Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/ROY]: src/external/bsd/dhcpcd/dist/src Update to dhcpcd-9.1.1 with the f...
details: https://anonhg.NetBSD.org/src/rev/c6d38ce3d69f
branches: ROY
changeset: 934030:c6d38ce3d69f
user: roy <roy%NetBSD.org@localhost>
date: Thu Jun 04 13:07:12 2020 +0000
description:
Update to dhcpcd-9.1.1 with the following changes:
* Restore dumping leases from stdin
* auth: Only accept RECONFIGURE messages from LL addresses
* auth: Access the RDM monotonic counter file via privsep
* ARP: call arp_announced() when cancelling it
* BSD: fwip(4) interfaces are now ignored by default
* privsep: Ensure IPC buffers are large enough to carry messages
* privsep: Only open RAW sockets for the needed protocols
* privsep: Fix indirect ioctls returning data
* privsep: wait for processes on SIGCHLD rather than when sent a STOP cmd
* eloop: just use ppoll/pollts(2), falling back to pselect(2)
diffstat:
external/bsd/dhcpcd/dist/src/arp.c | 4 +-
external/bsd/dhcpcd/dist/src/auth.c | 74 ++-
external/bsd/dhcpcd/dist/src/auth.h | 6 +-
external/bsd/dhcpcd/dist/src/defs.h | 2 +-
external/bsd/dhcpcd/dist/src/dhcp.c | 37 +-
external/bsd/dhcpcd/dist/src/dhcp.h | 1 +
external/bsd/dhcpcd/dist/src/dhcp6.c | 64 ++-
external/bsd/dhcpcd/dist/src/dhcp6.h | 3 +-
external/bsd/dhcpcd/dist/src/dhcpcd.8.in | 11 +-
external/bsd/dhcpcd/dist/src/dhcpcd.c | 92 ++-
external/bsd/dhcpcd/dist/src/eloop.c | 549 ++++-----------------------
external/bsd/dhcpcd/dist/src/eloop.h | 4 +-
external/bsd/dhcpcd/dist/src/if-bsd.c | 4 +-
external/bsd/dhcpcd/dist/src/privsep-bpf.c | 2 +-
external/bsd/dhcpcd/dist/src/privsep-bsd.c | 54 +-
external/bsd/dhcpcd/dist/src/privsep-inet.c | 4 +-
external/bsd/dhcpcd/dist/src/privsep-root.c | 110 ++++-
external/bsd/dhcpcd/dist/src/privsep-root.h | 3 +-
external/bsd/dhcpcd/dist/src/privsep.c | 123 +++---
external/bsd/dhcpcd/dist/src/privsep.h | 1 +
external/bsd/dhcpcd/dist/src/script.c | 71 ++-
external/bsd/dhcpcd/dist/src/script.h | 1 +
22 files changed, 536 insertions(+), 684 deletions(-)
diffs (truncated from 2242 to 300 lines):
diff -r 3f9b34cf049d -r c6d38ce3d69f external/bsd/dhcpcd/dist/src/arp.c
--- a/external/bsd/dhcpcd/dist/src/arp.c Sun May 31 12:50:46 2020 +0000
+++ b/external/bsd/dhcpcd/dist/src/arp.c Thu Jun 04 13:07:12 2020 +0000
@@ -466,11 +466,13 @@
a2);
if (r == -1)
logerr(__func__);
- else if (r != 0)
+ else if (r != 0) {
logdebugx("%s: ARP announcement "
"of %s cancelled",
a2->iface->name,
inet_ntoa(a2->addr));
+ arp_announced(a2);
+ }
}
}
diff -r 3f9b34cf049d -r c6d38ce3d69f external/bsd/dhcpcd/dist/src/auth.c
--- a/external/bsd/dhcpcd/dist/src/auth.c Sun May 31 12:50:46 2020 +0000
+++ b/external/bsd/dhcpcd/dist/src/auth.c Thu Jun 04 13:07:12 2020 +0000
@@ -27,6 +27,8 @@
*/
#include <sys/file.h>
+#include <sys/stat.h>
+
#include <errno.h>
#include <fcntl.h>
#include <inttypes.h>
@@ -42,6 +44,7 @@
#include "dhcp.h"
#include "dhcp6.h"
#include "dhcpcd.h"
+#include "privsep-root.h"
#ifdef HAVE_HMAC_H
#include <hmac.h>
@@ -408,11 +411,11 @@
return t;
}
-static uint64_t
-get_next_rdm_monotonic_counter(struct auth *auth)
+int
+auth_get_rdm_monotonic(uint64_t *rdm)
{
FILE *fp;
- uint64_t rdm;
+ int err;
#ifdef LOCK_EX
int flocked;
#endif
@@ -420,41 +423,43 @@
