1 /* SPDX-License-Identifier: BSD-2-Clause */
3 * Privilege Separation for dhcpcd
4 * Copyright (c) 2006-2020 Roy Marples <roy@marples.name>
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
17 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
20 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30 * The current design is this:
31 * Spawn a priv process to carry out privileged actions and
32 * spawning unpriv process to initate network connections such as BPF
33 * or address specific listener.
34 * Spawn an unpriv process to send/receive common network data.
35 * Then drop all privs and start running.
36 * Every process aside from the privileged actioneer is chrooted.
37 * All privsep processes ignore signals - only the master process accepts them.
39 * dhcpcd will maintain the config file in the chroot, no need to handle
40 * this in a script or something.
43 #include <sys/resource.h>
44 #include <sys/socket.h>
46 #include <sys/types.h>
50 #include <net/if_dl.h>
59 #include <stddef.h> /* For offsetof, struct padding debug */
77 #include <sys/capsicum.h>
78 #include <capsicum_helpers.h>
85 ps_init(struct dhcpcd_ctx
*ctx
)
91 if ((ctx
->ps_user
= pw
= getpwnam(PRIVSEP_USER
)) == NULL
) {
92 ctx
->options
&= ~DHCPCD_PRIVSEP
;
94 logerrx("no such user %s", PRIVSEP_USER
);
95 /* Just incase logerrx caused an error... */
102 if (stat(pw
->pw_dir
, &st
) == -1 || !S_ISDIR(st
.st_mode
)) {
103 ctx
->options
&= ~DHCPCD_PRIVSEP
;
104 logerrx("refusing chroot: %s: %s",
105 PRIVSEP_USER
, pw
->pw_dir
);
110 ctx
->options
|= DHCPCD_PRIVSEP
;
115 ps_dropprivs(struct dhcpcd_ctx
*ctx
)
117 struct passwd
*pw
= ctx
->ps_user
;
119 if (ctx
->options
& DHCPCD_LAUNCHER
)
120 logdebugx("chrooting as %s to %s", pw
->pw_name
, pw
->pw_dir
);
121 if (chroot(pw
->pw_dir
) == -1 &&
122 (errno
!= EPERM
|| ctx
->options
& DHCPCD_FORKED
))
123 logerr("%s: chroot: %s", __func__
, pw
->pw_dir
);
124 if (chdir("/") == -1)
125 logerr("%s: chdir: /", __func__
);
127 if ((setgroups(1, &pw
->pw_gid
) == -1 ||
128 setgid(pw
->pw_gid
) == -1 ||
129 setuid(pw
->pw_uid
) == -1) &&
130 (errno
!= EPERM
|| ctx
->options
& DHCPCD_FORKED
))
132 logerr("failed to drop privileges");
136 struct rlimit rzero
= { .rlim_cur
= 0, .rlim_max
= 0 };
138 if (ctx
->ps_control_pid
!= getpid()) {
139 /* Prohibit new files, sockets, etc */
140 #if defined(__linux__) || defined(__sun) || defined(__OpenBSD__)
142 * If poll(2) is called with nfds > RLIMIT_NOFILE
143 * then it returns EINVAL.
145 * Do the best we can and limit to what we need.
146 * An attacker could potentially close a file and
147 * open a new one still, but that cannot be helped.
150 maxfd
= (unsigned long)eloop_event_count(ctx
->eloop
);
151 if (IN_PRIVSEP_SE(ctx
))
152 maxfd
++; /* XXX why? */
154 struct rlimit rmaxfd
= {
158 if (setrlimit(RLIMIT_NOFILE
, &rmaxfd
) == -1)
159 logerr("setrlimit RLIMIT_NOFILE");
161 if (setrlimit(RLIMIT_NOFILE
, &rzero
) == -1)
162 logerr("setrlimit RLIMIT_NOFILE");
166 #define DHC_NOCHKIO (DHCPCD_STARTED | DHCPCD_DAEMONISE)
167 /* Prohibit writing to files.
