Commit Graph

30 Commits

Author SHA1 Message Date
pjd
9256efca5e Sandbox rwhod(8) receiver process using capability mode and Capsicum
capabilities.

rwhod(8) receiver can now only receive packages, write to /var/rwho/ directory
and log to syslog.

Submitted by:	Mariusz Zaborski <oshogbo@FreeBSD.org>
Sponsored by:	Google Summer of Code 2013
Reviewed by:	pjd
MFC after:	1 month
2013-07-03 21:07:02 +00:00
pjd
22651ea46d The whole sending functionality was implemented within signal handler,
which is very bad idea. Split sending and receiving in two processes,
which fixes this problem and will help to sandbox rwhod.

Submitted by:	Mariusz Zaborski <oshogbo@FreeBSD.org>
Sponsored by:	Google Summer of Code 2013
Reviewed by:	pjd
MFC after:	1 month
2013-07-03 21:04:20 +00:00
pjd
8996216f5b Style cleanups.
Submitted by:	Mariusz Zaborski <oshogbo@FreeBSD.org>
Sponsored by:	Google Summer of Code 2013
Reviewed by:	pjd
MFC after:	1 month
2013-07-03 20:58:58 +00:00
ed
e7e5b53bf1 Replace index() and rindex() calls with strchr() and strrchr().
The index() and rindex() functions were marked LEGACY in the 2001
revision of POSIX and were subsequently removed from the 2008 revision.
The strchr() and strrchr() functions are part of the C standard.

This makes the source code a lot more consistent, as most of these C
files also call into other str*() routines. In fact, about a dozen
already perform strchr() calls.
2012-01-03 18:51:58 +00:00
simon
ae749f8e80 Check return code of setuid(), setgid(), and setgroups() in rwhod.
While they will not fail in normal circumstances, better safe than
sorry.

MFC after:	1 week
2011-04-23 13:42:03 +00:00
ed
57d10a6e95 Port all applications in usr.sbin/ from libulog to utmpx. 2010-01-13 18:17:53 +00:00
ed
d04999d8c6 Let rwhod use libulog.
I am not planning on providing a mechanism tot stat() the database files
directly. The disadvantage of this, is that rwhod will now be a little
bit more heavy than it used to be. It normally used to fstat() the file
descriptor to see whether the file had changed, but this is now
impossible to implement, meaning we have to parse the entire utmp file
each 180 seconds.

This is probably not an issue on modern 16-way servers, but if it turns
out to be a problem, we'll think of something.
2009-12-27 21:14:55 +00:00
ssouhlal
d2230420e9 - Avoid a memory leak if realloc(3) fails by using reallocf(3)
Submitted by:	Liam J. Foy <liamfoy@dragonflybsd.org>
Approved by:	mdodd (in-lieu of mentor who is away)
MFC after:	1 week
2005-06-03 17:38:33 +00:00
stefanf
03a2de3818 Fix most cases where the address of an int is passed to a function expecting a
socklen_t * argument.
2005-02-14 17:42:58 +00:00
imp
9fbed704d5 Per letter dated July 22, 1999 remove 3rd clause of Berkeley derived software
(with permission of addtional copyright holders where appropriate)
2004-08-07 04:28:56 +00:00
luigi
ce58934c26 Replace ROUNDUP/ADVANCE with SA_SIZE 2004-04-13 11:24:43 +00:00
charnier
0ad2e8b805 de-__P
use port/proto to represent services (not proto/port).
add FBSDID
2003-07-06 10:37:00 +00:00
alfred
fc30cb8474 WARNS=4, de-__P() 2002-07-11 21:40:15 +00:00
dillon
c3dbbbabdf I've been meaning to do this for a while. Add an underscore to the
time_to_xxx() and xxx_to_time() functions.  e.g. _time_to_xxx()
instead of time_to_xxx(), to make it more obvious that these are
stopgap functions & placemarkers and not meant to create a defacto
standard.  They will eventually be replaced when a real standard
comes out of committee.
2002-01-19 23:20:02 +00:00
dillon
044c1da2a5 Convert time_t to/from 32 bit representations for transmission over
a network and storage.
2001-10-28 20:33:07 +00:00
iedowse
cd6399ca0f Ensure that received packets are at least as long as the rwho packet
header before trying to process them. Without this sanity check,
rwhod can attempt to byte-swap all of memory when a short packet
is received, and so dies with a SIGBUS.

While I'm here, change two other syslog messages to be more
informative: use dotted quad rather than hex notation for IP
addresses, and include the source IP in the 'bad from port' message.

PR:		bin/14844
Reviewed by:	dwmalone
2000-12-22 21:30:15 +00:00
kris
54b13849f6 Don't call syslog() without a format string. 2000-07-12 00:50:49 +00:00
charnier
df72d21847 Name of program and trailing \n will be added by syslog(3) 1999-11-27 17:11:55 +00:00
peter
efabb9ccb1 $Id$ -> $FreeBSD$ 1999-08-28 01:35:59 +00:00
brian
f8e5afd193 Correct usage message 1999-06-26 03:11:39 +00:00
brian
97a0215ac1 Add the -p switch - tells rwhod to ignore POINTOPOINT interfaces.
Mostly submitted by: Stefan Zehl <sec@42.org>
PR:	12216
1999-06-16 21:05:21 +00:00
steve
710a04e8b4 Implement the -l commandline option which turns off broadcast of
information, but still allows you to monitor other machines.

PR:		9301
Submitted by:	Matthew Fuller <fullermd@futuresouth.com>
1999-01-11 05:27:37 +00:00
des
d3d2905cbc Add an option for insecure mode, in which rwhod does not discard packets
from incorrect source ports.
1998-12-17 11:05:57 +00:00
charnier
1f77e4ee4c Use err(3). Add usage.
Use syslog instead of fprintf when being a daemon.
Change sprintf to snprintf obtained from OpenBSD.
Obtained from: OpenBSD
1997-10-13 11:27:55 +00:00
imp
a508b60adc Fix minor buffer problems:
Off by one in verify allowed one to march one byte off the end of
	wd.wd_hostname if wd.wd_hostname had no NUL characters in it.

	strncpy of myname into mywd used the source buffer's length, rather
	than the dest.
1996-11-01 06:29:34 +00:00
peter
7e1f106f1d When looking for "group daemon" (since that's what's in mtree), make sure
we actually look for the *group* and not the user's gid.  user daemon
has traditionally been group 31 (guest).

Also clear out the groups vector so that it doesn't inherit the groups
of the invoking user (ever run rwhod by hand before?)  Unfortunately, we
can't empty the supplemental groups list because the !&@^#! egid is stored
in there! :-(
1996-09-07 01:43:08 +00:00
pst
ec45279a6d Run as daemon.daemon, not nobody.daemon 1996-08-26 17:01:58 +00:00
pst
01d5123979 Fix buffer overrun, and run as nobody 1996-08-25 21:37:11 +00:00
jkh
e9ef52536f Here are patches to add full multicast support to rwhod, and an updated man
page.  I tried all three modes (rwhod, rwhod -m, rwhod -m 32) on a machine
with 2 ethernet interfaces and they all worked.
Submitted by:	Bill Fenner <fenner@parc.xerox.com>
1995-08-17 00:51:40 +00:00
rgrimes
862fdf11a2 BSD 4.4 Lite usr.sbin Sources 1994-05-26 05:23:31 +00:00