mirror of
https://github.com/pi-hole/dnsmasq.git
synced 2025-12-19 18:28:25 +00:00
579 lines
16 KiB
Diff
579 lines
16 KiB
Diff
Index: src/dnsmasq.c
|
|
===================================================================
|
|
--- src/dnsmasq.c (revision 696)
|
|
+++ src/dnsmasq.c (revision 821)
|
|
@@ -59,7 +59,6 @@
|
|
static int set_dns_listeners(time_t now, fd_set *set, int *maxfdp);
|
|
static void check_dns_listeners(fd_set *set, time_t now);
|
|
static void sig_handler(int sig);
|
|
-static void async_event(int pipe, time_t now);
|
|
static void fatal_event(struct event_desc *ev);
|
|
static void poll_resolv(void);
|
|
|
|
@@ -275,7 +274,7 @@
|
|
piperead = pipefd[0];
|
|
pipewrite = pipefd[1];
|
|
/* prime the pipe to load stuff first time. */
|
|
- send_event(pipewrite, EVENT_RELOAD, 0);
|
|
+ send_event(pipewrite, EVENT_RELOAD, 0, 0);
|
|
|
|
err_pipe[1] = -1;
|
|
|
|
@@ -340,7 +339,7 @@
|
|
}
|
|
else if (getuid() == 0)
|
|
{
|
|
- send_event(err_pipe[1], EVENT_PIDFILE, errno);
|
|
+ send_event(err_pipe[1], EVENT_PIDFILE, errno, 0);
|
|
_exit(0);
|
|
}
|
|
}
|
|
@@ -372,7 +371,7 @@
|
|
(setgroups(0, &dummy) == -1 ||
|
|
setgid(gp->gr_gid) == -1))
|
|
{
|
|
- send_event(err_pipe[1], EVENT_GROUP_ERR, errno);
|
|
+ send_event(err_pipe[1], EVENT_GROUP_ERR, errno, 0);
|
|
_exit(0);
|
|
}
|
|
|
|
@@ -415,14 +414,14 @@
|
|
|
|
if (bad_capabilities != 0)
|
|
{
|
|
- send_event(err_pipe[1], EVENT_CAP_ERR, bad_capabilities);
|
|
+ send_event(err_pipe[1], EVENT_CAP_ERR, bad_capabilities, 0);
|
|
_exit(0);
|
|
}
|
|
|
|
/* finally drop root */
|
|
if (setuid(ent_pw->pw_uid) == -1)
|
|
{
|
|
- send_event(err_pipe[1], EVENT_USER_ERR, errno);
|
|
+ send_event(err_pipe[1], EVENT_USER_ERR, errno, 0);
|
|
_exit(0);
|
|
}
|
|
|
|
@@ -434,7 +433,7 @@
|
|
/* lose the setuid and setgid capbilities */
|
|
if (capset(hdr, data) == -1)
|
|
{
|
|
- send_event(err_pipe[1], EVENT_CAP_ERR, errno);
|
|
+ send_event(err_pipe[1], EVENT_CAP_ERR, errno, 0);
|
|
_exit(0);
|
|
}
|
|
#endif
|
|
@@ -647,7 +646,7 @@
|
|
}
|
|
|
|
if (FD_ISSET(piperead, &rset))
|
|
- async_event(piperead, now);
|
|
+ async_event(piperead, now, NULL, 0);
|
|
|
|
#ifdef HAVE_LINUX_NETWORK
|
|
if (FD_ISSET(daemon->netlinkfd, &rset))
|
|
@@ -674,7 +673,7 @@
|
|
#endif
|
|
|
|
if (daemon->dhcp && FD_ISSET(daemon->dhcpfd, &rset))
|
|
- dhcp_packet(now);
|
|
+ dhcp_packet(piperead, now);
|
|
|
|
#ifndef NO_FORK
|
|
if (daemon->helperfd != -1 && FD_ISSET(daemon->helperfd, &wset))
|
|
@@ -719,17 +718,18 @@
|
|
else
|
|
return;
|
|
|
|
- send_event(pipewrite, event, 0);
|
|
+ send_event(pipewrite, event, 0, 0);
|
|
errno = errsave;
|
|
}
|
|
}
|
|
|
|
-void send_event(int fd, int event, int data)
|
|
+void send_event(int fd, int event, int data, int priv)
|
|
{
|
|
struct event_desc ev;
|
|
|
|
ev.event = event;
|
|
ev.data = data;
|
|
+ ev.priv = priv;