168 * Obviously this won't work if we are using a logfile
169 * or redirecting stderr to a file. */
170 if ((ctx
->options
& DHC_NOCHKIO
) == DHC_NOCHKIO
||
171 (ctx
->logfile
== NULL
&&
172 (!ctx
->stderr_valid
|| isatty(STDERR_FILENO
) == 1)))
174 if (setrlimit(RLIMIT_FSIZE
, &rzero
) == -1)
175 logerr("setrlimit RLIMIT_FSIZE");
180 if (setrlimit(RLIMIT_NPROC
, &rzero
) == -1)
181 logerr("setrlimit RLIMIT_NPROC");
188 ps_setbuf0(int fd
, int ctl
, int minlen
)
194 if (getsockopt(fd
, SOL_SOCKET
, ctl
, &len
, &slen
) == -1)
203 return setsockopt(fd
, SOL_SOCKET
, ctl
, &minlen
, sizeof(minlen
));
209 /* Ensure we can receive a fully sized privsep message.
210 * Double the send buffer. */
211 int minlen
= (int)sizeof(struct ps_msg
);
213 if (ps_setbuf0(fd
, SO_RCVBUF
, minlen
) == -1 ||
214 ps_setbuf0(fd
, SO_SNDBUF
, minlen
* 2) == -1)
223 ps_setbuf_fdpair(int fd
[])
226 if (ps_setbuf(fd
[0]) == -1 || ps_setbuf(fd
[1]) == -1)
231 #ifdef PRIVSEP_RIGHTS
233 ps_rights_limit_ioctl(int fd
)
237 cap_rights_init(&rights
, CAP_IOCTL
);
238 if (cap_rights_limit(fd
, &rights
) == -1 && errno
!= ENOSYS
)
244 ps_rights_limit_fd_fctnl(int fd
)
248 cap_rights_init(&rights
, CAP_READ
, CAP_WRITE
, CAP_EVENT
,
249 CAP_ACCEPT
, CAP_FCNTL
);
250 if (cap_rights_limit(fd
, &rights
) == -1 && errno
!= ENOSYS
)
256 ps_rights_limit_fd(int fd
)
260 cap_rights_init(&rights
, CAP_READ
, CAP_WRITE
, CAP_EVENT
, CAP_SHUTDOWN
);
261 if (cap_rights_limit(fd
, &rights
) == -1 && errno
!= ENOSYS
)
267 ps_rights_limit_fd_sockopt(int fd
)
271 cap_rights_init(&rights
, CAP_READ
, CAP_WRITE
, CAP_EVENT
,
272 CAP_GETSOCKOPT
, CAP_SETSOCKOPT
);
273 if (cap_rights_limit(fd
, &rights
) == -1 && errno
!= ENOSYS
)
279 ps_rights_limit_fd_rdonly(int fd
)
283 cap_rights_init(&rights
, CAP_READ
, CAP_EVENT
);
284 if (cap_rights_limit(fd
, &rights
) == -1 && errno
!= ENOSYS
)
290 ps_rights_limit_fdpair(int fd
[])
293 if (ps_rights_limit_fd(fd
[0]) == -1 || ps_rights_limit_fd(fd
[1]) == -1)
299 ps_rights_limit_stdio(struct dhcpcd_ctx
*ctx
)
301 const int iebadf
= CAPH_IGNORE_EBADF
;
304 if (ctx
->stdin_valid
&&
305 caph_limit_stream(STDIN_FILENO
, CAPH_READ
| iebadf
) == -1)
307 if (ctx
->stdout_valid
&&
308 caph_limit_stream(STDOUT_FILENO
, CAPH_WRITE
| iebadf
) == -1)
310 if (ctx
->stderr_valid
&&
311 caph_limit_stream(STDERR_FILENO
, CAPH_WRITE
| iebadf
) == -1)
319 ps_dostart(struct dhcpcd_ctx
*ctx
,
320 pid_t
*priv_pid
, int *priv_fd
,
321 void (*recv_msg
)(void *), void (*recv_unpriv_msg
),
322 void *recv_ctx
, int (*callback
)(void *), void (*signal_cb
)(int, void *),
328 if (xsocketpair(AF_UNIX
, SOCK_DGRAM
| SOCK_CXNB
, 0, fd
) == -1) {
329 logerr("%s: socketpair", __func__
);
332 if (ps_setbuf_fdpair(fd
) == -1) {
333 logerr("%s: ps_setbuf_fdpair", __func__
);
336 #ifdef PRIVSEP_RIGHTS
337 if (ps_rights_limit_fdpair(fd
) == -1) {
338 logerr("%s: ps_rights_limit_fdpair", __func__
);
343 switch (pid
= fork()) {
355 if (recv_unpriv_msg
== NULL
)
357 else if (eloop_event_add(ctx
->eloop
, *priv_fd
,
358 recv_unpriv_msg
, recv_ctx
) == -1)
360 logerr("%s: eloop_event_add", __func__
