|
Miroslav Lichvar |
6ced79 |
--- arpwatch-2.1a10/arpwatch.c Sat Oct 14 05:07:35 2000
|
|
Miroslav Lichvar |
6ced79 |
+++ arpwatch-2.1a10/arpwatch.c Sun Jun 10 16:22:57 2001
|
|
Miroslav Lichvar |
6ced79 |
@@ -62,7 +62,7 @@
|
|
Miroslav Lichvar |
6ced79 |
#include <string.h>
|
|
Miroslav Lichvar |
6ced79 |
#include <syslog.h>
|
|
Miroslav Lichvar |
6ced79 |
#include <unistd.h>
|
|
Miroslav Lichvar |
6ced79 |
-
|
|
Miroslav Lichvar |
6ced79 |
+#include <pwd.h>
|
|
Miroslav Lichvar |
6ced79 |
#include <pcap.h>
|
|
Miroslav Lichvar |
6ced79 |
|
|
Miroslav Lichvar |
6ced79 |
#include "gnuc.h"
|
|
Miroslav Lichvar |
6ced79 |
@@ -141,6 +141,25 @@
|
|
Miroslav Lichvar |
6ced79 |
int sanity_fddi(struct fddi_header *, struct ether_arp *, int);
|
|
Miroslav Lichvar |
6ced79 |
__dead void usage(void) __attribute__((volatile));
|
|
Miroslav Lichvar |
6ced79 |
|
|
Miroslav Lichvar |
6ced79 |
+void dropprivileges(const char* user)
|
|
Miroslav Lichvar |
6ced79 |
+{
|
|
Miroslav Lichvar |
6ced79 |
+ struct passwd* pw;
|
|
Miroslav Lichvar |
6ced79 |
+ pw = getpwnam( user );
|
|
Miroslav Lichvar |
6ced79 |
+ if ( pw ) {
|
|
Miroslav Lichvar |
6ced79 |
+ if ( initgroups(pw->pw_name, NULL) != 0 || setgid(pw->pw_gid) != 0 ||
|
|
Miroslav Lichvar |
6ced79 |
+ setuid(pw->pw_uid) != 0 ) {
|
|
Miroslav Lichvar |
6ced79 |
+ syslog(LOG_ERR, "Couldn't change to '%.32s' uid=%d gid=%d", user,
|
|
Miroslav Lichvar |
6ced79 |
+ pw->pw_uid, pw->pw_gid);
|
|
Miroslav Lichvar |
6ced79 |
+ exit(1);
|
|
Miroslav Lichvar |
6ced79 |
+ }
|
|
Miroslav Lichvar |
6ced79 |
+ }
|
|
Miroslav Lichvar |
6ced79 |
+ else {
|
|
Miroslav Lichvar |
6ced79 |
+ syslog(LOG_ERR, "Couldn't find user '%.32s' in /etc/passwd", user);
|
|
Miroslav Lichvar |
6ced79 |
+ exit(1);
|
|
Miroslav Lichvar |
6ced79 |
+ }
|
|
Miroslav Lichvar |
6ced79 |
+ syslog(LOG_DEBUG, "Running as uid=%d gid=%d", getuid(), getgid());
|
|
Miroslav Lichvar |
6ced79 |
+}
|
|
Miroslav Lichvar |
6ced79 |
+
|
|
Miroslav Lichvar |
6ced79 |
int
|
|
Miroslav Lichvar |
6ced79 |
main(int argc, char **argv)
|
|
Miroslav Lichvar |
6ced79 |
{
|
|
Miroslav Lichvar |
6ced79 |
@@ -153,6 +172,7 @@
|
|
Miroslav Lichvar |
6ced79 |
register char *interface, *rfilename;
|
|
Miroslav Lichvar |
6ced79 |
struct bpf_program code;
|
|
Miroslav Lichvar |
6ced79 |
char errbuf[PCAP_ERRBUF_SIZE];
|
|
Miroslav Lichvar |
6ced79 |
+ char* serveruser = NULL;
|
|
Miroslav Lichvar |
6ced79 |
|
|
Miroslav Lichvar |
6ced79 |
if (argv[0] == NULL)
|
|
Miroslav Lichvar |
6ced79 |
prog = "arpwatch";
|
|