|
|
|
|
/* error pipe, debug mode. */
|
|
if (fd == -1)
|
|
@@ -771,14 +771,17 @@
|
|
die(_("cannot open %s: %s"), daemon->log_file ? daemon->log_file : "log", EC_FILE);
|
|
}
|
|
}
|
|
-
|
|
-static void async_event(int pipe, time_t now)
|
|
+
|
|
+/* returns the private data of the event
|
|
+ */
|
|
+int async_event(int pipe, time_t now, struct event_desc* event, unsigned int secs)
|
|
{
|
|
pid_t p;
|
|
struct event_desc ev;
|
|
int i;
|
|
|
|
- if (read_write(pipe, (unsigned char *)&ev, sizeof(ev), 1))
|
|
+ if (read_timeout(pipe, (unsigned char *)&ev, sizeof(ev), now, secs) > 0)
|
|
+ {
|
|
switch (ev.event)
|
|
{
|
|
case EVENT_RELOAD:
|
|
@@ -872,6 +875,14 @@
|
|
flush_log();
|
|
exit(EC_GOOD);
|
|
}
|
|
+ }
|
|
+ else
|
|
+ return -1; /* timeout */
|
|
+
|
|
+ if (event)
|
|
+ memcpy( event, &ev, sizeof(ev));
|
|
+
|
|
+ return 0;
|
|
}
|
|
|
|
static void poll_resolv()
|
|
Index: src/config.h
|
|
===================================================================
|
|
--- src/config.h (revision 696)
|
|
+++ src/config.h (revision 821)
|
|
@@ -51,6 +51,8 @@
|
|
#define TFTP_MAX_CONNECTIONS 50 /* max simultaneous connections */
|
|
#define LOG_MAX 5 /* log-queue length */
|
|
#define RANDFILE "/dev/urandom"
|
|
+#define SCRIPT_TIMEOUT 6
|
|
+#define LEASE_CHECK_TIMEOUT 10
|
|
|
|
/* DBUS interface specifics */
|
|
#define DNSMASQ_SERVICE "uk.org.thekelleys.dnsmasq"
|
|
Index: src/dnsmasq.h
|
|
===================================================================
|
|
--- src/dnsmasq.h (revision 696)
|
|
+++ src/dnsmasq.h (revision 821)
|
|
@@ -116,6 +116,7 @@
|
|
/* Async event queue */
|
|
struct event_desc {
|
|
int event, data;
|
|
+ unsigned int priv;
|
|
};
|
|
|
|
#define EVENT_RELOAD 1
|
|
@@ -390,6 +391,7 @@
|
|
#define ACTION_OLD_HOSTNAME 2
|
|
#define ACTION_OLD 3
|
|
#define ACTION_ADD 4
|
|
+#define ACTION_ACCESS 5
|
|
|
|
#define DHCP_CHADDR_MAX 16
|
|
|
|
@@ -709,6 +711,7 @@
|
|
char *print_mac(char *buff, unsigned char *mac, int len);
|
|
void bump_maxfd(int fd, int *max);
|
|
int read_write(int fd, unsigned char *packet, int size, int rw);
|
|
+int read_timeout(int fd, unsigned char *packet, int size, time_t now, int secs);
|
|
|
|
/* log.c */
|
|
void die(char *message, char *arg1, int exit_code);
|
|
@@ -748,7 +751,7 @@
|
|
|
|
/* dhcp.c */
|
|
void dhcp_init(void);
|
|
-void dhcp_packet(time_t now);
|
|
+void dhcp_packet(int piperead, time_t now);
|
|
|
|
struct dhcp_context *address_available(struct dhcp_context *context,
|
|
struct in_addr addr,
|
|
@@ -792,14 +795,16 @@
|
|
void rerun_scripts(void);
|
|
|
|
/* rfc2131.c */
|
|
-size_t dhcp_reply(struct dhcp_context *context, char *iface_name, int int_index,
|
|
+size_t dhcp_reply(int pipefd, struct dhcp_context *context, char *iface_name, int int_index,
|
|
size_t sz, time_t now, int unicast_dest, int *is_inform);
