xref: /freebsd/sbin/dumpon/dumpon.c (revision a25896ca1270e25b657ceaa8d47d5699515f5c25)
1 /*-
2  * SPDX-License-Identifier: BSD-3-Clause
3  *
4  * Copyright (c) 1980, 1993
5  *	The Regents of the University of California.  All rights reserved.
6  *
7  * Redistribution and use in source and binary forms, with or without
8  * modification, are permitted provided that the following conditions
9  * are met:
10  * 1. Redistributions of source code must retain the above copyright
11  *    notice, this list of conditions and the following disclaimer.
12  * 2. Redistributions in binary form must reproduce the above copyright
13  *    notice, this list of conditions and the following disclaimer in the
14  *    documentation and/or other materials provided with the distribution.
15  * 3. Neither the name of the University nor the names of its contributors
16  *    may be used to endorse or promote products derived from this software
17  *    without specific prior written permission.
18  *
19  * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
20  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22  * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
23  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29  * SUCH DAMAGE.
30  */
31 
32 #if 0
33 #ifndef lint
34 static const char copyright[] =
35 "@(#) Copyright (c) 1980, 1993\n\
36 	The Regents of the University of California.  All rights reserved.\n";
37 #endif /* not lint */
38 
39 #ifndef lint
40 static char sccsid[] = "From: @(#)swapon.c	8.1 (Berkeley) 6/5/93";
41 #endif /* not lint */
42 #endif
43 #include <sys/cdefs.h>
44 __FBSDID("$FreeBSD$");
45 
46 #include <sys/param.h>
47 #include <sys/capsicum.h>
48 #include <sys/disk.h>
49 #include <sys/socket.h>
50 #include <sys/sysctl.h>
51 
52 #include <assert.h>
53 #include <capsicum_helpers.h>
54 #include <err.h>
55 #include <errno.h>
56 #include <fcntl.h>
57 #include <ifaddrs.h>
58 #include <netdb.h>
59 #include <paths.h>
60 #include <stdbool.h>
61 #include <stdint.h>
62 #include <stdio.h>
63 #include <stdlib.h>
64 #include <string.h>
65 #include <sysexits.h>
66 #include <unistd.h>
67 
68 #include <arpa/inet.h>
69 
70 #include <net/if.h>
71 #include <net/if_dl.h>
72 #include <net/route.h>
73 
74 #include <netinet/in.h>
75 #include <netinet/netdump/netdump.h>
76 
77 #ifdef HAVE_CRYPTO
78 #include <openssl/err.h>
79 #include <openssl/pem.h>
80 #include <openssl/rsa.h>
81 #endif
82 
83 static int	verbose;
84 
85 static void _Noreturn
86 usage(void)
87 {
88 	fprintf(stderr,
89     "usage: dumpon [-v] [-k <pubkey>] [-Zz] <device>\n"
90     "       dumpon [-v] [-k <pubkey>] [-Zz]\n"
91     "              [-g <gateway>|default] -s <server> -c <client> <iface>\n"
92     "       dumpon [-v] off\n"
93     "       dumpon [-v] -l\n");
94 	exit(EX_USAGE);
95 }
96 
97 /*
98  * Look for a default route on the specified interface.
