]> git.ipfire.org Git - people/pmueller/ipfire-2.x.git/blob - src/misc-progs/syslogdctrl.c
projects / people / pmueller / ipfire-2.x.git / blob
? search:


a470e47edbf50a61eb54d2348ebd8c1a72b739b3
[people/pmueller/ipfire-2.x.git] / src / misc-progs / syslogdctrl.c
1 /* This file is part of the IPCop Firewall.
2 *
3 * This program is distributed under the terms of the GNU General Public
4 * Licence. See the file COPYING for details.
5 *
6 * Copyright (C) 2003-07-12 Robert Kerr <rkerr@go.to>
7 *
8 * $Id$
9 *
10 * Edited by the IPFire Team to change var log messages
11 */
12
13 #include <stdio.h>
14 #include <stdlib.h>
15 #include <unistd.h>
16 #include <string.h>
17 #include <sys/stat.h>
18 #include <sys/types.h>
19 #include <fcntl.h>
20 #include <signal.h>
21 #include <errno.h>
22 #include "libsmooth.h"
23 #include "setuid.h"
24
25 #define ERR_ANY 1
26 #define ERR_SETTINGS 2 /* error in settings file */
27 #define ERR_ETC 3 /* error with /etc permissions */
28 #define ERR_CONFIG 4 /* error updated sshd_config */
29 #define ERR_SYSLOG 5 /* error restarting syslogd */
30
31 int main(void)
32 {
33 char buffer[STRING_SIZE], command[STRING_SIZE], hostname[STRING_SIZE];
34 char varmessages[STRING_SIZE], enable_asynclog[STRING_SIZE];
35 int config_fd,rc,fd,pid;
36 struct stat st;
37 struct keyvalue *kv = NULL;
38 memset(buffer, 0, STRING_SIZE);
39 memset(hostname, 0, STRING_SIZE);
40 memset(varmessages, 0, STRING_SIZE);
41
42 if (!(initsetuid()))
43 exit(1);
44
45
46 /* Read in and verify config */
47 kv=initkeyvalues();
48
49 if (!readkeyvalues(kv, "/var/ipfire/logging/settings"))
50 {
51 fprintf(stderr, "Cannot read syslog settings\n");
52 exit(ERR_SETTINGS);
53 }
54
55 if (!findkey(kv, "ENABLE_REMOTELOG", buffer))
56 {
57 fprintf(stderr, "Cannot read ENABLE_REMOTELOG\n");
58 exit(ERR_SETTINGS);
59 }
60
61 if (!findkey(kv, "REMOTELOG_ADDR", hostname))
62 {
63 fprintf(stderr, "Cannot read REMOTELOG_ADDR\n");
64 exit(ERR_SETTINGS);
65 }
66
67 if (!findkey(kv, "ENABLE_ASYNCLOG", enable_asynclog))
68 {
69 fprintf(stderr, "Cannot read ENABLE_ASYNCLOG\n");
70 exit(ERR_SETTINGS);
71 }
72
73
74 if (!findkey(kv, "VARMESSAGES", varmessages))
75 {
76 fprintf(stderr, "Cannot read VARMESSAGES\n");
77 exit(ERR_SETTINGS);
78 }
79
80 if (strspn(hostname, VALID_FQDN) != strlen(hostname))
81 {
82 fprintf(stderr, "Bad REMOTELOG_ADDR: %s\n", hostname);
83 exit(ERR_SETTINGS);
84 }
85
86 freekeyvalues(kv);
87
88
89 /* If anyone other than root can write to /etc this would be totally
90 * insecure - same if anyone other than root owns /etc, as they could
91 * change the file mode to give themselves or anyone else write access. */
92
93 if(lstat("/etc",&st))
94 {
95 perror("Unable to stat /etc");
96 exit(ERR_ETC);
97 }
98 if(!S_ISDIR(st.st_mode))
99 {
100 fprintf(stderr, "/etc is not a directory?!\n");
101 exit(ERR_ETC);
102 }
103 if ( st.st_uid != 0 || st.st_mode & S_IWOTH ||
