]>
Commit | Line | Data |
---|---|---|
5b3962de CS |
1 | /* This file is part of the IPCop Firewall. |
2 | * | |
3 | * This program is distributed under the terms of the GNU General Public | |
4 | * Licence. See the file COPYING for details. | |
5 | * | |
6 | * Copyright (C) 2003-07-12 Robert Kerr <rkerr@go.to> | |
7 | * | |
8 | * $Id$ | |
9 | * | |
10 | * Edited by the IPFire Team to change var log messages | |
11 | */ | |
12 | ||
13 | #include <stdio.h> | |
14 | #include <stdlib.h> | |
15 | #include <unistd.h> | |
16 | #include <string.h> | |
17 | #include <sys/stat.h> | |
18 | #include <sys/types.h> | |
19 | #include <fcntl.h> | |
20 | #include <signal.h> | |
21 | #include <errno.h> | |
52e54c1c | 22 | |
5b3962de CS |
23 | #include "libsmooth.h" |
24 | #include "setuid.h" | |
52e54c1c | 25 | #include "netutil.h" |
5b3962de CS |
26 | |
27 | #define ERR_ANY 1 | |
28 | #define ERR_SETTINGS 2 /* error in settings file */ | |
d36e6241 | 29 | #define ERR_ETC 3 /* error with /etc permissions */ |
5b3962de CS |
30 | #define ERR_CONFIG 4 /* error updated sshd_config */ |
31 | #define ERR_SYSLOG 5 /* error restarting syslogd */ | |
32 | ||
33 | int main(void) | |
34 | { | |
f81179c3 | 35 | char buffer[STRING_SIZE], command[STRING_SIZE], hostname[STRING_SIZE]; |
77e9b64c | 36 | char varmessages[STRING_SIZE], asynclog[STRING_SIZE]; |
5b3962de CS |
37 | int config_fd,rc,fd,pid; |
38 | struct stat st; | |
39 | struct keyvalue *kv = NULL; | |
40 | memset(buffer, 0, STRING_SIZE); | |
41 | memset(hostname, 0, STRING_SIZE); | |
42 | memset(varmessages, 0, STRING_SIZE); | |
77e9b64c | 43 | memset(asynclog, 0, STRING_SIZE); |
5b3962de CS |
44 | |
45 | if (!(initsetuid())) | |
46 | exit(1); | |
47 | ||
48 | ||
49 | /* Read in and verify config */ | |
50 | kv=initkeyvalues(); | |
51 | ||
ca4c317c | 52 | if (!readkeyvalues(kv, "/var/ipfire/logging/settings")) |
5b3962de CS |
53 | { |
54 | fprintf(stderr, "Cannot read syslog settings\n"); | |
55 | exit(ERR_SETTINGS); | |
56 | } | |
57 | ||
58 | if (!findkey(kv, "ENABLE_REMOTELOG", buffer)) | |
59 | { | |
60 | fprintf(stderr, "Cannot read ENABLE_REMOTELOG\n"); | |
61 | exit(ERR_SETTINGS); | |
62 | } | |
63 | ||
64 | if (!findkey(kv, "REMOTELOG_ADDR", hostname)) | |
65 | { | |
66 | fprintf(stderr, "Cannot read REMOTELOG_ADDR\n"); | |
67 | exit(ERR_SETTINGS); | |
68 | } | |
f81179c3 | 69 | |
77e9b64c | 70 | if (!findkey(kv, "ENABLE_ASYNCLOG", asynclog)) |
f81179c3 AF |
71 | { |
72 | fprintf(stderr, "Cannot read ENABLE_ASYNCLOG\n"); | |
73 | exit(ERR_SETTINGS); | |
74 | } | |
75 | ||
5b3962de CS |
76 | |
77 | if (!findkey(kv, "VARMESSAGES", varmessages)) | |
78 | { | |
79 | fprintf(stderr, "Cannot read VARMESSAGES\n"); | |
80 | exit(ERR_SETTINGS); | |
81 | } | |
82 | ||
83 | if (strspn(hostname, VALID_FQDN) != strlen(hostname)) | |
84 | { | |
85 | fprintf(stderr, "Bad REMOTELOG_ADDR: %s\n", hostname); | |
86 | exit(ERR_SETTINGS); | |
87 | } | |
88 | ||
89 | freekeyvalues(kv); | |
90 | ||
91 | ||
d36e6241 CS |
92 | /* If anyone other than root can write to /etc this would be totally |
93 | * insecure - same if anyone other than root owns /etc, as they could | |
5b3962de CS |
94 | * change the file mode to give themselves or anyone else write access. */ |
95 | ||
d36e6241 | 96 | if(lstat("/etc",&st)) |
5b3962de | 97 | { |
d36e6241 | 98 | perror("Unable to stat /etc"); |
5b3962de CS |
99 | exit(ERR_ETC); |
100 | } | |
101 | if(!S_ISDIR(st.st_mode)) | |
102 | { | |
d36e6241 | 103 | fprintf(stderr, "/etc is not a directory?!\n"); |
5b3962de CS |
104 | exit(ERR_ETC); |
105 | } | |
106 | if ( st.st_uid != 0 || st.st_mode & S_IWOTH || | |