99  */
100 static char *
101 find_gateway(const char *ifname)
102 {
103 	struct ifaddrs *ifa, *ifap;
104 	struct rt_msghdr *rtm;
105 	struct sockaddr *sa;
106 	struct sockaddr_dl *sdl;
107 	struct sockaddr_in *dst, *mask, *gw;
108 	char *buf, *next, *ret;
109 	size_t sz;
110 	int error, i, ifindex, mib[7];
111 
112 	ret = NULL;
113 
114 	/* First look up the interface index. */
115 	if (getifaddrs(&ifap) != 0)
116 		err(EX_OSERR, "getifaddrs");
117 	for (ifa = ifap; ifa != NULL; ifa = ifa->ifa_next) {
118 		if (ifa->ifa_addr->sa_family != AF_LINK)
119 			continue;
120 		if (strcmp(ifa->ifa_name, ifname) == 0) {
121 			sdl = (struct sockaddr_dl *)(void *)ifa->ifa_addr;
122 			ifindex = sdl->sdl_index;
123 			break;
124 		}
125 	}
126 	if (ifa == NULL)
127 		errx(1, "couldn't find interface index for '%s'", ifname);
128 	freeifaddrs(ifap);
129 
130 	/* Now get the IPv4 routing table. */
131 	mib[0] = CTL_NET;
132 	mib[1] = PF_ROUTE;
133 	mib[2] = 0;
134 	mib[3] = AF_INET;
135 	mib[4] = NET_RT_DUMP;
136 	mib[5] = 0;
137 	mib[6] = -1; /* FIB */
138 
139 	for (;;) {
140 		if (sysctl(mib, nitems(mib), NULL, &sz, NULL, 0) != 0)
141 			err(EX_OSERR, "sysctl(NET_RT_DUMP)");
142 		buf = malloc(sz);
143 		error = sysctl(mib, nitems(mib), buf, &sz, NULL, 0);
144 		if (error == 0)
145 			break;
146 		if (errno != ENOMEM)
147 			err(EX_OSERR, "sysctl(NET_RT_DUMP)");
148 		free(buf);
149 	}
150 
151 	for (next = buf; next < buf + sz; next += rtm->rtm_msglen) {
152 		rtm = (struct rt_msghdr *)(void *)next;
153 		if (rtm->rtm_version != RTM_VERSION)
154 			continue;
155 		if ((rtm->rtm_flags & RTF_GATEWAY) == 0 ||
156 		    rtm->rtm_index != ifindex)
157 			continue;
158 
159 		dst = gw = mask = NULL;
160 		sa = (struct sockaddr *)(rtm + 1);
161 		for (i = 0; i < RTAX_MAX; i++) {
162 			if ((rtm->rtm_addrs & (1 << i)) != 0) {
163 				switch (i) {
164 				case RTAX_DST:
165 					dst = (void *)sa;
166 					break;
167 				case RTAX_GATEWAY:
168 					gw = (void *)sa;
169 					break;
170 				case RTAX_NETMASK:
171 					mask = (void *)sa;
172 					break;
173 				}
174 			}
175 			sa = (struct sockaddr *)((char *)sa + SA_SIZE(sa));
176 		}
177 
178 		if (dst->sin_addr.s_addr == INADDR_ANY &&
179 		    mask->sin_addr.s_addr == 0) {
180 			ret = inet_ntoa(gw->sin_addr);
181 			break;
182 		}
183 	}
184 	free(buf);
185 	return (ret);
186 }
187 
188 static void
189 check_size(int fd, const char *fn)
190 {
191 	int name[] = { CTL_HW, HW_PHYSMEM };
192 	size_t namelen = nitems(name);
193 	unsigned long physmem;
194 	size_t len;
195 	off_t mediasize;
196 	int minidump;
197 
198 	len = sizeof(minidump);
199 	if (sysctlbyname("debug.minidump", &minidump, &len, NULL, 0) == 0 &&
200 	    minidump == 1)
201 		return;
202 	len = sizeof(physmem);
203 	if (sysctl(name, namelen, &physmem, &len, NULL, 0) != 0)
204 		err(EX_OSERR, "can't get memory size");
205 	if (ioctl(fd, DIOCGMEDIASIZE, &mediasize) != 0)
206 		err(EX_OSERR, "%s: can't get size", fn);
207 	if ((uintmax_t)mediasize < (uintmax_t)physmem) {
208 		if (verbose)
209 			printf("%s is smaller than physical memory\n", fn);
210 		exit(EX_IOERR);
211 	}
212 }
213 
214 #ifdef HAVE_CRYPTO
215 static void
216 genkey(const char *pubkeyfile, struct diocskerneldump_arg *kdap)
217 {
218 	FILE *fp;
219 	RSA *pubkey;
220 
221 	assert(pubkeyfile != NULL);
222 	assert(kdap != NULL);
223 
224 	fp = NULL;
225 	pubkey = NULL;
226 
227 	fp = fopen(pubkeyfile, "r");
228 	if (fp == NULL)
229 		err(1, "Unable to open %s", pubkeyfile);
230 
231 	if (caph_enter() < 0)
232 		err(1, "Unable to enter capability mode");
233 
234 	pubkey = RSA_new();
235 	if (pubkey == NULL) {
236 		errx(1, "Unable to allocate an RSA structure: %s",
237 		    ERR_error_string(ERR_get_error(), NULL));
238 	}
239 
240 	pubkey = PEM_read_RSA_PUBKEY(fp, &pubkey, NULL, NULL);
241 	fclose(fp);
242 	fp = NULL;
243 	if (pubkey == NULL)
244 		errx(1, "Unable to read data from %s.", pubkeyfile);
245 
246 	/*
247 	 * RSA keys under ~1024 bits are trivially factorable (2018).  OpenSSL
248 	 * provides an API for RSA keys to estimate the symmetric-cipher
249 	 * "equivalent" bits of security (defined in NIST SP800-57), which as
250 	 * of this writing equates a 2048-bit RSA key to 112 symmetric cipher
251 	 * bits.