);
366 ctx
->options
|= DHCPCD_FORKED
;
367 if (ctx
->fork_fd
!= -1) {
372 eloop_clear(ctx
->eloop
);
374 /* We are not root */
375 if (priv_fd
!= &ctx
->ps_root_fd
) {
376 ps_freeprocesses(ctx
, recv_ctx
);
377 if (ctx
->ps_root_fd
!= -1) {
378 close(ctx
->ps_root_fd
);
379 ctx
->ps_root_fd
= -1;
382 #ifdef PRIVSEP_RIGHTS
383 /* We cannot limit the root process in any way. */
384 if (ps_rights_limit_stdio(ctx
) == -1) {
385 logerr("ps_rights_limit_stdio");
391 if (priv_fd
!= &ctx
->ps_inet_fd
&& ctx
->ps_inet_fd
!= -1) {
392 close(ctx
->ps_inet_fd
);
393 ctx
->ps_inet_fd
= -1;
396 eloop_signal_set_cb(ctx
->eloop
,
397 dhcpcd_signals
, dhcpcd_signals_len
, signal_cb
, ctx
);
399 /* ctx->sigset aready has the initial sigmask set in main() */
400 if (eloop_signal_mask(ctx
->eloop
, NULL
) == -1) {
401 logerr("%s: eloop_signal_mask", __func__
);
405 if (eloop_event_add(ctx
->eloop
, *priv_fd
, recv_msg
, recv_ctx
) == -1)
407 logerr("%s: eloop_event_add", __func__
);
411 if (callback(recv_ctx
) == -1)
414 if (flags
& PSF_DROPPRIVS
)
420 /* Failure to start root or inet processes is fatal. */
421 if (priv_fd
== &ctx
->ps_root_fd
|| priv_fd
== &ctx
->ps_inet_fd
)
422 (void)ps_sendcmd(ctx
, *priv_fd
, PS_STOP
, 0, NULL
, 0);
423 shutdown(*priv_fd
, SHUT_RDWR
);
425 eloop_exit(ctx
->eloop
, EXIT_FAILURE
);
430 ps_dostop(struct dhcpcd_ctx
*ctx
, pid_t
*pid
, int *fd
)
435 logdebugx("%s: pid=%d fd=%d", __func__
, *pid
, *fd
);
439 eloop_event_delete(ctx
->eloop
, *fd
);
440 if (ps_sendcmd(ctx
, *fd
, PS_STOP
, 0, NULL
, 0) == -1) {
444 (void)shutdown(*fd
, SHUT_RDWR
);
449 /* Don't wait for the process as it may not respond to the shutdown
450 * request. We'll reap the process on receipt of SIGCHLD. */
456 ps_start(struct dhcpcd_ctx
*ctx
)
460 TAILQ_INIT(&ctx
->ps_processes
);
462 switch (pid
= ps_root_start(ctx
)) {
464 logerr("ps_root_start");
469 logdebugx("spawned privileged actioneer on PID %d", pid
);
472 /* No point in spawning the generic network listener if we're
473 * not going to use it. */
474 if (!ps_inet_canstart(ctx
))
477 switch (pid
= ps_inet_start(ctx
)) {
483 logdebugx("spawned network proxy on PID %d", pid
);
487 if (!(ctx
->options
& DHCPCD_TEST
)) {
488 switch (pid
= ps_ctl_start(ctx
)) {
494 logdebugx("spawned controller proxy on PID %d", pid
);
499 /* Seed the random number generator early incase it needs /dev/urandom
500 * which won't be available in the chroot. */
508 ps_entersandbox(const char *_pledge
, const char **sandbox
)
511 #if !defined(HAVE_PLEDGE)
515 #if defined(HAVE_CAPSICUM)
517 *sandbox
= "capsicum";
519 #elif defined(HAVE_PLEDGE)
522 return pledge(_pledge
, NULL
);
523 #elif defined(HAVE_SECCOMP)
525 *sandbox
= "seccomp";
526 return ps_seccomp_enter();
529 *sandbox
= "posix resource limited";
535 ps_mastersandbox(struct dhcpcd_ctx
*ctx
, const char *_pledge
)
537 const char *sandbox
= NULL
;
541 forked
= ctx
->options
& DHCPCD_FORKED
;
542 ctx
->options
&= ~DHCPCD_FORKED
;
543 dropped
= ps_dropprivs(ctx
);
545 ctx
->options
|= DHCPCD_FORKED
;
548 * If we don't have a root process, we cannot use syslog.
