1 /*- 2 * SPDX-License-Identifier: BSD-3-Clause 3 * 4 * Copyright (c) 1980, 1993 5 * The Regents of the University of California. All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 3. Neither the name of the University nor the names of its contributors 16 * may be used to endorse or promote products derived from this software 17 * without specific prior written permission. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 22 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29 * SUCH DAMAGE. 30 */ 31 32 #if 0 33 #ifndef lint 34 static const char copyright[] = 35 "@(#) Copyright (c) 1980, 1993\n\ 36 The Regents of the University of California. All rights reserved.\n"; 37 #endif /* not lint */ 38 39 #ifndef lint 40 static char sccsid[] = "From: @(#)swapon.c 8.1 (Berkeley) 6/5/93"; 41 #endif /* not lint */ 42 #endif 43 #include <sys/cdefs.h> 44 __FBSDID("$FreeBSD$"); 45 46 #include <sys/param.h> 47 #include <sys/capsicum.h> 48 #include <sys/disk.h> 49 #include <sys/socket.h> 50 #include <sys/sysctl.h> 51 52 #include <assert.h> 53 #include <capsicum_helpers.h> 54 #include <err.h> 55 #include <errno.h> 56 #include <fcntl.h> 57 #include <ifaddrs.h> 58 #include <netdb.h> 59 #include <paths.h> 60 #include <stdbool.h> 61 #include <stdint.h> 62 #include <stdio.h> 63 #include <stdlib.h> 64 #include <string.h> 65 #include <sysexits.h> 66 #include <unistd.h> 67 68 #include <arpa/inet.h> 69 70 #include <net/if.h> 71 #include <net/if_dl.h> 72 #include <net/route.h> 73 74 #include <netinet/in.h> 75 #include <netinet/netdump/netdump.h> 76 77 #ifdef HAVE_CRYPTO 78 #include <openssl/err.h> 79 #include <openssl/pem.h> 80 #include <openssl/rsa.h> 81 #endif 82 83 static int verbose; 84 85 static void _Noreturn 86 usage(void) 87 { 88 fprintf(stderr, 89 "usage: dumpon [-v] [-k <pubkey>] [-Zz] <device>\n" 90 " dumpon [-v] [-k <pubkey>] [-Zz]\n" 91 " [-g <gateway>|default] -s <server> -c <client> <iface>\n" 92 " dumpon [-v] off\n" 93 " dumpon [-v] -l\n"); 94 exit(EX_USAGE); 95 } 96 97 /* 98 * Look for a default route on the specified interface. 99 */ 100 static char * 101 find_gateway(const char *ifname) 102 { 103 struct ifaddrs *ifa, *ifap; 104 struct rt_msghdr *rtm; 105 struct sockaddr *sa; 106 struct sockaddr_dl *sdl; 107 struct sockaddr_in *dst, *mask, *gw; 108 char *buf, *next, *ret; 109 size_t sz; 110 int error, i, ifindex, mib[7]; 111 112 ret = NULL; 113 114 /* First look up the interface index. */ 115 if (getifaddrs(&ifap) != 0) 116 err(EX_OSERR, "getifaddrs"); 117 for (ifa = ifap; ifa != NULL; ifa = ifa->ifa_next) { 118 if (ifa->ifa_addr->sa_family != AF_LINK) 119 continue; 120 if (strcmp(ifa->ifa_name, ifname) == 0) { 121 sdl = (struct sockaddr_dl *)(void *)ifa->ifa_addr; 122 ifindex = sdl->sdl_index; 123 break; 124 } 125 } 126 if (ifa == NULL) 127 errx(1, "couldn't find interface index for '%s'", ifname); 128 freeifaddrs(ifap); 129 130 /* Now get the IPv4 routing table. */ 131 mib[0] = CTL_NET; 132 mib[1] = PF_ROUTE; 133 mib[2] = 0; 134 mib[3] = AF_INET; 135 mib[4] = NET_RT_DUMP; 136 mib[5] = 0; 137 mib[6] = -1; /* FIB */ 138 139 for (;;) { 140 if (sysctl(mib, nitems(mib), NULL, &sz, NULL, 0) != 0) 141 err(EX_OSERR, "sysctl(NET_RT_DUMP)"); 142 buf = malloc(sz); 143 error = sysctl(mib, nitems(mib), buf, &sz, NULL, 0); 144 if (error == 0) 145 break; 146 if (errno != ENOMEM) 147 err(EX_OSERR, "sysctl(NET_RT_DUMP)"); 148 free(buf); 