252 	 *
253 	 * Use this API as a seatbelt to avoid suggesting to users that their
254 	 * privacy is protected by encryption when the key size is insufficient
255 	 * to prevent compromise via factoring.
256 	 *
257 	 * Future work: Sanity check for weak 'e', and sanity check for absence
258 	 * of 'd' (i.e., the supplied key is a public key rather than a full
259 	 * keypair).
260 	 */
261 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
262 	if (RSA_security_bits(pubkey) < 112)
263 #else
264 	if (RSA_size(pubkey) * 8 < 2048)
265 #endif
266 		errx(1, "Small RSA keys (you provided: %db) can be "
267 		    "factored cheaply.  Please generate a larger key.",
268 		    RSA_size(pubkey) * 8);
269 
270 	kdap->kda_encryptedkeysize = RSA_size(pubkey);
271 	if (kdap->kda_encryptedkeysize > KERNELDUMP_ENCKEY_MAX_SIZE) {
272 		errx(1, "Public key has to be at most %db long.",
273 		    8 * KERNELDUMP_ENCKEY_MAX_SIZE);
274 	}
275 
276 	kdap->kda_encryptedkey = calloc(1, kdap->kda_encryptedkeysize);
277 	if (kdap->kda_encryptedkey == NULL)
278 		err(1, "Unable to allocate encrypted key");
279 
280 	kdap->kda_encryption = KERNELDUMP_ENC_AES_256_CBC;
281 	arc4random_buf(kdap->kda_key, sizeof(kdap->kda_key));
282 	if (RSA_public_encrypt(sizeof(kdap->kda_key), kdap->kda_key,
283 	    kdap->kda_encryptedkey, pubkey,
284 	    RSA_PKCS1_PADDING) != (int)kdap->kda_encryptedkeysize) {
285 		errx(1, "Unable to encrypt the one-time key.");
286 	}
287 	RSA_free(pubkey);
288 }
289 #endif
290 
291 static void
292 listdumpdev(void)
293 {
294 	char dumpdev[PATH_MAX];
295 	struct netdump_conf ndconf;
296 	size_t len;
297 	const char *sysctlname = "kern.shutdown.dumpdevname";
298 	int fd;
299 
300 	len = sizeof(dumpdev);
301 	if (sysctlbyname(sysctlname, &dumpdev, &len, NULL, 0) != 0) {
302 		if (errno == ENOMEM) {
303 			err(EX_OSERR, "Kernel returned too large of a buffer for '%s'\n",
304 				sysctlname);
305 		} else {
306 			err(EX_OSERR, "Sysctl get '%s'\n", sysctlname);
307 		}
308 	}
309 	if (strlen(dumpdev) == 0)
310 		(void)strlcpy(dumpdev, _PATH_DEVNULL, sizeof(dumpdev));
311 
312 	if (verbose)
313 		printf("kernel dumps on ");
314 	printf("%s\n", dumpdev);
315 
316 	/* If netdump is enabled, print the configuration parameters. */
317 	if (verbose) {
318 		fd = open(_PATH_NETDUMP, O_RDONLY);
319 		if (fd < 0) {
320 			if (errno != ENOENT)
