privsep.c - OpenGrok cross reference for /freebsd/contrib/pf/pflogd/privsep.c

Deleted Added

sdiffudifftextold (22ac3ead..)new (61a1372b..)

privsep.c (22ac3ead26f49483410317f82ce328741b1cf975)	privsep.c (61a1372b419ef876d7a8948241bc561a1866448c)
1/* $OpenBSD: privsep.c,v 1.8 2004/03/14 19:17:05 otto Exp $ */	1/* $OpenBSD: privsep.c,v 1.13 2004/12/22 09:21:02 otto Exp $ */
2 3/* 4 * Copyright (c) 2003 Can Erkin Acar 5 * Copyright (c) 2003 Anil Madhavapeddy <anil@recoil.org> 6 * 7 * Permission to use, copy, modify, and distribute this software for any 8 * purpose with or without fee is hereby granted, provided that the above 9 * copyright notice and this permission notice appear in all copies. 10 * 11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 */	2 3/* 4 * Copyright (c) 2003 Can Erkin Acar 5 * Copyright (c) 2003 Anil Madhavapeddy <anil@recoil.org> 6 * 7 * Permission to use, copy, modify, and distribute this software for any 8 * purpose with or without fee is hereby granted, provided that the above 9 * copyright notice and this permission notice appear in all copies. 10 * 11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 */
19 20#include <sys/cdefs.h> 21__FBSDID("$FreeBSD$"); 22 23#include <sys/param.h>	19#include <sys/ioctl.h> 20#include <sys/types.h>
24#include <sys/time.h> 25#include <sys/socket.h>	21#include <sys/time.h> 22#include <sys/socket.h>
	23#include <sys/ioctl.h>
26 27#include <net/if.h> 28#include <net/bpf.h> 29 30#include <err.h> 31#include <errno.h> 32#include <fcntl.h>	24 25#include <net/if.h> 26#include <net/bpf.h> 27 28#include <err.h> 29#include <errno.h> 30#include <fcntl.h>
	31#include <pcap.h> 32#include <pcap-int.h>
33#include <pwd.h> 34#include <signal.h> 35#include <stdio.h> 36#include <stdlib.h> 37#include <string.h>	33#include <pwd.h> 34#include <signal.h> 35#include <stdio.h> 36#include <stdlib.h> 37#include <string.h>
38#include <pcap.h> 39#include <pcap-int.h>
40#include <syslog.h> 41#include <unistd.h> 42#include "pflogd.h" 43 44enum cmd_types { 45 PRIV_SET_SNAPLEN, /* set the snaplength / 46 PRIV_OPEN_LOG / open logfile for appending / 47}; --- 16 unchanged lines hidden* (view full) --- 64extern char filename; 65extern pcap_t hpcap; 66 67/* based on syslogd privsep */ 68int 69priv_init(void) 70{ 71 int i, fd, socks[2], cmd;	38#include <syslog.h> 39#include <unistd.h> 40#include "pflogd.h" 41 42enum cmd_types { 43 PRIV_SET_SNAPLEN, /* set the snaplength / 44 PRIV_OPEN_LOG / open logfile for appending / 45}; --- 16 unchanged lines hidden* (view full) --- 62extern char filename; 63extern pcap_t hpcap; 64 65/* based on syslogd privsep */ 66int 67priv_init(void) 68{ 69 int i, fd, socks[2], cmd;
72 int snaplen, ret;	70 int snaplen, ret, olderrno;
73 struct passwd *pw; 74	71 struct passwd *pw; 72
75#ifdef __FreeBSD__ 76 for (i = 1; i < NSIG; i++) 77#else
78 for (i = 1; i < _NSIG; i++)	73 for (i = 1; i < _NSIG; i++)
79#endif
