Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/roy]: src/external/bsd/dhcpcd/dist/src Update to dhcpcd-9.1.1 with the f...



details:   https://anonhg.NetBSD.org/src/rev/0d5faa33b672
branches:  roy
changeset: 934036:0d5faa33b672
user:      roy <roy%NetBSD.org@localhost>
date:      Thu Jun 04 13:07:12 2020 +0000

description:
Update to dhcpcd-9.1.1 with the following changes:

 * Restore dumping leases from stdin
 * auth: Only accept RECONFIGURE messages from LL addresses
 * auth: Access the RDM monotonic counter file via privsep
 * ARP: call arp_announced() when cancelling it
 * BSD: fwip(4) interfaces are now ignored by default
 * privsep: Ensure IPC buffers are large enough to carry messages
 * privsep: Only open RAW sockets for the needed protocols
 * privsep: Fix indirect ioctls returning data
 * privsep: wait for processes on SIGCHLD rather than when sent a STOP cmd
 * eloop: just use ppoll/pollts(2), falling back to pselect(2)

diffstat:

 external/bsd/dhcpcd/dist/src/arp.c       |    4 +-
 external/bsd/dhcpcd/dist/src/auth.c      |   74 ++-
 external/bsd/dhcpcd/dist/src/auth.h      |    6 +-
 external/bsd/dhcpcd/dist/src/defs.h      |    2 +-
 external/bsd/dhcpcd/dist/src/dhcp.c      |   37 +-
 external/bsd/dhcpcd/dist/src/dhcp.h      |    1 +
 external/bsd/dhcpcd/dist/src/dhcp6.c     |   64 ++-
 external/bsd/dhcpcd/dist/src/dhcp6.h     |    3 +-
 external/bsd/dhcpcd/dist/src/dhcpcd.8.in |   11 +-
 external/bsd/dhcpcd/dist/src/dhcpcd.c    |   92 +++--
 external/bsd/dhcpcd/dist/src/eloop.c     |  549 ++++--------------------------
 external/bsd/dhcpcd/dist/src/eloop.h     |    4 +-
 external/bsd/dhcpcd/dist/src/if-bsd.c    |    4 +-
 external/bsd/dhcpcd/dist/src/script.c    |   71 ++-
 external/bsd/dhcpcd/dist/src/script.h    |    1 +
 15 files changed, 345 insertions(+), 578 deletions(-)

diffs (truncated from 1656 to 300 lines):

diff -r 3094878daeb1 -r 0d5faa33b672 external/bsd/dhcpcd/dist/src/arp.c
--- a/external/bsd/dhcpcd/dist/src/arp.c        Sun May 31 12:50:46 2020 +0000
+++ b/external/bsd/dhcpcd/dist/src/arp.c        Thu Jun 04 13:07:12 2020 +0000
@@ -466,11 +466,13 @@
                            a2);
                        if (r == -1)
                                logerr(__func__);
-                       else if (r != 0)
+                       else if (r != 0) {
                                logdebugx("%s: ARP announcement "
                                    "of %s cancelled",
                                    a2->iface->name,
                                    inet_ntoa(a2->addr));
+                               arp_announced(a2);
+                       }
                }
        }
 
diff -r 3094878daeb1 -r 0d5faa33b672 external/bsd/dhcpcd/dist/src/auth.c
--- a/external/bsd/dhcpcd/dist/src/auth.c       Sun May 31 12:50:46 2020 +0000
+++ b/external/bsd/dhcpcd/dist/src/auth.c       Thu Jun 04 13:07:12 2020 +0000
@@ -27,6 +27,8 @@
  */
 
 #include <sys/file.h>
+#include <sys/stat.h>
+
 #include <errno.h>
 #include <fcntl.h>
 #include <inttypes.h>
@@ -42,6 +44,7 @@
 #include "dhcp.h"
 #include "dhcp6.h"
 #include "dhcpcd.h"
+#include "privsep-root.h"
 
 #ifdef HAVE_HMAC_H
 #include <hmac.h>
@@ -408,11 +411,11 @@
        return t;
 }
 
-static uint64_t
-get_next_rdm_monotonic_counter(struct auth *auth)
+int
+auth_get_rdm_monotonic(uint64_t *rdm)
 {
        FILE *fp;
-       uint64_t rdm;
+       int err;
 #ifdef LOCK_EX
        int flocked;
 #endif
@@ -420,41 +423,43 @@
        fp = fopen(RDM_MONOFILE, "r+");
        if (fp == NULL) {
                if (errno != ENOENT)
-                       return ++auth->last_replay; /* report error? */
+                       return -1;
                fp = fopen(RDM_MONOFILE, "w");
                if (fp == NULL)
-                       return ++auth->last_replay; /* report error? */
+                       return -1;
+               if (chmod(RDM_MONOFILE, 0400) == -1) {
+                       fclose(fp);
+                       unlink(RDM_MONOFILE);
+                       return -1;
+               }
 #ifdef LOCK_EX
                flocked = flock(fileno(fp), LOCK_EX);
 #endif
-               rdm = 0;
+               *rdm = 0;
        } else {
 #ifdef LOCK_EX
                flocked = flock(fileno(fp), LOCK_EX);
 #endif
-               if (fscanf(fp, "0x%016" PRIu64, &rdm) != 1)
-                       rdm = 0; /* truncated? report error? */
+               if (fscanf(fp, "0x%016" PRIu64, rdm) != 1) {
+                       fclose(fp);
+                       return -1;
+               }
        }
 
