diff options
Diffstat (limited to 'src/privsep-control.c')
-rw-r--r-- | src/privsep-control.c | 296 |
1 files changed, 296 insertions, 0 deletions
diff --git a/src/privsep-control.c b/src/privsep-control.c new file mode 100644 index 000000000000..fe9bbbf22732 --- /dev/null +++ b/src/privsep-control.c @@ -0,0 +1,296 @@ +/* SPDX-License-Identifier: BSD-2-Clause */ +/* + * Privilege Separation for dhcpcd, control proxy + * Copyright (c) 2006-2021 Roy Marples <roy@marples.name> + * All rights reserved + + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include <errno.h> +#include <stdlib.h> +#include <string.h> + +#include "dhcpcd.h" +#include "control.h" +#include "eloop.h" +#include "logerr.h" +#include "privsep.h" + +static int +ps_ctl_startcb(void *arg) +{ + struct dhcpcd_ctx *ctx = arg; + sa_family_t af; + + if (ctx->options & DHCPCD_MANAGER) { + setproctitle("[control proxy]"); + af = AF_UNSPEC; + } else { + setproctitle("[control proxy] %s%s%s", + ctx->ifv[0], + ctx->options & DHCPCD_IPV4 ? " [ip4]" : "", + ctx->options & DHCPCD_IPV6 ? " [ip6]" : ""); + if ((ctx->options & + (DHCPCD_IPV4 | DHCPCD_IPV6)) == DHCPCD_IPV4) + af = AF_INET; + else if ((ctx->options & + (DHCPCD_IPV4 | DHCPCD_IPV6)) == DHCPCD_IPV6) + af = AF_INET6; + else + af = AF_UNSPEC; + } + + ctx->ps_control_pid = getpid(); + + return control_start(ctx, + ctx->options & DHCPCD_MANAGER ? NULL : *ctx->ifv, af); +} + +static ssize_t +ps_ctl_recvmsgcb(void *arg, struct ps_msghdr *psm, __unused struct msghdr *msg) +{ + struct dhcpcd_ctx *ctx = arg; + + if (psm->ps_cmd != PS_CTL_EOF) { + errno = ENOTSUP; + return -1; + } + + if (ctx->ps_control_client != NULL) + ctx->ps_control_client = NULL; + return 0; +} + +static void +ps_ctl_recvmsg(void *arg) +{ + struct dhcpcd_ctx *ctx = arg; + + if (ps_recvpsmsg(ctx, ctx->ps_control_fd, ps_ctl_recvmsgcb, ctx) == -1) + logerr(__func__); +} + +ssize_t +ps_ctl_handleargs(struct fd_list *fd, char *data, size_t len) +{ + + /* Make any change here in dhcpcd.c as well. */ + if (strncmp(data, "--version", + MIN(strlen("--version"), len)) == 0) { + return control_queue(fd, UNCONST(VERSION), + strlen(VERSION) + 1); + } else if (strncmp(data, "--getconfigfile", + MIN(strlen("--getconfigfile"), len)) == 0) { + return control_queue(fd, UNCONST(fd->ctx->cffile), + strlen(fd->ctx->cffile) + 1); + } else if (strncmp(data, "--listen", + MIN(strlen("--listen"), len)) == 0) { + fd->flags |= FD_LISTEN; + return 0; + } + + if (fd->ctx->ps_control_client != NULL && + fd->ctx->ps_control_client != fd) + { + logerrx("%s: cannot handle another client", __func__); + return 0; + } + return 1; +} + +static ssize_t +ps_ctl_dispatch(void *arg, struct ps_msghdr *psm, struct msghdr *msg) +{ + struct dhcpcd_ctx *ctx = arg; + struct iovec *iov = msg->msg_iov; + struct fd_list *fd; + unsigned int fd_flags = FD_SENDLEN; + + switch (psm->ps_flags) { + case PS_CTL_PRIV: + break; + case PS_CTL_UNPRIV: + fd_flags |= FD_UNPRIV; + break; + } + + switch (psm->ps_cmd) { + case PS_CTL: + if (msg->msg_iovlen != 1) { + errno = EINVAL; + return -1; + } + if (ctx->ps_control_client != NULL) { + logerrx("%s: cannot handle another client", __func__); + return 0; + } + fd = control_new(ctx, ctx->ps_control_data_fd, fd_flags); + if (fd == NULL) + return -1; + ctx->ps_control_client = fd; + control_recvdata(fd, iov->iov_base, iov->iov_len); + break; + case PS_CTL_EOF: + control_free(ctx->ps_control_client); + break; + default: + errno = ENOTSUP; + return -1; + } + return 0; +} + +static void +ps_ctl_dodispatch(void *arg) +{ + struct dhcpcd_ctx *ctx = arg; + + if (ps_recvpsmsg(ctx, ctx->ps_control_fd, ps_ctl_dispatch, ctx) == -1) + logerr(__func__); +} + +static void +ps_ctl_recv(void *arg) +{ + struct dhcpcd_ctx *ctx = arg; + char buf[BUFSIZ]; + ssize_t len; + + errno = 0; + len = read(ctx->ps_control_data_fd, buf, sizeof(buf)); + if (len == -1 || len == 0) { + logerr("%s: read", __func__); + eloop_exit(ctx->eloop, EXIT_FAILURE); + return; + } + if (ctx->ps_control_client == NULL) /* client disconnected */ + return; + errno = 0; + if (control_queue(ctx->ps_control_client, buf, (size_t)len) == -1) + logerr("%s: control_queue", __func__); +} + +static void +ps_ctl_listen(void *arg) +{ + struct dhcpcd_ctx *ctx = arg; + char buf[BUFSIZ]; + ssize_t len; + struct fd_list *fd; + + errno = 0; + len = read(ctx->ps_control->fd, buf, sizeof(buf)); + if (len == -1 || len == 0) { + logerr("%s: read", __func__); + eloop_exit(ctx->eloop, EXIT_FAILURE); + return; + } + + /* Send to our listeners */ + TAILQ_FOREACH(fd, &ctx->control_fds, next) { + if (!(fd->flags & FD_LISTEN)) + continue; + if (control_queue(fd, buf, (size_t)len)== -1) + logerr("%s: control_queue", __func__); + } +} + +pid_t +ps_ctl_start(struct dhcpcd_ctx *ctx) +{ + int data_fd[2], listen_fd[2]; + pid_t pid; + + if (xsocketpair(AF_UNIX, SOCK_STREAM | SOCK_CXNB, 0, data_fd) == -1 || + xsocketpair(AF_UNIX, SOCK_STREAM | SOCK_CXNB, 0, listen_fd) == -1) + return -1; +#ifdef PRIVSEP_RIGHTS + if (ps_rights_limit_fdpair(data_fd) == -1 || + ps_rights_limit_fdpair(listen_fd) == -1) + return -1; +#endif + + pid = ps_dostart(ctx, &ctx->ps_control_pid, &ctx->ps_control_fd, + ps_ctl_recvmsg, ps_ctl_dodispatch, ctx, + ps_ctl_startcb, NULL, + PSF_DROPPRIVS); + + if (pid == -1) + return -1; + else if (pid != 0) { + ctx->ps_control_data_fd = data_fd[1]; + close(data_fd[0]); + ctx->ps_control = control_new(ctx, + listen_fd[1], FD_SENDLEN | FD_LISTEN); + if (ctx->ps_control == NULL) + return -1; + close(listen_fd[0]); + return pid; + } + + ctx->ps_control_data_fd = data_fd[0]; + close(data_fd[1]); + if (eloop_event_add(ctx->eloop, ctx->ps_control_data_fd, + ps_ctl_recv, ctx) == -1) + return -1; + + ctx->ps_control = control_new(ctx, + listen_fd[0], 0); + close(listen_fd[1]); + if (ctx->ps_control == NULL) + return -1; + if (eloop_event_add(ctx->eloop, ctx->ps_control->fd, + ps_ctl_listen, ctx) == -1) + return -1; + + ps_entersandbox("stdio inet", NULL); + return 0; +} + +int +ps_ctl_stop(struct dhcpcd_ctx *ctx) +{ + + return ps_dostop(ctx, &ctx->ps_control_pid, &ctx->ps_control_fd); +} + +ssize_t +ps_ctl_sendargs(struct fd_list *fd, void *data, size_t len) +{ + struct dhcpcd_ctx *ctx = fd->ctx; + + if (ctx->ps_control_client != NULL && ctx->ps_control_client != fd) + logerrx("%s: cannot deal with another client", __func__); + ctx->ps_control_client = fd; + return ps_sendcmd(ctx, ctx->ps_control_fd, PS_CTL, + fd->flags & FD_UNPRIV ? PS_CTL_UNPRIV : PS_CTL_PRIV, + data, len); +} + +ssize_t +ps_ctl_sendeof(struct fd_list *fd) +{ + struct dhcpcd_ctx *ctx = fd->ctx; + + return ps_sendcmd(ctx, ctx->ps_control_fd, PS_CTL_EOF, 0, NULL, 0); +} |