]> git.ipfire.org Git - ipfire-2.x.git/blame - src/misc-progs/syslogdctrl.c
binutils: update to 2.18.
[ipfire-2.x.git] / src / misc-progs / syslogdctrl.c
CommitLineData
5b3962de
CS
1/* This file is part of the IPCop Firewall.
2 *
3 * This program is distributed under the terms of the GNU General Public
4 * Licence. See the file COPYING for details.
5 *
6 * Copyright (C) 2003-07-12 Robert Kerr <rkerr@go.to>
7 *
8 * $Id$
9 *
10 * Edited by the IPFire Team to change var log messages
11 */
12
13#include <stdio.h>
14#include <stdlib.h>
15#include <unistd.h>
16#include <string.h>
17#include <sys/stat.h>
18#include <sys/types.h>
19#include <fcntl.h>
20#include <signal.h>
21#include <errno.h>
22#include "libsmooth.h"
23#include "setuid.h"
24
25#define ERR_ANY 1
26#define ERR_SETTINGS 2 /* error in settings file */
d36e6241 27#define ERR_ETC 3 /* error with /etc permissions */
5b3962de
CS
28#define ERR_CONFIG 4 /* error updated sshd_config */
29#define ERR_SYSLOG 5 /* error restarting syslogd */
30
31int main(void)
32{
f81179c3 33 char buffer[STRING_SIZE], command[STRING_SIZE], hostname[STRING_SIZE];
77e9b64c 34 char varmessages[STRING_SIZE], asynclog[STRING_SIZE];
5b3962de
CS
35 int config_fd,rc,fd,pid;
36 struct stat st;
37 struct keyvalue *kv = NULL;
38 memset(buffer, 0, STRING_SIZE);
39 memset(hostname, 0, STRING_SIZE);
40 memset(varmessages, 0, STRING_SIZE);
77e9b64c 41 memset(asynclog, 0, STRING_SIZE);
5b3962de
CS
42
43 if (!(initsetuid()))
44 exit(1);
45
46
47 /* Read in and verify config */
48 kv=initkeyvalues();
49
ca4c317c 50 if (!readkeyvalues(kv, "/var/ipfire/logging/settings"))
5b3962de
CS
51 {
52 fprintf(stderr, "Cannot read syslog settings\n");
53 exit(ERR_SETTINGS);
54 }
55
56 if (!findkey(kv, "ENABLE_REMOTELOG", buffer))
57 {
58 fprintf(stderr, "Cannot read ENABLE_REMOTELOG\n");
59 exit(ERR_SETTINGS);
60 }
61
62 if (!findkey(kv, "REMOTELOG_ADDR", hostname))
63 {
64 fprintf(stderr, "Cannot read REMOTELOG_ADDR\n");
65 exit(ERR_SETTINGS);
66 }
f81179c3 67
77e9b64c 68 if (!findkey(kv, "ENABLE_ASYNCLOG", asynclog))
f81179c3
AF
69 {
70 fprintf(stderr, "Cannot read ENABLE_ASYNCLOG\n");
71 exit(ERR_SETTINGS);
72 }
73
5b3962de
CS
74
75 if (!findkey(kv, "VARMESSAGES", varmessages))
76 {
77 fprintf(stderr, "Cannot read VARMESSAGES\n");
78 exit(ERR_SETTINGS);
79 }
80
81 if (strspn(hostname, VALID_FQDN) != strlen(hostname))
82 {
83 fprintf(stderr, "Bad REMOTELOG_ADDR: %s\n", hostname);
84 exit(ERR_SETTINGS);
85 }
86
87 freekeyvalues(kv);
88
89
d36e6241
CS
90 /* If anyone other than root can write to /etc this would be totally
91 * insecure - same if anyone other than root owns /etc, as they could
5b3962de
CS
92 * change the file mode to give themselves or anyone else write access. */
93
d36e6241 94 if(lstat("/etc",&st))
5b3962de 95 {
d36e6241 96 perror("Unable to stat /etc");
5b3962de
CS
97 exit(ERR_ETC);
98 }
99 if(!S_ISDIR(st.st_mode))
100 {
d36e6241 101 fprintf(stderr, "/etc is not a directory?!\n");
5b3962de
CS
102 exit(ERR_ETC);
103 }
104 if ( st.st_uid != 0 || st.st_mode & S_IWOTH ||
