diff options
Diffstat (limited to 'freebsd/sbin/dhclient')
-rw-r--r-- | freebsd/sbin/dhclient/bpf.c | 8 | ||||
-rw-r--r-- | freebsd/sbin/dhclient/clparse.c | 5 | ||||
-rw-r--r-- | freebsd/sbin/dhclient/conflex.c | 5 | ||||
-rw-r--r-- | freebsd/sbin/dhclient/dhclient.c | 78 | ||||
-rw-r--r-- | freebsd/sbin/dhclient/dhcpd.h | 4 | ||||
-rw-r--r-- | freebsd/sbin/dhclient/dispatch.c | 22 | ||||
-rw-r--r-- | freebsd/sbin/dhclient/options.c | 4 | ||||
-rw-r--r-- | freebsd/sbin/dhclient/privsep.c | 6 | ||||
-rw-r--r-- | freebsd/sbin/dhclient/privsep.h | 5 |
9 files changed, 77 insertions, 60 deletions
diff --git a/freebsd/sbin/dhclient/bpf.c b/freebsd/sbin/dhclient/bpf.c index 978faa58..e1bfacdc 100644 --- a/freebsd/sbin/dhclient/bpf.c +++ b/freebsd/sbin/dhclient/bpf.c @@ -97,7 +97,7 @@ if_register_bpf(struct interface_info *info, int flags) * Packet write filter program: * 'ip and udp and src port bootps and dst port (bootps or bootpc)' */ -struct bpf_insn dhcp_bpf_wfilter[] = { +static struct bpf_insn dhcp_bpf_wfilter[] = { BPF_STMT(BPF_LD + BPF_B + BPF_IND, 14), BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, (IPVERSION << 4) + 5, 0, 12), @@ -131,7 +131,7 @@ struct bpf_insn dhcp_bpf_wfilter[] = { BPF_STMT(BPF_RET+BPF_K, 0), }; -int dhcp_bpf_wfilter_len = sizeof(dhcp_bpf_wfilter) / sizeof(struct bpf_insn); +static int dhcp_bpf_wfilter_len = nitems(dhcp_bpf_wfilter); void if_register_send(struct interface_info *info) @@ -186,7 +186,7 @@ if_register_send(struct interface_info *info) * XXX: Changes to the filter program may require changes to the * constant offsets used in if_register_send to patch the BPF program! */ -struct bpf_insn dhcp_bpf_filter[] = { +static struct bpf_insn dhcp_bpf_filter[] = { /* Make sure this is an IP packet... */ BPF_STMT(BPF_LD + BPF_H + BPF_ABS, 12), BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, ETHERTYPE_IP, 0, 8), @@ -213,7 +213,7 @@ struct bpf_insn dhcp_bpf_filter[] = { BPF_STMT(BPF_RET+BPF_K, 0), }; -int dhcp_bpf_filter_len = sizeof(dhcp_bpf_filter) / sizeof(struct bpf_insn); +static int dhcp_bpf_filter_len = nitems(dhcp_bpf_filter); void if_register_receive(struct interface_info *info) diff --git a/freebsd/sbin/dhclient/clparse.c b/freebsd/sbin/dhclient/clparse.c index 05343067..9ed7ae89 100644 --- a/freebsd/sbin/dhclient/clparse.c +++ b/freebsd/sbin/dhclient/clparse.c @@ -51,10 +51,9 @@ __FBSDID("$FreeBSD$"); #include "dhctoken.h" struct client_config top_level_config; -struct interface_info *dummy_interfaces; -extern struct interface_info *ifi; +static struct interface_info *dummy_interfaces; -char client_script_name[] = "/sbin/dhclient-script"; +static char client_script_name[] = "/sbin/dhclient-script"; /* * client-conf-file :== client-declarations EOF diff --git a/freebsd/sbin/dhclient/conflex.c b/freebsd/sbin/dhclient/conflex.c index b8bf541a..780ecacd 100644 --- a/freebsd/sbin/dhclient/conflex.c +++ b/freebsd/sbin/dhclient/conflex.c @@ -55,8 +55,8 @@ __FBSDID("$FreeBSD$"); int lexline; int lexchar; char *token_line; -char *prev_line; -char *cur_line; +static char *prev_line; +static char *cur_line; const char *tlname; int eol_token; @@ -349,6 +349,7 @@ intern(char *atom, int dfv) return (BOOTING); if (!strcasecmp(atom + 1, "oot-unknown-clients")) return (BOOT_UNKNOWN_CLIENTS); + break; case 'c': if (!strcasecmp(atom + 1, "lass")) return (CLASS); diff --git a/freebsd/sbin/dhclient/dhclient.c b/freebsd/sbin/dhclient/dhclient.c index e0af9431..d155d454 100644 --- a/freebsd/sbin/dhclient/dhclient.c +++ b/freebsd/sbin/dhclient/dhclient.c @@ -66,8 +66,12 @@ __FBSDID("$FreeBSD$"); #include <sys/capsicum.h> #include <sys/endian.h> +#include <capsicum_helpers.h> +#include <libgen.h> + #include <net80211/ieee80211_freebsd.h> + #ifndef _PATH_VAREMPTY #define _PATH_VAREMPTY "/var/empty" #endif @@ -91,21 +95,21 @@ __FBSDID("$FreeBSD$"); cap_channel_t *capsyslog; time_t cur_time; -time_t default_lease_time = 43200; /* 12 hours... */ +static time_t default_lease_time = 43200; /* 12 hours... */ const char *path_dhclient_conf = _PATH_DHCLIENT_CONF; char *path_dhclient_db = NULL; int log_perror = 1; -int privfd; -int nullfd = -1; +static int privfd; +static int nullfd = -1; -char hostname[_POSIX_HOST_NAME_MAX + 1]; +static char hostname[_POSIX_HOST_NAME_MAX + 1]; -struct iaddr iaddr_broadcast = { 4, { 255, 255, 255, 255 } }; -struct in_addr inaddr_any, inaddr_broadcast; +static struct iaddr iaddr_broadcast = { 4, { 255, 255, 255, 255 } }; +static struct in_addr inaddr_any, inaddr_broadcast; -char *path_dhclient_pidfile; +static char *path_dhclient_pidfile; struct pidfh *pidfile; /* @@ -121,9 +125,9 @@ struct pidfh *pidfile; #define TIME_MAX ((((time_t) 1 << (sizeof(time_t) * CHAR_BIT - 2)) - 1) * 2 + 1) int log_priority; -int no_daemon; -int unknown_ok = 1; -int routefd; +static int no_daemon; +static int unknown_ok = 1; +static int routefd; struct interface_info *ifi; @@ -197,8 +201,8 @@ get_ifa(char *cp, int n) return (NULL); } -struct iaddr defaddr = { .len = 4 }; -uint8_t curbssid[6]; +static struct iaddr defaddr = { .len = 4 }; +static uint8_t curbssid[6]; static void disassoc(void *arg) @@ -369,7 +373,7 @@ init_casper(void) int main(int argc, char *argv[]) { - extern char *__progname; + u_int capmode; int ch, fd, quiet = 0, i = 0; int pipe_fd[2]; int immediate_daemon = 0; @@ -380,7 +384,7 @@ main(int argc, char *argv[]) init_casper(); /* Initially, log errors to stderr as well as to syslogd. */ - cap_openlog(capsyslog, __progname, LOG_PID | LOG_NDELAY, DHCPD_LOG_FACILITY); + cap_openlog(capsyslog, getprogname(), LOG_PID | LOG_NDELAY, DHCPD_LOG_FACILITY); cap_setlogmask(capsyslog, LOG_UPTO(LOG_DEBUG)); while ((ch = getopt(argc, argv, "bc:dl:p:qu")) != -1) @@ -418,7 +422,7 @@ main(int argc, char *argv[]) if (path_dhclient_pidfile == NULL) { asprintf(&path_dhclient_pidfile, - "%sdhclient.%s.pid", _PATH_VARRUN, *argv); + "%s/dhclient/dhclient.