149 } 150 151 for (next = buf; next < buf + sz; next += rtm->rtm_msglen) { 152 rtm = (struct rt_msghdr *)(void *)next; 153 if (rtm->rtm_version != RTM_VERSION) 154 continue; 155 if ((rtm->rtm_flags & RTF_GATEWAY) == 0 || 156 rtm->rtm_index != ifindex) 157 continue; 158 159 dst = gw = mask = NULL; 160 sa = (struct sockaddr *)(rtm + 1); 161 for (i = 0; i < RTAX_MAX; i++) { 162 if ((rtm->rtm_addrs & (1 << i)) != 0) { 163 switch (i) { 164 case RTAX_DST: 165 dst = (void *)sa; 166 break; 167 case RTAX_GATEWAY: 168 gw = (void *)sa; 169 break; 170 case RTAX_NETMASK: 171 mask = (void *)sa; 172 break; 173 } 174 } 175 sa = (struct sockaddr *)((char *)sa + SA_SIZE(sa)); 176 } 177 178 if (dst->sin_addr.s_addr == INADDR_ANY && 179 mask->sin_addr.s_addr == 0) { 180 ret = inet_ntoa(gw->sin_addr); 181 break; 182 } 183 } 184 free(buf); 185 return (ret); 186 } 187 188 static void 189 check_size(int fd, const char *fn) 190 { 191 int name[] = { CTL_HW, HW_PHYSMEM }; 192 size_t namelen = nitems(name); 193 unsigned long physmem; 194 size_t len; 195 off_t mediasize; 196 int minidump; 197 198 len = sizeof(minidump); 199 if (sysctlbyname("debug.minidump", &minidump, &len, NULL, 0) == 0 && 200 minidump == 1) 201 return; 202 len = sizeof(physmem); 203 if (sysctl(name, namelen, &physmem, &len, NULL, 0) != 0) 204 err(EX_OSERR, "can't get memory size"); 205 if (ioctl(fd, DIOCGMEDIASIZE, &mediasize) != 0) 206 err(EX_OSERR, "%s: can't get size", fn); 207 if ((uintmax_t)mediasize < (uintmax_t)physmem) { 208 if (verbose) 209 printf("%s is smaller than physical memory\n", fn); 210 exit(EX_IOERR); 211 } 212 } 213 214 #ifdef HAVE_CRYPTO 215 static void 216 genkey(const char *pubkeyfile, struct diocskerneldump_arg *kdap) 217 { 218 FILE *fp; 219 RSA *pubkey; 220 221 assert(pubkeyfile != NULL); 222 assert(kdap != NULL); 223 224 fp = NULL; 225 pubkey = NULL; 226 227 fp = fopen(pubkeyfile, "r"); 228 if (fp == NULL) 229 err(1, "Unable to open %s", pubkeyfile); 230 231 if (caph_enter() < 0) 232 err(1, "Unable to enter capability mode"); 233 234 pubkey = RSA_new(); 235 if (pubkey == NULL) { 236 errx(1, "Unable to allocate an RSA structure: %s", 237 ERR_error_string(ERR_get_error(), NULL)); 238 } 239 240 pubkey = PEM_read_RSA_PUBKEY(fp, &pubkey, NULL, NULL); 241 fclose(fp); 242 fp = NULL; 243 if (pubkey == NULL) 244 errx(1, "Unable to read data from %s.", pubkeyfile); 245 246 /* 247 * RSA keys under ~1024 bits are trivially factorable (2018). OpenSSL 248 * provides an API for RSA keys to estimate the symmetric-cipher 249 * "equivalent" bits of security (defined in NIST SP800-57), which as 250 * of this writing equates a 2048-bit RSA key to 112 symmetric cipher 251 * bits. 252 * 253 * Use this API as a seatbelt to avoid suggesting to users that their 254 * privacy is protected by encryption when the key size is insufficient 255 * to prevent compromise via factoring. 256 * 257 * Future work: Sanity check for weak 'e', and sanity check for absence 258 * of 'd' (i.e., the supplied key is a public key rather than a full 259 * keypair). 