Commit Graph

336 Commits

Author SHA1 Message Date
Roy Marples
e7f139d3be configure: fix the closefrom test
Fixes #327.
2024-05-24 13:23:37 +01:00
Roy Marples
6a6c13f46d Add compat support for closefrom cribbed from libbsd
We had compat support in older dhcpcd but we want it faster
when linux supports faster, because, you know, fast.
2024-05-04 12:38:49 +01:00
Roy Marples
2913df520a configure: guard config.h with #ifdef CONFIG_H
Rename CONFIG_H guard in defs.h to DEFS_H
This avoids a redeclaration issue on DragonFly.
2023-11-08 10:10:35 +00:00
Roy Marples
e8b6541979 Expose memset_s on FreeBSD 2023-10-23 15:39:20 +01:00
Roy Marples
47f4bf4188 Fix tests or #252. 2023-10-23 15:31:02 +01:00
Roy Marples
65190fa017 compat: test for memset_explicit, explicit_bzero and memset_s
These won't be optimised away by the compiler and our arc4random
compat function should use them *if* available.
If none are then a warning will be emitted to say it's potentially insecure.

Hopefully only uclibc users will see this message.

Fixes #252.
2023-10-23 15:28:40 +01:00
Tobias Heider
8e316164a8
Support libcrypto for hmac and sha256 (#223)
* compat: Add OpenSSL libcrypto compatibility layer

Detect libcrypto in configure script.  Only fall back
to using libcrypto when /usr libs are allowed and no
other compatible implementation is available or when
--with-openssl is passed explicitly.
Make sure libcrypto and libmd are never linked at the
same time.

Add OpenSSL based SHA256 and HMAC compat shims in
compat/crypt_openssl. Depeding on version and build flags,
libcrypto ships with a compatible SHA256 API in
"openssl/sha.h".  OpenSSL 3 has deprecated the SHA API,
so if it is not detected we fall back to an EVP_DIGEST
based version.
Because the API might still be in use in OpenSSL internally,
the compatibility wrappers have a dhcpcd_ prefix to avoid
symbol conflicts.

* Add sha256 tests based on the existing hmac-md5 tests.
2023-09-25 09:49:00 +01:00
Roy Marples
43c4b1b572 Fix --enable-secomp 2023-07-20 10:48:37 +01:00
Roy Marples
8b65e2d6c7 privsep: Allow diabling of SECCOMP on Linux
This allows a POSIX resource limited sandbox to be used at least
with privilege separation, which is better than just disabling
privilege separation entirely for when SECCOMP stops working due to
libc/kernel changes.
2023-07-20 10:33:51 +01:00
Roy Marples
4523393a82 Fix compile warning with rb.c sync 2023-07-19 13:46:08 +01:00
Roy Marples
b6a207dc6d chore: Document building a bit more
And the fact that configure is not GNU.
2023-05-18 11:40:19 +01:00
Roy Marples
af56d0d635 FreeBSD no longer needs static linking 2023-04-11 19:25:03 +01:00
Roy Marples
293f2af6ad dhcpcd doesn't need to be statically linked on DragonFly 2023-03-17 11:11:39 +00:00
Roy Marples
fdcf878fff configure: Ensure that we use the return of the functions we test
As newer compiler defaults warn if they are not used.
Should fix #163.
2023-01-08 22:10:21 +00:00
Roy Marples
6a9994bbf0 configure: --prefix also sets $prefix for compat with autoconf
Fixes #139
2022-10-17 14:30:03 +01:00
Roy Marples
2f070c7d20 hooks: Support timesyncd
Fixes #106
2022-08-09 17:26:37 +01:00
Issam E. Maghni
6e1da480a1 configure: test -a|o is not POSIX 2021-05-04 12:34:01 -04:00
Roy Marples
b29f653581 import-src: adjust build target so all .in files are pre-built
While here, if we cannot find ypbind to work out how the hook script
should be configured, guess according to OS.
2021-01-30 11:46:06 +00:00
Roy Marples
d747ef075c eloop: Default to using ppoll(2) again.
Even though we now have fully working kqueue(2) and epoll(7)
with our privsep code, ppoll(2) is faster and smaller for our
workload.

This time though, we will keep the code here as it's fully working
and while fixing kqueue we also fixed other bugs in dhcpcd as a result
so it's not time wasted at all.
2021-01-30 01:37:15 +00:00
Roy Marples
701a9d031e Linux: Implement epoll(7) for eloop (again)
eloop allows for O(1) processing of active fd's.
The problems with the prior implementation have now been fixed.
2021-01-28 17:26:20 +00:00
Roy Marples
44bbb1a68b OpenBSD: Fix kqueue detection and one error. 2021-01-28 12:13:24 +00:00
Roy Marples
11baa2a1f5 BSD: Implement kqueue(2) for eloop (again)
kqueue allows for O(1) processing of active fd's an a more
robust signal handling method without the need to use global
variables to avoid calling functions during signal delivery.

