Roy Marples [Mon, 13 Nov 2023 10:29:58 +0000 (10:29 +0000)]
dhcpcd: Remove stdio callback and detach on daemonise
For some reason, the stdio callback is extremely flaky on
*some* Linux based distributions making it very hard to debug some
things.
Removing it is fine because we now enforce that we have file descriptors
for stdin, stdout and stdrr on launch and dup them to /dev/null on daemonise.
It's also interesting to see behavioural differences between
some socketpair implementations that emit a HANGUP and some don't.
As such, we now close the fork socket on daemonise once more AND
in the fork_cb depending on if we hangup or read zero first.
Roy Marples [Sun, 12 Nov 2023 12:16:53 +0000 (12:16 +0000)]
dhcpcd: Detach from launcher before stopping root process
This fixes non privsep builds where the launcher reports dhcpcd
hungup. Unsure why this happens, but it should not be a problem.
While here, shutdown has no effect on non STREAM sockets and
remove the silly error logging in fork_cb that we read an
error. We already printed the error so this makes no sense.
Roy Marples [Wed, 8 Nov 2023 11:09:52 +0000 (11:09 +0000)]
dhcpcd: Close fork_fd on hangup
Closing it early results in zero length reads in some situations.
Logging that we forked via the launcher process also make more sense
and allows us to use log* functions.
While here, handle error condtions better by forcing a return
rather than handling an invalid state.
Roy Marples [Mon, 23 Oct 2023 14:26:16 +0000 (15:26 +0100)]
compat: test for memset_explicit, explicit_bzero and memset_s
These won't be optimised away by the compiler and our arc4random
compat function should use them *if* available.
If none are then a warning will be emitted to say it's potentially insecure.
Hopefully only uclibc users will see this message.
Roy Marples [Thu, 19 Oct 2023 10:11:05 +0000 (11:11 +0100)]
privsep: Notify processes when dhcpcd has daemonised
This allows us to dup stdout and stderr onto stdin which is
guaranteed to be dupped to /dev/null.
This in turn avoids SIGPIPE when the privileged proccess launches
the script and it wants to write to stdout/stderr or stupidly
read from stdin.
Fabrice Fontaine [Mon, 16 Oct 2023 17:03:41 +0000 (19:03 +0200)]
compat/arc4random.c: use memset instead of explicit_bzero (#252)
Use memset instead of explicit_bzero to avoid the following build
failure with uclibc-ng since version 10.0.3 and
https://github.com/NetworkConfiguration/dhcpcd/commit/837d09e34c487edaa92aa2ae71a630d84c927f8e:
/home/fabrice/buildroot/output/host/lib/gcc/arm-buildroot-linux-uclibcgnueabi/12.3.0/../../../../arm-buildroot-linux-uclibcgnueabi/bin/ld: ../compat/arc4random.o: in function `_rs_stir_if_needed':
arc4random.c:(.text+0x8cc): undefined reference to `explicit_bzero'
musl libc doesn't have __NR_clock_gettime definition,
but has __NR_clock_gettime32. clock_gettime implementation
fallbacks to 32-bit version if 64-bit is not supported by the kernel.
Roy Marples [Wed, 4 Oct 2023 12:03:21 +0000 (13:03 +0100)]
options: introduce the uri option as opposed to a string
Currently we don't attempt to validate a uri given, aside from
not allowing any space characters within.
If the option is `array uri` then the first two bytes are the
length of the uri in network order and the rest is a uri element.
The uri's are space separated for the variable because space is not
allowed within the uri.
This allows us to implement RFC 8572, Secure Zero Touch Provisioning.
Send correct amount of used buffer for prefix exclude option (#250)
The payload of the prefix exclude option was correctly created
but the amount of bytes to send in the DHCPv6 request was
always set to 0 which resulted in an invalid prefix exclude option
This patch fixes this behavior by calculating the correct amount
of bytes to send.
Roy Marples [Mon, 25 Sep 2023 09:34:12 +0000 (10:34 +0100)]
Guard against handling many SIGTERM/SIGINT.
Privsep has a mini-eloop for reading data from other processes.
This mini-eloop processes signals as well so we can reap children.
During teardown we don't want to process SIGTERM or SIGINT again,
as that could trigger memory issues.
Detect libcrypto in configure script. Only fall back
to using libcrypto when /usr libs are allowed and no
other compatible implementation is available or when
--with-openssl is passed explicitly.
Make sure libcrypto and libmd are never linked at the
same time.
Add OpenSSL based SHA256 and HMAC compat shims in
compat/crypt_openssl. Depeding on version and build flags,
libcrypto ships with a compatible SHA256 API in
"openssl/sha.h". OpenSSL 3 has deprecated the SHA API,
so if it is not detected we fall back to an EVP_DIGEST
based version.
Because the API might still be in use in OpenSSL internally,
the compatibility wrappers have a dhcpcd_ prefix to avoid
symbol conflicts.
* Add sha256 tests based on the existing hmac-md5 tests.
When persistent is not specified, dhcpcd de-configures the interface at exit.
However, the default dhcpcd.conf example provided enables the option.
See https://github.com/NetworkConfiguration/dhcpcd/discussions/140
Tobias Heider [Tue, 15 Aug 2023 16:06:48 +0000 (18:06 +0200)]
privsep: fix strlcpy overflow in psp_ifname (#239)
When running our Ubuntu tests with libc6 and strlcpy overflow checks
enabled we found that the wrong size is passed to strlcpy resulting
in a crash because of an overflow.
Roy Marples [Thu, 20 Jul 2023 09:32:26 +0000 (10:32 +0100)]
privsep: Allow diabling of SECCOMP on Linux
This allows a POSIX resource limited sandbox to be used at least
with privilege separation, which is better than just disabling
privilege separation entirely for when SECCOMP stops working due to
libc/kernel changes.
Roy Marples [Wed, 19 Jul 2023 11:42:49 +0000 (12:42 +0100)]
privsep: Send only what we have put in the buffer to script env
Rather then sending the whole buffer size.
If there is an error writing the last option, it may not be
NUL terminated correctly causing an assert.
Even so, we should not write the failed option to the environment
either as it would be a false positive for an empty option.
Roy Marples [Tue, 23 May 2023 21:14:57 +0000 (22:14 +0100)]
Linux: Improve learning IPv6 address flags
Rather than matching addresses during netlink message processing,
extract the local, address and flag parts.
Once done, then match local and address to the address we are
looking for and if equal apply the flags.
Roy Marples [Wed, 26 Apr 2023 13:15:07 +0000 (14:15 +0100)]
BSD: When we get RTM_NEWADDR the interface must have IFF_UP.
This is apparently historic behaviour.
It's not always mirrored in RTM_IFINFO either so we need to
replicate the behaviour if we had got it earlier.
This fixes dhcpcd requiring at least something to set the interface
up before starting on OpenBSD.
Other BSD are less impacted because it's a lot harder to get into
this state as we have more control over setting the IPv6 LL address.
Roy Marples [Thu, 20 Apr 2023 11:00:32 +0000 (12:00 +0100)]
chore: update build system to publish signed github releases
We rely on the GitHub CLI tools to do this.
We publish the compressed source tarball and a detached PGP
signature for it.
We add the SHA256 checksum of the tarball as a note on the release.
Automatic links to the changes are also given.