Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/ROY]: src/external/bsd/dhcpcd/dist/src Update to dhcpcd-9.1.2 with the f...



details:   https://anonhg.NetBSD.org/src/rev/a52045968717
branches:  ROY
changeset: 934662:a52045968717
user:      roy <roy%NetBSD.org@localhost>
date:      Mon Jun 15 16:58:01 2020 +0000

description:
Update to dhcpcd-9.1.2 with the following changes:

* NetBSD: free ARP state once IPv4LL address announced
* NetBSD: Mark RA dervied addresses as AUTOCONF
* BSD: Only mark static routes from dhcpcd.conf as static
* DHCP6: Ensure requested addresses are requested
* DHCP6: Fix prefix length calculation when no prefix specified
* privsep: Implement a resource limited sandbox

diffstat:

 external/bsd/dhcpcd/dist/src/arp.c             |    7 -
 external/bsd/dhcpcd/dist/src/arp.h             |    1 -
 external/bsd/dhcpcd/dist/src/bpf.c             |    8 +
 external/bsd/dhcpcd/dist/src/control.c         |  296 +++++++++++++++-------
 external/bsd/dhcpcd/dist/src/control.h         |   14 +-
 external/bsd/dhcpcd/dist/src/defs.h            |    2 +-
 external/bsd/dhcpcd/dist/src/dhcp6.c           |   15 +-
 external/bsd/dhcpcd/dist/src/dhcpcd.c          |  303 ++++++++++++----------
 external/bsd/dhcpcd/dist/src/dhcpcd.h          |   13 +
 external/bsd/dhcpcd/dist/src/eloop.c           |   39 ++-
 external/bsd/dhcpcd/dist/src/eloop.h           |    1 +
 external/bsd/dhcpcd/dist/src/if-bsd.c          |   96 ++++--
 external/bsd/dhcpcd/dist/src/if-options.c      |   10 +-
 external/bsd/dhcpcd/dist/src/if-options.h      |    2 +-
 external/bsd/dhcpcd/dist/src/if.c              |   41 +-
 external/bsd/dhcpcd/dist/src/if.h              |    1 +
 external/bsd/dhcpcd/dist/src/ipv4ll.c          |    3 +
 external/bsd/dhcpcd/dist/src/ipv6nd.c          |    6 +-
 external/bsd/dhcpcd/dist/src/logerr.c          |    3 +
 external/bsd/dhcpcd/dist/src/privsep-bsd.c     |   30 ++
 external/bsd/dhcpcd/dist/src/privsep-control.c |  323 +++++++++++++++++++++++++
 external/bsd/dhcpcd/dist/src/privsep-control.h |   41 +++
 external/bsd/dhcpcd/dist/src/privsep-inet.c    |   68 +---
 external/bsd/dhcpcd/dist/src/privsep-root.c    |   37 +-
 external/bsd/dhcpcd/dist/src/privsep-root.h    |    8 +-
 external/bsd/dhcpcd/dist/src/privsep.c         |  200 +++++++++++++--
 external/bsd/dhcpcd/dist/src/privsep.h         |   28 +-
 external/bsd/dhcpcd/dist/src/script.c          |    5 +-
 28 files changed, 1179 insertions(+), 422 deletions(-)

diffs (truncated from 2731 to 300 lines):

diff -r c6d38ce3d69f -r a52045968717 external/bsd/dhcpcd/dist/src/arp.c
--- a/external/bsd/dhcpcd/dist/src/arp.c        Thu Jun 04 13:07:12 2020 +0000
+++ b/external/bsd/dhcpcd/dist/src/arp.c        Mon Jun 15 16:58:01 2020 +0000
@@ -578,13 +578,6 @@
 }
 
