Commit Graph

675 Commits

Author SHA1 Message Date
Nicholas J. Kain
e5d9f4acf2 Move nl_sendgetlink() to nl.c. 2014-03-14 23:54:21 -04:00
Nicholas J. Kain
180ee36626 Update plain Makefile and README. 2014-03-14 23:51:11 -04:00
Nicholas J. Kain
8faae4a0fd Check that the return message type is not NLMSG_ERROR when setting
the ip and broadcast addresses.
2014-03-14 23:28:56 -04:00
Nicholas J. Kain
6a9e8c5a57 Disable seccomp-filter unless ENABLE_SECCOMP_FILTER is defined.
It is very likely to fail on untested architectures.  I can only test it
adequately on x64.
2014-03-14 23:24:22 -04:00
Nicholas J. Kain
3af0a7824d subnet4_to_prefixlen() should use ntohl(). 2014-03-14 23:22:23 -04:00
Nicholas J. Kain
b6444fa806 Don't strip the generated executables by default. 2014-03-14 20:49:03 -04:00
Nicholas J. Kain
312884dfc5 When execute_buffer() is passed an invalid command, print the bad command
when logging the error.
2014-03-14 20:48:33 -04:00
Nicholas J. Kain
4afddd471a The getopt_long shortarg string needed a ':' after 'C' as it has a
mandatory argument.
2014-03-14 20:47:57 -04:00
Nicholas J. Kain
fbe6d36b6b Fix the ip4 ragel parser. 2014-03-14 20:46:40 -04:00
Nicholas J. Kain
971c6085d8 ifchd.c: If resolv_conf_fd < 0, it is invalid. -1 is the explicit
uninitialized value, but there is no need to limit the guard to -1.
2014-03-12 20:58:27 -04:00
Nicholas J. Kain
f4a2a487d6 Mark more function prototypes as extern. 2014-03-12 20:55:35 -04:00
Nicholas J. Kain
4feac2ea35 Rename ifchd_cmd_str() to ifchd_cmd_bytes() as it can handle byte
sequences without a terminating nul.
2014-03-12 20:47:39 -04:00
Nicholas J. Kain
73ad3b1419 Mark external function prototypes in state.h as extern. 2014-03-12 20:39:55 -04:00
Nicholas J. Kain
c81e9f9a28 Merge config.h into ndhc.h. 2014-03-12 17:05:43 -04:00
Nicholas J. Kain
84a68001d3 Use a unified epoll_(add|del)().
Also, background() and setup_signals_ndhc() are moved from sys.c to ndhc.c.

background() also no longer attempts to re-configure signals; signals are
always set up on initial ndhc initialization.
2014-03-12 16:51:10 -04:00
Nicholas J. Kain
94a923b00a Clean up and centralize stray external prototypes into headers. 2014-03-12 16:24:02 -04:00
Nicholas J. Kain
2afd963ad0 ifchd.c: resolv_conf_fd can be static. 2014-03-12 16:14:48 -04:00
Nicholas J. Kain
b9a30f0653 Move external definitions of functions in ifchd.c to ifchd.h instead of
defining them manually in ndhc.c.
2014-03-12 16:13:47 -04:00
Nicholas J. Kain
9bf79b6034 Update the nk_random calls to use the new re-entrant-safe API. 2014-03-12 15:41:34 -04:00
Nicholas J. Kain
54a7f54a4a Move add_rtattr() from ifset.c to nl.c as nl_add_rtatr(). 2014-03-12 15:25:07 -04:00
Nicholas J. Kain
1222f4f22a Handle sendto() returning EINTR in nl_sendgetlink(), and print if an
error is encountered while performing sendto().
2014-03-12 15:14:40 -04:00
Nicholas J. Kain
b7b353acdc Store the interface index in the client_config before forking off the
subprocesses.  ndhc-ifch can then use the stored interface index when
setting the interface ip/subnet/broadcast via netlink instead of having
to use ioctl to re-fetch the interface index.
2014-03-12 15:07:37 -04:00
Nicholas J. Kain
80f82c2451 options.c: Don't trust the options length field in do_get_dhcp_opt() to
not be longer than the total option length.

A lying field sent by the DHCP server could possibly read data past the end of
the options field in the dhcp packet into the returned options data buffer.

It's hard to see how this could lead to an exploit because the total length
of data read into the options data buffer was indeed properly length-checked
so that it is impossible to overrun the destination buffer.  Thus, this
problem is at worst a read-too-far with no ability to write to unexpected
locations.