fp = fopen(RDM_MONOFILE, "r+");
if (fp == NULL) {
if (errno != ENOENT)
- return ++auth->last_replay; /* report error? */
+ return -1;
fp = fopen(RDM_MONOFILE, "w");
if (fp == NULL)
- return ++auth->last_replay; /* report error? */
+ return -1;
+ if (chmod(RDM_MONOFILE, 0400) == -1) {
+ fclose(fp);
+ unlink(RDM_MONOFILE);
+ return -1;
+ }
#ifdef LOCK_EX
flocked = flock(fileno(fp), LOCK_EX);
#endif
- rdm = 0;
+ *rdm = 0;
} else {
#ifdef LOCK_EX
flocked = flock(fileno(fp), LOCK_EX);
#endif
- if (fscanf(fp, "0x%016" PRIu64, &rdm) != 1)
- rdm = 0; /* truncated? report error? */
+ if (fscanf(fp, "0x%016" PRIu64, rdm) != 1) {
+ fclose(fp);
+ return -1;
+ }
}
- rdm++;
+ (*rdm)++;
if (fseek(fp, 0, SEEK_SET) == -1 ||
ftruncate(fileno(fp), 0) == -1 ||
- fprintf(fp, "0x%016" PRIu64 "\n", rdm) != 19 ||
+ fprintf(fp, "0x%016" PRIu64 "\n", *rdm) != 19 ||
fflush(fp) == EOF)
- {
- if (!auth->last_replay_set) {
- auth->last_replay = rdm;
- auth->last_replay_set = 1;
- } else
- rdm = ++auth->last_replay;
- /* report error? */
- }
+ err = -1;
+ else
+ err = 0;
#ifdef LOCK_EX
if (flocked == 0)
flock(fileno(fp), LOCK_UN);
#endif
fclose(fp);
- return rdm;
+ return err;
}
#define NTP_EPOCH 2208988800U /* 1970 - 1900 in seconds */
@@ -476,11 +481,29 @@
}
static uint64_t
-get_next_rdm_monotonic(struct auth *auth)
+get_next_rdm_monotonic(struct dhcpcd_ctx *ctx, struct auth *auth)
{
+#ifndef PRIVSEP
+ UNUSED(ctx);
+#endif
+
+ if (auth->options & DHCPCD_AUTH_RDM_COUNTER) {
+ uint64_t rdm;
+ int err;
- if (auth->options & DHCPCD_AUTH_RDM_COUNTER)
- return get_next_rdm_monotonic_counter(auth);
+#ifdef PRIVSEP
+ if (IN_PRIVSEP(ctx)) {
+
+ err = ps_root_getauthrdm(ctx, &rdm);
+ } else
+#endif
+ err = auth_get_rdm_monotonic(&rdm);
+ if (err == -1)
+ return ++auth->last_replay;
+
+ auth->last_replay = rdm;
+ return rdm;
+ }
return get_next_rdm_monotonic_clock(auth);
}
@@ -495,7 +518,8 @@
* data and dlen refer to the authentication option within the message.
*/
ssize_t
-dhcp_auth_encode(struct auth *auth, const struct token *t,
+dhcp_auth_encode(struct dhcpcd_ctx *ctx, struct auth *auth,
+ const struct token *t,
void *vm, size_t mlen, int mp, int mt,
void *vdata, size_t dlen)
{
@@ -611,11 +635,11 @@
*data++ = auth->rdm;
switch (auth->rdm) {
case AUTH_RDM_MONOTONIC:
- rdm = get_next_rdm_monotonic(auth);
+ rdm = get_next_rdm_monotonic(ctx, auth);
break;
default:
/* This block appeases gcc, clang doesn't need it */
- rdm = get_next_rdm_monotonic(auth);
+ rdm = get_next_rdm_monotonic(ctx, auth);
break;
}
rdm = htonll(rdm);
diff -r 3f9b34cf049d -r c6d38ce3d69f external/bsd/dhcpcd/dist/src/auth.h
--- a/external/bsd/dhcpcd/dist/src/auth.h Sun May 31 12:50:46 2020 +0000
+++ b/external/bsd/dhcpcd/dist/src/auth.h Thu Jun 04 13:07:12 2020 +0000
@@ -90,7 +90,11 @@
const void *, size_t, int, int,
const void *, size_t);
-ssize_t dhcp_auth_encode(struct auth *, const struct token *,
+struct dhcpcd_ctx;
+ssize_t dhcp_auth_encode(struct dhcpcd_ctx *, struct auth *,
+ const struct token *,
void *, size_t, int, int,
void *, size_t);
+
+int auth_get_rdm_monotonic(uint64_t *rdm);
#endif
diff -r 3f9b34cf049d -r c6d38ce3d69f external/bsd/dhcpcd/dist/src/defs.h
--- a/external/bsd/dhcpcd/dist/src/defs.h Sun May 31 12:50:46 2020 +0000
