Make HUP to either one of the processes cause a restart that will

have dhclient re-read dhclient.conf and get a new lease. Constrain the filename passed to '-l' (alternate dhclient.lease.if location) to be a regular file for the moment. Original suggestion from phessler@. Feedback from deraadt@ and espie@.
author: krw <krw@openbsd.org> 2012-12-29 14:40:00 +0000
committer: krw <krw@openbsd.org> 2012-12-29 14:40:00 +0000
commit: ea2f173c7832340e3fdd61b9b837fb482e3c275a (patch)
tree: 3a7d7252c1d11f0b6a8ae07e4d30c1913a5baa68
parent: Fix exit status when there is an error reading a file. (diff)
download: wireguard-openbsd-ea2f173c7832340e3fdd61b9b837fb482e3c275a.tar.xz
wireguard-openbsd-ea2f173c7832340e3fdd61b9b837fb482e3c275a.zip
5 files changed, 60 insertions, 22 deletions
diff --git a/sbin/dhclient/bpf.c b/sbin/dhclient/bpf.c
index 1dfc3b2c40d..0ba323e4dd6 100644
--- a/sbin/dhclient/bpf.c
+++ b/sbin/dhclient/bpf.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: bpf.c,v 1.23 2012/12/04 19:24:02 krw Exp $	*/
+/*	$OpenBSD: bpf.c,v 1.24 2012/12/29 14:40:00 krw Exp $	*/
 
 /* BPF socket interface code, originally contributed by Archie Cobbs. */
 
@@ -194,6 +194,7 @@ if_register_receive(void)
 
 	/* Open a BPF device and hang it on this interface... */
 	ifi->rfdesc = if_register_bpf();
+	fcntl(ifi->rfdesc, F_SETFD, FD_CLOEXEC);
 
 	/* Make sure the BPF version is in range... */
 	if (ioctl(ifi->rfdesc, BIOCVERSION, &v) < 0)
diff --git a/sbin/dhclient/dhclient.c b/sbin/dhclient/dhclient.c
index 11fc4646b43..c73ed057e6b 100644
--- a/sbin/dhclient/dhclient.c
+++ b/sbin/dhclient/dhclient.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: dhclient.c,v 1.198 2012/12/21 20:37:28 krw Exp $	*/
+/*	$OpenBSD: dhclient.c,v 1.199 2012/12/29 14:40:00 krw Exp $	*/
 
 /*
  * Copyright 2004 Henning Brauer <henning@openbsd.org>
@@ -112,7 +112,7 @@ static FILE *leaseFile;
 void
 sighdlr(int sig)
 {
-	quit = 1;
+	quit = sig;
 }
 
 int
@@ -278,15 +278,20 @@ die:
 	error("routehandler: %s", errmsg);
 }
 
+char **saved_argv;
+
 int
 main(int argc, char *argv[])
 {
+	struct stat sb;
 	int	 ch, fd, quiet = 0, i = 0, socket_fd[2];
 	extern char *__progname;
 	struct passwd *pw;
 	char *ignore_list = NULL;
 	int rtfilter;
 
+	saved_argv = argv;
+
 	/* Initially, log errors to stderr as well as to syslogd. */
 	openlog(__progname, LOG_PID | LOG_NDELAY, DHCPD_LOG_FACILITY);
 	setlogmask(LOG_UPTO(LOG_INFO));
@@ -336,6 +341,20 @@ main(int argc, char *argv[])
 	    _PATH_DHCLIENT_DB, ifi->name) == -1)
 		error("asprintf");
 
+	if (lstat(path_dhclient_db, &sb) == -1)
+		error("Cannot lstat() '%s': %s", path_dhclient_db,
+		    strerror(errno));
+	if (!S_ISREG(sb.st_mode))
+		error("'%s' is not a regular file", path_dhclient_db);
+
+	if (path_dhclient_conf) {
+		if (lstat(path_dhclient_conf, &sb) == -1)
+			error("Cannot lstat() '%s': %s", path_dhclient_conf,
+			    strerror(errno));
+		if (!S_ISREG(sb.st_mode))
+			error("'%s' is not a regular file", path_dhclient_conf);
+	}
+
 	if (quiet)
 		log_perror = 0;
 
@@ -390,7 +409,9 @@ main(int argc, char *argv[])
 	if (socketpair(AF_UNIX, SOCK_STREAM, PF_UNSPEC, socket_fd) == -1)
 		error("socketpair: %s", strerror(errno));
 	socket_nonblockmode(socket_fd[0]);
+	fcntl(socket_fd[0], F_SETFD, FD_CLOEXEC);
 	socket_nonblockmode(socket_fd[1]);
+	fcntl(socket_fd[1], F_SETFD, FD_CLOEXEC);
 
 	fork_privchld(socket_fd[0], socket_fd[1]);
 
@@ -1520,6 +1541,17 @@ go_daemon(void)
 		close(nullfd);
 		nullfd = -1;
 	}
+
+	/*
+	 * Catch stuff that might be trying to terminate the program.
+	 */
+	signal(SIGHUP, sighdlr);
+	signal(SIGINT, sighdlr);
+	signal(SIGTERM, sighdlr);
+	signal(SIGUSR1, sighdlr);
+	signal(SIGUSR2, sighdlr);
+
+	signal(SIGPIPE, SIG_IGN);
 }
 
 int
@@ -1756,18 +1788,6 @@ fork_privchld(int fd, int fd2)
 
 	imsg_init(priv_ibuf, fd);
 