321 				err(EX_OSERR, "opening %s", _PATH_NETDUMP);
322 			return;
323 		}
324 		if (ioctl(fd, NETDUMPGCONF, &ndconf) != 0) {
325 			if (errno != ENXIO)
326 				err(EX_OSERR, "ioctl(NETDUMPGCONF)");
327 			(void)close(fd);
328 			return;
329 		}
330 
331 		printf("server address: %s\n", inet_ntoa(ndconf.ndc_server));
332 		printf("client address: %s\n", inet_ntoa(ndconf.ndc_client));
333 		printf("gateway address: %s\n", inet_ntoa(ndconf.ndc_gateway));
334 		(void)close(fd);
335 	}
336 }
337 
338 static int
339 opendumpdev(const char *arg, char *dumpdev)
340 {
341 	int fd, i;
342 
343 	if (strncmp(arg, _PATH_DEV, sizeof(_PATH_DEV) - 1) == 0)
344 		strlcpy(dumpdev, arg, PATH_MAX);
345 	else {
346 		i = snprintf(dumpdev, PATH_MAX, "%s%s", _PATH_DEV, arg);
347 		if (i < 0)
348 			err(EX_OSERR, "%s", arg);
349 		if (i >= PATH_MAX)
350 			errc(EX_DATAERR, EINVAL, "%s", arg);
351 	}
352 
353 	fd = open(dumpdev, O_RDONLY);
354 	if (fd < 0)
355 		err(EX_OSFILE, "%s", dumpdev);
356 	return (fd);
357 }
358 
359 int
360 main(int argc, char *argv[])
361 {
362 	char dumpdev[PATH_MAX];
363 	struct diocskerneldump_arg _kda, *kdap;
364 	struct netdump_conf ndconf;
365 	struct addrinfo hints, *res;
366 	const char *dev, *pubkeyfile, *server, *client, *gateway;
367 	int ch, error, fd;
368 	bool enable, gzip, list, netdump, zstd;
369 
370 	gzip = list = netdump = zstd = false;
371 	kdap = NULL;
372 	pubkeyfile = NULL;
373 	server = client = gateway = NULL;
374 
375 	while ((ch = getopt(argc, argv, "c:g:k:ls:vZz")) != -1)
376 		switch ((char)ch) {
377 		case 'c':
378 			client = optarg;
379 			break;
380 		case 'g':
381 			gateway = optarg;
382 			break;
383 		case 'k':
384 			pubkeyfile = optarg;
385 			break;
386 		case 'l':
387 			list = true;
388 			break;
389 		case 's':
390 			server = optarg;
391 			break;
392 		case 'v':
393 			verbose = 1;
394 			break;
395 		case 'Z':
396 			zstd = true;
397 			break;
398 		case 'z':
399 			gzip = true;
400 			break;
401 		default:
402 			usage();
403 		}
404 
405 	if (gzip && zstd)
406 		errx(EX_USAGE, "The -z and -Z options are mutually exclusive.");
407 
408 	argc -= optind;
409 	argv += optind;
410 
411 	if (list) {
412 		listdumpdev();
413 		exit(EX_OK);
414 	}
415 
416 	if (argc != 1)
417 		usage();
418 
419 #ifndef HAVE_CRYPTO
420 	if (pubkeyfile != NULL)
421 		errx(EX_UNAVAILABLE,"Unable to use the public key."