549 * If it cannot be opened before chrooting then syslog(3) will fail.
550 * openlog(3) does not return an error which doubly sucks.
552 if (ctx
->ps_root_fd
== -1) {
553 unsigned int logopts
= loggetopts();
555 logopts
&= ~LOGERR_LOG
;
560 logerr("%s: ps_dropprivs", __func__
);
564 #ifdef PRIVSEP_RIGHTS
565 if ((ctx
->pf_inet_fd
!= -1 &&
566 ps_rights_limit_ioctl(ctx
->pf_inet_fd
) == -1) ||
567 ps_rights_limit_stdio(ctx
) == -1)
569 logerr("%s: cap_rights_limit", __func__
);
576 if (ps_entersandbox(_pledge
, &sandbox
) == -1) {
577 if (errno
== ENOSYS
) {
579 logwarnx("sandbox unavailable: %s", sandbox
);
582 logerr("%s: %s", __func__
, sandbox
);
584 } else if (ctx
->options
& DHCPCD_LAUNCHER
)
585 logdebugx("sandbox: %s", sandbox
);
590 ps_stop(struct dhcpcd_ctx
*ctx
)
594 if (!(ctx
->options
& DHCPCD_PRIVSEP
) ||
595 ctx
->options
& DHCPCD_FORKED
||
599 r
= ps_ctl_stop(ctx
);
603 r
= ps_inet_stop(ctx
);
607 /* We've been chrooted, so we need to tell the
608 * privileged actioneer to remove the pidfile. */
609 ps_root_unlink(ctx
, ctx
->pidfile
);
611 r
= ps_root_stop(ctx
);
615 ctx
->options
&= ~DHCPCD_PRIVSEP
;
620 ps_freeprocess(struct ps_process
*psp
)
623 TAILQ_REMOVE(&psp
->psp_ctx
->ps_processes
, psp
, next
);
624 if (psp
->psp_fd
!= -1) {
625 eloop_event_delete(psp
->psp_ctx
->eloop
, psp
->psp_fd
);
628 if (psp
->psp_work_fd
!= -1) {
629 eloop_event_delete(psp
->psp_ctx
->eloop
, psp
->psp_work_fd
);
630 close(psp
->psp_work_fd
);
633 if (psp
->psp_bpf
!= NULL
)
634 bpf_close(psp
->psp_bpf
);
640 ps_free(struct dhcpcd_ctx
*ctx
)
642 struct ps_process
*psp
;
643 bool stop
= ctx
->ps_root_pid
== getpid();
645 while ((psp
= TAILQ_FIRST(&ctx
->ps_processes
)) != NULL
) {
647 ps_dostop(ctx
, &psp
->psp_pid
, &psp
->psp_fd
);
653 ps_unrollmsg(struct msghdr
*msg
, struct ps_msghdr
*psm
,
654 const void *data
, size_t len
)
656 uint8_t *datap
, *namep
, *controlp
;
658 namep
= UNCONST(data
);
659 controlp
= namep
+ psm
->ps_namelen
;
660 datap
= controlp
+ psm
->ps_controllen
;
662 if (psm
->ps_namelen
!= 0) {
663 if (psm
->ps_namelen
> len
) {
667 msg
->msg_name
= namep
;
668 len
-= psm
->ps_namelen
;
670 msg
->msg_name
= NULL
;
671 msg
->msg_namelen
= psm
->ps_namelen
;
673 if (psm
->ps_controllen
!= 0) {
674 if (psm
->ps_controllen
> len
) {
678 msg
->msg_control
= controlp
;
679 len
-= psm
->ps_controllen
;
681 msg
->msg_control
= NULL
;
682 msg
->msg_controllen
= psm
->ps_controllen
;
686 msg
->msg_iov
[0].iov_base
