[ipfire-2.x.git] / src / misc-progs / syslogdctrl.c

/* This file is part of the IPCop Firewall.
 *
 * This program is distributed under the terms of the GNU General Public
 * Licence.  See the file COPYING for details.
 *
 * Copyright (C) 2003-07-12 Robert Kerr <rkerr@go.to>
 *
 * $Id$
 *
 * Edited by the IPFire Team to change var log messages 
 */

#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <string.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <fcntl.h>
#include <signal.h>
#include <errno.h>

#include "libsmooth.h"
#include "setuid.h"
#include "netutil.h"

#define ERR_ANY 1
#define ERR_SETTINGS 2    /* error in settings file */
#define ERR_ETC 3         /* error with /etc permissions */
#define ERR_CONFIG 4      /* error updated sshd_config */
#define ERR_SYSLOG 5      /* error restarting syslogd */

int main(void)
{
   char buffer[STRING_SIZE], command[STRING_SIZE], hostname[STRING_SIZE];
   char varmessages[STRING_SIZE], asynclog[STRING_SIZE];
   int config_fd,rc,fd,pid;
   struct stat st;
   struct keyvalue *kv = NULL;
   memset(buffer, 0, STRING_SIZE);
   memset(hostname, 0, STRING_SIZE);
   memset(varmessages, 0, STRING_SIZE);
   memset(asynclog, 0, STRING_SIZE);

   if (!(initsetuid()))
      exit(1);


   /* Read in and verify config */
   kv=initkeyvalues();

   if (!readkeyvalues(kv, "/var/ipfire/logging/settings"))
   {
      fprintf(stderr, "Cannot read syslog settings\n");
      exit(ERR_SETTINGS);
   }

   if (!findkey(kv, "ENABLE_REMOTELOG", buffer))
   {
      fprintf(stderr, "Cannot read ENABLE_REMOTELOG\n");
      exit(ERR_SETTINGS);
   }

   if (!findkey(kv, "REMOTELOG_ADDR", hostname))
   {
      fprintf(stderr, "Cannot read REMOTELOG_ADDR\n");
      exit(ERR_SETTINGS);
   }

   if (!findkey(kv, "ENABLE_ASYNCLOG", asynclog))
   {
      fprintf(stderr, "Cannot read ENABLE_ASYNCLOG\n");
      exit(ERR_SETTINGS);
   }

   
   if (!findkey(kv, "VARMESSAGES", varmessages))
   {
      fprintf(stderr, "Cannot read VARMESSAGES\n");
      exit(ERR_SETTINGS);
   }

   if (strspn(hostname, VALID_FQDN) != strlen(hostname))
   {
      fprintf(stderr, "Bad REMOTELOG_ADDR: %s\n", hostname);
      exit(ERR_SETTINGS);
   }

   freekeyvalues(kv);


   /* If anyone other than root can write to /etc this would be totally
    * insecure - same if anyone other than root owns /etc, as they could
    * change the file mode to give themselves or anyone else write access. */

   if(lstat("/etc",&st))
   {
      perror("Unable to stat /etc");
      exit(ERR_ETC);
   }
   if(!S_ISDIR(st.st_mode))
   {
      fprintf(stderr, "/etc is not a directory?!\n");
      exit(ERR_ETC);
   }
   if ( st.st_uid != 0  ||  st.st_mode & S_IWOTH ||
      ((st.st_gid != 0) && (st.st_mode & S_IWGRP)) )
   {
      fprintf(stderr, "/etc is owned/writable by non-root users\n");
      exit(ERR_ETC);
   }

   /* O_CREAT with O_EXCL will make open() fail if the file already exists -
    * mostly to prevent 2 copies running at once */
   if ((config_fd = open( "/etc/syslog.conf.new", O_WRONLY|O_CREAT|O_EXCL, 0644 )) == -1 )
   {
      perror("Unable to open new config file");
      exit(ERR_CONFIG);
   }

   if (!strcmp(buffer,"on"))
      snprintf(buffer, STRING_SIZE - 1, "/bin/sed -e 's/^#\\?\\(\\*\\.\\*[[:blank:]]\\+@\\).\\+$/\\1%s/' /etc/syslog.conf >&%d", hostname, config_fd );
   else
      snprintf(buffer, STRING_SIZE - 1, "/bin/sed -e 's/^#\\?\\(\\*\\.\\*[[:blank:]]\\+@.\\+\\)$/#\\1/' /etc/syslog.conf >&%d", config_fd );