|
|
|
|
/* dnsmasq.c */
|
|
int make_icmp_sock(void);
|
|
int icmp_ping(struct in_addr addr);
|
|
-void send_event(int fd, int event, int data);
|
|
+void send_event(int fd, int event, int data, int priv);
|
|
void clear_cache_and_reload(time_t now);
|
|
+int wait_for_child(int pipe);
|
|
+int async_event(int pipe, time_t now, struct event_desc*, unsigned int timeout);
|
|
|
|
/* isc.c */
|
|
#ifdef HAVE_ISC_READER
|
|
@@ -832,9 +837,9 @@
|
|
/* helper.c */
|
|
#ifndef NO_FORK
|
|
int create_helper(int event_fd, int err_fd, uid_t uid, gid_t gid, long max_fd);
|
|
-void helper_write(void);
|
|
+int helper_write(void);
|
|
void queue_script(int action, struct dhcp_lease *lease,
|
|
- char *hostname, time_t now);
|
|
+ char *hostname, time_t now, unsigned int uid);
|
|
int helper_buf_empty(void);
|
|
#endif
|
|
|
|
Index: src/util.c
|
|
===================================================================
|
|
--- src/util.c (revision 696)
|
|
+++ src/util.c (revision 821)
|
|
@@ -444,3 +444,38 @@
|
|
return 1;
|
|
}
|
|
|
|
+int read_timeout(int fd, unsigned char *packet, int size, time_t now, int secs)
|
|
+{
|
|
+ ssize_t n, done;
|
|
+ time_t expire;
|
|
+
|
|
+ expire = now + secs;
|
|
+
|
|
+ for (done = 0; done < size; done += n)
|
|
+ {
|
|
+ retry:
|
|
+ if (secs > 0) alarm(secs);
|
|
+ n = read(fd, &packet[done], (size_t)(size - done));
|
|
+
|
|
+ if (n == 0)
|
|
+ return 0;
|
|
+ else if (n == -1)
|
|
+ {
|
|
+ if (errno == EINTR) {
|
|
+ my_syslog(LOG_INFO, _("read timed out (errno %d)"), errno);
|
|
+ return 0;
|
|
+ }
|
|
+
|
|
+ if (retry_send() || errno == ENOMEM || errno == ENOBUFS || errno == EAGAIN)
|
|
+ {
|
|
+ if (secs == 0 || (secs > 0 && dnsmasq_time() < expire))
|
|
+ goto retry;
|
|
+ }
|
|
+
|
|
+ my_syslog(LOG_INFO, _("error in read (timeout %d, errno %d)"), secs, errno);
|
|
+ return 0;
|
|
+ }
|
|
+ }
|
|
+ return 1;
|
|
+}
|
|
+
|
|
Index: src/dhcp.c
|
|
===================================================================
|
|
--- src/dhcp.c (revision 696)
|
|
+++ src/dhcp.c (revision 821)
|
|
@@ -103,7 +103,7 @@
|
|
daemon->dhcp_packet.iov_base = safe_malloc(daemon->dhcp_packet.iov_len);
|
|
}
|
|
|
|
-void dhcp_packet(time_t now)
|
|
+void dhcp_packet(int piperead, time_t now)
|
|
{
|
|
struct dhcp_packet *mess;
|
|
struct dhcp_context *context;
|
|
@@ -239,7 +239,8 @@
|
|
if (!iface_enumerate(&parm, complete_context, NULL))
|
|
return;
|
|
lease_prune(NULL, now); /* lose any expired leases */
|
|
- iov.iov_len = dhcp_reply(parm.current, ifr.ifr_name, iface_index, (size_t)sz,
|
|
+
|
|
+ iov.iov_len = dhcp_reply(piperead, parm.current, ifr.ifr_name, iface_index, (size_t)sz,
|
|
now, unicast_dest, &is_inform);
|
|
lease_update_file(now);
|
|
lease_update_dns();
|
|
Index: src/helper.c
|
|
===================================================================
