Changed so that pflogger daemon can run as non-root with nologin shell.

4 files changed, 190 insertions, 10 deletions

diff --git a/security/prelude-pflogger/Makefile b/security/prelude-pflogger/Makefile
index f4eb26173ba..25c01d09b83 100644
--- a/security/prelude-pflogger/Makefile
+++ b/security/prelude-pflogger/Makefile
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile,v 1.5 2008/06/12 02:14:45 joerg Exp $
+# $NetBSD: Makefile,v 1.6 2008/07/21 12:22:15 shannonjr Exp $
 #
 
 DISTNAME=	prelude-pflogger-0.9.0-rc2
 PKGNAME=	prelude-pflogger-0.9.0
-PKGREVISION=	2
+PKGREVISION=	3
 CATEGORIES=	security
 MASTER_SITES=	http://prelude-ids.org/download/releases/
 
@@ -44,6 +44,12 @@ FILES_SUBST+=	PRELUDE_GROUP=${PRELUDE_GROUP:Q}
 MESSAGE_SUBST+=	PRELUDE_USER=${PRELUDE_USER:Q}
 MESSAGE_SUBST+=	PRELUDE_GROUP=${PRELUDE_GROUP:Q}
 
+SUBST_CLASSES+=		code
+SUBST_STAGE.code=	post-patch
+SUBST_FILES.code=	run-prelude-pflogger.c
+SUBST_SED.code=		-e 's,@PREFIX@,${PREFIX},g'
+SUBST_SED.code+=	-e 's,@PRELUDE_USER@,${PRELUDE_USER},g'
+
 SUBST_CLASSES+=         make
 SUBST_STAGE.make=       post-patch
 SUBST_FILES.make=       Makefile.am
@@ -53,9 +59,18 @@ RCD_SCRIPTS=		pflogger
 
 INSTALLATION_DIRS=	share/examples/prelude-pflogger
 
+pre-patch:
+	${CP} ${FILESDIR}/run-prelude-pflogger.c ${WRKSRC}
+
 pre-configure:
 	set -e; cd ${WRKSRC}; \
 	aclocal; autoheader; automake -a --foreign -i; autoconf
 
+post-build:
+	cd ${WRKSRC} && ${SETENV} ${MAKE_ENV} ${CC} ${CFLAGS} -o run-prelude-pflogger run-prelude-pflogger.c
+
+post-install:
+	${INSTALL_PROGRAM} ${WRKSRC}/run-prelude-pflogger ${PREFIX}/sbin/run-prelude-pflogger
+
 .include "../../security/libprelude/buildlink3.mk"
 .include "../../mk/bsd.pkg.mk"
diff --git a/security/prelude-pflogger/PLIST b/security/prelude-pflogger/PLIST
index e3b9d8283c3..d12cfbd8d3c 100644
--- a/security/prelude-pflogger/PLIST
+++ b/security/prelude-pflogger/PLIST
@@ -1,4 +1,5 @@
-@comment $NetBSD: PLIST,v 1.1.1.1 2007/09/03 13:50:49 shannonjr Exp $
+@comment $NetBSD: PLIST,v 1.2 2008/07/21 12:22:15 shannonjr Exp $
 bin/prelude-pflogger
+sbin/run-prelude-pflogger
 share/examples/rc.d/pflogger
 share/examples/prelude-pflogger/prelude-pflogger.conf
diff --git a/security/prelude-pflogger/files/pflogger.sh b/security/prelude-pflogger/files/pflogger.sh
index 970ca309d04..18aa9ec8395 100644
--- a/security/prelude-pflogger/files/pflogger.sh
+++ b/security/prelude-pflogger/files/pflogger.sh
@@ -1,22 +1,20 @@
 #!/bin/sh
 #
-# $NetBSD: pflogger.sh,v 1.1.1.1 2007/09/03 13:50:49 shannonjr Exp $
+# $NetBSD: pflogger.sh,v 1.2 2008/07/21 12:22:15 shannonjr Exp $
 #
 
-# PROVIDE: pflogger
-# REQUIRE: pf NETWORKING
+# PROVIDE: preludepflogger
+# REQUIRE: LOGIN
 