     /* if the return code isn't 0 failsafe */
   if ((rc = unpriv_system(buffer,99,99)) != 0)
   {
      fprintf(stderr, "sed returned bad exit code: %d\n", rc);
      close(config_fd);
      unlink("/etc/syslog.conf.new");
      exit(ERR_CONFIG);
   }
   close(config_fd);
   
   /* Replace the logging option*/
     safe_system("grep -v '/var/log/messages' < /etc/syslog.conf.new > /etc/syslog.conf.tmp && mv /etc/syslog.conf.tmp /etc/syslog.conf.new");
   
   if (!strcmp(asynclog,"on"))
     snprintf(command, STRING_SIZE - 1, "printf '%s     -/var/log/messages' >> /etc/syslog.conf.new", varmessages );
   else
     snprintf(command, STRING_SIZE - 1, "printf '%s     /var/log/messages' >> /etc/syslog.conf.new", varmessages );

     safe_system(command);

   if (rename("/etc/syslog.conf.new", "/etc/syslog.conf") == -1)
   {
      perror("Unable to replace old config file");
      unlink("/etc/syslog.conf.new");
      exit(ERR_CONFIG);
   }


   /* Get syslogd to read the new config file */
   if ((fd = open("/var/run/syslogd.pid", O_RDONLY)) == -1)
   {
      if(errno == ENOENT)
      {
         /* pid file doesn't exists.. restart syslog */
         if((rc = safe_system("/usr/sbin/syslogd u syslogd -m 0")) == 0 )
            return 0;
         else
         {
            fprintf(stderr,
               "Unable to restart syslogd - returned exit code %d\n", rc);
            exit(ERR_SYSLOG);
         }
      } else {
         /* Something odd is going on, failsafe */
         perror("Unable to open pid file");
         exit(ERR_SYSLOG);
      }
   }

   memset(buffer, 0, STRING_SIZE);
   if (read(fd, buffer, STRING_SIZE - 1) == -1)
   {
      close(fd);
      perror("Couldn't read from pid file");
      exit(ERR_SYSLOG);
   }
   close(fd);
   /* strtol does sanity checks that atoi doesn't do */
   errno = 0;
   pid = (int)strtol(buffer, (char **)NULL, 10);
   if (errno || pid <= 1)
   {
      fprintf(stderr, "Bad pid value\n");
      exit(ERR_SYSLOG);
   }
   if (kill(pid, SIGHUP) == -1)
   {
      fprintf(stderr, "Unable to send SIGHUP\n");
      exit(ERR_SYSLOG);
   }