|
|
--- src/helper.c (revision 696)
|
|
+++ src/helper.c (revision 821)
|
|
@@ -45,6 +45,7 @@
|
|
#endif
|
|
unsigned char hwaddr[DHCP_CHADDR_MAX];
|
|
char interface[IF_NAMESIZE];
|
|
+ unsigned int uid;
|
|
};
|
|
|
|
static struct script_data *buf = NULL;
|
|
@@ -60,7 +61,7 @@
|
|
then fork our process. */
|
|
if (pipe(pipefd) == -1 || !fix_fd(pipefd[1]) || (pid = fork()) == -1)
|
|
{
|
|
- send_event(err_fd, EVENT_PIPE_ERR, errno);
|
|
+ send_event(err_fd, EVENT_PIPE_ERR, errno, 0);
|
|
_exit(0);
|
|
}
|
|
|
|
@@ -87,13 +88,13 @@
|
|
{
|
|
if (daemon->options & OPT_NO_FORK)
|
|
/* send error to daemon process if no-fork */
|
|
- send_event(event_fd, EVENT_HUSER_ERR, errno);
|
|
+ send_event(event_fd, EVENT_HUSER_ERR, errno, 0);
|
|
else
|
|
{
|
|
/* kill daemon */
|
|
- send_event(event_fd, EVENT_DIE, 0);
|
|
+ send_event(event_fd, EVENT_DIE, 0, 0);
|
|
/* return error */
|
|
- send_event(err_fd, EVENT_HUSER_ERR, errno);;
|
|
+ send_event(err_fd, EVENT_HUSER_ERR, errno, 0);
|
|
}
|
|
_exit(0);
|
|
}
|
|
@@ -122,6 +123,8 @@
|
|
action_str = "del";
|
|
else if (data.action == ACTION_ADD)
|
|
action_str = "add";
|
|
+ else if (data.action == ACTION_ACCESS)
|
|
+ action_str = "access";
|
|
else if (data.action == ACTION_OLD || data.action == ACTION_OLD_HOSTNAME)
|
|
action_str = "old";
|
|
else
|
|
@@ -178,9 +181,11 @@
|
|
{
|
|
/* On error send event back to main process for logging */
|
|
if (WIFSIGNALED(status))
|
|
- send_event(event_fd, EVENT_KILLED, WTERMSIG(status));
|
|
- else if (WIFEXITED(status) && WEXITSTATUS(status) != 0)
|
|
- send_event(event_fd, EVENT_EXITED, WEXITSTATUS(status));
|
|
+ send_event(event_fd, EVENT_KILLED, WTERMSIG(status), data.uid);
|
|
+ else if (WIFEXITED(status))
|
|
+ send_event(event_fd, EVENT_EXITED, WEXITSTATUS(status), data.uid);
|
|
+ else
|
|
+ send_event(event_fd, EVENT_EXITED, -1, data.uid);
|
|
break;
|
|
}
|
|
|
|
@@ -263,7 +268,7 @@
|
|
err = errno;
|
|
}
|
|
/* failed, send event so the main process logs the problem */
|
|
- send_event(event_fd, EVENT_EXEC_ERR, err);
|
|
+ send_event(event_fd, EVENT_EXEC_ERR, err, data.uid);
|
|
_exit(0);
|
|
}
|
|
}
|
|
@@ -295,7 +300,7 @@
|
|
}
|
|
|
|
/* pack up lease data into a buffer */
|
|
-void queue_script(int action, struct dhcp_lease *lease, char *hostname, time_t now)
|
|
+void queue_script(int action, struct dhcp_lease *lease, char *hostname, time_t now, unsigned int uid)
|
|
{
|
|
unsigned char *p;
|
|
size_t size;
|
|
@@ -332,6 +337,7 @@
|
|
buf_size = size;
|
|
}
|
|
|
|
+ buf->uid = uid;
|
|
buf->action = action;
|
|
buf->hwaddr_len = lease->hwaddr_len;
|
|
buf->hwaddr_type = lease->hwaddr_type;
|
|
@@ -393,12 +399,15 @@
|
|
return bytes_in_buf == 0;
|
|
}
|
|
|
|
-void helper_write(void)
|
|
+/* returns -1 if write failed for a reason, 1 if no data exist
|
|
+ * and 0 if everything was ok.
