Commit Graph

181 Commits

Author SHA1 Message Date
cem
413d779950 dhclient: add support for interface-mtu (26)
Make dhclient set interface MTU if it was provided.

This version implements MTU setting in dhclient itself before it runs
dhclient-script.

PR:		206721
Submitted by:	novel@
Reported by:	Jarrod Petz <jlpetz at gmail.com>
Reviewed by:	cem, allanjude
Differential Revision:	https://reviews.freebsd.org/D5675
2016-09-02 21:14:29 +00:00
pfg
bd6fcb16e5 dhclient(1): correct obvious mismatch in get_char().
Correct switch between current and previous line buffers when
encountering a carriage return in the input.

CID:		1305719
Obtained from:	OpenBSD (CVS rev. 1.30)
MFC after:	3 days
2016-06-03 03:40:39 +00:00
cem
16b93d1013 dhclient: Fix the trivial buffer overruns correctly
A DHCP client identifier is simply the hardware type (one byte) concatenated
with the hardware address (some variable number of bytes, but at most 16).
Limit the size of the temporary buffer to match and the rest of the
calculations shake out correctly.

This is a follow-up to the incorrect r299512, reverted in r300172.

CIDs:		1008682, 1305550
Sponsored by:	EMC / Isilon Storage Division
2016-05-18 23:41:55 +00:00
cem
35a390d5d6 Revert r299512
It broke client identifiers because I misunderstood the intent of the code.
There is still a minor issue detected by Coverity (at least, I can't find where
the code proves it isn't an issue).  I'll follow up with a better fix for the
CIDs.

Reported by:	Ian FREISLICH
Sponsored by:	EMC / Isilon Storage Division
2016-05-18 23:35:37 +00:00
cem
7403ada3a6 dhclient: Fix some trivial buffer overruns
There was some confusion about how to limit a hardware address to at most 16
bytes.  In some cases it would overrun a byte off the end of the array.
Correct the types and rectify the overrun.

Reported by:	Coverity
CIDs:		1008682, 1305550
Sponsored by:	EMC / Isilon Storage Division
2016-05-12 04:28:22 +00:00
ngie
92100036c8 Merge ^/user/ngie/release-pkg-fix-tests to unbreak how test files are installed
after r298107

Summary of changes:

- Replace all instances of FILES/TESTS with ${PACKAGE}FILES. This ensures that
  namespacing is kept with FILES appropriately, and that this shouldn't need
  to be repeated if the namespace changes -- only the definition of PACKAGE
  needs to be changed
- Allow PACKAGE to be overridden by callers instead of forcing it to always be
  `tests`. In the event we get to the point where things can be split up
  enough in the base system, it would make more sense to group the tests
  with the blocks they're a part of, e.g. byacc with byacc-tests, etc
- Remove PACKAGE definitions where possible, i.e. where FILES wasn't used
  previously.
- Remove unnecessary TESTSPACKAGE definitions; this has been elided into
  bsd.tests.mk
- Remove unnecessary BINDIRs used previously with ${PACKAGE}FILES;
  ${PACKAGE}FILESDIR is now automatically defined in bsd.test.mk.
- Fix installation of files under data/ subdirectories in lib/libc/tests/hash
  and lib/libc/tests/net/getaddrinfo
- Remove unnecessary .include <bsd.own.mk>s (some opportunistic cleanup)

Document the proposed changes in share/examples/tests/tests/... via examples
so it's clear that ${PACKAGES}FILES is the suggested way forward in terms of
replacing FILES. share/mk/bsd.README didn't seem like the appropriate method
of communicating that info.

MFC after: never probably
X-MFC with: r298107
PR: 209114
Relnotes: yes
Tested with: buildworld, installworld, checkworld; buildworld, packageworld
Sponsored by: EMC / Isilon Storage Division
2016-05-04 23:20:53 +00:00
sephe
453693ecc0 dhclient: Log a warning instead of bailing upon "illegal" options
In Azure, the DHCP servers add private option (id 0xf5), which contains
binary form of an IPv4 address. Once this option is converted to string
form, it could contain '$', e.g.

IPv4 address: 100.72.36.54
binary form: 0x64 0x48 0x24 0x36
string form: "dH$6"

dhclient bails upon "illegal" options like the above example, thus the
VM bring-up will fail.