%s.pid", _PATH_VARRUN, *argv); if (path_dhclient_pidfile == NULL) error("asprintf"); } @@ -527,23 +531,33 @@ main(int argc, char *argv[]) if (cap_rights_limit(routefd, &rights) < 0 && errno != ENOSYS) error("can't limit route socket: %m"); - if (chroot(_PATH_VAREMPTY) == -1) - error("chroot"); - if (chdir("/") == -1) - error("chdir(\"/\")"); - - if (setgroups(1, &pw->pw_gid) || - setegid(pw->pw_gid) || setgid(pw->pw_gid) || - seteuid(pw->pw_uid) || setuid(pw->pw_uid)) - error("can't drop privileges: %m"); - endpwent(); setproctitle("%s", ifi->name); - if (CASPER_SUPPORT && cap_enter() < 0 && errno != ENOSYS) + /* setgroups(2) is not permitted in capability mode. */ + if (setgroups(1, &pw->pw_gid) != 0) + error("can't restrict groups: %m"); + + if (caph_enter_casper() < 0) error("can't enter capability mode: %m"); + /* + * If we are not in capability mode (i.e., Capsicum or libcasper is + * disabled), try to restrict filesystem access. This will fail if + * kern.chroot_allow_open_directories is 0 or the process is jailed. + */ + if (cap_getmode(&capmode) < 0 || capmode == 0) { + if (chroot(_PATH_VAREMPTY) == -1) + error("chroot"); + if (chdir("/") == -1) + error("chdir(\"/\")"); + } + + if (setegid(pw->pw_gid) || setgid(pw->pw_gid) || + seteuid(pw->pw_uid) || setuid(pw->pw_uid)) + error("can't drop privileges: %m"); + if (immediate_daemon) go_daemon(); @@ -561,9 +575,8 @@ main(int argc, char *argv[]) void usage(void) { - extern char *__progname; - fprintf(stderr, "usage: %s [-bdqu] ", __progname); + fprintf(stderr, "usage: %s [-bdqu] ", getprogname()); fprintf(stderr, "[-c conffile] [-l leasefile] interface\n"); exit(1); } @@ -1903,7 +1916,7 @@ free_client_lease(struct client_lease *lease) free(lease); } -FILE *leaseFile; +static FILE *leaseFile; void rewrite_client_leases(void) @@ -2449,13 +2462,8 @@ go_daemon(void) cap_rights_init(&rights); - if (pidfile != NULL) { + if (pidfile != NULL) pidfile_write(pidfile); - if (cap_rights_limit(pidfile_fileno(pidfile), &rights) < 0 && - errno != ENOSYS) { - error("can't limit pidfile descriptor: %m"); - } - } if (nullfd != -1) { close(nullfd); diff --git a/freebsd/sbin/dhclient/dhcpd.h b/freebsd/sbin/dhclient/dhcpd.h index 8f9071aa..240a3ae2 100644 --- a/freebsd/sbin/dhclient/dhcpd.h +++ b/freebsd/sbin/dhclient/dhcpd.h @@ -265,7 +265,7 @@ void do_packet(struct interface_info *, struct dhcp_packet *, /* errwarn.c */ extern int warnings_occurred; -void error(const char *, ...) __attribute__ ((__format__ (__printf__, 1, 2))); +void error(const char *, ...) __attribute__ ((__format__ (__printf__, 1, 2))) __dead2; int warning(const char *, ...) __attribute__ ((__format__ (__printf__, 1, 2))); int note(const char *, ...) __attribute__ ((__format__ (__printf__, 1, 2))); int debug(const char *, ...) __attribute__ ((__format__ (__printf__, 1, 2))); @@ -369,6 +369,8 @@ extern struct client_config top_level_config; extern struct pidfh *pidfile; +extern struct interface_info *ifi; + void dhcpoffer(struct packet *); void dhcpack(struct packet *); void dhcpnak(struct packet *); diff --git a/freebsd/sbin/dhclient/dispatch.c b/freebsd/sbin/dhclient/dispatch.c index a9cc65b7..b815e6b8 100644 --- a/freebsd/sbin/dhclient/dispatch.c +++ b/freebsd/sbin/dhclient/dispatch.c @@ -59,8 +59,8 @@ __FBSDID("$FreeBSD$"); /* Assert that pointer p is aligned to at least align bytes */ #define assert_aligned(p, align) assert((((uintptr_t)p) & ((align) - 1)) == 0) -struct protocol *protocols; -struct timeout *timeouts; +static struct protocol *protocols; +static struct timeout *timeouts; static struct timeout *free_timeouts; static int interfaces_invalidated; void (*bootp_packet_handler)(struct interface_info *, @@ -549,17 +549,29 @@ interface_set_mtu_priv(char *ifname, u_int16_t mtu) { struct ifreq ifr; int sock; + u_int16_t old_mtu; if ((sock = socket(AF_INET, SOCK_DGRAM, 0)) == -1) error("Can't create socket"); memset(&ifr, 0, sizeof(ifr)); + old_mtu = 0; strlcpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name)); - ifr.ifr_mtu = mtu; - if (ioctl(sock, SIOCSIFMTU, &ifr) == -1) - warning("SIOCSIFMTU failed (%d): %s", mtu, + if (ioctl(sock, SIOCGIFMTU, (caddr_t)&ifr) == -1) + warning("SIOCGIFMTU failed (%s): %s", ifname, strerror(errno)); + else + old_mtu = ifr.ifr_mtu; + + if (mtu != old_mtu) { + ifr.ifr_mtu = mtu; + + if (ioctl(sock, SIOCSIFMTU, &ifr) == -1) + warning("SIOCSIFMTU failed (%d): %s", mtu, + strerror(errno)); + } + close(sock); } diff --git a/freebsd/sbin/dhclient/options.c b/freebsd/sbin/dhclient/options.c index 209b6536..b31ab32a 100644 --- a/freebsd/sbin/dhclient/options.c +++ b/freebsd/sbin/dhclient/options.c @@ -52,8 +52,8 @@ __FBSDID("$FreeBSD$"); #define DHCP_OPTION_DATA #include "dhcpd.h" -int bad_options = 0; -int bad_options_max = 5; +static int bad_options = 0; +static int bad_options_max = 5; void parse_options(struct packet *); void parse_option_buffer(struct packet *, unsigned char *, int); diff --git a/freebsd/sbin/dhclient/privsep.c b/freebsd/sbin/dhclient/privsep.c index f76d2d5f..847ea080 100644 --- a/freebsd/sbin/dhclient/privsep.c +++ b/freebsd/sbin/dhclient/privsep.c @@ -104,7 +104,7 @@ buf_read(int sock, void *buf, size_t nbytes) } void -dispatch_imsg(struct interface_info *ifi, int fd) +dispatch_imsg(struct interface_info *ifix, int fd) { struct imsg_hdr hdr; char *medium, *reason, *filename, @@ -237,14 +237,14 @@ dispatch_imsg(struct interface_info *ifi, int fd) error("buf_close: %m"); break; case IMSG_SEND_PACKET: - send_packet_priv(ifi, &hdr, fd); + send_packet_priv(ifix, &hdr, fd); break; case IMSG_SET_INTERFACE_MTU: if (hdr.len < sizeof(hdr) + sizeof(u_int16_t)) error("corrupted message received"); buf_read(fd, &mtu, sizeof(u_int16_t)); - interface_set_mtu_priv(ifi->name, mtu); + interface_set_mtu_priv(ifix->name, mtu); break; default: error("received unknown message, code %d", hdr.code); diff --git a/freebsd/sbin/dhclient/privsep.h b/freebsd/sbin/dhclient/privsep.h index 41b8267e..db6ec9b4 100644 --- a/freebsd/sbin/dhclient/privsep.h +++ b/freebsd/sbin/dhclient/privsep.h @@ -44,8 +44,3 @@ struct imsg_hdr { enum imsg_code code; size_t len; }; - -struct buf *buf_open(size_t); -int buf_add(struct buf *, const void *, size_t); -int buf_close(int, struct buf *); -ssize_t buf_read(int sock, void *, size_t); |