80 signal(i, SIG_DFL); 81 82 /* Create sockets / 83 if (socketpair(AF_LOCAL, SOCK_STREAM, PF_UNSPEC, socks) == -1) 84 err(1, "socketpair() failed"); 85 86 pw = getpwnam("_pflogd"); 87 if (pw == NULL) --- 25 unchanged lines hidden* (view full) --- 113 if (setuid(pw->pw_uid) == -1) 114 err(1, "setuid() failed"); 115 close(socks[0]); 116 priv_fd = socks[1]; 117 return 0; 118 } 119 120 /* Father */	74 signal(i, SIG_DFL); 75 76 /* Create sockets / 77 if (socketpair(AF_LOCAL, SOCK_STREAM, PF_UNSPEC, socks) == -1) 78 err(1, "socketpair() failed"); 79 80 pw = getpwnam("_pflogd"); 81 if (pw == NULL) --- 25 unchanged lines hidden* (view full) --- 107 if (setuid(pw->pw_uid) == -1) 108 err(1, "setuid() failed"); 109 close(socks[0]); 110 priv_fd = socks[1]; 111 return 0; 112 } 113 114 /* Father */
121 /* Pass ALRM/TERM/HUP through to child, and accept CHLD */	115 /* Pass ALRM/TERM/HUP/INT/QUIT through to child, and accept CHLD */
122 signal(SIGALRM, sig_pass_to_chld); 123 signal(SIGTERM, sig_pass_to_chld); 124 signal(SIGHUP, sig_pass_to_chld);	116 signal(SIGALRM, sig_pass_to_chld); 117 signal(SIGTERM, sig_pass_to_chld); 118 signal(SIGHUP, sig_pass_to_chld);
	119 signal(SIGINT, sig_pass_to_chld); 120 signal(SIGQUIT, sig_pass_to_chld);
125 signal(SIGCHLD, sig_chld); 126 127 setproctitle("[priv]"); 128 close(socks[1]); 129 130 while (!gotsig_chld) { 131 if (may_read(socks[0], &cmd, sizeof(int))) 132 break; --- 15 unchanged lines hidden (view full) --- 148 149 case PRIV_OPEN_LOG: 150 logmsg(LOG_DEBUG, 151 "[priv]: msg PRIV_OPEN_LOG received"); 152 /* create or append logs but do not follow symlinks */ 153 fd = open(filename, 154 O_RDWR\|O_CREAT\|O_APPEND\|O_NONBLOCK\|O_NOFOLLOW, 155 0600);	121 signal(SIGCHLD, sig_chld); 122 123 setproctitle("[priv]"); 124 close(socks[1]); 125 126 while (!gotsig_chld) { 127 if (may_read(socks[0], &cmd, sizeof(int))) 128 break; --- 15 unchanged lines hidden (view full) --- 144 145 case PRIV_OPEN_LOG: 146 logmsg(LOG_DEBUG, 147 "[priv]: msg PRIV_OPEN_LOG received"); 148 /* create or append logs but do not follow symlinks */ 149 fd = open(filename, 150 O_RDWR\|O_CREAT\|O_APPEND\|O_NONBLOCK\|O_NOFOLLOW, 151 0600);
	152 olderrno = errno; 153 send_fd(socks[0], fd);
156 if (fd < 0) 157 logmsg(LOG_NOTICE, 158 "[priv]: failed to open %s: %s",	154 if (fd < 0) 155 logmsg(LOG_NOTICE, 156 "[priv]: failed to open %s: %s",
159 filename, strerror(errno)); 160 send_fd(socks[0], fd); 161 close(fd);	157 filename, strerror(olderrno)); 158 else 159 close(fd);
162 break; 163 164 default: 165 logmsg(LOG_ERR, "[priv]: unknown command %d", cmd); 166 _exit(1); 167 /* NOTREACHED / 168 } 169 } --- 42 unchanged lines hidden* (view full) --- 212 213/* Open log-file */ 214int 215priv_open_log(void) 216{ 217 int cmd, fd; 218 219 if (priv_fd < 0)	160 break; 161 162 default: 163 logmsg(LOG_ERR, "[priv]: unknown command %d", cmd); 164 _exit(1); 165 /* NOTREACHED / 166 } 167 } --- 42 unchanged lines hidden* (view full) --- 210 211/* Open log-file */ 212int 213priv_open_log(void) 214{ 215 int cmd, fd; 216 217 if (priv_fd < 0)
220 errx(1, "%s: called from privileged portion\n", __func__);	218 errx(1, "%s: called from privileged portion", __func__);
221 222 cmd = PRIV_OPEN_LOG; 223 must_write(priv_fd, &cmd, sizeof(int)); 224 fd = receive_fd(priv_fd); 225 226 return (fd); 227} 228 --- 83 unchanged lines hidden ---	219 220 cmd = PRIV_OPEN_LOG; 221 must_write(priv_fd, &cmd, sizeof(int)); 222 fd = receive_fd(priv_fd); 223 224 return (fd); 225} 226 --- 83 unchanged lines hidden ---