-       rdm++;
+       (*rdm)++;
        if (fseek(fp, 0, SEEK_SET) == -1 ||
            ftruncate(fileno(fp), 0) == -1 ||
-           fprintf(fp, "0x%016" PRIu64 "\n", rdm) != 19 ||
+           fprintf(fp, "0x%016" PRIu64 "\n", *rdm) != 19 ||
            fflush(fp) == EOF)
-       {
-               if (!auth->last_replay_set) {
-                       auth->last_replay = rdm;
-                       auth->last_replay_set = 1;
-               } else
-                       rdm = ++auth->last_replay;
-               /* report error? */
-       }
+               err = -1;
+       else
+               err = 0;
 #ifdef LOCK_EX
        if (flocked == 0)
                flock(fileno(fp), LOCK_UN);
 #endif
        fclose(fp);
-       return rdm;
+       return err;
 }
 
 #define        NTP_EPOCH       2208988800U     /* 1970 - 1900 in seconds */
@@ -476,11 +481,29 @@
 }
 
 static uint64_t
-get_next_rdm_monotonic(struct auth *auth)
+get_next_rdm_monotonic(struct dhcpcd_ctx *ctx, struct auth *auth)
 {
+#ifndef PRIVSEP
+       UNUSED(ctx);
+#endif
+
+       if (auth->options & DHCPCD_AUTH_RDM_COUNTER) {
+               uint64_t rdm;
+               int err;
 
-       if (auth->options & DHCPCD_AUTH_RDM_COUNTER)
-               return get_next_rdm_monotonic_counter(auth);
+#ifdef PRIVSEP
+               if (IN_PRIVSEP(ctx)) {
+
+                       err = ps_root_getauthrdm(ctx, &rdm);
+               } else
+#endif
+                       err = auth_get_rdm_monotonic(&rdm);
+               if (err == -1)
+                       return ++auth->last_replay;
+
+               auth->last_replay = rdm;
+               return rdm;
+       }
        return get_next_rdm_monotonic_clock(auth);
 }
 
@@ -495,7 +518,8 @@
  * data and dlen refer to the authentication option within the message.
  */
 ssize_t
-dhcp_auth_encode(struct auth *auth, const struct token *t,
+dhcp_auth_encode(struct dhcpcd_ctx *ctx, struct auth *auth,
+    const struct token *t,
     void *vm, size_t mlen, int mp, int mt,
     void *vdata, size_t dlen)
 {
@@ -611,11 +635,11 @@
                *data++ = auth->rdm;
                switch (auth->rdm) {
                case AUTH_RDM_MONOTONIC:
-                       rdm = get_next_rdm_monotonic(auth);
+                       rdm = get_next_rdm_monotonic(ctx, auth);
                        break;
                default:
                        /* This block appeases gcc, clang doesn't need it */
-                       rdm = get_next_rdm_monotonic(auth);
+                       rdm = get_next_rdm_monotonic(ctx, auth);
                        break;
                }
                rdm = htonll(rdm);
diff -r 3094878daeb1 -r 0d5faa33b672 external/bsd/dhcpcd/dist/src/auth.h
--- a/external/bsd/dhcpcd/dist/src/auth.h       Sun May 31 12:50:46 2020 +0000
+++ b/external/bsd/dhcpcd/dist/src/auth.h       Thu Jun 04 13:07:12 2020 +0000
@@ -90,7 +90,11 @@
     const void *, size_t, int, int,
     const void *, size_t);
 
-ssize_t dhcp_auth_encode(struct auth *, const struct token *,
+struct dhcpcd_ctx;
+ssize_t dhcp_auth_encode(struct dhcpcd_ctx *, struct auth *,
+    const struct token *,
     void *, size_t, int, int,
     void *, size_t);
+
+int auth_get_rdm_monotonic(uint64_t *rdm);
 #endif
diff -r 3094878daeb1 -r 0d5faa33b672 external/bsd/dhcpcd/dist/src/defs.h
--- a/external/bsd/dhcpcd/dist/src/defs.h       Sun May 31 12:50:46 2020 +0000
+++ b/external/bsd/dhcpcd/dist/src/defs.h       Thu Jun 04 13:07:12 2020 +0000
@@ -29,7 +29,7 @@
 #define CONFIG_H
 