|
|
+ */
|
|
+int helper_write(void)
|
|
{
|
|
ssize_t rc;
|
|
|
|
if (bytes_in_buf == 0)
|
|
- return;
|
|
+ return 1;
|
|
|
|
if ((rc = write(daemon->helperfd, buf, bytes_in_buf)) != -1)
|
|
{
|
|
@@ -409,9 +418,11 @@
|
|
else
|
|
{
|
|
if (errno == EAGAIN || errno == EINTR)
|
|
- return;
|
|
+ return -1;
|
|
bytes_in_buf = 0;
|
|
}
|
|
+
|
|
+ return 0;
|
|
}
|
|
|
|
#endif
|
|
Index: src/rfc2131.c
|
|
===================================================================
|
|
--- src/rfc2131.c (revision 696)
|
|
+++ src/rfc2131.c (revision 821)
|
|
@@ -100,8 +100,49 @@
|
|
int clid_len, unsigned char *clid, int *len_out);
|
|
static void match_vendor_opts(unsigned char *opt, struct dhcp_opt *dopt);
|
|
|
|
+static int check_access_script( int piperead, struct dhcp_lease *lease, struct dhcp_packet *mess, time_t now)
|
|
+{
|
|
+#ifndef NO_FORK
|
|
+unsigned int uid;
|
|
+struct event_desc ev;
|
|
+int ret;
|
|
+struct dhcp_lease _lease;
|
|
+
|
|
+ if (daemon->lease_change_command == NULL) return 0; /* ok */
|
|
+
|
|
+ if (!lease) { /* if host has not been seen before lease is NULL */
|
|
+ memset(&_lease, 0, sizeof(_lease));
|
|
+ lease = &_lease;
|
|
+ lease_set_hwaddr(lease, mess->chaddr, NULL, mess->hlen, mess->htype, 0);
|
|
+ }
|
|
+
|
|
+ uid = rand16();
|
|
+ queue_script(ACTION_ACCESS, lease, NULL, now, uid);
|
|
+
|
|
+ /* send all data to helper process */
|
|
+ do
|
|
+ {
|
|
+ helper_write();
|
|
+ } while (helper_buf_empty() == 0);
|
|
+
|
|
+ /* wait for our event */
|
|
+ ret = 0;
|
|
+ do
|
|
+ {
|
|
+ ret = async_event( piperead, now, &ev, SCRIPT_TIMEOUT);
|
|
+ }
|
|
+ while(ev.priv != uid && ret >= 0);
|
|
+
|
|
+ if (ret < 0 || ev.data != 0) /* timeout or error */
|
|
+ {
|
|
+ return -1;
|
|
+ }
|
|
+
|
|
+#endif
|
|
+ return 0; /* ok */
|
|
+}
|
|
|
|
-size_t dhcp_reply(struct dhcp_context *context, char *iface_name, int int_index,
|
|
+size_t dhcp_reply(int piperead, struct dhcp_context *context, char *iface_name, int int_index,
|
|
size_t sz, time_t now, int unicast_dest, int *is_inform)
|
|
{
|
|
unsigned char *opt, *clid = NULL;
|
|
@@ -252,7 +293,7 @@
|
|
mac->netid.next = netid;
|
|
netid = &mac->netid;
|
|
}
|
|
-
|
|
+
|
|
/* Determine network for this packet. Our caller will have already linked all the
|
|
contexts which match the addresses of the receiving interface but if the
|
|
machine has an address already, or came via a relay, or we have a subnet selector,
|
|
@@ -329,7 +370,7 @@
|
|
my_syslog(LOG_INFO, _("Available DHCP range: %s -- %s"), daemon->namebuff, inet_ntoa(context_tmp->end));
|
|
}
|
|
}
|
|
-
|
|
+
|
|
mess->op = BOOTREPLY;
|
|
|
|
config = find_config(daemon->dhcp_conf, context, clid, clid_len,
|
|
@@ -418,7 +459,7 @@
|
|
else
|
|
mess->yiaddr = lease->addr;
|
|
}
|
|
-
|
|
+
|
|
if (!message &&
|
|
!lease &&
|
|
(!(lease = lease_allocate(mess->yiaddr))))
|
|
@@ -641,7 +682,14 @@
|
|
memcpy(req_options, option_ptr(opt, 0), option_len(opt));
|
|
req_options[option_len(opt)] = OPTION_END;
|
|
}
|
|
-
|
|
+
|
|
+ if (mess_type == DHCPREQUEST || mess_type == DHCPDISCOVER)
|
|
+ if (check_access_script(piperead, lease, mess, now) < 0)
