#
1.25 |
|
18-Jan-2024 |
claudio |
Convert privsep imsg code to use imsg_get_fd().
ok yasuoka
|
Revision tags: OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE OPENBSD_7_0_BASE OPENBSD_7_1_BASE OPENBSD_7_2_BASE OPENBSD_7_3_BASE OPENBSD_7_4_BASE
|
#
1.24 |
|
23-Jan-2020 |
dlg |
allow npppd to use pppac(4) (once i wire it up)
|
Revision tags: OPENBSD_6_2_BASE OPENBSD_6_3_BASE OPENBSD_6_4_BASE OPENBSD_6_5_BASE OPENBSD_6_6_BASE
|
#
1.23 |
|
19-Apr-2017 |
natano |
Switch base tools from /dev/bpf0 to /dev/bpf. Now that /dev/bpf has been around for two releases, it should be safe to do so.
ok bluhm deraadt sthen tb yasuoka
|
Revision tags: OPENBSD_6_0_BASE OPENBSD_6_1_BASE
|
#
1.22 |
|
28-May-2016 |
natano |
Replace the /dev/bpf* open loop with a plain open("/dev/bpf0", ...). ok deraadt jca
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.21 |
|
02-Feb-2016 |
sthen |
Remove setproctitle() for the parent process. Because rc.d(8) uses process titles (including flags) to distinguish between daemons, this makes it possible to manage multiple copies of a daemon using the normal infrastructure by symlinking rc.d scripts to a new name. ok jung@ ajacoutot@, smtpd ok gilles@
|
#
1.20 |
|
05-Dec-2015 |
mmcc |
strings.h -> string.h to prevent an implicit declaration. Also remove a bunch of NULL-checks before free().
|
#
1.19 |
|
05-Dec-2015 |
claudio |
EAGAIN handling for imsg_read. OK henning@ benno@
|
#
1.18 |
|
11-Oct-2015 |
guenther |
Simplify and lock down priv_open(): * kill the 'mode' argument * fail if passed any flags other than O_ACCMODE OR O_NONBLOCK * paranoia: mask O_CREAT when calling open() with only two arguments * instead of using ioctl(FIONBIO) after the fact, pass O_NONBLOCK to priv_open()
"good start" deraadt@ ok yasuoka@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.17 |
|
20-Jul-2015 |
yasuoka |
Add missing initializations in privsep.c
From Yuuichi Someya at IIJ.
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.16 |
|
19-Jan-2015 |
deraadt |
move to <limits.h> universe ok yasuoka
|
#
1.15 |
|
23-Aug-2014 |
doug |
close fd when fdopen fails
ok yasuoka@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.14 |
|
18-Jul-2014 |
yasuoka |
Fix privsep.c. Call missing imsg_free() after imsg_get(). Also add missing #include <net/if.h> to use IFNAMESIZ and replace some strncmp() by startswith().
|
#
1.13 |
|
13-Jul-2014 |
yasuoka |
Some functions need to dup() before sending a socket by imsg and don't need to close() after sending socket since imsg_compose() closes the passing socket.
|
#
1.12 |
|
12-Jul-2014 |
yasuoka |
Fix a potential bug. privsep.c didn't check the interface name correctly if it's pppx.
|
#
1.11 |
|
12-Jul-2014 |
yasuoka |
Fix error in previous.
|
#
1.10 |
|
12-Jul-2014 |
yasuoka |
Use imsg(3) for the IPC between the privileged process and the non-privileged process to be unify the way. Also fix style.
|
Revision tags: OPENBSD_5_3_BASE OPENBSD_5_4_BASE OPENBSD_5_5_BASE
|
#
1.9 |
|
08-Feb-2013 |
yasuoka |
Fix memory leak in privsep.c. Free the memories which were allocated by getcap(3).
|
#
1.8 |
|
31-Jan-2013 |
yasuoka |
Deleting ip address of tun inteface was failed. This was caused by passing wrong inteface name to ioctl().
pointed out by csszep at gmail.com
|
#
1.7 |
|
28-Sep-2012 |
yasuoka |
framed-ip-address and framed-ip-netmask were not working.
pointed out by Andrew Ngo.
|
#
1.6 |
|
18-Sep-2012 |
yasuoka |
New configuration syntax for npppd(8). `npppd.conf' will be based on parse.y and `npppd-users' will be based on getcap(3). Add man pages.
feedback from giovanni
|
Revision tags: OPENBSD_5_2_BASE
|
#
1.5 |
|
08-May-2012 |
yasuoka |
Fix comments and styles. Delete unused variables and labels. No binary changes.
