privilege separated tcpdump, joint work with otto@

tested by avsm@ vincent@ dhartmei@ markus@ hshoexer@ and others
go for it deraadt@

1 files changed, 116 insertions, 0 deletions

diff --git a/usr.sbin/tcpdump/privsep_fdpass.c b/usr.sbin/tcpdump/privsep_fdpass.c
new file mode 100644
index 00000000000..5396b70e8da
--- /dev/null
+++ b/usr.sbin/tcpdump/privsep_fdpass.c
@@ -0,0 +1,116 @@
+/*	$OpenBSD: privsep_fdpass.c,v 1.1 2004/01/28 19:44:55 canacar Exp $	*/
+
+/*
+ * Copyright 2001 Niels Provos <provos@citi.umich.edu>
+ * All rights reserved.
+ *
+ * Copyright (c) 2002 Matthieu Herrb
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *    - Redistributions of source code must retain the above copyright
+ *      notice, this list of conditions and the following disclaimer.
+ *    - Redistributions in binary form must reproduce the above
+ *      copyright notice, this list of conditions and the following
+ *      disclaimer in the documentation and/or other materials provided
+ *      with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+ * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
+ * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <sys/uio.h>
+
+#include <err.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <unistd.h>
+
+#include "privsep.h"
+
+void
+send_fd(int sock, int fd)
+{
+	struct msghdr msg;
+	char tmp[CMSG_SPACE(sizeof(int))];
+	struct cmsghdr *cmsg;
+	struct iovec vec;
+	int result = 0;
+	ssize_t n;
+
+	memset(&msg, 0, sizeof(msg));
+
+	if (fd >= 0) {
+		msg.msg_control = (caddr_t)tmp;
+		msg.msg_controllen = CMSG_LEN(sizeof(int));
+		cmsg = CMSG_FIRSTHDR(&msg);
+		cmsg->cmsg_len = CMSG_LEN(sizeof(int));
+		cmsg->cmsg_level = SOL_SOCKET;
+		cmsg->cmsg_type = SCM_RIGHTS;
+		*(int *)CMSG_DATA(cmsg) = fd;
+	} else
+		result = errno;
+
+	vec.iov_base = &result;
+	vec.iov_len = sizeof(int);
+	msg.msg_iov = &vec;
+	msg.msg_iovlen = 1;
+
+	if ((n = sendmsg(sock, &msg, 0)) == -1)
+		warn("%s: sendmsg(%d)", __func__, sock);
+	if (n != sizeof(int))
+		warnx("%s: sendmsg: expected sent 1 got %ld",
+		    __func__, (long)n);
+}
+
+int
+receive_fd(int sock)
+{
+	struct msghdr msg;
+	char tmp[CMSG_SPACE(sizeof(int))];
+	struct cmsghdr *cmsg;
+	struct iovec vec;
+	ssize_t n;
+	int result;
+	int fd;
+
+	memset(&msg, 0, sizeof(msg));
+	vec.iov_base = &result;
+	vec.iov_len = sizeof(int);
+	msg.msg_iov = &vec;
+	msg.msg_iovlen = 1;
+	msg.msg_control = tmp;
+	msg.msg_controllen = sizeof(tmp);
+
+	if ((n = recvmsg(sock, &msg, 0)) == -1)
+		warn("%s: recvmsg", __func__);
+	if (n != sizeof(int))
+		warnx("%s: recvmsg: expected received 1 got %ld",
+		    __func__, (long)n);
+	if (result == 0) {
+		cmsg = CMSG_FIRSTHDR(&msg);
+		if (cmsg->cmsg_type != SCM_RIGHTS)
+			warnx("%s: expected type %d got %d", __func__,
+			    SCM_RIGHTS, cmsg->cmsg_type);
+		fd = (*(int *)CMSG_DATA(cmsg));
+		return (fd);
+	} else {
+		errno = result;
+		return (-1);
+	}
+}