-	/*
-	 * Catch stuff that might be trying to terminate the program.
-	 */
-
-	signal(SIGHUP, sighdlr);
-	signal(SIGINT, sighdlr);
-	signal(SIGTERM, sighdlr);
-	signal(SIGUSR1, sighdlr);
-	signal(SIGUSR2, sighdlr);
-
-	signal(SIGPIPE, SIG_IGN);
-
 	while (quit == 0) {
 		pfd[0].fd = priv_ibuf->fd;
 		pfd[0].events = POLLIN;
@@ -1795,6 +1815,9 @@ fork_privchld(int fd, int fd2)
 		dispatch_imsg(priv_ibuf);
 	}
 
+	imsg_clear(priv_ibuf);
+	close(fd);
+
 	memset(&imsg, 0, sizeof(imsg));
 	strlcpy(imsg.ifname, ifi->name, sizeof(imsg.ifname));
 	imsg.rdomain = ifi->rdomain;
@@ -1802,6 +1825,14 @@ fork_privchld(int fd, int fd2)
 
 	priv_cleanup(&imsg);
 
+	if (quit == SIGHUP) {
+		warning("Received SIGHUP; restarting.");
+		signal(SIGHUP, SIG_IGN); /* will be restored after exec */
+		execvp(saved_argv[0], saved_argv);
+		error("RESTART FAILED: '%s': %s", saved_argv[0],
+		    strerror(errno));
+	}
+
 	exit(1);
 }
 
diff --git a/sbin/dhclient/dispatch.c b/sbin/dhclient/dispatch.c
index 86cecaa9d18..fd5cf90e742 100644
--- a/sbin/dhclient/dispatch.c
+++ b/sbin/dhclient/dispatch.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: dispatch.c,v 1.68 2012/12/04 19:24:03 krw Exp $	*/
+/*	$OpenBSD: dispatch.c,v 1.69 2012/12/29 14:40:00 krw Exp $	*/
 
 /*
  * Copyright 2004 Henning Brauer <henning@openbsd.org>
@@ -114,7 +114,7 @@ dispatch(void)
 	time_t cur_time, howlong;
 	void (*func)(void);
 
-	do {
+	while (quit == 0) {
 		/*
 		 * Call expired timeout, and then if there's still
 		 * a timeout registered, time out the select call then.
@@ -187,7 +187,13 @@ another:
 		if ((fds[2].revents & (POLLIN | POLLHUP))) {
 			error("lost connection to [priv]");
 		}
-	} while (1);
+	}
+
+	if (quit == SIGHUP) {
+		cleanup(client->active);
+		exit(0);
+	}
+	exit(1);
 }
 
 void
diff --git a/sbin/dhclient/kroute.c b/sbin/dhclient/kroute.c
index a0aee066dd8..b7189da9fd4 100644
--- a/sbin/dhclient/kroute.c
+++ b/sbin/dhclient/kroute.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: kroute.c,v 1.25 2012/12/19 12:25:38 krw Exp $	*/
+/*	$OpenBSD: kroute.c,v 1.26 2012/12/29 14:40:00 krw Exp $	*/
 
 /*
  * Copyright 2012 Kenneth R Westerback <krw@openbsd.org>
@@ -506,7 +506,7 @@ priv_add_address(struct imsg_add_address *imsg)
 	if (imsg->addr.s_addr == INADDR_ANY) {
 		/* Notification that the active_addr has been deleted. */
 		active_addr.s_addr = INADDR_ANY;
-		quit = 1;
+		quit = INT_MAX;
 		return;
 	}
 
diff --git a/sbin/dhclient/privsep.c b/sbin/dhclient/privsep.c
index af0a3f008a3..d1ac3d2b26a 100644
--- a/sbin/dhclient/privsep.c
+++ b/sbin/dhclient/privsep.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: privsep.c,v 1.26 2012/12/04 19:24:03 krw Exp $ */
+/*	$OpenBSD: privsep.c,v 1.27 2012/12/29 14:40:01 krw Exp $ */
 
 /*
  * Copyright (c) 2004 Henning Brauer <henning@openbsd.org>
@@ -82,7 +82,7 @@ dispatch_imsg(struct imsgbuf *ibuf)
 			    sizeof(struct imsg_cleanup))
 				warning("bad IMSG_CLEANUP");
 			else
-				priv_cleanup(imsg.data);
+				quit = SIGHUP;
 			break;
 
 		default:
author	krw <krw@openbsd.org>	2012-12-29 14:40:00 +0000
committer	krw <krw@openbsd.org>	2012-12-29 14:40:00 +0000
commit	ea2f173c7832340e3fdd61b9b837fb482e3c275a (patch)
tree	3a7d7252c1d11f0b6a8ae07e4d30c1913a5baa68
parent	Fix exit status when there is an error reading a file. (diff)
download	wireguard-openbsd-ea2f173c7832340e3fdd61b9b837fb482e3c275a.tar.xz wireguard-openbsd-ea2f173c7832340e3fdd61b9b837fb482e3c275a.zip