 #define PACKAGE                        "dhcpcd"
-#define VERSION                        "9.1.0"
+#define VERSION                        "9.1.1"
 
 #ifndef PRIVSEP_USER
 # define PRIVSEP_USER          "_" PACKAGE
diff -r 3094878daeb1 -r 0d5faa33b672 external/bsd/dhcpcd/dist/src/dhcp.c
--- a/external/bsd/dhcpcd/dist/src/dhcp.c       Sun May 31 12:50:46 2020 +0000
+++ b/external/bsd/dhcpcd/dist/src/dhcp.c       Thu Jun 04 13:07:12 2020 +0000
@@ -1034,7 +1034,7 @@
        auth = NULL;    /* appease GCC */
        auth_len = 0;
        if (ifo->auth.options & DHCPCD_AUTH_SEND) {
-               ssize_t alen = dhcp_auth_encode(&ifo->auth,
+               ssize_t alen = dhcp_auth_encode(ifp->ctx, &ifo->auth,
                    state->auth.token,
                    NULL, 0, 4, type, NULL, 0);
                if (alen != -1 && alen > UINT8_MAX) {
@@ -1129,7 +1129,7 @@
 
 #ifdef AUTH
        if (ifo->auth.options & DHCPCD_AUTH_SEND && auth_len != 0)
-               dhcp_auth_encode(&ifo->auth, state->auth.token,
+               dhcp_auth_encode(ifp->ctx, &ifo->auth, state->auth.token,
                    (uint8_t *)bootp, len, 4, type, auth, auth_len);
 #endif
 
@@ -2747,6 +2747,18 @@
 #endif
                }
        }
+#ifdef AUTH
+       else if (state->auth.reconf != NULL) {
+               /*
+                * Drop the lease as the token may only be present
+                * in the initial reply message and not subsequent
+                * renewals.
+                * If dhcpcd is restarted, the token is lost.
+                * XXX persist this in another file?
+                */
+               dhcp_unlink(ifp->ctx, state->leasefile);
+       }
+#endif
 
        eloop_timeout_delete(ifp->ctx->eloop, NULL, ifp);
 #ifdef AUTH
@@ -4176,3 +4188,24 @@
 
        return ia;
 }
+
+#ifndef SMALL
+int
+dhcp_dump(struct interface *ifp)
+{
+       struct dhcp_state *state;
+
+       ifp->if_data[IF_DATA_DHCP] = state = calloc(1, sizeof(*state));
+       if (state == NULL) {
+               logerr(__func__);
+               return -1;
+       }
+       state->new_len = read_lease(ifp, &state->new);
+       if (state->new == NULL) {
+               logerr("read_lease");
+               return -1;
+       }
+       state->reason = "DUMP";
+       return script_runreason(ifp, state->reason);
+}
+#endif
diff -r 3094878daeb1 -r 0d5faa33b672 external/bsd/dhcpcd/dist/src/dhcp.h
--- a/external/bsd/dhcpcd/dist/src/dhcp.h       Sun May 31 12:50:46 2020 +0000
+++ b/external/bsd/dhcpcd/dist/src/dhcp.h       Thu Jun 04 13:07:12 2020 +0000
@@ -276,6 +276,7 @@
 void dhcp_reboot_newopts(struct interface *, unsigned long long);
 void dhcp_close(struct interface *);
 void dhcp_free(struct interface *);
+int dhcp_dump(struct interface *);
 #endif /* INET */
 
 #endif /* DHCP_H */
diff -r 3094878daeb1 -r 0d5faa33b672 external/bsd/dhcpcd/dist/src/dhcp6.c
--- a/external/bsd/dhcpcd/dist/src/dhcp6.c      Sun May 31 12:50:46 2020 +0000
+++ b/external/bsd/dhcpcd/dist/src/dhcp6.c      Thu Jun 04 13:07:12 2020 +0000
@@ -881,7 +881,7 @@
 #ifdef AUTH
        auth_len = 0;
        if (ifo->auth.options & DHCPCD_AUTH_SEND) {
-               ssize_t alen = dhcp_auth_encode(&ifo->auth,
+               ssize_t alen = dhcp_auth_encode(ifp->ctx, &ifo->auth,
                    state->auth.token, NULL, 0, 6, type, NULL, 0);
                if (alen != -1 && alen > UINT16_MAX) {
                        errno = ERANGE;
@@ -1196,9 +1196,9 @@
                return -1;
 
        state = D6_STATE(ifp);
-       return dhcp_auth_encode(&ifp->options->auth, state->auth.token,
-           (uint8_t *)state->send, state->send_len,
-           6, state->send->type, opt, opt_len);
+       return dhcp_auth_encode(ifp->ctx, &ifp->options->auth,
+           state->auth.token, (uint8_t *)state->send, state->send_len, 6,
+           state->send->type, opt, opt_len);
 }
 #endif
 
@@ -1483,7 +1483,7 @@



Home | Main Index | Thread Index | Old Index