Remove the internal privsep "getline" code, which was passing lines over
the socketpair, this was used previously to load the pf.os fingerprints
for the unpriv process, replaced by explicit descriptor passing.
-Bryan.
diff -Nru tcpdump_orig/privsep.c tcpdump/privsep.c
--- usr.sbin/tcpdump/privsep.c Tue Sep 19 13:24:17 2017
+++ usr.sbin/tcpdump/privsep.c Tue Sep 19 13:25:33 2017
@@ -78,8 +78,8 @@
ALLOW(PRIV_GETPROTOENTRIES) |
ALLOW(PRIV_ETHER_NTOHOST) | ALLOW(PRIV_INIT_DONE),
/* RUN */ ALLOW(PRIV_GETHOSTBYADDR) | ALLOW(PRIV_ETHER_NTOHOST) |
- ALLOW(PRIV_GETRPCBYNUMBER) | ALLOW(PRIV_GETLINES) |
- ALLOW(PRIV_LOCALTIME) | ALLOW(PRIV_PCAP_STATS),
+ ALLOW(PRIV_GETRPCBYNUMBER) | ALLOW(PRIV_LOCALTIME) |
+ ALLOW(PRIV_PCAP_STATS),
/* EXIT */ 0
};
@@ -91,21 +91,10 @@
/* INIT */ ALLOW(PRIV_SETFILTER),
/* BPF */ ALLOW(PRIV_SETFILTER),
/* FILTER */ ALLOW(PRIV_GETSERVENTRIES),
- /* RUN */ ALLOW(PRIV_GETLINES) | ALLOW(PRIV_LOCALTIME) |
- ALLOW(PRIV_PCAP_STATS),
+ /* RUN */ ALLOW(PRIV_LOCALTIME) | ALLOW(PRIV_PCAP_STATS),
/* EXIT */ 0
};
-struct ftab {
- char *name;
- int max;
- int count;
-};
-
-static struct ftab file_table[] = {{PF_OSFP_FILE, 1, 0}};
-
-#define NUM_FILETAB (sizeof(file_table) / sizeof(struct ftab))
-
int debug_level = LOG_INFO;
int priv_fd = -1;
volatile pid_t child_pid = -1;
@@ -125,7 +114,6 @@
static void impl_getserventries(int);
static void impl_getprotoentries(int);
static void impl_localtime(int fd);
-static void impl_getlines(int);
static void impl_pcap_stats(int, int *);
static void test_state(int, int);
@@ -345,10 +333,6 @@
test_state(cmd, STATE_RUN);
impl_localtime(sock);
break;
- case PRIV_GETLINES:
- test_state(cmd, STATE_RUN);
- impl_getlines(sock);
- break;
case PRIV_PCAP_STATS:
test_state(cmd, STATE_RUN);
impl_pcap_stats(sock, &bpfd);
@@ -595,55 +579,6 @@
}
static void
-impl_getlines(int fd)
-{
- FILE *fp;
- char *buf, *lbuf, *file;
- size_t len, fid;
-
- logmsg(LOG_DEBUG, "[priv]: msg PRIV_GETLINES received");
-
- must_read(fd, &fid, sizeof(size_t));
- if (fid >= NUM_FILETAB)
- errx(1, "invalid file id");
-
- file = file_table[fid].name;
-
- if (file == NULL)
- errx(1, "invalid file referenced");
-
- if (file_table[fid].count >= file_table[fid].max)
- errx(1, "maximum open count exceeded for %s", file);
-
- file_table[fid].count++;
-
- if ((fp = fopen(file, "r")) == NULL) {
- write_zero(fd);
- return;
- }
-
- lbuf = NULL;
- while ((buf = fgetln(fp, &len))) {
- if (buf[len - 1] == '\n')
- buf[len - 1] = '\0';
- else {
- if ((lbuf = malloc(len + 1)) == NULL)
- err(1, NULL);
- memcpy(lbuf, buf, len);
- lbuf[len] = '\0';
- buf = lbuf;
- }
-
- write_string(fd, buf);
-
- free(lbuf);
- lbuf = NULL;
- }
- write_zero(fd);
- fclose(fp);
-}
-
-static void
impl_pcap_stats(int fd, int *bpfd)
{
struct pcap_stat stats;
@@ -804,17 +739,6 @@
return <
}
-/* start getting lines from a file */
-void
-priv_getlines(size_t sz)
-{
- if (priv_fd < 0)
- errx(1, "%s called from privileged portion", __func__);
-
- write_command(priv_fd, PRIV_GETLINES);
- must_write(priv_fd, &sz, sizeof(size_t));
-}
-
int
priv_pcap_stats(struct pcap_stat *ps)
{
@@ -824,18 +748,6 @@
write_command(priv_fd, PRIV_PCAP_STATS);
must_read(priv_fd, ps, sizeof(*ps));
return (0);
-}
-
-/* retrieve a line from a file, should be called repeatedly after calling
- priv_getlines(), until it returns zero. */
-size_t
-priv_getline(char *line, size_t line_len)
-{
- if (priv_fd < 0)
- errx(1, "%s called from privileged portion", __func__);
-
- /* read the line */
- return (read_string(priv_fd, line, line_len, __func__));
}
int
diff -Nru tcpdump_orig/privsep.h tcpdump/privsep.h
--- usr.sbin/tcpdump/privsep.h Tue Sep 19 13:24:17 2017
+++ usr.sbin/tcpdump/privsep.h Tue Sep 19 13:25:59 2017
@@ -21,9 +21,6 @@
#define TCPDUMP_MAGIC 0xa1b2c3d4
-/* file ids used by priv_getlines */
-#define FTAB_PFOSFP 0
-
enum cmd_types {
PRIV_OPEN_BPF, /* open a bpf descriptor */
PRIV_OPEN_DUMP, /* open dump file for reading */
@@ -36,7 +33,6 @@
PRIV_GETSERVENTRIES, /* get the service entries table */
PRIV_GETPROTOENTRIES, /* get the ip protocol entries table */
PRIV_LOCALTIME, /* return localtime */
- PRIV_GETLINES, /* get lines from a file */
PRIV_INIT_DONE, /* signal that the initialization is done */
PRIV_PCAP_STATS /* get pcap_stats() results */
};
@@ -75,13 +71,6 @@
/* Retrieve a single protocol entry, should be called repeatedly after
calling priv_getprotoentries() until it returns zero */
size_t priv_getprotoentry(char *, size_t, int *);
-
-/* Start getting lines from a file */
-void priv_getlines(size_t);
-
-/* Retrieve a single line from a file, should be called repeatedly after
- calling priv_getlines() until it returns zero */
-size_t priv_getline(char *, size_t);
/* Retrieve pf.os(5) fingerprints file descriptor */
int priv_open_pfosfp();