= datap
;
687 msg
->msg_iov
[0].iov_len
= len
;
690 msg
->msg_iov
[0].iov_base
= NULL
;
691 msg
->msg_iov
[0].iov_len
= 0;
697 ps_sendpsmmsg(struct dhcpcd_ctx
*ctx
, int fd
,
698 struct ps_msghdr
*psm
, const struct msghdr
*msg
)
700 struct iovec iov
[] = {
701 { .iov_base
= UNCONST(psm
), .iov_len
= sizeof(*psm
) },
702 { .iov_base
= NULL
, }, /* name */
703 { .iov_base
= NULL
, }, /* control */
704 { .iov_base
= NULL
, }, /* payload 1 */
705 { .iov_base
= NULL
, }, /* payload 2 */
706 { .iov_base
= NULL
, }, /* payload 3 */
712 struct iovec
*iovp
= &iov
[1];
715 psm
->ps_namelen
= msg
->msg_namelen
;
716 psm
->ps_controllen
= (socklen_t
)msg
->msg_controllen
;
718 iovp
->iov_base
= msg
->msg_name
;
719 iovp
->iov_len
= msg
->msg_namelen
;
721 iovp
->iov_base
= msg
->msg_control
;
722 iovp
->iov_len
= msg
->msg_controllen
;
725 for (i
= 0; i
< (int)msg
->msg_iovlen
; i
++) {
726 if ((size_t)(iovlen
+ i
) > __arraycount(iov
)) {
731 iovp
->iov_base
= msg
->msg_iov
[i
].iov_base
;
732 iovp
->iov_len
= msg
->msg_iov
[i
].iov_len
;
738 len
= writev(fd
, iov
, iovlen
);
741 if (ctx
->options
& DHCPCD_FORKED
&&
742 !(ctx
->options
& DHCPCD_PRIVSEPROOT
))
743 eloop_exit(ctx
->eloop
, EXIT_FAILURE
);
749 ps_sendpsmdata(struct dhcpcd_ctx
*ctx
, int fd
,
750 struct ps_msghdr
*psm
, const void *data
, size_t len
)
752 struct iovec iov
[] = {
753 { .iov_base
= UNCONST(data
), .iov_len
= len
},
755 struct msghdr msg
= {
756 .msg_iov
= iov
, .msg_iovlen
= 1,
759 return ps_sendpsmmsg(ctx
, fd
, psm
, &msg
);
764 ps_sendmsg(struct dhcpcd_ctx
*ctx
, int fd
, uint16_t cmd
, unsigned long flags
,
765 const struct msghdr
*msg
)
767 struct ps_msghdr psm
= {
770 .ps_namelen
= msg
->msg_namelen
,
771 .ps_controllen
= (socklen_t
)msg
->msg_controllen
,
775 for (i
= 0; i
< (size_t)msg
->msg_iovlen
; i
++)
776 psm
.ps_datalen
+= msg
->msg_iov
[i
].iov_len
;
778 #if 0 /* For debugging structure padding. */
779 logerrx("psa.family %lu %zu", offsetof(struct ps_addr
, psa_family
), sizeof(psm
.ps_id
.psi_addr
.psa_family
));
780 logerrx("psa.pad %lu %zu", offsetof(struct ps_addr
, psa_pad
), sizeof(psm
.ps_id
.psi_addr
.psa_pad
));
781 logerrx("psa.psa_u %lu %zu", offsetof(struct ps_addr
, psa_u
), sizeof(psm
.ps_id
.psi_addr
.psa_u
));
782 logerrx("psa %zu", sizeof(psm
.ps_id
.psi_addr
));
784 logerrx("psi.addr %lu %zu", offsetof(struct ps_id
, psi_addr
), sizeof(psm
.ps_id
.psi_addr
));
785 logerrx("psi.index %lu %zu", offsetof(struct ps_id
, psi_ifindex