   return 0;
}
Commit	Line	Data
5b3962de CS	1	/* This file is part of the IPCop Firewall.
	2	*
	3	* This program is distributed under the terms of the GNU General Public
	4	* Licence. See the file COPYING for details.
	5	*
	6	* Copyright (C) 2003-07-12 Robert Kerr <rkerr@go.to>
	7	*
	8	* $Id$
	9	*
	10	* Edited by the IPFire Team to change var log messages
	11	*/
	12
	13	#include <stdio.h>
	14	#include <stdlib.h>
	15	#include <unistd.h>
	16	#include <string.h>
	17	#include <sys/stat.h>
	18	#include <sys/types.h>
	19	#include <fcntl.h>
	20	#include <signal.h>
	21	#include <errno.h>
52e54c1c	22
5b3962de CS	23	#include "libsmooth.h"
5b3962de CS	24	#include "setuid.h"
52e54c1c	25	#include "netutil.h"
5b3962de CS	26
	27	#define ERR_ANY 1
	28	#define ERR_SETTINGS 2 /* error in settings file */
d36e6241	29	#define ERR_ETC 3 /* error with /etc permissions */
5b3962de CS	30	#define ERR_CONFIG 4 /* error updated sshd_config */
	31	#define ERR_SYSLOG 5 /* error restarting syslogd */
	32
	33	int main(void)
	34	{
f81179c3	35	char buffer[STRING_SIZE], command[STRING_SIZE], hostname[STRING_SIZE];
77e9b64c	36	char varmessages[STRING_SIZE], asynclog[STRING_SIZE];
5b3962de CS	37	int config_fd,rc,fd,pid;
	38	struct stat st;
	39	struct keyvalue *kv = NULL;
	40	memset(buffer, 0, STRING_SIZE);
	41	memset(hostname, 0, STRING_SIZE);
	42	memset(varmessages, 0, STRING_SIZE);
77e9b64c	43	memset(asynclog, 0, STRING_SIZE);
5b3962de CS	44
	45	if (!(initsetuid()))
	46	exit(1);
	47
	48
	49	/* Read in and verify config */
	50	kv=initkeyvalues();
	51
ca4c317c	52	if (!readkeyvalues(kv, "/var/ipfire/logging/settings"))
5b3962de CS	53	{
	54	fprintf(stderr, "Cannot read syslog settings\n");
	55	exit(ERR_SETTINGS);
	56	}
	57
	58	if (!findkey(kv, "ENABLE_REMOTELOG", buffer))
	59	{
	60	fprintf(stderr, "Cannot read ENABLE_REMOTELOG\n");
	61	exit(ERR_SETTINGS);
	62	}
	63
	64	if (!findkey(kv, "REMOTELOG_ADDR", hostname))
	65	{
	66	fprintf(stderr, "Cannot read REMOTELOG_ADDR\n");
	67	exit(ERR_SETTINGS);
	68	}
f81179c3	69
77e9b64c	70	if (!findkey(kv, "ENABLE_ASYNCLOG", asynclog))
f81179c3 AF	71	{
	72	fprintf(stderr, "Cannot read ENABLE_ASYNCLOG\n");
	73	exit(ERR_SETTINGS);
	74	}
	75
5b3962de CS	76
	77	if (!findkey(kv, "VARMESSAGES", varmessages))
	78	{
	79	fprintf(stderr, "Cannot read VARMESSAGES\n");
	80	exit(ERR_SETTINGS);
	81	}
	82
	83	if (strspn(hostname, VALID_FQDN) != strlen(hostname))
	84	{
	85	fprintf(stderr, "Bad REMOTELOG_ADDR: %s\n", hostname);
	86	exit(ERR_SETTINGS);
	87	}
	88
	89	freekeyvalues(kv);
	90
	91
d36e6241 CS	92	/* If anyone other than root can write to /etc this would be totally
d36e6241 CS	93	* insecure - same if anyone other than root owns /etc, as they could
5b3962de CS	94	* change the file mode to give themselves or anyone else write access. */
5b3962de CS	95
d36e6241	96	if(lstat("/etc",&st))
5b3962de	97	{
d36e6241	98	perror("Unable to stat /etc");
5b3962de CS	99	exit(ERR_ETC);
	100	}
	101	if(!S_ISDIR(st.st_mode))
	102	{
d36e6241	103	fprintf(stderr, "/etc is not a directory?!\n");
5b3962de CS	104	exit(ERR_ETC);
	105	}
	106	if ( st.st_uid != 0 \|\| st.st_mode & S_IWOTH \|\|
	107	((st.st_gid != 0) && (st.st_mode & S_IWGRP)) )
