"Fossies" - the Fresh Open Source Software Archive 
Member "ident2-v1.07_FINAL/sys/m_fbsd.c" (22 Jul 2005, 4278 Bytes) of package /linux/privat/old/ident2-v1.07_FINAL.tar.gz:
As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) C and C++ source code syntax highlighting (style:
standard) with prefixed line numbers and
code folding option.
Alternatively you can here
view or
download the uninterpreted source code file.
For more information about "m_fbsd.c" see the
Fossies "Dox" file reference documentation.
1 /*
2 * Ident-2 - an Identity server for UNIX
3 * Copyright (C) 1998-2001 Michael Bacarella
4 * Copyright (C) 2003 Netgraft Corporation
5 *
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * as published by the Free Software Foundation; either version 2
9 * of the License, or (at your option) any later version.
10 *
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
19 *
20 * Please view the file README for program information.
21 *
22 * Support for FreeBSD machine dependancies
23 */
24
25 /*
26 * NOTE: This supports only FreeBSD versions greater than 3.0!
27 * I do not deem versions less than 3.0 as worth supporting
28 * because it requires more code as well as decreased security
29 * for this ident server to function.
30 */
31
32 #include "ident2.h"
33
34 #include <sys/param.h>
35 #include <sys/queue.h>
36 #include <sys/socket.h>
37 #include <sys/socketvar.h>
38 #include <sys/sysctl.h>
39 #include <sys/protosw.h>
40
41 #include <net/route.h>
42 #include <netinet/in.h>
43 #include <netinet/in_systm.h>
44 #include <netinet/ip.h>
45 #include <netinet/in_pcb.h>
46 #include <netinet/ip_var.h>
47 #include <netinet/tcp.h>
48 #include <netinet/tcpip.h>
49 #include <netinet/tcp_seq.h>
50 #define TCPSTATES
51 #include <netinet/tcp_fsm.h>
52 #include <netinet/tcp_timer.h>
53 #include <netinet/tcp_var.h>
54 #include <netinet/tcp_debug.h>
55
56 #include <arpa/inet.h>
57 #include <err.h>
58
59
60 #define PID_FILE "/var/run/ident2.pid"
61
62 /**
63 ** drop to the lowest permission level
64 ** possible. 'nobody' is ideal for FreeBSD
65 **/
66 int
67 m_reduce_rights (void)
68 {
69 struct passwd *pw;
70
71 if ((geteuid() && getuid())
72 || Dont_Change_Uid == TRUE)
73 return 0;
74
75 if ((pw = getpwnam ("nobody")) == NULL) {
76 syslog (LOG_ERR, "error: getpwnam(nobody): %s",
77 strerror (errno));
78 return -1;
79 }
80 if (setuid (pw->pw_uid) == -1) {
81 syslog (LOG_ERR, "error: setuid(%d): %s",
82 pw->pw_uid, strerror (errno));
83 return -1;
84 }
85 return 0;
86 }
87
88
89 /**
90 ** find what user belongs to the connection
91 ** described by LPORT, RPORT, RADDR, and LADDR.
92 ** return the uid.
93 **/
94 int
95 m_get_uid (struct in_addr *laddr, u_short lp,
96 struct in_addr *raddr, u_short rp)
97 {
98 char *mibvar = "net.inet.tcp.pcblist";
99 char *buf;
100 struct tcpcb *tp;
101 struct inpcb *inp;
102 struct xinpgen *xig, *oxig;
103 struct xsocket *so;
104 size_t len;
105
106 if (sysctlbyname (mibvar, 0, &len, 0, 0) < 0) {
107 syslog (LOG_WARNING, "sysctl: %s: %s\n", mibvar,
108 strerror (errno));
109 return -1;
110 }
111 buf = xmalloc (len);
112
113 if (sysctlbyname (mibvar, buf, &len, 0, 0) < 0) {
114 syslog (LOG_WARNING, "sysctl: %s: %s\n", mibvar,
115 strerror (errno));
116 free (buf);
117 return -1;
118 }
119
120 oxig = xig = (struct xinpgen *)buf;
121 for (xig = (struct xinpgen *)((char *)xig + xig->xig_len);
122 xig->xig_len > sizeof(struct xinpgen);
123 xig = (struct xinpgen *)((char *)xig + xig->xig_len)) {
124 tp = &((struct xtcpcb *)xig)->xt_tp;
125 inp = &((struct xtcpcb *)xig)->xt_inp;
126 so = &((struct xtcpcb *)xig)->xt_socket;
127 if (so->xso_protocol != IPPROTO_TCP) continue;
128 if (inp->inp_gencnt > oxig->xig_gen) continue;
129 if (inet_lnaof(inp->inp_laddr) == INADDR_ANY)
130 continue;
131
132 if ((raddr->s_addr) == inp->inp_faddr.s_addr
133 && (laddr->s_addr) == inp->inp_laddr.s_addr
134 && rp == ntohs (inp->inp_fport)
135 && lp == ntohs (inp->inp_lport)) {
136 int uid = so->so_uid;
137 free (buf);
138 return uid;
139 }
140 }
141 free (buf);
142 return -1;
143 }
144
145 /*
146 * FreeBSD seems to like recording this information
147 * to /var/run. Good. nice and standard.
148 * PID support suggested (and previously implemented)
149 * by Alexander Reelsen.
150 */
151 int
152 m_register_pid (void)
153 {
154 #ifdef HAS_VAR_RUN
155 FILE *fp;
156
157 if ((fp = fopen (PID_FILE, "w")) == NULL) {
158 syslog (LOG_WARNING, "couldn't record pid in %s: %s -- "
159 "automatic shutdown with system not available",
160 PID_FILE, strerror (errno));
161 return -1;
162 }
163 fprintf (fp, "%u\n", getpid ());
164 fclose (fp);
165 #endif
166 return 0;
167 }