]> git.ipfire.org Git - ipfire-2.x.git/blob - src/misc-progs/syslogdctrl.c
projects / ipfire-2.x.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge branch 'ipsec' into next
[ipfire-2.x.git] / src / misc-progs / syslogdctrl.c
1 /* This file is part of the IPCop Firewall.
2 *
3 * This program is distributed under the terms of the GNU General Public
4 * Licence. See the file COPYING for details.
5 *
6 * Copyright (C) 2003-07-12 Robert Kerr <rkerr@go.to>
7 *
8 * $Id$
9 *
10 * Edited by the IPFire Team to change var log messages
11 */
12
13 #include <stdio.h>
14 #include <stdlib.h>
15 #include <unistd.h>
16 #include <string.h>
17 #include <sys/stat.h>
18 #include <sys/types.h>
19 #include <fcntl.h>
20 #include <signal.h>
21 #include <errno.h>
22
23 #include "libsmooth.h"
24 #include "setuid.h"
25 #include "netutil.h"
26
27 #define ERR_ANY 1
28 #define ERR_SETTINGS 2 /* error in settings file */
29 #define ERR_ETC 3 /* error with /etc permissions */
30 #define ERR_CONFIG 4 /* error updating syslogd config */
31 #define ERR_SYSLOG 5 /* error restarting syslogd */
32
33 int main(void)
34 {
35 char buffer[STRING_SIZE], command[STRING_SIZE], hostname[STRING_SIZE], protocol[STRING_SIZE];
36 char varmessages[STRING_SIZE], asynclog[STRING_SIZE];
37 int config_fd,rc,fd,pid;
38 struct stat st;
39 struct keyvalue *kv = NULL;
40 memset(buffer, 0, STRING_SIZE);
41 memset(hostname, 0, STRING_SIZE);
42 memset(protocol, 0, STRING_SIZE);
43 memset(varmessages, 0, STRING_SIZE);
44 memset(asynclog, 0, STRING_SIZE);
45
46 if (!(initsetuid()))
47 exit(1);
48
49
50 /* Read in and verify config */
51 kv=initkeyvalues();
52
53 if (!readkeyvalues(kv, "/var/ipfire/logging/settings"))
54 {
55 fprintf(stderr, "Cannot read syslog settings\n");
56 exit(ERR_SETTINGS);
57 }
58
59 if (!findkey(kv, "ENABLE_REMOTELOG", buffer))
60 {
61 fprintf(stderr, "Cannot read ENABLE_REMOTELOG\n");
62 exit(ERR_SETTINGS);
63 }
64
65 if (!findkey(kv, "REMOTELOG_ADDR", hostname))
66 {
67 fprintf(stderr, "Cannot read REMOTELOG_ADDR\n");
68 exit(ERR_SETTINGS);
69 }
70
71 if (!findkey(kv, "REMOTELOG_PROTOCOL", protocol))
72 {
73 /* fall back to UDP if no protocol was given */
74 strcpy(protocol, "udp");
75 }
76
77 if (strspn(hostname, VALID_FQDN) != strlen(hostname))
78 {
79 fprintf(stderr, "Bad REMOTELOG_ADDR: %s\n", hostname);
80 exit(ERR_SETTINGS);
81 }
82
83 freekeyvalues(kv);
84
85
86 /* If anyone other than root can write to /etc this would be totally
87 * insecure - same if anyone other than root owns /etc, as they could
88 * change the file mode to give themselves or anyone else write access. */
89
90 if(lstat("/etc",&st))
91 {
92 perror("Unable to stat /etc");
93 exit(ERR_ETC);
94 }
95 if(!S_ISDIR(st.st_mode))
96 {
97 fprintf(stderr, "/etc is not a directory?!\n");
98 exit(ERR_ETC);
99 }
100 if ( st.st_uid != 0 || st.st_mode & S_IWOTH ||