 void
-arp_cancel(struct arp_state *astate)
-{
-
-       eloop_timeout_delete(astate->iface->ctx->eloop, NULL, astate);
-}
-
-void
 arp_free(struct arp_state *astate)
 {
        struct interface *ifp;
diff -r c6d38ce3d69f -r a52045968717 external/bsd/dhcpcd/dist/src/arp.h
--- a/external/bsd/dhcpcd/dist/src/arp.h        Thu Jun 04 13:07:12 2020 +0000
+++ b/external/bsd/dhcpcd/dist/src/arp.h        Mon Jun 15 16:58:01 2020 +0000
@@ -98,7 +98,6 @@
 void arp_probe(struct arp_state *);
 struct arp_state *arp_announceaddr(struct dhcpcd_ctx *, const struct in_addr *);
 struct arp_state *arp_ifannounceaddr(struct interface *, const struct in_addr *);
-void arp_cancel(struct arp_state *);
 struct arp_state * arp_find(struct interface *, const struct in_addr *);
 void arp_free(struct arp_state *);
 void arp_freeaddr(struct interface *, const struct in_addr *);
diff -r c6d38ce3d69f -r a52045968717 external/bsd/dhcpcd/dist/src/bpf.c
--- a/external/bsd/dhcpcd/dist/src/bpf.c        Thu Jun 04 13:07:12 2020 +0000
+++ b/external/bsd/dhcpcd/dist/src/bpf.c        Mon Jun 15 16:58:01 2020 +0000
@@ -703,6 +703,14 @@
                return -1;
        return 0;
 #else
+#ifdef PRIVSEP
+#if defined(__sun) /* Solaris cannot send via BPF. */
+#elif defined(BIOCSETF)
+#warning No BIOCSETWF support - a compromised BPF can be used as a raw socket
+#else
+#warning A compromised PF_PACKET socket can be used as a raw socket
+#endif
+#endif
        return bpf_bootp_rw(bpf, true);
 #endif
 }
diff -r c6d38ce3d69f -r a52045968717 external/bsd/dhcpcd/dist/src/control.c
--- a/external/bsd/dhcpcd/dist/src/control.c    Thu Jun 04 13:07:12 2020 +0000
+++ b/external/bsd/dhcpcd/dist/src/control.c    Mon Jun 15 16:58:01 2020 +0000
@@ -46,6 +46,7 @@
 #include "eloop.h"
 #include "if.h"
 #include "logerr.h"
+#include "privsep.h"
 
 #ifndef SUN_LEN
 #define SUN_LEN(su) \
@@ -63,7 +64,6 @@
                        free(fdp->data);
                free(fdp);
        }
-       fd->queue_len = 0;
 
 #ifdef CTL_FREE_LIST
        while ((fdp = TAILQ_FIRST(&fd->free_queue))) {
@@ -75,56 +75,118 @@
 #endif
 }
 
-static void
+void
+control_free(struct fd_list *fd)
+{
+
+#ifdef PRIVSEP
+       if (fd->ctx->ps_control_client == fd)
+               fd->ctx->ps_control_client = NULL;
+#endif
+
+       eloop_event_remove_writecb(fd->ctx->eloop, fd->fd);
+       TAILQ_REMOVE(&fd->ctx->control_fds, fd, next);
+       control_queue_free(fd);
+       free(fd);
+}
+
+void
 control_delete(struct fd_list *fd)
 {
 
-       TAILQ_REMOVE(&fd->ctx->control_fds, fd, next);
+#ifdef PRIVSEP
+       if (IN_PRIVSEP_SE(fd->ctx))
+               return;
+#endif
+
        eloop_event_delete(fd->ctx->eloop, fd->fd);
        close(fd->fd);
-       control_queue_free(fd);
-       free(fd);
+       control_free(fd);
 }
 
 static void
 control_handle_data(void *arg)
 {
        struct fd_list *fd = arg;
-       char buffer[1024], *e, *p, *argvp[255], **ap, *a;
+       char buffer[1024];
        ssize_t bytes;
-       size_t len;
-       int argc;
 
        bytes = read(fd->fd, buffer, sizeof(buffer) - 1);
+
        if (bytes == -1 || bytes == 0) {
                /* Control was closed or there was an error.
                 * Remove it from our list. */
                control_delete(fd);
                return;
        }
-       buffer[bytes] = '\0';
-       p = buffer;
-       e = buffer + bytes;
+
+#ifdef PRIVSEP
+       if (IN_PRIVSEP(fd->ctx)) {
+               ssize_t err;
+
+               fd->flags |= FD_SENDLEN;
+               err = ps_ctl_handleargs(fd, buffer, (size_t)bytes);
+               fd->flags &= ~FD_SENDLEN;
+               if (err == -1) {
+                       logerr(__func__);
+                       return;
+               }
+               if (err == 1 &&
+                   ps_ctl_sendargs(fd, buffer, (size_t)bytes) == -1) {
+                       logerr(__func__);
+                       control_delete(fd);
+               }
+               return;
+       }
+#endif
+
+       control_recvdata(fd, buffer, (size_t)bytes);
+}
+
+void
+control_recvdata(struct fd_list *fd, char *data, size_t len)
+{
+       char *p = data, *e;
+       char *argvp[255], **ap;
+       int argc;
 