Also as a side note, this "illegal" option detection was added in
OpenBSD ~11years ago:
http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sbin/dhclient/dhclient.c?rev=1.50&content-type=text/x-cvsweb-markup

And it was removed along with the removal of script support in OpenBSD
~3years ago:
http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sbin/dhclient/dhclient.c?rev=1.159&content-type=text/x-cvsweb-markup

Reported by:	Hongxiong Xian <v-hoxian microsoft com>
Reviewed by:	jhb, Dexuan Cui <decui microsoft com>
Tested by:	Hongxiong Xian <v-hoxian microsoft com>
Analyzed by:	Dong Liu <doliu microsoft com>
MFC after:	1 week
Sponsored by:	Microsoft OSTC
Differential Revision:	https://reviews.freebsd.org/D5853
2016-04-20 23:56:25 +00:00
gjb
1c7e318a9a MFH
Sponsored by:	The FreeBSD Foundation
2016-03-10 21:16:01 +00:00
bdrewery
aab40fdc3d DIRDEPS_BUILD: Connect MK_TESTS.
Sponsored by:	EMC / Isilon Storage Division
2016-03-09 22:46:01 +00:00
gjb
4e38aaedb8 Explicitly add more files to the 'runtime' package.
Sponsored by:	The FreeBSD Foundation
2016-02-09 20:19:31 +00:00
gjb
a6998ad84f First pass to fix the 'tests' packages.
Sponsored by:	The FreeBSD Foundation
2016-02-02 22:26:49 +00:00
bdrewery
bb97a3d43c Fix LDADD/DPADD that should be LIBADD.
Sponsored by:	EMC / Isilon Storage Division
2015-12-04 03:17:47 +00:00
ngie
dd1f618367 Refactor the test/ Makefiles after recent changes to bsd.test.mk (r289158) and
netbsd-tests.test.mk (r289151)

- Eliminate explicit OBJTOP/SRCTOP setting
- Convert all ad hoc NetBSD test integration over to netbsd-tests.test.mk
- Remove unnecessary TESTSDIR setting
- Use SRCTOP where possible for clarity

MFC after: 2 weeks
Sponsored by: EMC / Isilon Storage Divison
2015-10-12 08:16:03 +00:00
sjg
008d7c831f Add META_MODE support.
Off by default, build behaves normally.
WITH_META_MODE we get auto objdir creation, the ability to
start build from anywhere in the tree.

Still need to add real targets under targets/ to build packages.

Differential Revision:       D2796
Reviewed by: brooks imp
2015-06-13 19:20:56 +00:00
sjg
75a137820d dirdeps.mk now sets DEP_RELDIR 2015-06-08 23:35:17 +00:00
pkelsey
e78dd9d8eb Add CAP_FCNTL to the lease file capsicum rights, and limit to
CAP_FCNTL_GETFL.  Without CAP_FCNTL_GETFL, the lease file truncation
in rewrite_client_leases() will fail to trim old data when rewriting
the file with a lesser amount of data.

Reviewed by: pjd, rwatson
Approved by: jmallett (mentor)
MFC after: 1 week
2015-05-28 05:38:07 +00:00
sjg
65145fa4c8 Merge sync of head 2015-05-27 01:19:58 +00:00
joel
8ef635d30e mdoc: improvements to SEE ALSO. 2014-12-27 08:22:58 +00:00
bapt
6fdc031751 Convert sbin/ to LIBADD
Reduce overlinking
2014-11-25 11:23:12 +00:00
sjg
b137080f19 Merge from head@274682 2014-11-19 01:07:58 +00:00
glebius
0c2257eddc Since r270929 raw sockets expect network byte order.
Submitted by:	avg
2014-09-11 05:48:39 +00:00
sjg
d7cd1d425c Merge head from 7/28 2014-08-19 06:50:54 +00:00
ngie
a1f9f1210c Add LIBUTIL to DPADD
This will fix "make checkdpadd"

MFC after: 5 days
PR: 192759
Approved by: rpaulo (mentor)
2014-08-18 01:21:41 +00:00
pjd
64b5b5018d Remove duplicated includes.
Submitted by:	Mariusz Zaborski <oshogbo@FreeBSD.org>
2014-06-26 13:57:44 +00:00
bapt
42044eb342 use .Mt to mark up email addresses consistently (part1)
PR:		191174
Submitted by:	Franco Fichtner  <franco@lastsummer.de>
2014-06-20 09:40:43 +00:00
sjg
5860f0d106 Updated dependencies 2014-05-16 14:09:51 +00:00
sjg
1a7e48acf1 Updated dependencies 2014-05-10 05:16:28 +00:00
sjg
ed3fc70bf5 Merge from head 2014-05-08 23:54:15 +00:00
imp
2118f42afd Use src.opts.mk in preference to bsd.own.mk except where we need stuff
from the latter.
2014-05-06 04:22:01 +00:00
sjg
5e568154a0 Merge head 2014-04-28 07:50:45 +00:00
rwatson
a400e9c007 Update most userspace consumers of capability.h to use capsicum.h instead.
auditdistd is not updated as I will make the change upstream and then do a
vendor import sometime in the next week or two.