260 */ 261 #if OPENSSL_VERSION_NUMBER >= 0x10100000L 262 if (RSA_security_bits(pubkey) < 112) 263 #else 264 if (RSA_size(pubkey) * 8 < 2048) 265 #endif 266 errx(1, "Small RSA keys (you provided: %db) can be " 267 "factored cheaply. Please generate a larger key.", 268 RSA_size(pubkey) * 8); 269 270 kdap->kda_encryptedkeysize = RSA_size(pubkey); 271 if (kdap->kda_encryptedkeysize > KERNELDUMP_ENCKEY_MAX_SIZE) { 272 errx(1, "Public key has to be at most %db long.", 273 8 * KERNELDUMP_ENCKEY_MAX_SIZE); 274 } 275 276 kdap->kda_encryptedkey = calloc(1, kdap->kda_encryptedkeysize); 277 if (kdap->kda_encryptedkey == NULL) 278 err(1, "Unable to allocate encrypted key"); 279 280 kdap->kda_encryption = KERNELDUMP_ENC_AES_256_CBC; 281 arc4random_buf(kdap->kda_key, sizeof(kdap->kda_key)); 282 if (RSA_public_encrypt(sizeof(kdap->kda_key), kdap->kda_key, 283 kdap->kda_encryptedkey, pubkey, 284 RSA_PKCS1_PADDING) != (int)kdap->kda_encryptedkeysize) { 285 errx(1, "Unable to encrypt the one-time key."); 286 } 287 RSA_free(pubkey); 288 } 289 #endif 290 291 static void 292 listdumpdev(void) 293 { 294 char dumpdev[PATH_MAX]; 295 struct netdump_conf ndconf; 296 size_t len; 297 const char *sysctlname = "kern.shutdown.dumpdevname"; 298 int fd; 299 300 len = sizeof(dumpdev); 301 if (sysctlbyname(sysctlname, &dumpdev, &len, NULL, 0) != 0) { 302 if (errno == ENOMEM) { 303 err(EX_OSERR, "Kernel returned too large of a buffer for '%s'\n", 304 sysctlname); 305 } else { 306 err(EX_OSERR, "Sysctl get '%s'\n", sysctlname); 307 } 308 } 309 if (strlen(dumpdev) == 0) 310 (void)strlcpy(dumpdev, _PATH_DEVNULL, sizeof(dumpdev)); 311 312 if (verbose) 313 printf("kernel dumps on "); 314 printf("%s\n", dumpdev); 315 316 /* If netdump is enabled, print the configuration parameters. */ 317 if (verbose) { 318 fd = open(_PATH_NETDUMP, O_RDONLY); 319 if (fd < 0) { 320 if (errno != ENOENT) 321 err(EX_OSERR, "opening %s", _PATH_NETDUMP); 322 return; 323 } 324 if (ioctl(fd, NETDUMPGCONF, &ndconf) != 0) { 325 if (errno != ENXIO) 326 err(EX_OSERR, "ioctl(NETDUMPGCONF)"); 327 (void)close(fd); 328 return; 329 } 330 331 printf("server address: %s\n", inet_ntoa(ndconf.ndc_server)); 332 printf("client address: %s\n", inet_ntoa(ndconf.ndc_client)); 333 printf("gateway address: %s\n", inet_ntoa(ndconf.ndc_gateway)); 334 (void)close(fd); 335 } 336 } 337 338 static int 339 opendumpdev(const char *arg, char *dumpdev) 340 { 341 int fd, i; 342 343 if (strncmp(arg, _PATH_DEV, sizeof(_PATH_DEV) - 1) == 0) 344 strlcpy(dumpdev, arg, PATH_MAX); 345 else { 346 i = snprintf(dumpdev, PATH_MAX, "%s%s", _PATH_DEV, arg); 347 if (i < 0) 348 err(EX_OSERR, "%s", arg); 349 if (i >= PATH_MAX) 350 errc(EX_DATAERR, EINVAL, "%s", arg); 351 } 352 353 fd = open(dumpdev, O_RDONLY); 354 if (fd < 0) 355 err(EX_OSFILE, "%s", dumpdev); 356 return (fd); 357 } 358 359 int 360 main(int argc, char *argv[]) 361 { 362 char dumpdev[PATH_MAX]; 363 struct diocskerneldump_arg _kda, *kdap; 364 struct netdump_conf ndconf; 365 struct addrinfo hints, *res; 366 const char *dev, *pubkeyfile, *server, *client, *gateway; 367 int ch, error, fd; 368 bool enable, gzip, list, netdump, zstd; 369 370 gzip = list = netdump = zstd = false; 371 kdap = NULL; 372 pubkeyfile = NULL; 373 server = client = gateway = NULL; 374 375 while ((ch = getopt(argc, argv, "c:g:k:ls:vZz")) != -1) 376 switch ((char)ch) { 377 case 'c': 378 client = optarg; 379 break; 380 case 'g': 381 gateway = optarg; 382 break; 383 case 'k': 384 pubkeyfile = optarg; 385 break; 386 case 'l': 387 list = true; 388 break; 389 case 's': 390 server = optarg; 391 break; 392 case 'v': 393 verbose = 1; 394 break; 395 case 'Z': 396 zstd = true; 397 break; 398 case 'z': 399 gzip = true; 400 break; 401 default: 402 