+++ b/external/bsd/dhcpcd/dist/src/defs.h Thu Jun 04 13:07:12 2020 +0000
@@ -29,7 +29,7 @@
#define CONFIG_H
#define PACKAGE "dhcpcd"
-#define VERSION "9.1.0"
+#define VERSION "9.1.1"
#ifndef PRIVSEP_USER
# define PRIVSEP_USER "_" PACKAGE
diff -r 3f9b34cf049d -r c6d38ce3d69f external/bsd/dhcpcd/dist/src/dhcp.c
--- a/external/bsd/dhcpcd/dist/src/dhcp.c Sun May 31 12:50:46 2020 +0000
+++ b/external/bsd/dhcpcd/dist/src/dhcp.c Thu Jun 04 13:07:12 2020 +0000
@@ -1034,7 +1034,7 @@
auth = NULL; /* appease GCC */
auth_len = 0;
if (ifo->auth.options & DHCPCD_AUTH_SEND) {
- ssize_t alen = dhcp_auth_encode(&ifo->auth,
+ ssize_t alen = dhcp_auth_encode(ifp->ctx, &ifo->auth,
state->auth.token,
NULL, 0, 4, type, NULL, 0);
if (alen != -1 && alen > UINT8_MAX) {
@@ -1129,7 +1129,7 @@
#ifdef AUTH
if (ifo->auth.options & DHCPCD_AUTH_SEND && auth_len != 0)
- dhcp_auth_encode(&ifo->auth, state->auth.token,
+ dhcp_auth_encode(ifp->ctx, &ifo->auth, state->auth.token,
(uint8_t *)bootp, len, 4, type, auth, auth_len);
#endif
@@ -2747,6 +2747,18 @@
#endif
}
}
+#ifdef AUTH
+ else if (state->auth.reconf != NULL) {
+ /*
+ * Drop the lease as the token may only be present
+ * in the initial reply message and not subsequent
+ * renewals.
+ * If dhcpcd is restarted, the token is lost.
+ * XXX persist this in another file?
+ */
+ dhcp_unlink(ifp->ctx, state->leasefile);
+ }
+#endif
eloop_timeout_delete(ifp->ctx->eloop, NULL, ifp);
#ifdef AUTH
@@ -4176,3 +4188,24 @@
return ia;
}
+
+#ifndef SMALL
+int
+dhcp_dump(struct interface *ifp)
+{
+ struct dhcp_state *state;
+
+ ifp->if_data[IF_DATA_DHCP] = state = calloc(1, sizeof(*state));
+ if (state == NULL) {
+ logerr(__func__);
+ return -1;
+ }
+ state->new_len = read_lease(ifp, &state->new);
+ if (state->new == NULL) {
+ logerr("read_lease");
+ return -1;
+ }
+ state->reason = "DUMP";
+ return script_runreason(ifp, state->reason);
+}
+#endif
diff -r 3f9b34cf049d -r c6d38ce3d69f external/bsd/dhcpcd/dist/src/dhcp.h
--- a/external/bsd/dhcpcd/dist/src/dhcp.h Sun May 31 12:50:46 2020 +0000
+++ b/external/bsd/dhcpcd/dist/src/dhcp.h Thu Jun 04 13:07:12 2020 +0000
@@ -276,6 +276,7 @@
void dhcp_reboot_newopts(struct interface *, unsigned long long);
void dhcp_close(struct interface *);
void dhcp_free(struct interface *);
+int dhcp_dump(struct interface *);
#endif /* INET */
#endif /* DHCP_H */
diff -r 3f9b34cf049d -r c6d38ce3d69f external/bsd/dhcpcd/dist/src/dhcp6.c
--- a/external/bsd/dhcpcd/dist/src/dhcp6.c Sun May 31 12:50:46 2020 +0000
+++ b/external/bsd/dhcpcd/dist/src/dhcp6.c Thu Jun 04 13:07:12 2020 +0000
@@ -881,7 +881,7 @@
#ifdef AUTH
auth_len = 0;
if (ifo->auth.options & DHCPCD_AUTH_SEND) {
- ssize_t alen = dhcp_auth_encode(&ifo->auth,
+ ssize_t alen = dhcp_auth_encode(ifp->ctx, &ifo->auth,
state->auth.token, NULL, 0, 6, type, NULL, 0);
if (alen != -1 && alen > UINT16_MAX) {
errno = ERANGE;
@@ -1196,9 +1196,9 @@
return -1;
state = D6_STATE(ifp);
- return dhcp_auth_encode(&ifp->options->auth, state->auth.token,
- (uint8_t *)state->send, state->send_len,
- 6, state->send->type, opt, opt_len);
+ return dhcp_auth_encode(ifp->ctx, &ifp->options->auth,
+ state->auth.token, (uint8_t *)state->send, state->send_len, 6,
+ state->send->type, opt, opt_len);
}
#endif
@@ -1483,7 +1483,7 @@
Home |
Main Index |
Thread Index |
Old Index