104 ((st.st_gid != 0) && (st.st_mode & S_IWGRP)) )
105 {
106 fprintf(stderr, "/etc is owned/writable by non-root users\n");
107 exit(ERR_ETC);
108 }
109
110 /* O_CREAT with O_EXCL will make open() fail if the file already exists -
111 * mostly to prevent 2 copies running at once */
112 if ((config_fd = open( "/etc/syslog.conf.new", O_WRONLY|O_CREAT|O_EXCL, 0644 )) == -1 )
113 {
114 perror("Unable to open new config file");
115 exit(ERR_CONFIG);
116 }
117
118 if (!strcmp(buffer,"on"))
119 snprintf(buffer, STRING_SIZE - 1, "/bin/sed -e 's/^#\\?\\(\\*\\.\\*[[:blank:]]\\+@\\).\\+$/\\1%s/' /etc/syslog.conf >&%d", hostname, config_fd );
120 else
121 snprintf(buffer, STRING_SIZE - 1, "/bin/sed -e 's/^#\\?\\(\\*\\.\\*[[:blank:]]\\+@.\\+\\)$/#\\1/' /etc/syslog.conf >&%d", config_fd );
122
123 /* if the return code isn't 0 failsafe */
124 if ((rc = unpriv_system(buffer,99,99)) != 0)
125 {
126 fprintf(stderr, "sed returned bad exit code: %d\n", rc);
127 close(config_fd);
128 unlink("/etc/syslog.conf.new");
129 exit(ERR_CONFIG);
130 }
131 close(config_fd);
132
133 /* Replace the logging option*/
134 safe_system("grep -v '/var/log/messages' < /etc/syslog.conf.new > /etc/syslog.conf.tmp && mv /etc/syslog.conf.tmp /etc/syslog.conf.new");
135
136 if (strcmp(enable_asynclog,"on"))
137 snprintf(command, STRING_SIZE-1, "printf '%s -/var/log/messages' >> /etc/syslog.conf.new", varmessages );
138 else
139 snprintf(command, STRING_SIZE-1, "printf '%s /var/log/messages' >> /etc/syslog.conf.new", varmessages );
140
141 safe_system(command);
142
143 if (rename("/etc/syslog.conf.new", "/etc/syslog.conf") == -1)
144 {
145 perror("Unable to replace old config file");
146 unlink("/etc/syslog.conf.new");
147 exit(ERR_CONFIG);
148 }
149
150
151 /* Get syslogd to read the new config file */
152 if ((fd = open("/var/run/syslogd.pid", O_RDONLY)) == -1)
153 {
154 if(errno == ENOENT)
155 {
156 /* pid file doesn't exists.. restart syslog */
157 if((rc = safe_system("/usr/sbin/syslogd u syslogd -m 0")) == 0 )
158 return 0;
159 else
160 {
161 fprintf(stderr,
162 "Unable to restart syslogd - returned exit code %d\n", rc);
163 exit(ERR_SYSLOG);
164 }
165 } else {
166 /* Something odd is going on, failsafe */
167 perror("Unable to open pid file");
168 exit(ERR_SYSLOG);
169 }
170 }
171
172 memset(buffer, 0, STRING_SIZE);
173 if (read(fd, buffer, STRING_SIZE - 1) == -1)
174 {
175 close(fd);
176 perror("Couldn't read from pid file");
177 exit(ERR_SYSLOG);
178 }
179 close(fd);
180 /* strtol does sanity checks that atoi doesn't do */
181 errno = 0;
182 pid = (int)strtol(buffer, (char **)NULL, 10);
183 if (errno || pid <= 1)
184 {
185 fprintf(stderr, "Bad pid value\n");
186 exit(ERR_SYSLOG);
187 }
188 if (kill(pid, SIGHUP) == -1)
189 {
190 fprintf(stderr, "Unable to send SIGHUP\n");
191 exit(ERR_SYSLOG);
192 }
193
194 return 0;
195 }
Peter's tree of IPFire 2.x