|
|
+ {
|
|
+ my_syslog(LOG_INFO, _("Ignoring client due to access script"));
|
|
+ return 0;
|
|
+ }
|
|
+
|
|
switch (mess_type)
|
|
{
|
|
case DHCPDECLINE:
|
|
Index: src/log.c
|
|
===================================================================
|
|
--- src/log.c (revision 696)
|
|
+++ src/log.c (revision 821)
|
|
@@ -73,7 +73,7 @@
|
|
|
|
if (!log_reopen(daemon->log_file))
|
|
{
|
|
- send_event(errfd, EVENT_LOG_ERR, errno);
|
|
+ send_event(errfd, EVENT_LOG_ERR, errno, 0);
|
|
_exit(0);
|
|
}
|
|
|
|
Index: src/lease.c
|
|
===================================================================
|
|
--- src/lease.c (revision 696)
|
|
+++ src/lease.c (revision 821)
|
|
@@ -511,7 +511,7 @@
|
|
if (lease->old_hostname)
|
|
{
|
|
#ifndef NO_FORK
|
|
- queue_script(ACTION_OLD_HOSTNAME, lease, lease->old_hostname, now);
|
|
+ queue_script(ACTION_OLD_HOSTNAME, lease, lease->old_hostname, now, 0);
|
|
#endif
|
|
free(lease->old_hostname);
|
|
lease->old_hostname = NULL;
|
|
@@ -520,7 +520,7 @@
|
|
else
|
|
{
|
|
#ifndef NO_FORK
|
|
- queue_script(ACTION_DEL, lease, lease->hostname, now);
|
|
+ queue_script(ACTION_DEL, lease, lease->hostname, now, 0);
|
|
#endif
|
|
old_leases = lease->next;
|
|
|
|
@@ -540,7 +540,7 @@
|
|
if (lease->old_hostname)
|
|
{
|
|
#ifndef NO_FORK
|
|
- queue_script(ACTION_OLD_HOSTNAME, lease, lease->old_hostname, now);
|
|
+ queue_script(ACTION_OLD_HOSTNAME, lease, lease->old_hostname, now, 0);
|
|
#endif
|
|
free(lease->old_hostname);
|
|
lease->old_hostname = NULL;
|
|
@@ -552,7 +552,7 @@
|
|
(lease->aux_changed && (daemon->options & OPT_LEASE_RO)))
|
|
{
|
|
#ifndef NO_FORK
|
|
- queue_script(lease->new ? ACTION_ADD : ACTION_OLD, lease, lease->hostname, now);
|
|
+ queue_script(lease->new ? ACTION_ADD : ACTION_OLD, lease, lease->hostname, now, 0);
|
|
#endif
|
|
lease->new = lease->changed = lease->aux_changed = 0;
|
|
|
|
Index: man/dnsmasq.8
|
|
===================================================================
|
|
--- man/dnsmasq.8 (revision 696)
|
|
+++ man/dnsmasq.8 (revision 821)
|
|
@@ -724,12 +724,15 @@
|
|
.B \-6 --dhcp-script=<path>
|
|
Whenever a new DHCP lease is created, or an old one destroyed, the
|
|
binary specified by this option is run. The arguments to the process
|
|
-are "add", "old" or "del", the MAC
|
|
+are "add", "old", "access" or "del", the MAC
|
|
address of the host (or "<null>"), the IP address, and the hostname,
|
|
if known. "add" means a lease has been created, "del" means it has
|
|
been destroyed, "old" is a notification of an existing lease when
|
|
dnsmasq starts or a change to MAC address or hostname of an existing
|
|
lease (also, lease length or expiry and client-id, if leasefile-ro is set).
|
|
+The "access" keyword means that a request was just received and depending
|
|
+on the script exit status request for address will be granted, if exit status
|
|
+is zero or not if it is non-zero.
|
|
The process is run as root (assuming that dnsmasq was originally run as
|
|
root) even if dnsmasq is configured to change UID to an unprivileged user.
|
|
The environment is inherited from the invoker of dnsmasq, and if the
|