Annotation of embedaddon/ipguard/system.c, revision 1.1.1.1.2.1
1.1 misho 1: /* system.c
2: *
3: * Copyright (c) 2010 SeaD <sead at deep.perm.ru>
4: *
5: * Redistribution and use in source and binary forms, with or without
6: * modification, are permitted provided that the following conditions
7: * are met:
8: * 1. Redistributions of source code must retain the above copyright
9: * notice, this list of conditions and the following disclaimer.
10: * 2. Redistributions in binary form must reproduce the above copyright
11: * notice, this list of conditions and the following disclaimer in the
12: * documentation and/or other materials provided with the distribution.
13: *
14: * THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS ``AS IS'' AND
15: * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16: * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17: * ARE DISCLAIMED. IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE
18: * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19: * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
20: * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21: * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22: * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23: * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
24: * SUCH DAMAGE.
25: *
26: * $Id: system.c,v 1.15 2010/07/12 03:46:36 sead Exp $
27: *
28: */
29:
30: #include <pwd.h>
31: #include <signal.h>
32: #include <paths.h>
33: #include <fcntl.h>
34: #include <sys/stat.h>
35: #include <sys/types.h>
36:
37: #ifdef __linux__
38: # include <time.h>
39: #endif /* __linux__ */
40:
41: #include "ipguard.h"
42:
43: static int SIGNAL = 0;
44: static FILE *log_fp = NULL, *pid_fp = NULL;
45:
46: void exit_ipguard(int reason) {
47: if (verbose) {
48: snprintf(s, 64, "Exit on reason %d (pid: %u)", reason, getpid());
49: log_str(NOTICE, s, "");
50: }
51: packet_destroy();
52: pid_unlink();
53: log_close();
54: exit(reason);
55: }
56:
57: void sig_init(void) {
58: if (signal(SIGINT, sig_func) == SIG_ERR) {
59: log_str(ERROR, "signal(SIGINT):", strerror(errno));
60: exit(EXIT_FAILURE);
61: }
62: if (signal(SIGTERM, sig_func) == SIG_ERR) {
63: log_str(ERROR, "signal(SIGTERM):", strerror(errno));
64: exit(EXIT_FAILURE);
65: }
66: if (signal(SIGHUP, sig_func) == SIG_ERR) {
67: log_str(ERROR, "signal(SIGHUP):", strerror(errno));
68: exit(EXIT_FAILURE);
69: }
70: if (signal(SIGUSR1, sig_func) == SIG_ERR) {
71: log_str(ERROR, "signal(SIGUSR1):", strerror(errno));
72: exit(EXIT_FAILURE);
73: }
74: if (signal(SIGUSR2, sig_func) == SIG_ERR) {
75: log_str(ERROR, "signal(SIGUSR2):", strerror(errno));
76: exit(EXIT_FAILURE);
77: }
78: }
79:
80: void sig_func(int signal) {
81: if (verbose) {
82: snprintf(s, 4, "%d", signal);
83: log_str(NOTICE, "SIGNAL received", s);
84: }
85: SIGNAL = signal;
86: if ((SIGNAL == SIGINT) || (SIGNAL == SIGTERM)) exit_ipguard(SIGNAL);
87: }
88:
89: void sig_catch(void) {
90: switch (SIGNAL) {
91: case SIGHUP: ethers_reinit(); if (!getuid()) log_reopen(); SIGNAL = 0; break;
92: case SIGUSR1: pair_dump(); if (buffer_num) buffer_dump(); stat_dump(); SIGNAL = 0; break;
93: case SIGUSR2: buffer_dump2ethers(); SIGNAL = 0; break;
94: }
95: }
96:
97: void log_open(void) {
98: if (!(log_fp = fopen(log_name, "a"))) {
99: fprintf(stderr, "fopen(%s): %s\n", log_name, strerror(errno));
100: exit(EXIT_FAILURE);
101: }
102: }
103:
104: void log_str(int pri, char *ent, char *err) {
105: char p[10];
106:
107: switch (pri) {
108: case ERROR: strncpy(p, "error", 10); break;
109: case WARNING: strncpy(p, "warning", 10); break;
110: case NOTICE: strncpy(p, "notice", 10); break;
111: case INFO: strncpy(p, "info", 10); break;
112: default: strncpy(p, "unknown", 10); break;
113: }
114: if (debug > 1) fprintf(stderr, "%s ", time_get());
115: if (debug) fprintf(stderr, "%s %s\n", ent, err);
116: fprintf(log_fp, "%s %s %s %s\n", time_get(), p, ent, err);
117: fflush(log_fp);
118: }
119:
120: void log_close(void) {
121: if (fclose(log_fp)) {
122: fprintf(stderr, "fclose(%s): %s\n", log_name, strerror(errno));
123: }
124: }
125:
126: void log_reopen(void) {
127: log_close(); log_open();
128: log_str(NOTICE, "Log file reopened:", log_name);
129: }
130:
131: void pid_check(void) {
132: struct stat ps;
133: int pid = 0;
134:
135: if (stat(pid_name, &ps) == -1) {
136: if (errno == ENOENT) return;
137: else {