 $_rc_subr_loaded . /etc/rc.subr
 
 name="pflogger"
-pflogger_user=_prelude
-pflogger_=_prelude
 procname="@PREFIX@/bin/prelude-pflogger"
 rcvar=${name}
-required_files="@PKG_SYSCONFDIR@/prelude-pflogger.conf"
+required_files="@PKG_SYSCONFDIR@/prelude-pflogger/prelude-pflogger.conf"
 start_precmd="pflogger_precommand"
+start_cmd="@PREFIX@/sbin/run-prelude-pflogger --pidfile @PRELUDE_PFLOGGER_PID_DIR@/prelude-pflogger.pid"
 pidfile="@PRELUDE_PFLOGGER_PID_DIR@/prelude-pflogger.pid"
-start_cmd="${procname} --pidfile ${pidfile}"
 
 pflogger_precommand()
 {
diff --git a/security/prelude-pflogger/files/run-prelude-pflogger.c b/security/prelude-pflogger/files/run-prelude-pflogger.c
new file mode 100644
index 00000000000..e065663f4b8
--- /dev/null
+++ b/security/prelude-pflogger/files/run-prelude-pflogger.c
@@ -0,0 +1,166 @@
+#define PRELUDE_PFLOGGER_USER "@PRELUDE_USER@"
+#define PRELUDE_PFLOGGER_PATH "@PREFIX@/bin/prelude-pflogger"
+
+#include <unistd.h>
+#include <string.h>
+#include <stdio.h>
+#include <errno.h>
+#include <stdlib.h>
+#include <sys/wait.h>
+#include <pwd.h>
+#include <syslog.h>
+
+#define MAX_ARGS 40
+#ifndef         TRUE
+#define         TRUE                            1
+#endif                          /* TRUE */
+
+#ifndef         FALSE
+#define         FALSE                           0
+#endif                          /* FALSE */
+
+
+void error_sys(char *str)
+
+{
+    /* Output error message to syslog */
+    char msg[1024];
+    snprintf(msg, sizeof(msg), "run-prelude-pflogger : %s : %s", str, strerror(errno));
+    syslog(LOG_ALERT, msg);
+
+}
+
+
+int obtainUIDandGID(const char *name, uid_t *pw_uid, gid_t *pw_gid)
+{
+    /* Obtain UID and GID from passwd entry identified by name */
+    struct passwd *pw_entry;
+    char msg[100];
+
+    if ((pw_entry = getpwnam(name)) == NULL)
+    {
+        snprintf(msg, sizeof(msg), "failed to get password entry for %s", name);
+        error_sys(msg);
+        return FALSE;
+    }
+    else
+    {
+        *pw_uid = pw_entry->pw_uid;
+        *pw_gid = pw_entry->pw_gid;
+        return TRUE;
+
+    }
+}
+
+
+int main (int argc, char **argv )
+
+{
+
+    pid_t pid;
+    uid_t UID;
+    gid_t GID;
+    pid_t pidwait;
+    int waitstat;
+    int s;
+    int max_fd;
+
+    /* Sanity check */
+    if (argc > MAX_ARGS)
+    {
+        error_sys("arg buffer too small");
+        exit(-1);
+    }
+
+    if (geteuid() != 0)
+    {
+        error_sys("must be called by root");
+        exit(-1);
+    }
+
+    /* fork child that will become prelude-pflogger */
+    if ((pid = fork()) < 0)
+
+        error_sys("fork error");
+
+    else
+
+    {
+
+        if (pid == 0)
+
+        {
+
+            /* We're the child */
+            char *args[MAX_ARGS];
+            unsigned int i;
+
+            /* Become session leader */
+            setsid();
+
+            /* Change working directory to root directory.
+               The current working directory could be a mounted
+               filesystem; if the daemon stays on a mounted
+               filesystem it could prevent the filesystem from
+               being umounted. */
+            chdir("/");
+
+            /* Clear out file creation mask */
+            umask(0);
+
+            /* Close unneeded file descriptors */
+            max_fd = (int) sysconf(_SC_OPEN_MAX);
+            if (max_fd == -1)
+                max_fd = getdtablesize();
+            for (s = 3; s < max_fd; s++)
+                (void) close(s);
+
+            if (!obtainUIDandGID(PRELUDE_PFLOGGER_USER, &UID, &GID))
+                exit(-1);
+
+            /* Drop privileges immediately */
+            if (setgid(GID) < 0)
+            {
+                /* It is VERY important to check return
+                   value and not continue if setgid fails
+                */
+                error_sys ("setgid failed");
+                exit (-1);
+            }
+
+            if (setuid(UID) < 0)
+            {
+                /* It is VERY important to check return
+                   value and not continue if setuid fails
+                */
+                error_sys ("setuid failed");
+                exit (-1);
+            }
+
+            /* Build calling argv */
+            args[0] = PRELUDE_PFLOGGER_PATH;
+            for (i=1;i<argc;i++)
+            {
+                args[i] = argv[i];
+            }
+            args[i++] = NULL;
+
+            /* Finally transform self into prelude-pflogger */
+            if (execvp(PRELUDE_PFLOGGER_PATH, args) < 0)
+                error_sys("execve error");
+            else
+                ; /* avoid if-then ambiguity */
+        }
+
+        else
+
+        {
+            /* We're the parent
+               Terminate
+            */
+            exit(0);
+        }
+
+    }
+
+}