), sizeof(psm
.ps_id
.psi_ifindex
));
786 logerrx("psi.cmd %lu %zu", offsetof(struct ps_id
, psi_cmd
), sizeof(psm
.ps_id
.psi_cmd
));
787 logerrx("psi.pad %lu %zu", offsetof(struct ps_id
, psi_pad
), sizeof(psm
.ps_id
.psi_pad
));
788 logerrx("psi %zu", sizeof(struct ps_id
));
790 logerrx("ps_cmd %lu", offsetof(struct ps_msghdr
, ps_cmd
));
791 logerrx("ps_pad %lu %zu", offsetof(struct ps_msghdr
, ps_pad
), sizeof(psm
.ps_pad
));
792 logerrx("ps_flags %lu %zu", offsetof(struct ps_msghdr
, ps_flags
), sizeof(psm
.ps_flags
));
794 logerrx("ps_id %lu %zu", offsetof(struct ps_msghdr
, ps_id
), sizeof(psm
.ps_id
));
796 logerrx("ps_namelen %lu %zu", offsetof(struct ps_msghdr
, ps_namelen
), sizeof(psm
.ps_namelen
));
797 logerrx("ps_controllen %lu %zu", offsetof(struct ps_msghdr
, ps_controllen
), sizeof(psm
.ps_controllen
));
798 logerrx("ps_pad2 %lu %zu", offsetof(struct ps_msghdr
, ps_pad2
), sizeof(psm
.ps_pad2
));
799 logerrx("ps_datalen %lu %zu", offsetof(struct ps_msghdr
, ps_datalen
), sizeof(psm
.ps_datalen
));
800 logerrx("psm %zu", sizeof(psm
));
803 return ps_sendpsmmsg(ctx
, fd
, &psm
, msg
);
807 ps_sendcmd(struct dhcpcd_ctx
*ctx
, int fd
, uint16_t cmd
, unsigned long flags
,
808 const void *data
, size_t len
)
810 struct ps_msghdr psm
= {
814 struct iovec iov
[] = {
815 { .iov_base
= UNCONST(data
), .iov_len
= len
}
817 struct msghdr msg
= {
818 .msg_iov
= iov
, .msg_iovlen
= 1,
821 return ps_sendpsmmsg(ctx
, fd
, &psm
, &msg
);
825 ps_sendcmdmsg(int fd
, uint16_t cmd
, const struct msghdr
*msg
)
827 struct ps_msghdr psm
= { .ps_cmd
= cmd
};
828 uint8_t data
[PS_BUFLEN
], *p
= data
;
829 struct iovec iov
[] = {
830 { .iov_base
= &psm
, .iov_len
= sizeof(psm
) },
831 { .iov_base
= data
, .iov_len
= 0 },
833 size_t dl
= sizeof(data
);
835 if (msg
->msg_namelen
!= 0) {
836 if (msg
->msg_namelen
> dl
)
838 psm
.ps_namelen
= msg
->msg_namelen
;
839 memcpy(p
, msg
->msg_name
, msg
->msg_namelen
);
840 p
+= msg
->msg_namelen
;
841 dl
-= msg
->msg_namelen
;
844 if (msg
->msg_controllen
!= 0) {
845 if (msg
->msg_controllen
> dl
)
847 psm
.ps_controllen
= (socklen_t
)msg
->msg_controllen
;
848 memcpy(p
, msg
->msg_control
, msg
->msg_controllen
);
849 p
+= msg
->msg_controllen
;
850 dl
-= msg
->msg_controllen
;
853 psm
.ps_datalen
= msg
->msg_iov
[0].iov_len
;
854 if (psm
.ps_datalen
> dl
)
857 iov
[1].iov_len
= psm
.ps_namelen
+ psm
.ps_controllen
+ psm
.ps_datalen
;
858 if (psm
.ps_datalen
!= 0)
859 memcpy(p
, msg