138: snprintf(s, 128, "stat(%s):", pid_name);
139: log_str(ERROR, s, strerror(errno));
140: exit(EXIT_FAILURE);
141: }
142: } else {
143: if (!(pid_fp = fopen(pid_name, "r"))) {
144: snprintf(s, 128, "fopen(%s):", pid_name);
145: log_str(WARNING, s, strerror(errno));
146: }
147: fscanf(pid_fp, "%d", &pid);
148: fclose(pid_fp);
149: if (pid) {
150: if (kill(pid, 0)) {
151: snprintf(s, 64, "Removing stale pid: %u", pid);
152: log_str(WARNING, s, "");
153: pid_unlink();
154: } else {
155: snprintf(s, 64, "Already running, pid: %u", pid);
156: log_str(ERROR, s, "");
157: exit(EXIT_FAILURE);
158: }
159: } else {
160: snprintf(s, 64, "Wrong pid file found: %s", pid_name);
161: log_str(ERROR, s, "");
162: exit(EXIT_FAILURE);
163: }
164: }
165: }
166:
167: void pid_creat(void) {
168: pid_check();
169: if (!(pid_fp = fopen(pid_name, "w"))) {
170: snprintf(s, 128, "fopen(%s):", pid_name);
171: log_str(ERROR, s, strerror(errno));
172: exit(EXIT_FAILURE);
173: }
174: fprintf(pid_fp, "%d\n", getpid());
175: fclose(pid_fp);
176: }
177:
178: void pid_unlink(void) {
179: if (unlink(pid_name) == -1) {
180: snprintf(s, 128, "unlink(%s):", pid_name);
181: log_str(NOTICE, s, strerror(errno));
182: }
183: }
184:
185: void daemonize(void) {
186: int pid, null;
187:
188: if ((pid = fork()) == -1) {
189: log_str(ERROR, "fork():", strerror(errno));
190: exit(EXIT_FAILURE);
191: } else if (pid > 0) exit(EXIT_SUCCESS);
192:
193: if ((null = open(_PATH_DEVNULL, O_RDWR)) == -1) {
194: log_str(ERROR, "open(_PATH_DEVNULL):", strerror(errno));
195: exit(EXIT_FAILURE);
196: }
197:
198: if (dup2(null, 0) == -1) {
199: log_str(ERROR, "dup2(STDIN):", strerror(errno));
200: exit(EXIT_FAILURE);
201: }
202: if (dup2(null, 1) == -1) {
203: log_str(ERROR, "dup2(STDOUT):", strerror(errno));
204: exit(EXIT_FAILURE);
205: }
206: if (dup2(null, 2) == -1) {
207: log_str(ERROR, "dup2(STDERR):", strerror(errno));
208: exit(EXIT_FAILURE);
209: }
210:
211: if (setsid() == -1) {
212: log_str(ERROR, "setsid():", strerror(errno));
213: exit(EXIT_FAILURE);
214: }
215:
216: if (chdir("/") == -1) {
217: log_str(ERROR, "chdir(/):", strerror(errno));
218: exit(EXIT_FAILURE);
219: }
220: }
221:
222: void set_user(void) {
223: struct passwd *pw;
224: int uid = 0, gid = 0;
225:
226: if ((pw = getpwnam(suser))) {
227: uid = pw->pw_uid;
228: gid = pw->pw_gid;
229: } else if (!(uid = atoi(suser))) {
230: pw = getpwuid(uid);
231: gid = pw->pw_gid;
232: } else {
233: log_str(ERROR, "Invalid user", suser);
234: exit(EXIT_FAILURE);
235: }
236:
237: if (setgid(gid) == -1) {
238: log_str(ERROR, "setgid():", strerror(errno));
239: exit(EXIT_FAILURE);
240: }
241: if (setuid(uid) == -1) {
242: log_str(ERROR, "setuid():", strerror(errno));
243: exit(EXIT_FAILURE);
244: }
245:
246: snprintf(s, 128, "%u/%u", uid, gid);
247: if (verbose) log_str(NOTICE, "Running as uid/gid:", s);
248: }
249:
250: void mac_rand(char *mac) {
251: char c[] = " ";
252: register int n;
253:
254: for (n = 0; n < 18; n++)
255: if (mac[n] == 'x') { snprintf(c, 2, "%1x", rand() % 16); mac[n] = c[0]; }
256: }
257:
258: void mac_regen(char *mac) {
259: static time_t count = 0;
260: time_t t;
261: char c[] = " ";
262: register int n;
263:
264: if ((t = time(&t)) < count) return;
265: count = t + fake_regen;
266:
267: if (debug > 1) fprintf(stderr, "FAKE REGEN: pre %-17s ", mac);
268:
269: for (n = 0; n < 18; n++)
270: if ((mac[n] >= '0' && mac[n] <= '9') ||
271: (mac[n] >= 'A' && mac[n] <= 'F') ||
272: (mac[n] >= 'a' && mac[n] <= 'f'))
273: { snprintf(c, 2, "%1x", rand() % 16); mac[n] = c[0]; }
274:
275: if (debug > 1) fprintf(stderr, "new %-17s\n", mac);
276: }
277:
278: char *time_get(void) {
279: static char cur_time[16];
280: time_t t;
281:
282: t = time(&t);
283: strncpy(cur_time, (char *) ctime(&t) + 4, 15);
284: cur_time[15] = '\0';
285: return cur_time;
286: }
287:
288: void ethers_stat(void) {
289: struct stat es;
290: static time_t ethers_mtime = 0, count = 0;
291: time_t t;
292:
293: if ((t = time(&t)) < count) return;
294: count = t + ethers_update;
295:
296: if (stat(ethers_name, &es) == -1) {
297: snprintf(s, 128, "stat(%s):", ethers_name);
298: log_str(WARNING, s, strerror(errno));
299: return;
300: }
301:
302: if (!ethers_mtime) ethers_mtime = es.st_mtime;
303:
304: if (ethers_mtime < es.st_mtime) {
305: ethers_reinit(); ethers_mtime = es.st_mtime;
306: }
307: }
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>