101 ((st.st_gid != 0) && (st.st_mode & S_IWGRP)) )
102 {
103 fprintf(stderr, "/etc is owned/writable by non-root users\n");
104 exit(ERR_ETC);
105 }
106
107 /* O_CREAT with O_EXCL will make open() fail if the file already exists -
108 * mostly to prevent 2 copies running at once */
109 if ((config_fd = open( "/etc/syslog.conf.new", O_WRONLY|O_CREAT|O_EXCL, 0644 )) == -1 )
110 {
111 perror("Unable to open new config file");
112 exit(ERR_CONFIG);
113 }
114
115 if (!strcmp(buffer,"on"))
116 {
117 /* check which transmission protocol was given */
118 if (strcmp(protocol, "tcp") == 0)
119 {
120 /* write line for TCP */
121 snprintf(buffer, STRING_SIZE - 1, "/bin/sed -e 's/^#\\?\\(\\*\\.\\*[[:blank:]]\\+\\)@@\\?.\\+$/\\1@@%s/' /etc/syslog.conf >&%d", hostname, config_fd);
122 }
123 else
124 {
125 /* write line for UDP */
126 snprintf(buffer, STRING_SIZE - 1, "/bin/sed -e 's/^#\\?\\(\\*\\.\\*[[:blank:]]\\+\\)@@\\?.\\+$/\\1@%s/' /etc/syslog.conf >&%d", hostname, config_fd);
127 }
128 }
129 else
130 {
131 /* if remote syslog has been disabled */
132 snprintf(buffer, STRING_SIZE - 1, "/bin/sed -e 's/^#\\?\\(\\*\\.\\*[[:blank:]]\\+@@\\?.\\+\\)$/#\\1/' /etc/syslog.conf >&%d", config_fd );
133 }
134
135 /* if the return code isn't 0 failsafe */
136 if ((rc = unpriv_system(buffer,99,99)) != 0)
137 {
138 fprintf(stderr, "sed returned bad exit code: %d\n", rc);
139 close(config_fd);
140 unlink("/etc/syslog.conf.new");
141 exit(ERR_CONFIG);
142 }
143 close(config_fd);
144
145 if (rename("/etc/syslog.conf.new", "/etc/syslog.conf") == -1)
146 {
147 perror("Unable to replace old config file");
148 unlink("/etc/syslog.conf.new");
149 exit(ERR_CONFIG);
150 }
151
152
153 /* Get syslogd to read the new config file */
154 if ((fd = open("/var/run/syslogd.pid", O_RDONLY)) == -1)
155 {
156 if(errno == ENOENT)
157 {
158 /* pid file doesn't exists.. restart syslog */
159 if((rc = safe_system("/usr/sbin/syslogd u syslogd -m 0")) == 0 )
160 return 0;
161 else
162 {
163 fprintf(stderr,
164 "Unable to restart syslogd - returned exit code %d\n", rc);
165 exit(ERR_SYSLOG);
166 }
167 } else {
168 /* Something odd is going on, failsafe */
169 perror("Unable to open pid file");
170 exit(ERR_SYSLOG);
171 }
172 }
173
174 memset(buffer, 0, STRING_SIZE);
175 if (read(fd, buffer, STRING_SIZE - 1) == -1)
176 {
177 close(fd);
178 perror("Couldn't read from pid file");
179 exit(ERR_SYSLOG);
180 }
181 close(fd);
182 /* strtol does sanity checks that atoi doesn't do */
183 errno = 0;
184 pid = (int)strtol(buffer, (char **)NULL, 10);
185 if (errno || pid <= 1)
186 {
187 fprintf(stderr, "Bad pid value\n");
188 exit(ERR_SYSLOG);
189 }
190 if (kill(pid, SIGHUP) == -1)
191 {
192 fprintf(stderr, "Unable to send SIGHUP\n");
193 exit(ERR_SYSLOG);
194 }
195
196 return 0;
197 }
IPFire 2.x development tree