usage(); 403 } 404 405 if (gzip && zstd) 406 errx(EX_USAGE, "The -z and -Z options are mutually exclusive."); 407 408 argc -= optind; 409 argv += optind; 410 411 if (list) { 412 listdumpdev(); 413 exit(EX_OK); 414 } 415 416 if (argc != 1) 417 usage(); 418 419 #ifndef HAVE_CRYPTO 420 if (pubkeyfile != NULL) 421 errx(EX_UNAVAILABLE,"Unable to use the public key." 422 " Recompile dumpon with OpenSSL support."); 423 #endif 424 425 if (server != NULL && client != NULL) { 426 enable = true; 427 dev = _PATH_NETDUMP; 428 netdump = true; 429 kdap = &ndconf.ndc_kda; 430 } else if (server == NULL && client == NULL && argc > 0) { 431 enable = strcmp(argv[0], "off") != 0; 432 dev = enable ? argv[0] : _PATH_DEVNULL; 433 netdump = false; 434 kdap = &_kda; 435 } else 436 usage(); 437 438 fd = opendumpdev(dev, dumpdev); 439 if (!netdump && !gzip) 440 check_size(fd, dumpdev); 441 442 bzero(kdap, sizeof(*kdap)); 443 kdap->kda_enable = 0; 444 if (ioctl(fd, DIOCSKERNELDUMP, kdap) != 0) 445 err(EX_OSERR, "ioctl(DIOCSKERNELDUMP)"); 446 if (!enable) 447 exit(EX_OK); 448 449 explicit_bzero(kdap, sizeof(*kdap)); 450 kdap->kda_enable = 1; 451 kdap->kda_compression = KERNELDUMP_COMP_NONE; 452 if (zstd) 453 kdap->kda_compression = KERNELDUMP_COMP_ZSTD; 454 else if (gzip) 455 kdap->kda_compression = KERNELDUMP_COMP_GZIP; 456 457 if (netdump) { 458 memset(&hints, 0, sizeof(hints)); 459 hints.ai_family = AF_INET; 460 hints.ai_protocol = IPPROTO_UDP; 461 res = NULL; 462 error = getaddrinfo(server, NULL, &hints, &res); 463 if (error != 0) 464 err(1, "%s", gai_strerror(error)); 465 if (res == NULL) 466 errx(1, "failed to resolve '%s'", server); 467 server = inet_ntoa( 468 ((struct sockaddr_in *)(void *)res->ai_addr)->sin_addr); 469 freeaddrinfo(res); 470 471 if (strlcpy(ndconf.ndc_iface, argv[0], 472 sizeof(ndconf.ndc_iface)) >= sizeof(ndconf.ndc_iface)) 473 errx(EX_USAGE, "invalid interface name '%s'", argv[0]); 474 if (inet_aton(server, &ndconf.ndc_server) == 0) 475 errx(EX_USAGE, "invalid server address '%s'", server); 476 if (inet_aton(client, &ndconf.ndc_client) == 0) 477 errx(EX_USAGE, "invalid client address '%s'", client); 478 479 if (gateway == NULL) 480 gateway = server; 481 else if (strcmp(gateway, "default") == 0 && 482 (gateway = find_gateway(argv[0])) == NULL) 483 errx(EX_NOHOST, 484 "failed to look up next-hop router for %s", server); 485 if (inet_aton(gateway, &ndconf.ndc_gateway) == 0) 486 errx(EX_USAGE, "invalid gateway address '%s'", gateway); 487 488 #ifdef HAVE_CRYPTO 489 if (pubkeyfile != NULL) 490 genkey(pubkeyfile, kdap); 491 #endif 492 error = ioctl(fd, NETDUMPSCONF, &ndconf); 493 if (error != 0) 494 error = errno; 495 explicit_bzero(kdap->kda_encryptedkey, 496 kdap->kda_encryptedkeysize); 497 free(kdap->kda_encryptedkey); 498 explicit_bzero(kdap, sizeof(*kdap)); 499 if (error != 0) 500 errc(EX_OSERR, error, "ioctl(NETDUMPSCONF)"); 501 } else { 502 #ifdef HAVE_CRYPTO 503 if (pubkeyfile != NULL) 504 genkey(pubkeyfile, kdap); 505 #endif 506 error = ioctl(fd, DIOCSKERNELDUMP, kdap); 507 if (error != 0) 508 error = errno; 509 explicit_bzero(kdap->kda_encryptedkey, 510 kdap->kda_encryptedkeysize); 511 free(kdap->kda_encryptedkey); 512 explicit_bzero(kdap, sizeof(*kdap)); 513 if (error != 0) 514 errc(EX_OSERR, error, "ioctl(DIOCSKERNELDUMP)"); 515 } 516 if (verbose) 517 printf("kernel dumps on %s\n", dumpdev); 518 519 exit(EX_OK); 520 } 521