422 				    " Recompile dumpon with OpenSSL support.");
423 #endif
424 
425 	if (server != NULL && client != NULL) {
426 		enable = true;
427 		dev = _PATH_NETDUMP;
428 		netdump = true;
429 		kdap = &ndconf.ndc_kda;
430 	} else if (server == NULL && client == NULL && argc > 0) {
431 		enable = strcmp(argv[0], "off") != 0;
432 		dev = enable ? argv[0] : _PATH_DEVNULL;
433 		netdump = false;
434 		kdap = &_kda;
435 	} else
436 		usage();
437 
438 	fd = opendumpdev(dev, dumpdev);
439 	if (!netdump && !gzip)
440 		check_size(fd, dumpdev);
441 
442 	bzero(kdap, sizeof(*kdap));
443 	kdap->kda_enable = 0;
444 	if (ioctl(fd, DIOCSKERNELDUMP, kdap) != 0)
445 		err(EX_OSERR, "ioctl(DIOCSKERNELDUMP)");
446 	if (!enable)
447 		exit(EX_OK);
448 
449 	explicit_bzero(kdap, sizeof(*kdap));
450 	kdap->kda_enable = 1;
451 	kdap->kda_compression = KERNELDUMP_COMP_NONE;
452 	if (zstd)
453 		kdap->kda_compression = KERNELDUMP_COMP_ZSTD;
454 	else if (gzip)
455 		kdap->kda_compression = KERNELDUMP_COMP_GZIP;
456 
457 	if (netdump) {
458 		memset(&hints, 0, sizeof(hints));
459 		hints.ai_family = AF_INET;
460 		hints.ai_protocol = IPPROTO_UDP;
461 		res = NULL;
462 		error = getaddrinfo(server, NULL, &hints, &res);
463 		if (error != 0)
464 			err(1, "%s", gai_strerror(error));
465 		if (res == NULL)
466 			errx(1, "failed to resolve '%s'", server);
467 		server = inet_ntoa(
468 		    ((struct sockaddr_in *)(void *)res->ai_addr)->sin_addr);
469 		freeaddrinfo(res);
470 
471 		if (strlcpy(ndconf.ndc_iface, argv[0],
472 		    sizeof(ndconf.ndc_iface)) >= sizeof(ndconf.ndc_iface))
473 			errx(EX_USAGE, "invalid interface name '%s'", argv[0]);
474 		if (inet_aton(server, &ndconf.ndc_server) == 0)
475 			errx(EX_USAGE, "invalid server address '%s'", server);
476 		if (inet_aton(client, &ndconf.ndc_client) == 0)
477 			errx(EX_USAGE, "invalid client address '%s'", client);
478 
479 		if (gateway == NULL)
480 			gateway = server;
481 		else if (strcmp(gateway, "default") == 0 &&
482 		    (gateway = find_gateway(argv[0])) == NULL)
483 			errx(EX_NOHOST,
484 			    "failed to look up next-hop router for %s", server);
485 		if (inet_aton(gateway, &ndconf.ndc_gateway) == 0)
486 			errx(EX_USAGE, "invalid gateway address '%s'", gateway);
487 
488 #ifdef HAVE_CRYPTO
489 		if (pubkeyfile != NULL)
490 			genkey(pubkeyfile, kdap);
491 #endif
492 		error = ioctl(fd, NETDUMPSCONF, &ndconf);
493 		if (error != 0)
494 			error = errno;
495 		explicit_bzero(kdap->kda_encryptedkey,
496 		    kdap->kda_encryptedkeysize);
497 		free(kdap->kda_encryptedkey);
498 		explicit_bzero(kdap, sizeof(*kdap));
499 		if (error != 0)
500 			errc(EX_OSERR, error, "ioctl(NETDUMPSCONF)");
501 	} else {
502 #ifdef HAVE_CRYPTO
503 		if (pubkeyfile != NULL)
504 			genkey(pubkeyfile, kdap);
505 #endif
506 		error = ioctl(fd, DIOCSKERNELDUMP, kdap);
507 		if (error != 0)
508 			error = errno;
509 		explicit_bzero(kdap->kda_encryptedkey,
510 		    kdap->kda_encryptedkeysize);
511 		free(kdap->kda_encryptedkey);
512 		explicit_bzero(kdap, sizeof(*kdap));
513 		if (error != 0)
514 			errc(EX_OSERR, error, "ioctl(DIOCSKERNELDUMP)");
515 	}
516 	if (verbose)
517 		printf("kernel dumps on %s\n", dumpdev);
518 
519 	exit(EX_OK);
520 }
521