MFC after:	3 weeks
2014-03-16 11:04:44 +00:00
jmmv
f965a606e8 Migrate tools/regression/sbin/ to the new tests layout.
Pretty much all that this change does is shuffles the code around and hooks
it into the regular build.  The code of the old tests has not changed.
2014-03-16 02:07:08 +00:00
brueffer
543bcc0057 Use CAP_EVENT instead of the deprecated CAP_POLL_EVENT.
PR:		185382 (based on)
Submitted by:	Loganaden Velvindron
Reviewed by:	pjd
MFC after:	1 week
2014-02-06 21:36:14 +00:00
eadler
717aa228c5 dhclient: change the pidfile's permissions to 644
This change permits non-root users to determine if dhclient is running
('service dhclient status wlan0').

Discussed with: mjg, cperciva
2014-02-03 04:22:29 +00:00
sjg
62bb106222 Merge from head 2013-09-05 20:18:59 +00:00
pjd
029a6f5d92 Change the cap_rights_t type from uint64_t to a structure that we can extend
in the future in a backward compatible (API and ABI) way.

The cap_rights_t represents capability rights. We used to use one bit to
represent one right, but we are running out of spare bits. Currently the new
structure provides place for 114 rights (so 50 more than the previous
cap_rights_t), but it is possible to grow the structure to hold at least 285
rights, although we can make it even larger if 285 rights won't be enough.

The structure definition looks like this:

	struct cap_rights {
		uint64_t	cr_rights[CAP_RIGHTS_VERSION + 2];
	};

The initial CAP_RIGHTS_VERSION is 0.

The top two bits in the first element of the cr_rights[] array contain total
number of elements in the array - 2. This means if those two bits are equal to
0, we have 2 array elements.

The top two bits in all remaining array elements should be 0.
The next five bits in all array elements contain array index. Only one bit is
used and bit position in this five-bits range defines array index. This means
there can be at most five array elements in the future.

To define new right the CAPRIGHT() macro must be used. The macro takes two
arguments - an array index and a bit to set, eg.

	#define	CAP_PDKILL	CAPRIGHT(1, 0x0000000000000800ULL)

We still support aliases that combine few rights, but the rights have to belong
to the same array element, eg:

	#define	CAP_LOOKUP	CAPRIGHT(0, 0x0000000000000400ULL)
	#define	CAP_FCHMOD	CAPRIGHT(0, 0x0000000000002000ULL)

	#define	CAP_FCHMODAT	(CAP_FCHMOD | CAP_LOOKUP)

There is new API to manage the new cap_rights_t structure:

	cap_rights_t *cap_rights_init(cap_rights_t *rights, ...);
	void cap_rights_set(cap_rights_t *rights, ...);
	void cap_rights_clear(cap_rights_t *rights, ...);
	bool cap_rights_is_set(const cap_rights_t *rights, ...);

	bool cap_rights_is_valid(const cap_rights_t *rights);
	void cap_rights_merge(cap_rights_t *dst, const cap_rights_t *src);
	void cap_rights_remove(cap_rights_t *dst, const cap_rights_t *src);
	bool cap_rights_contains(const cap_rights_t *big, const cap_rights_t *little);

Capability rights to the cap_rights_init(), cap_rights_set(),
cap_rights_clear() and cap_rights_is_set() functions are provided by
separating them with commas, eg:

	cap_rights_t rights;

	cap_rights_init(&rights, CAP_READ, CAP_WRITE, CAP_FSTAT);

There is no need to terminate the list of rights, as those functions are
actually macros that take care of the termination, eg:

	#define	cap_rights_set(rights, ...)				\
		__cap_rights_set((rights), __VA_ARGS__, 0ULL)
	void __cap_rights_set(cap_rights_t *rights, ...);

Thanks to using one bit as an array index we can assert in those functions that
there are no two rights belonging to different array elements provided
together. For example this is illegal and will be detected, because CAP_LOOKUP
belongs to element 0 and CAP_PDKILL to element 1:

	cap_rights_init(&rights, CAP_LOOKUP | CAP_PDKILL);

Providing several rights that belongs to the same array's element this way is
correct, but is not advised. It should only be used for aliases definition.