Miroslav Lichvar |
6ced79 |
@@ -170,7 +190,7 @@
|
|
Miroslav Lichvar |
6ced79 |
interface = NULL;
|
|
Miroslav Lichvar |
6ced79 |
rfilename = NULL;
|
|
Miroslav Lichvar |
6ced79 |
pd = NULL;
|
|
Miroslav Lichvar |
6ced79 |
- while ((op = getopt(argc, argv, "df:i:n:Nr:")) != EOF)
|
|
Miroslav Lichvar |
6ced79 |
+ while ((op = getopt(argc, argv, "df:i:n:Nr:u:")) != EOF)
|
|
Miroslav Lichvar |
6ced79 |
switch (op) {
|
|
Miroslav Lichvar |
6ced79 |
|
|
Miroslav Lichvar |
6ced79 |
case 'd':
|
|
Miroslav Lichvar |
6ced79 |
@@ -202,6 +222,16 @@
|
|
Miroslav Lichvar |
6ced79 |
rfilename = optarg;
|
|
Miroslav Lichvar |
6ced79 |
break;
|
|
Miroslav Lichvar |
6ced79 |
|
|
Miroslav Lichvar |
6ced79 |
+ case 'u':
|
|
Miroslav Lichvar |
6ced79 |
+ if ( optarg ) {
|
|
Miroslav Lichvar |
6ced79 |
+ serveruser = strdup(optarg);
|
|
Miroslav Lichvar |
6ced79 |
+ }
|
|
Miroslav Lichvar |
6ced79 |
+ else {
|
|
Miroslav Lichvar |
6ced79 |
+ fprintf(stderr, "%s: Need username after -u\n", prog);
|
|
Miroslav Lichvar |
6ced79 |
+ usage();
|
|
Miroslav Lichvar |
6ced79 |
+ }
|
|
Miroslav Lichvar |
6ced79 |
+ break;
|
|
Miroslav Lichvar |
6ced79 |
+
|
|
Miroslav Lichvar |
6ced79 |
default:
|
|
Miroslav Lichvar |
6ced79 |
usage();
|
|
Miroslav Lichvar |
6ced79 |
}
|
|
Miroslav Lichvar |
6ced79 |
@@ -283,8 +313,11 @@
|
|
Miroslav Lichvar |
6ced79 |
* Revert to non-privileged user after opening sockets
|
|
Miroslav Lichvar |
6ced79 |
* (not needed on most systems).
|
|
Miroslav Lichvar |
6ced79 |
*/
|
|
Miroslav Lichvar |
6ced79 |
- setgid(getgid());
|
|
Miroslav Lichvar |
6ced79 |
- setuid(getuid());
|
|
Miroslav Lichvar |
6ced79 |
+ /*setgid(getgid());*/
|
|
Miroslav Lichvar |
6ced79 |
+ /*setuid(getuid());*/
|
|
Miroslav Lichvar |
6ced79 |
+ if ( serveruser ) {
|
|
Miroslav Lichvar |
6ced79 |
+ dropprivileges( serveruser );
|
|
Miroslav Lichvar |
6ced79 |
+ }
|
|
Miroslav Lichvar |
6ced79 |
|
|
Miroslav Lichvar |
6ced79 |
/* Must be ethernet or fddi */
|
|
Miroslav Lichvar |
6ced79 |
linktype = pcap_datalink(pd);
|
|
Miroslav Lichvar |
6ced79 |
@@ -751,6 +784,6 @@
|
|
Miroslav Lichvar |
6ced79 |
|
|
Miroslav Lichvar |
6ced79 |
(void)fprintf(stderr, "Version %s\n", version);
|
|
Miroslav Lichvar |
6ced79 |
(void)fprintf(stderr, "usage: %s [-dN] [-f datafile] [-i interface]"
|
|
Miroslav Lichvar |
6ced79 |
- " [-n net[/width]] [-r file]\n", prog);
|
|
Miroslav Lichvar |
6ced79 |
+ " [-n net[/width]] [-r file] [-u username]\n", prog);
|
|
Miroslav Lichvar |
6ced79 |
exit(1);
|
|
Miroslav Lichvar |
6ced79 |
}
|