process *); |
|
073fcd86db9b
privsep: Add support for priviledge separation
Roy Marples <roy@marples.name>
parents:
diff
changeset
|
221 #endif |