This commit also breaks compatibility with some existing Capsicum system calls,
but I see no other way to do that. This should be fine as Capsicum is still
experimental and this change is not going to 9.x.

Sponsored by:	The FreeBSD Foundation
2013-09-05 00:09:56 +00:00
pjd
e71a9f5bfa Fix dhclient for interfaces that are down. The discover_interfaces() function
that looks for interface skips interfaces that are not UP. We need to call
dhclient-script PREINIT before we call discover_interfaces(), so the script has
a chance to bring the interface UP.

Reported by:	alfred
2013-07-04 12:27:10 +00:00
pjd
85ce2c58ff MFp4 @229488:
Sandbox unprivileged process using capability mode.

Reviewed by:	brooks
Sponsored by:	The FreeBSD Foundation
2013-07-03 22:23:25 +00:00
pjd
b93b6961b0 MFp4 @229487:
Revoke all capability rights from STDIN and allow only for write to STDOUT and
STDERR. All those descriptors are redirected to /dev/null.

Reviewed by:	brooks
Sponsored by:	The FreeBSD Foundation
2013-07-03 22:22:29 +00:00
pjd
671bf2da43 MFp4 @229486:
Once PID is written to the pidfile, revoke all capability rights.
We just want to keep the pidfile open.

Reviewed by:	brooks
Sponsored by:	The FreeBSD Foundation
2013-07-03 22:21:11 +00:00
pjd
745563514b MFp4 @229485:
Only allow to overwrite lease file.

Reviewed by:	brooks
Sponsored by:	The FreeBSD Foundation
2013-07-03 22:19:43 +00:00
pjd
157b58cb30 MFp4 @229484:
Limit routing socket so only poll(2) and read(2) are allowed (CAP_POLL_EVENT
and CAP_READ). This prevents unprivileged process from adding, removing or
modifying system routes.

Reviewed by:	brooks
Sponsored by:	The FreeBSD Foundation
2013-07-03 22:18:40 +00:00
pjd
6526d2e66a MFp4 @229483:
Limit communication pipe with privileged process to CAP_READ and CAP_WRITE.

Reviewed by:	brooks
Sponsored by:	The FreeBSD Foundation
2013-07-03 22:17:29 +00:00
pjd
11d993e694 MFp4 @229482:
- Limit bpf descriptor in unprivileged process to CAP_POLL_EVENT, CAP_READ and
  allow for SIOCGIFFLAGS, SIOCGIFMEDIA ioctls.
- While here limit bpf descriptor in privileged process to only CAP_WRITE.

Reviewed by:	brooks
Sponsored by:	The FreeBSD Foundation
2013-07-03 22:16:02 +00:00
pjd
d5113e2f28 MFp4 @229481:
Currently it was allowed to send any UDP packets from unprivileged process and
possibly any packets because /dev/bpf was open for writing.

Move sending packets to privileged process. Unprivileged process has no longer
access to not connected UDP socket and has only access to /dev/bpf in read-only
mode.

Reviewed by:	brooks
Sponsored by:	The FreeBSD Foundation
2013-07-03 22:12:54 +00:00
pjd
f92ee0c897 MFp4 @229480:
Shutdown write direction of the routing socket. We only need to read from it.

Reviewed by:	brooks
Sponsored by:	The FreeBSD Foundation
2013-07-03 22:09:02 +00:00
pjd
c776076005 MFp4 @229479:
- Add new request (IMSG_SEND_PACKET) that will be handled by privileged process.
- Add $FreeBSD$.

Reviewed by:	brooks
Sponsored by:	The FreeBSD Foundation
2013-07-03 22:07:55 +00:00
pjd
696dccfa35 MFp4 @229477:
The gethostname(3) function won't work in capability mode, because reading
kern.hostname sysctl is not permitted there.  Cache hostname early and use
cached value later.

Reviewed by:	brooks
Sponsored by:	The FreeBSD Foundation
2013-07-03 22:05:36 +00:00
pjd
981cfd3abf Remove redundant white-spaces. 2013-07-03 22:03:19 +00:00
pjd
e538ac2c30 MFp4 @229476,229478:
Make use of two fields: rfdesc and wfdesc to keep bpf descriptor open for
reading only in rfdesc and bpf descriptor open for writing only in wfdesc.
In the end they will be used by two different processes.

Reviewed by:	brooks
Sponsored by:	The FreeBSD Foundation
2013-07-03 22:01:52 +00:00