	108	{
d36e6241	109	fprintf(stderr, "/etc is owned/writable by non-root users\n");
5b3962de CS	110	exit(ERR_ETC);
	111	}
	112
	113	/* O_CREAT with O_EXCL will make open() fail if the file already exists -
	114	* mostly to prevent 2 copies running at once */
d36e6241	115	if ((config_fd = open( "/etc/syslog.conf.new", O_WRONLY\|O_CREAT\|O_EXCL, 0644 )) == -1 )
5b3962de CS	116	{
	117	perror("Unable to open new config file");
	118	exit(ERR_CONFIG);
	119	}
	120
	121	if (!strcmp(buffer,"on"))
d36e6241	122	snprintf(buffer, STRING_SIZE - 1, "/bin/sed -e 's/^#\\?\\(\\\\.\\[[:blank:]]\\+@\\).\\+$/\\1%s/' /etc/syslog.conf >&%d", hostname, config_fd );
5b3962de	123	else
d36e6241	124	snprintf(buffer, STRING_SIZE - 1, "/bin/sed -e 's/^#\\?\\(\\\\.\\[[:blank:]]\\+@.\\+\\)$/#\\1/' /etc/syslog.conf >&%d", config_fd );
5b3962de	125
4c7fa778	126	/* if the return code isn't 0 failsafe */
5b3962de CS	127	if ((rc = unpriv_system(buffer,99,99)) != 0)
	128	{
	129	fprintf(stderr, "sed returned bad exit code: %d\n", rc);
	130	close(config_fd);
d36e6241	131	unlink("/etc/syslog.conf.new");
5b3962de CS	132	exit(ERR_CONFIG);
	133	}
	134	close(config_fd);
4c7fa778 MT	135
4c7fa778 MT	136	/* Replace the logging option*/
4c7fa778	137	safe_system("grep -v '/var/log/messages' < /etc/syslog.conf.new > /etc/syslog.conf.tmp && mv /etc/syslog.conf.tmp /etc/syslog.conf.new");
6945083e	138
77e9b64c CS	139	if (!strcmp(asynclog,"on"))
77e9b64c CS	140	snprintf(command, STRING_SIZE - 1, "printf '%s -/var/log/messages' >> /etc/syslog.conf.new", varmessages );
6945083e	141	else
77e9b64c	142	snprintf(command, STRING_SIZE - 1, "printf '%s /var/log/messages' >> /etc/syslog.conf.new", varmessages );
6945083e	143
4c7fa778 MT	144	safe_system(command);
4c7fa778 MT	145
a3d6c878	146	if (rename("/etc/syslog.conf.new", "/etc/syslog.conf") == -1)
5b3962de CS	147	{
5b3962de CS	148	perror("Unable to replace old config file");
d36e6241	149	unlink("/etc/syslog.conf.new");
5b3962de CS	150	exit(ERR_CONFIG);
	151	}
	152
	153
	154	/* Get syslogd to read the new config file */
	155	if ((fd = open("/var/run/syslogd.pid", O_RDONLY)) == -1)
	156	{
	157	if(errno == ENOENT)
	158	{
	159	/* pid file doesn't exists.. restart syslog */
	160	if((rc = safe_system("/usr/sbin/syslogd u syslogd -m 0")) == 0 )
	161	return 0;
	162	else
	163	{
	164	fprintf(stderr,
	165	"Unable to restart syslogd - returned exit code %d\n", rc);
	166	exit(ERR_SYSLOG);
	167	}
	168	} else {
	169	/* Something odd is going on, failsafe */
	170	perror("Unable to open pid file");
	171	exit(ERR_SYSLOG);
	172	}
	173	}
	174
	175	memset(buffer, 0, STRING_SIZE);
	176	if (read(fd, buffer, STRING_SIZE - 1) == -1)
	177	{
	178	close(fd);
	179	perror("Couldn't read from pid file");
	180	exit(ERR_SYSLOG);
	181	}
	182	close(fd);
	183	/* strtol does sanity checks that atoi doesn't do */
	184	errno = 0;
	185	pid = (int)strtol(buffer, (char **)NULL, 10);
	186	if (errno \|\| pid <= 1)
	187	{
	188	fprintf(stderr, "Bad pid value\n");
	189	exit(ERR_SYSLOG);
	190	}
	191	if (kill(pid, SIGHUP) == -1)
	192	{
	193	fprintf(stderr, "Unable to send SIGHUP\n");
	194	exit(ERR_SYSLOG);
	195	}
	196
	197	return 0;
	198	}