The worst possible outcome is a program crash/DoS, depending on memory
layout.  Information disclosure is not an issue because this is on the
path where the consumer of the destination buffer is ndhc, not the remote
DHCP server.
2014-03-12 13:30:55 -04:00
Nicholas J. Kain
765f3de274 Use strncmp rather than strcmp in netlink.c when fetching the interface
MAC address and index.
2014-03-12 13:03:34 -04:00
Nicholas J. Kain
fac6794b6c Handle SIGPIPE and SIGCHLD. 2014-03-12 12:47:39 -04:00
Nicholas J. Kain
be456ddeee Use the ncmlib combined Tausworthe PRNG. 2014-03-12 12:47:04 -04:00
Nicholas J. Kain
c0fc3ed430 Silence the last few new warnings. 2014-03-10 23:00:57 -04:00
Nicholas J. Kain
84b36f0e02 Remove -Wcast-qual. The warnings are not useful on the ndhc code, and
I would effectively end up silencing them via the (uintptr_t) casting
hack.
2014-03-10 22:56:01 -04:00
Nicholas J. Kain
eaa8f2fcb2 Fix warnings for state.c. 2014-03-10 19:44:37 -04:00
Nicholas J. Kain
151ed60de1 Fix warnings in leasefile.c. 2014-03-10 19:42:52 -04:00
Nicholas J. Kain
d18aff8fb0 Fix warnings in ifchd.c. 2014-03-10 19:40:38 -04:00
Nicholas J. Kain
8a3b875119 Fix warnings in ifset.c. 2014-03-10 19:31:46 -04:00
Nicholas J. Kain
eec497adf5 Fix warnings in ifchd-parse.rl. Just needed function prototypes. 2014-03-10 19:29:19 -04:00
Nicholas J. Kain
e5c7493bc8 Fix warnings in arp.c. 2014-03-10 19:25:06 -04:00
Nicholas J. Kain
e7838d542b Fix the remaining signed/unsigned comparison warnings. Nothing stands out
as being dangerous or buggy.
2014-03-10 19:00:08 -04:00
Nicholas J. Kain
e50bd431d6 dhcp.c: handle_packet() calls get_(raw|cooked)_packet(), which returns a
signed value where values <0 are errors and >= 0 are lengths.  Convert
to an unsigned length value if the return is a length.

Further, there is a real bug if get_(raw|cooked)_packet() returns
an error.  handle_packet() should return rather than continuing to validate
the packet.  The packet validation will almost surely fail, and the
negative values of len are constrained to [-1,-2], and the values are
determined by errors that are hard to control, so it is extremely
unlikely that there are any security issues with this bug.

The fix is trivial; the obviously-missing return statement bails out when
there's a problem fetching a packet and ndhc immediately goes back to
listening for another packet.
2014-03-10 18:58:53 -04:00
Nicholas J. Kain
85fcc1e8f0 Use stricter gcc warning flags by default. 2014-03-10 18:34:53 -04:00
Nicholas J. Kain
df0898dfb6 Change the thread name of the various ndhc processes so that they can
be identified via ps/top.
2014-03-10 14:44:12 -04:00
Nicholas J. Kain
47dbf3e24d Rename dhcp-hostname cmdarg to dhcp-set-hostname. 2014-03-10 14:43:37 -04:00
Nicholas J. Kain
94d6b1fb2e The 'ip', 'snet', and 'bcast' commands have been replaced by 'ip4'. Remove
them.
2014-03-10 01:13:38 -04:00
Nicholas J. Kain
a130448d46 Update the README. 2014-03-10 01:09:25 -04:00
Nicholas J. Kain
1824802fb2 Merge ifchd into ndhc. Rather than function as entirely separate daemons,
ndhc will fork off an ifchd child that it will communicate with via
pipes rather than by connecting to a SO_PEERCRED AF_UNIX socket.

The advantages include:

1. Simpler configuration.  Much easier for users and packagers to set up.
2. Drastically less complex code for the ifch functionality.  More code
   is removed than added, and the result is a lot less complex.
3. Potentially better security.  The ifch can only service the parent
   ndhc process, and it is restricted to issuing modifications to
   the single interface that ndhc manages.
4. Less memory used on systems that allow overcommit.

The downsides:

1. Possibly more memory used on systems that run multiple ndhcs and use
   strict commit limits.

At the same time, use netlink rather than ioctls so that the
interface ip, subnet, and broadcast address can be set simultaneously.
This change reduces the netlink notification spam greatly.

The current code builds but isn't yet complete.  Subsequent commits will
flesh things out and polish out some remaining issues.
2014-03-10 00:52:56 -04:00
Nicholas J. Kain
06ff60bb6b Make ndhc use the new 'ip4' ifchd command. 2014-03-09 13:57:37 -04:00
Nicholas J. Kain
c4f09b1a9a Use the standard defines for ipv4 printable address max string length. 2014-03-09 13:51:49 -04:00
Nicholas J. Kain
d7ea5d9b0d Add the 'ip4' command to the ifchd wire protocol. 2014-03-09 12:33:20 -04:00
Nicholas J. Kain
520ba6fd31 Mark function prototypes in ifchd/linux.h as extern.
Update copyright dates and do some cosmetic changes, too.
2014-03-09 12:32:30 -04:00
Nicholas J. Kain
06b65de08c Add a perform_ip_subnet_bcast() function that uses Linux netlink sockets
to set the interface ip, subnet, and broadcast address simultaneously.

The advantage of this approach is that a single netlink notification
will be sent rather than multiple messages as the ip, subnet,
and broadcast address are set one at a time.

Currently this function is not used, as it will require a wire format
change that will be introduced in a subsequent commit.
2014-03-09 09:46:05 -04:00
Nicholas J. Kain
81a9fe1c8e inet_pton() can return 0 or -1 as errors. We wern't likely to see -1
in practice (it's documented to be only emitted when inet_pton is provided
an unrecognized address family), but best to be completely correct.
2014-03-09 09:42:49 -04:00
Nicholas J. Kain
3ef87c1f26 ifchd: Make the command parser much more strict. It now has a concept of
argument types and command types.
2013-05-11 10:59:04 -04:00
Nicholas J. Kain
62d69e1909 Lists of IPs should be comma-separated rather than semicolon or
space-separated.
2013-05-10 13:46:58 -04:00