ok mcbride henning
|
Revision tags: OPENBSD_5_1_BASE
|
#
1.4 |
|
18-Jan-2012 |
yasuoka |
Replace npppdctl(8) by new npppctl(8). npppctl was written from scratch, it uses parser.c derived from ikectl(8) to have OpenBSD's fashion. This includes related changes listed below: - changed npppd control IPC heavyly. - support IPv6 as tunnel source address. - deleted support changing the configuration of npppd_ctl on running. Because it is not so needed but it requires privilege operations. - refactors.
man page helps from jmc. tested by sebastia. ok deraadt sebastia sthen
|
Revision tags: OPENBSD_5_0_BASE
|
#
1.3 |
|
08-Jul-2011 |
yasuoka |
Improved npppd privileged separations: - Changed finalizing way to the privileged process. In old way, the privileged process could not aware abnormal exit of the process in jail. Then the processes in jail remained as zombies. Created a pipe to monitor the privileged process, the privileged process can exit in peace by using the pipe. - npppd will exit abnormally when the privileged process exits abnormally. - PF_KEY socket requires privileges. - Return correct "errno" to the jail in priv_open(). - Cleanup.
ok hsuenaga@
|
#
1.2 |
|
05-Jul-2011 |
yasuoka |
Fixed some bugs of priv_send(). The bugs caused sending routing messages failures. 'errno' returned by the privileged process was not initialized. 'tolen' in priv_sendto() was garbage.
ok hsuenaga@
|
Revision tags: OPENBSD_4_7_BASE OPENBSD_4_8_BASE OPENBSD_4_9_BASE
|
#
1.1 |
|
31-Jan-2010 |
yasuoka |
privilege separation of npppd.
- Drop privilege after daemon initializing. - Some system calls that requires root privileges were replaced to wrapper functions that communicate with a separated privileged process via IPC. And the privileged process checks whether the operations are acceptable.
|
#
1.24 |
|
23-Jan-2020 |
dlg |
allow npppd to use pppac(4) (once i wire it up)
|
Revision tags: OPENBSD_6_2_BASE OPENBSD_6_3_BASE OPENBSD_6_4_BASE OPENBSD_6_5_BASE OPENBSD_6_6_BASE
|
#
1.23 |
|
19-Apr-2017 |
natano |
Switch base tools from /dev/bpf0 to /dev/bpf. Now that /dev/bpf has been around for two releases, it should be safe to do so.
ok bluhm deraadt sthen tb yasuoka
|
Revision tags: OPENBSD_6_0_BASE OPENBSD_6_1_BASE
|
#
1.22 |
|
28-May-2016 |
natano |
Replace the /dev/bpf* open loop with a plain open("/dev/bpf0", ...). ok deraadt jca
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.21 |
|
02-Feb-2016 |
sthen |
Remove setproctitle() for the parent process. Because rc.d(8) uses process titles (including flags) to distinguish between daemons, this makes it possible to manage multiple copies of a daemon using the normal infrastructure by symlinking rc.d scripts to a new name. ok jung@ ajacoutot@, smtpd ok gilles@
|
#
1.20 |
|
05-Dec-2015 |
mmcc |
strings.h -> string.h to prevent an implicit declaration. Also remove a bunch of NULL-checks before free().
|
#
1.19 |
|
05-Dec-2015 |
claudio |
EAGAIN handling for imsg_read. OK henning@ benno@
|
#
1.18 |
|
11-Oct-2015 |
guenther |
Simplify and lock down priv_open(): * kill the 'mode' argument * fail if passed any flags other than O_ACCMODE OR O_NONBLOCK * paranoia: mask O_CREAT when calling open() with only two arguments * instead of using ioctl(FIONBIO) after the fact, pass O_NONBLOCK to priv_open()
"good start" deraadt@ ok yasuoka@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.17 |
|
20-Jul-2015 |
yasuoka |
Add missing initializations in privsep.c
From Yuuichi Someya at IIJ.