107 | ((st.st_gid != 0) && (st.st_mode & S_IWGRP)) ) | |
108 | { | |
d36e6241 | 109 | fprintf(stderr, "/etc is owned/writable by non-root users\n"); |
5b3962de CS |
110 | exit(ERR_ETC); |
111 | } | |
112 | ||
113 | /* O_CREAT with O_EXCL will make open() fail if the file already exists - | |
114 | * mostly to prevent 2 copies running at once */ | |
d36e6241 | 115 | if ((config_fd = open( "/etc/syslog.conf.new", O_WRONLY|O_CREAT|O_EXCL, 0644 )) == -1 ) |
5b3962de CS |
116 | { |
117 | perror("Unable to open new config file"); | |
118 | exit(ERR_CONFIG); | |
119 | } | |
120 | ||
121 | if (!strcmp(buffer,"on")) | |
d36e6241 | 122 | snprintf(buffer, STRING_SIZE - 1, "/bin/sed -e 's/^#\\?\\(\\*\\.\\*[[:blank:]]\\+@\\).\\+$/\\1%s/' /etc/syslog.conf >&%d", hostname, config_fd ); |
5b3962de | 123 | else |
d36e6241 | 124 | snprintf(buffer, STRING_SIZE - 1, "/bin/sed -e 's/^#\\?\\(\\*\\.\\*[[:blank:]]\\+@.\\+\\)$/#\\1/' /etc/syslog.conf >&%d", config_fd ); |
5b3962de | 125 | |
4c7fa778 | 126 | /* if the return code isn't 0 failsafe */ |
5b3962de CS |
127 | if ((rc = unpriv_system(buffer,99,99)) != 0) |
128 | { | |
129 | fprintf(stderr, "sed returned bad exit code: %d\n", rc); | |
130 | close(config_fd); | |
d36e6241 | 131 | unlink("/etc/syslog.conf.new"); |
5b3962de CS |
132 | exit(ERR_CONFIG); |
133 | } | |
134 | close(config_fd); | |
4c7fa778 MT |
135 | |
136 | /* Replace the logging option*/ | |
4c7fa778 | 137 | safe_system("grep -v '/var/log/messages' < /etc/syslog.conf.new > /etc/syslog.conf.tmp && mv /etc/syslog.conf.tmp /etc/syslog.conf.new"); |
6945083e | 138 | |
77e9b64c CS |
139 | if (!strcmp(asynclog,"on")) |
140 | snprintf(command, STRING_SIZE - 1, "printf '%s -/var/log/messages' >> /etc/syslog.conf.new", varmessages ); | |
6945083e | 141 | else |
77e9b64c | 142 | snprintf(command, STRING_SIZE - 1, "printf '%s /var/log/messages' >> /etc/syslog.conf.new", varmessages ); |
6945083e | 143 | |
4c7fa778 MT |
144 | safe_system(command); |
145 | ||
a3d6c878 | 146 | if (rename("/etc/syslog.conf.new", "/etc/syslog.conf") == -1) |
5b3962de CS |
147 | { |
148 | perror("Unable to replace old config file"); | |
d36e6241 | 149 | unlink("/etc/syslog.conf.new"); |
5b3962de CS |
150 | exit(ERR_CONFIG); |
151 | } | |
152 | ||
153 | ||
154 | /* Get syslogd to read the new config file */ | |
155 | if ((fd = open("/var/run/syslogd.pid", O_RDONLY)) == -1) | |
156 | { | |
157 | if(errno == ENOENT) | |
158 | { | |
159 | /* pid file doesn't exists.. restart syslog */ | |
160 | if((rc = safe_system("/usr/sbin/syslogd u syslogd -m 0")) == 0 ) | |
161 | return 0; | |
162 | else | |
163 | { | |
164 | fprintf(stderr, | |
165 | "Unable to restart syslogd - returned exit code %d\n", rc); | |
166 | exit(ERR_SYSLOG); | |
167 | } | |
168 | } else { | |
169 | /* Something odd is going on, failsafe */ | |
170 | perror("Unable to open pid file"); | |
171 | exit(ERR_SYSLOG); | |
172 | } | |
173 | } | |
174 | ||
175 | memset(buffer, 0, STRING_SIZE); | |
176 | if (read(fd, buffer, STRING_SIZE - 1) == -1) | |
177 | { | |
178 | close(fd); | |
179 | perror("Couldn't read from pid file"); | |
180 | exit(ERR_SYSLOG); | |
181 | } | |
182 | close(fd); | |
183 | /* strtol does sanity checks that atoi doesn't do */ | |
184 | errno = 0; | |
185 | pid = (int)strtol(buffer, (char **)NULL, 10); | |
186 | if (errno || pid <= 1) | |
187 | { | |
188 | fprintf(stderr, "Bad pid value\n"); | |
189 | exit(ERR_SYSLOG); | |
190 | } | |
191 | if (kill(pid, SIGHUP) == -1) | |
192 | { | |
193 | fprintf(stderr, "Unable to send SIGHUP\n"); | |
194 | exit(ERR_SYSLOG); | |
195 | } | |
196 | ||
197 | return 0; | |
198 | } |