105 ((st.st_gid != 0) && (st.st_mode & S_IWGRP)) )
106 {
d36e6241 107 fprintf(stderr, "/etc is owned/writable by non-root users\n");
5b3962de
CS
108 exit(ERR_ETC);
109 }
110
111 /* O_CREAT with O_EXCL will make open() fail if the file already exists -
112 * mostly to prevent 2 copies running at once */
d36e6241 113 if ((config_fd = open( "/etc/syslog.conf.new", O_WRONLY|O_CREAT|O_EXCL, 0644 )) == -1 )
5b3962de
CS
114 {
115 perror("Unable to open new config file");
116 exit(ERR_CONFIG);
117 }
118
119 if (!strcmp(buffer,"on"))
d36e6241 120 snprintf(buffer, STRING_SIZE - 1, "/bin/sed -e 's/^#\\?\\(\\*\\.\\*[[:blank:]]\\+@\\).\\+$/\\1%s/' /etc/syslog.conf >&%d", hostname, config_fd );
5b3962de 121 else
d36e6241 122 snprintf(buffer, STRING_SIZE - 1, "/bin/sed -e 's/^#\\?\\(\\*\\.\\*[[:blank:]]\\+@.\\+\\)$/#\\1/' /etc/syslog.conf >&%d", config_fd );
5b3962de 123
4c7fa778 124 /* if the return code isn't 0 failsafe */
5b3962de
CS
125 if ((rc = unpriv_system(buffer,99,99)) != 0)
126 {
127 fprintf(stderr, "sed returned bad exit code: %d\n", rc);
128 close(config_fd);
d36e6241 129 unlink("/etc/syslog.conf.new");
5b3962de
CS
130 exit(ERR_CONFIG);
131 }
132 close(config_fd);
4c7fa778
MT
133
134 /* Replace the logging option*/
4c7fa778 135 safe_system("grep -v '/var/log/messages' < /etc/syslog.conf.new > /etc/syslog.conf.tmp && mv /etc/syslog.conf.tmp /etc/syslog.conf.new");
6945083e 136
77e9b64c
CS
137 if (!strcmp(asynclog,"on"))
138 snprintf(command, STRING_SIZE - 1, "printf '%s -/var/log/messages' >> /etc/syslog.conf.new", varmessages );
6945083e 139 else
77e9b64c 140 snprintf(command, STRING_SIZE - 1, "printf '%s /var/log/messages' >> /etc/syslog.conf.new", varmessages );
6945083e 141
4c7fa778
MT
142 safe_system(command);
143
a3d6c878 144 if (rename("/etc/syslog.conf.new", "/etc/syslog.conf") == -1)
5b3962de
CS
145 {
146 perror("Unable to replace old config file");
d36e6241 147 unlink("/etc/syslog.conf.new");
5b3962de
CS
148 exit(ERR_CONFIG);
149 }
150
151
152 /* Get syslogd to read the new config file */
153 if ((fd = open("/var/run/syslogd.pid", O_RDONLY)) == -1)
154 {
155 if(errno == ENOENT)
156 {
157 /* pid file doesn't exists.. restart syslog */
158 if((rc = safe_system("/usr/sbin/syslogd u syslogd -m 0")) == 0 )
159 return 0;
160 else
161 {
162 fprintf(stderr,
163 "Unable to restart syslogd - returned exit code %d\n", rc);
164 exit(ERR_SYSLOG);
165 }
166 } else {
167 /* Something odd is going on, failsafe */
168 perror("Unable to open pid file");
169 exit(ERR_SYSLOG);
170 }
171 }
172
173 memset(buffer, 0, STRING_SIZE);
174 if (read(fd, buffer, STRING_SIZE - 1) == -1)
175 {
176 close(fd);
177 perror("Couldn't read from pid file");
178 exit(ERR_SYSLOG);
179 }
180 close(fd);
181 /* strtol does sanity checks that atoi doesn't do */
182 errno = 0;
183 pid = (int)strtol(buffer, (char **)NULL, 10);
184 if (errno || pid <= 1)
185 {
186 fprintf(stderr, "Bad pid value\n");
187 exit(ERR_SYSLOG);
188 }
189 if (kill(pid, SIGHUP) == -1)
190 {
191 fprintf(stderr, "Unable to send SIGHUP\n");
192 exit(ERR_SYSLOG);
193 }
194
195 return 0;
196}