svn commit: r301705 - head/contrib/tcpdump

Wed, 08 Jun 2016 16:23:22 -0700 

Author: oshogbo
Date: Wed Jun  8 23:22:59 2016
New Revision: 301705
URL: https://svnweb.freebsd.org/changeset/base/301705

Log:
  The code responsible for opening and rotating pcap files is independent
  of Capser and should use openat(2) unconditionally on FreeBSD.
  openat(2) is mandatory when sandboxed with Capsicum, but still works
  in the absence of Capsicum.
  
  Reviewed by:  AllanJude

Modified:
  head/contrib/tcpdump/tcpdump.c

Modified: head/contrib/tcpdump/tcpdump.c
==============================================================================
--- head/contrib/tcpdump/tcpdump.c      Wed Jun  8 23:17:30 2016        
(r301704)
+++ head/contrib/tcpdump/tcpdump.c      Wed Jun  8 23:22:59 2016        
(r301705)
@@ -86,6 +86,7 @@ extern int SIZE_BUF;
 #ifdef __FreeBSD__
 #include <sys/capsicum.h>
 #include <sys/sysctl.h>
+#include <libgen.h>
 #endif /* __FreeBSD__ */
 #ifdef HAVE_CASPER
 #include <libcasper.h>
@@ -95,7 +96,6 @@ extern int SIZE_BUF;
 #include <sys/ioccom.h>
 #include <net/bpf.h>
 #include <fcntl.h>
-#include <libgen.h>
 #endif /* HAVE_CASPER */
 #include <pcap.h>
 #include <signal.h>
@@ -484,7 +484,7 @@ struct dump_info {
        char    *CurrentFileName;
        pcap_t  *pd;
        pcap_dumper_t *p;
-#ifdef HAVE_CASPER
+#ifdef __FreeBSD__
        int     dirfd;
 #endif
 };
@@ -967,7 +967,7 @@ tstamp_precision_to_string(int precision
 }
 #endif
 
-#ifdef HAVE_CASPER
+#ifdef __FreeBSD__
 /*
  * Ensure that, on a dump file's descriptor, we have all the rights
  * necessary to make the standard I/O library work with an fdopen()ed
@@ -1067,9 +1067,9 @@ main(int argc, char **argv)
 #endif
        int status;
        FILE *VFile;
-#ifdef HAVE_CASPER
+#ifdef __FreeBSD__
        cap_rights_t rights;
-#endif /* HAVE_CASPER */
+#endif /* !__FreeBSD__ */
        int cansandbox;
 
 #ifdef WIN32
@@ -1968,11 +1968,11 @@ main(int argc, char **argv)
 #endif /* HAVE_LIBCAP_NG */
                if (p == NULL)
                        error("%s", pcap_geterr(pd));
-#ifdef HAVE_CASPER
+#ifdef __FreeBSD__
                set_dumper_capsicum_rights(p);
 #endif
                if (Cflag != 0 || Gflag != 0) {
-#ifdef HAVE_CASPER
+#ifdef __FreeBSD__
                        dumpinfo.WFileName = strdup(basename(WFileName));
                        dumpinfo.dirfd = open(dirname(WFileName),
                            O_DIRECTORY | O_RDONLY);
@@ -1990,7 +1990,7 @@ main(int argc, char **argv)
                            errno != ENOSYS) {
                                error("unable to limit dump descriptor fcntls");
                        }
-#else  /* !HAVE_CASPER */
+#else  /* !__FreeBSD__ */
                        dumpinfo.WFileName = WFileName;
 #endif
                        callback = dump_packet_and_trunc;
@@ -2325,7 +2325,7 @@ dump_packet_and_trunc(u_char *user, cons
 
                /* If the time is greater than the specified window, rotate */
                if (t - Gflag_time >= Gflag) {
-#ifdef HAVE_CASPER
+#ifdef __FreeBSD__
                        FILE *fp;
                        int fd;
 #endif
@@ -2383,7 +2383,7 @@ dump_packet_and_trunc(u_char *user, cons
                        capng_update(CAPNG_ADD, CAPNG_EFFECTIVE, 
CAP_DAC_OVERRIDE);
                        capng_apply(CAPNG_SELECT_BOTH);
 #endif /* HAVE_LIBCAP_NG */
-#ifdef HAVE_CASPER
+#ifdef __FreeBSD__
                        fd = openat(dump_info->dirfd,
                            dump_info->CurrentFileName,
                            O_CREAT | O_WRONLY | O_TRUNC, 0644);
@@ -2397,7 +2397,7 @@ dump_packet_and_trunc(u_char *user, cons
                                    dump_info->CurrentFileName);
                        }
                        dump_info->p = pcap_dump_fopen(dump_info->pd, fp);
-#else  /* !HAVE_CASPER */
+#else  /* !__FreeBSD__ */
                        dump_info->p = pcap_dump_open(dump_info->pd, 
dump_info->CurrentFileName);
 #endif
 #ifdef HAVE_LIBCAP_NG
@@ -2406,7 +2406,7 @@ dump_packet_and_trunc(u_char *user, cons
 #endif /* HAVE_LIBCAP_NG */
                        if (dump_info->p == NULL)
                                error("%s", pcap_geterr(pd));
-#ifdef HAVE_CASPER
+#ifdef __FreeBSD__
                        set_dumper_capsicum_rights(dump_info->p);
 #endif
                }
@@ -2423,7 +2423,7 @@ dump_packet_and_trunc(u_char *user, cons
                if (size == -1)
                        error("ftell fails on output file");
                if (size > Cflag) {
-#ifdef HAVE_CASPER
+#ifdef __FreeBSD__
                        FILE *fp;
                        int fd;
 #endif
@@ -2455,7 +2455,7 @@ dump_packet_and_trunc(u_char *user, cons
                        capng_update(CAPNG_ADD, CAPNG_EFFECTIVE, 
CAP_DAC_OVERRIDE);
                        capng_apply(CAPNG_SELECT_BOTH);
 #endif /* HAVE_LIBCAP_NG */
-#ifdef HAVE_CASPER
+#ifdef __FreeBSD__
                        fd = openat(dump_info->dirfd, 
dump_info->CurrentFileName,
                            O_CREAT | O_WRONLY | O_TRUNC, 0644);
                        if (fd < 0) {
@@ -2468,7 +2468,7 @@ dump_packet_and_trunc(u_char *user, cons
                                    dump_info->CurrentFileName);
                        }
                        dump_info->p = pcap_dump_fopen(dump_info->pd, fp);
-#else  /* !HAVE_CASPER */
+#else  /* !__FreeBSD__ */
                        dump_info->p = pcap_dump_open(dump_info->pd, 
dump_info->CurrentFileName);
 #endif
 #ifdef HAVE_LIBCAP_NG
@@ -2477,7 +2477,7 @@ dump_packet_and_trunc(u_char *user, cons
 #endif /* HAVE_LIBCAP_NG */
                        if (dump_info->p == NULL)
                                error("%s", pcap_geterr(pd));
-#ifdef HAVE_CASPER
+#ifdef __FreeBSD__
                        set_dumper_capsicum_rights(dump_info->p);
 #endif
                }
_______________________________________________
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

Reply via email to