The problems with the prior implemenation have now been fixed.
2021-01-28 11:54:05 +00:00
Roy Marples
de92f37d68 Whitespace 2021-01-27 13:31:51 +00:00
Roy Marples
8366c54b42 Just give up with setproctitle on Illumos
Their ps tools go out of their way to only show how it was launched :/
2020-10-10 13:32:23 +03:00
Roy Marples
f08226379b configure: Remove PPOLL from config.mk 2020-09-06 15:25:59 +01:00
Roy Marples
3f9355273c Quick change for pior 2020-06-17 15:17:58 +01:00
Roy Marples
ee73e526cc configure: add --with-eghook=foo
Allows to force for example ypbind if it's not installed.
2020-06-17 15:12:13 +01:00
Roy Marples
e28fb1bab0 configure: Fix fallout with disabling embedded config 2020-06-15 22:04:37 +01:00
Roy Marples
4b57309d6b udev: disable for non Linux systems
On FreeBSD udev, the function udev_device_new_from_subsystem_sysname
exists but is not implemented.
As such it breaks our device initialisation detection.

Disabled by default, but can be enabled with ./configure --with-udev
2020-06-11 11:35:20 +01:00
Roy Marples
7cb1e26d9e privsep: control proxy is no longer optional
It's required for pledge.
It *could* be optional for capsicum but I'd like to try and
keep the sandboxing the same for now.
2020-06-10 04:57:02 +01:00
Roy Marples
bc4a5e852a privsep: Implement a resource limited sandbox
For systems without Capsicum or Pledge we can create a resource
limited sandbox provided that either ppoll(2) or works with
RLIMIT_NOFILES set to zero.

As far as dhcpcd is concerned, that means Linux and Solaris
won't work with this, but NetBSD and DragonFlyBSD will.

To achieve this, a special control proxy process will be spawned
just to accept new connections over the control socket because
this *cannot* be limited by RLIMIT_NOFILES.
2020-06-09 18:25:18 +01:00
Roy Marples
2f16f1f624 eloop: Just use ppoll(2)
epoll and kqueue are really too heavy weight.
With privsep, we now favour more processes for BPF and per address sockets.
As such, the number of fds to monitor will always be quite small.

All modern OS now have ppoll(2) (NetBSD has pollts, which is the same)
which works perfectly for us.
If neither are present, the a wrapper around pselect(2) is provided,
which can be found on all POSIX systems.

This makes the code a lot smaller and easier to follow.
The reduced binary size and memory usage is a nice win here.
2020-06-03 23:30:08 +01:00
Roy Marples
e322db4915 For systems without open_memstream(3) warn that /tmp needs to exit
Inside the privsep users home directory.
2020-05-27 15:52:01 +00:00
Roy Marples
12b0db43b2 privsep: Allow Linux to work without needing any mounts 2020-05-24 05:47:14 +00:00
Roy Marples
b51f785d92 privsep: Just ensure default user has a home directory 2020-05-12 11:32:22 +01:00
Roy Marples
a9671ceddf privsep: No longer need the chrootdir configure option.
As we work with an empty chroot directory.
2020-05-12 11:23:03 +01:00
Roy Marples
8ec63e6a62 privsep: Implement pledge(2) support as found on OpenBSD 2020-05-10 16:09:54 +01:00
Roy Marples
08958eaee7 privsep: Enable capsicum for network facing processes
All fd's in network facing processes are fully limited.
Capability mode is only enabled for BPF processes because
it's too restrictive otherwise - the reasons are noted
in the commit.
2020-05-07 20:57:22 +01:00
Roy Marples
5a3fd90a17 privsep: Allow a blank string to force privsep users home directory
So FreeBSD users can set it like other OS's if they so choose.
2020-05-05 17:55:10 +01:00
Roy Marples
cc4dd2f134 privsep: Document any overridden chroot directory. 2020-05-05 17:34:54 +01:00
Roy Marples
1ad6c18f3e Log chrootdir set. 2020-05-04 16:32:37 +01:00
Roy Marples
c721907901 privsep: allow --chrootdir= to configure a default chroot directory 2020-04-30 21:26:16 +01:00
Roy Marples
cc2d257183 privsep: Add --chroot configurable
Overrides the directory to chroot to away from the privilege separation
users home directory.
2020-04-30 21:13:45 +01:00
Roy Marples
219bb4da4f configure: Set a blank default hostname for non Linux
Wups, I was debugging.
2020-04-16 23:26:49 +01:00
Roy Marples
fa54fc1687 privsep: Detect a suitable user for dhcpcd, otherwise use dhcpcd
System users generally have _ preceeding their username.
Only use this user if it exists and their home dir is not /var/empty.
Otherwise default to using dhcpcd.
2020-04-05 16:44:32 +01:00
Roy Marples
0227431cc8 Revert "privsep: default to using _dhcpcd and not _dhcp"
This reverts commit 36c47a8df0.
2020-04-05 15:52:50 +01:00
Roy Marples
a942a2622e privsep: default to using _dhcpcd and not _dhcp
_dhcp home dir defaults to /var/empty.
System integrators can and should be in charge of changing it when needed.
Packagers on the other hand don't have such a luxury and so should not
use _dhcp by default.
2020-04-10 10:17:38 +01:00
Roy Marples
fc6c3b857a dhcpcd: disable address sanitization by default
As recent production kernels ship with ASLR by default which
stops dhcpcd running dead when this is enabled.
We dont want to break a systems boot, so force it via configure.
2020-03-31 20:21:58 +01:00
Roy Marples
61be15b48f linux: the default hostname is (none)
It's blank for the BSD's.
Respect this when relinquishing the hostname.
2020-03-31 19:45:17 +01:00
Roy Marples
64f3b7cf2c another typo 2020-02-10 14:35:08 +00:00