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.16 |
|
19-Jan-2015 |
deraadt |
move to <limits.h> universe ok yasuoka
|
#
1.15 |
|
23-Aug-2014 |
doug |
close fd when fdopen fails
ok yasuoka@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.14 |
|
18-Jul-2014 |
yasuoka |
Fix privsep.c. Call missing imsg_free() after imsg_get(). Also add missing #include <net/if.h> to use IFNAMESIZ and replace some strncmp() by startswith().
|
#
1.13 |
|
13-Jul-2014 |
yasuoka |
Some functions need to dup() before sending a socket by imsg and don't need to close() after sending socket since imsg_compose() closes the passing socket.
|
#
1.12 |
|
12-Jul-2014 |
yasuoka |
Fix a potential bug. privsep.c didn't check the interface name correctly if it's pppx.
|
#
1.11 |
|
12-Jul-2014 |
yasuoka |
Fix error in previous.
|
#
1.10 |
|
12-Jul-2014 |
yasuoka |
Use imsg(3) for the IPC between the privileged process and the non-privileged process to be unify the way. Also fix style.
|
Revision tags: OPENBSD_5_3_BASE OPENBSD_5_4_BASE OPENBSD_5_5_BASE
|
#
1.9 |
|
08-Feb-2013 |
yasuoka |
Fix memory leak in privsep.c. Free the memories which were allocated by getcap(3).
|
#
1.8 |
|
31-Jan-2013 |
yasuoka |
Deleting ip address of tun inteface was failed. This was caused by passing wrong inteface name to ioctl().
pointed out by csszep at gmail.com
|
#
1.7 |
|
28-Sep-2012 |
yasuoka |
framed-ip-address and framed-ip-netmask were not working.
pointed out by Andrew Ngo.
|
#
1.6 |
|
18-Sep-2012 |
yasuoka |
New configuration syntax for npppd(8). `npppd.conf' will be based on parse.y and `npppd-users' will be based on getcap(3). Add man pages.
feedback from giovanni
|
Revision tags: OPENBSD_5_2_BASE
|
#
1.5 |
|
08-May-2012 |
yasuoka |
Fix comments and styles. Delete unused variables and labels. No binary changes.
ok mcbride henning
|
Revision tags: OPENBSD_5_1_BASE
|
#
1.4 |
|
18-Jan-2012 |
yasuoka |
Replace npppdctl(8) by new npppctl(8). npppctl was written from scratch, it uses parser.c derived from ikectl(8) to have OpenBSD's fashion. This includes related changes listed below: - changed npppd control IPC heavyly. - support IPv6 as tunnel source address. - deleted support changing the configuration of npppd_ctl on running. Because it is not so needed but it requires privilege operations. - refactors.
man page helps from jmc. tested by sebastia. ok deraadt sebastia sthen
|
Revision tags: OPENBSD_5_0_BASE
|
#
1.3 |
|
08-Jul-2011 |
yasuoka |
Improved npppd privileged separations: - Changed finalizing way to the privileged process. In old way, the privileged process could not aware abnormal exit of the process in jail. Then the processes in jail remained as zombies. Created a pipe to monitor the privileged process, the privileged process can exit in peace by using the pipe. - npppd will exit abnormally when the privileged process exits abnormally. - PF_KEY socket requires privileges. - Return correct "errno" to the jail in priv_open(). - Cleanup.
ok hsuenaga@
|
#
1.2 |
|
05-Jul-2011 |
yasuoka |
Fixed some bugs of priv_send(). The bugs caused sending routing messages failures. 'errno' returned by the privileged process was not initialized. 'tolen' in priv_sendto() was garbage.
ok hsuenaga@
|
Revision tags: OPENBSD_4_7_BASE OPENBSD_4_8_BASE OPENBSD_4_9_BASE
|
#
1.1 |
|
31-Jan-2010 |
yasuoka |
privilege separation of npppd.
- Drop privilege after daemon initializing. - Some system calls that requires root privileges were replaced to wrapper functions that communicate with a separated privileged process via IPC. And the privileged process checks whether the operations are acceptable.
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.23 |
|
19-Apr-2017 |
natano |
Switch base tools from /dev/bpf0 to /dev/bpf. Now that /dev/bpf has been around for two releases, it should be safe to do so.
ok bluhm deraadt sthen tb yasuoka
|
Revision tags: OPENBSD_6_0_BASE OPENBSD_6_1_BASE
|
#
1.22 |
|
28-May-2016 |
natano |
Replace the /dev/bpf* open loop with a plain open("/dev/bpf0", ...). ok deraadt jca
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.21 |
|
02-Feb-2016 |
sthen |
Remove setproctitle() for the parent process. Because rc.d(8) uses process titles (including flags) to distinguish between daemons, this makes it possible to manage multiple copies of a daemon using the normal infrastructure by symlinking rc.d scripts to a new name. ok jung@ ajacoutot@, smtpd ok gilles@
|
#
1.20 |
|
05-Dec-2015 |
mmcc |
strings.h -> string.h to prevent an implicit declaration. Also remove a bunch of NULL-checks before free().
|
#
1.19 |
|
05-Dec-2015 |
claudio |
EAGAIN handling for imsg_read. OK henning@ benno@
|
#
1.18 |
|
11-Oct-2015 |
guenther |
Simplify and lock down priv_open(): * kill the 'mode' argument * fail if passed any flags other than O_ACCMODE OR O_NONBLOCK * paranoia: mask O_CREAT when calling open() with only two arguments * instead of using ioctl(FIONBIO) after the fact, pass O_NONBLOCK to priv_open()
"good start" deraadt@ ok yasuoka@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.17 |
|
20-Jul-2015 |
yasuoka |
Add missing initializations in privsep.c
From Yuuichi Someya at IIJ.