->msg_iov
[0].iov_base
, psm
.ps_datalen
);
860 return writev(fd
, iov
, __arraycount(iov
));
868 ps_recvmsg(struct dhcpcd_ctx
*ctx
, int rfd
, uint16_t cmd
, int wfd
)
870 struct sockaddr_storage ss
= { .ss_family
= AF_UNSPEC
};
871 uint8_t controlbuf
[sizeof(struct sockaddr_storage
)] = { 0 };
872 uint8_t databuf
[64 * 1024];
873 struct iovec iov
[] = {
874 { .iov_base
= databuf
, .iov_len
= sizeof(databuf
) }
876 struct msghdr msg
= {
877 .msg_name
= &ss
, .msg_namelen
= sizeof(ss
),
878 .msg_control
= controlbuf
, .msg_controllen
= sizeof(controlbuf
),
879 .msg_iov
= iov
, .msg_iovlen
= 1,
882 ssize_t len
= recvmsg(rfd
, &msg
, 0);
885 logerr("%s: recvmsg", __func__
);
886 if (len
== -1 || len
== 0) {
887 if (ctx
->options
& DHCPCD_FORKED
&&
888 !(ctx
->options
& DHCPCD_PRIVSEPROOT
))
889 eloop_exit(ctx
->eloop
,
890 len
== 0 ? EXIT_SUCCESS
: EXIT_FAILURE
);
894 iov
[0].iov_len
= (size_t)len
;
895 len
= ps_sendcmdmsg(wfd
, cmd
, &msg
);
897 logerr("ps_sendcmdmsg");
898 if (ctx
->options
& DHCPCD_FORKED
&&
899 !(ctx
->options
& DHCPCD_PRIVSEPROOT
))
900 eloop_exit(ctx
->eloop
, EXIT_FAILURE
);
906 ps_recvpsmsg(struct dhcpcd_ctx
*ctx
, int fd
,
907 ssize_t (*callback
)(void *, struct ps_msghdr
*, struct msghdr
*),
914 struct msghdr msg
= { .msg_iov
= iov
, .msg_iovlen
= 1 };
917 len
= read(fd
, &psm
, sizeof(psm
));
919 logdebugx("%s: %zd", __func__
, len
);
922 if (len
== -1 || len
== 0)
926 if (dlen
< sizeof(psm
.psm_hdr
)) {
931 if (psm
.psm_hdr
.ps_cmd
== PS_STOP
) {
939 logdebugx("process %d stopping", getpid());
945 eloop_exit(ctx
->eloop
, len
!= -1 ? EXIT_SUCCESS
: EXIT_FAILURE
);
948 dlen
-= sizeof(psm
.psm_hdr
);
950 if (ps_unrollmsg(&msg
, &psm
.psm_hdr
, psm
.psm_data
, dlen
) == -1)
953 if (callback
== NULL
)
957 return callback(cbctx
, &psm
.psm_hdr
, &msg
);
961 ps_findprocess(struct dhcpcd_ctx
*ctx
, struct ps_id
*psid
)
963 struct ps_process
*psp
;
965 TAILQ_FOREACH(psp
, &ctx
->ps_processes
, next
) {
966 if (memcmp(&psp
->psp_id
, psid
, sizeof(psp
->psp_id
)) == 0)
974 ps_newprocess(struct dhcpcd_ctx
*ctx
, struct ps_id
*psid
)
976 struct ps_process
*psp
;
978 psp
= calloc(1, sizeof(*psp
));
982 memcpy(&psp
->psp_id
, psid
, sizeof(psp
->psp_id
));
983 psp
->psp_work_fd
= -1;
984 TAILQ_INSERT_TAIL(&ctx
->ps_processes
, psp
, next
);
989 ps_freeprocesses(struct dhcpcd_ctx
*ctx
, struct ps_process
*notthis
)
991 struct ps_process
*psp
, *psn
;
993 TAILQ_FOREACH_SAFE(psp
, &ctx
->ps_processes
, next
, psn
) {