        /* Each command is \n terminated
         * Each argument is NULL separated */
-       while (p < e) {
+       while (len != 0) {
                argc = 0;
                ap = argvp;
-               while (p < e) {
-                       argc++;
+               while (len != 0) {
+                       if (*p == '\0') {
+                               p++;
+                               len--;
+                               continue;
+                       }
+                       e = memchr(p, '\0', len);
+                       if (e == NULL) {
+                               errno = EINVAL;
+                               logerrx("%s: no terminator", __func__);
+                               return;
+                       }
                        if ((size_t)argc >= sizeof(argvp) / sizeof(argvp[0])) {
                                errno = ENOBUFS;
+                               logerrx("%s: no arg buffer", __func__);
                                return;
                        }
-                       a = *ap++ = p;
-                       len = strlen(p);
-                       p += len + 1;
-                       if (len && a[len - 1] == '\n') {
-                               a[len - 1] = '\0';
+                       *ap++ = p;
+                       argc++;
+                       e++;
+                       len -= (size_t)(e - p);
+                       p = e;
+                       e--;
+                       if (*(--e) == '\n') {
+                               *e = '\0';
                                break;
                        }
                }
+               if (argc == 0) {
+                       logerrx("%s: no args", __func__);
+                       continue;
+               }
                *ap = NULL;
                if (dhcpcd_handleargs(fd->ctx, fd, argc, argvp) == -1) {
                        logerr(__func__);
@@ -136,6 +198,26 @@
        }
 }
 
+struct fd_list *
+control_new(struct dhcpcd_ctx *ctx, int fd, unsigned int flags)
+{
+       struct fd_list *l;
+
+       l = malloc(sizeof(*l));
+       if (l == NULL)
+               return NULL;
+
+       l->ctx = ctx;
+       l->fd = fd;
+       l->flags = flags;
+       TAILQ_INIT(&l->queue);
+#ifdef CTL_FREE_LIST
+       TAILQ_INIT(&l->free_queue);
+#endif
+       TAILQ_INSERT_TAIL(&ctx->control_fds, l, next);
+       return l;
+}
+
 static void
 control_handle1(struct dhcpcd_ctx *ctx, int lfd, unsigned int fd_flags)
 {
@@ -154,20 +236,19 @@
            fcntl(fd, F_SETFL, flags | O_NONBLOCK) == -1)
                goto error;
 
-       l = malloc(sizeof(*l));
+#ifdef PRIVSEP
+       if (IN_PRIVSEP(ctx) && !IN_PRIVSEP_SE(ctx))
+               ;
+       else
+#endif
+       fd_flags |= FD_SENDLEN;
+
+       l = control_new(ctx, fd, fd_flags);
        if (l == NULL)
                goto error;
 
-       l->ctx = ctx;
-       l->fd = fd;
-       l->flags = fd_flags;
-       TAILQ_INIT(&l->queue);
-       l->queue_len = 0;
-#ifdef CTL_FREE_LIST
-       TAILQ_INIT(&l->free_queue);
-#endif
-       TAILQ_INSERT_TAIL(&ctx->control_fds, l, next);
-       eloop_event_add(ctx->eloop, l->fd, control_handle_data, l);
+       if (eloop_event_add(ctx->eloop, l->fd, control_handle_data, l) == -1)
+               logerr(__func__);
        return;
 
 error:
@@ -193,6 +274,26 @@
 }
 
 static int
+make_path(char *path, size_t len, const char *ifname, sa_family_t family)
+{
+       const char *per;
+
+       switch(family) {
+       case AF_INET:
+               per = "-4";
+               break;
+       case AF_INET6:
+               per = "-6";
+               break;
+       default:
+               per = "";
+               break;
+       }
+       return snprintf(path, len, CONTROLSOCKET,
+           ifname ? ifname : "", ifname ? per : "", ifname ? "." : "");
+}
+
+static int
 make_sock(struct sockaddr_un *sa, const char *ifname, sa_family_t family,
     bool unpriv)
 {
@@ -204,23 +305,8 @@
        sa->sun_family = AF_UNIX;
        if (unpriv)
                strlcpy(sa->sun_path, UNPRIVSOCKET, sizeof(sa->sun_path));
-       else {
-               const char *per;
-
-               switch(family) {
-               case AF_INET:
-                       per = "-4";
-                       break;
-               case AF_INET6:
-                       per = "-6";



Home | Main Index | Thread Index | Old Index