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.16 |
|
19-Jan-2015 |
deraadt |
move to <limits.h> universe ok yasuoka
|
#
1.15 |
|
23-Aug-2014 |
doug |
close fd when fdopen fails
ok yasuoka@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.14 |
|
18-Jul-2014 |
yasuoka |
Fix privsep.c. Call missing imsg_free() after imsg_get(). Also add missing #include <net/if.h> to use IFNAMESIZ and replace some strncmp() by startswith().
|
#
1.13 |
|
13-Jul-2014 |
yasuoka |
Some functions need to dup() before sending a socket by imsg and don't need to close() after sending socket since imsg_compose() closes the passing socket.
|
#
1.12 |
|
12-Jul-2014 |
yasuoka |
Fix a potential bug. privsep.c didn't check the interface name correctly if it's pppx.
|
#
1.11 |
|
12-Jul-2014 |
yasuoka |
Fix error in previous.
|
#
1.10 |
|
12-Jul-2014 |
yasuoka |
Use imsg(3) for the IPC between the privileged process and the non-privileged process to be unify the way. Also fix style.
|
Revision tags: OPENBSD_5_3_BASE OPENBSD_5_4_BASE OPENBSD_5_5_BASE
|
#
1.9 |
|
08-Feb-2013 |
yasuoka |
Fix memory leak in privsep.c. Free the memories which were allocated by getcap(3).
|
#
1.8 |
|
31-Jan-2013 |
yasuoka |
Deleting ip address of tun inteface was failed. This was caused by passing wrong inteface name to ioctl().
pointed out by csszep at gmail.com
|
#
1.7 |
|
28-Sep-2012 |
yasuoka |
framed-ip-address and framed-ip-netmask were not working.
pointed out by Andrew Ngo.
|
#
1.6 |
|
18-Sep-2012 |
yasuoka |
New configuration syntax for npppd(8). `npppd.conf' will be based on parse.y and `npppd-users' will be based on getcap(3). Add man pages.
feedback from giovanni
|
Revision tags: OPENBSD_5_2_BASE
|
#
1.5 |
|
08-May-2012 |
yasuoka |
Fix comments and styles. Delete unused variables and labels. No binary changes.
ok mcbride henning
|
Revision tags: OPENBSD_5_1_BASE
|
#
1.4 |
|
18-Jan-2012 |
yasuoka |
Replace npppdctl(8) by new npppctl(8). npppctl was written from scratch, it uses parser.c derived from ikectl(8) to have OpenBSD's fashion. This includes related changes listed below: - changed npppd control IPC heavyly. - support IPv6 as tunnel source address. - deleted support changing the configuration of npppd_ctl on running. Because it is not so needed but it requires privilege operations. - refactors.
man page helps from jmc. tested by sebastia. ok deraadt sebastia sthen
|
Revision tags: OPENBSD_5_0_BASE
|
#
1.3 |
|
08-Jul-2011 |
yasuoka |
Improved npppd privileged separations: - Changed finalizing way to the privileged process. In old way, the privileged process could not aware abnormal exit of the process in jail. Then the processes in jail remained as zombies. Created a pipe to monitor the privileged process, the privileged process can exit in peace by using the pipe. - npppd will exit abnormally when the privileged process exits abnormally. - PF_KEY socket requires privileges. - Return correct "errno" to the jail in priv_open(). - Cleanup.
ok hsuenaga@
|
#
1.2 |
|
05-Jul-2011 |
yasuoka |
Fixed some bugs of priv_send(). The bugs caused sending routing messages failures. 'errno' returned by the privileged process was not initialized. 'tolen' in priv_sendto() was garbage.
ok hsuenaga@
|
Revision tags: OPENBSD_4_7_BASE OPENBSD_4_8_BASE OPENBSD_4_9_BASE
|
#
1.1 |
|
31-Jan-2010 |
yasuoka |
privilege separation of npppd.
- Drop privilege after daemon initializing. - Some system calls that requires root privileges were replaced to wrapper functions that communicate with a separated privileged process via IPC. And the privileged process checks whether the operations are acceptable.
|