+#ifndef WIN32
+/* Drop root privileges and chroot if necessary */
+static void
+droproot(const char *username, const char *chroot_dir)
+{
+ struct passwd *pw = NULL;
+
+ if (chroot_dir && !username) {
+ fprintf(stderr, "tcpdump: Chroot without dropping root is insecure\n");
+ exit(1);
+ }
+
+ pw = getpwnam(username);
+ if (pw) {
+ if (chroot_dir) {
+ if (chroot(chroot_dir) != 0 || chdir ("/") != 0) {
+ fprintf(stderr, "tcpdump: Couldn't chroot/chdir to '%.64s': %s\n",
+ chroot_dir, pcap_strerror(errno));
+ exit(1);
+ }
+ }
+#ifdef HAVE_CAP_NG_H
+ int ret = capng_change_id(pw->pw_uid, pw->pw_gid, CAPNG_NO_FLAG);
+ if (ret < 0) {
+ printf("error : ret %d\n", ret);
+ }
+ /* We don't need CAP_SETUID and CAP_SETGID */
+ capng_update(CAPNG_DROP, CAPNG_EFFECTIVE, CAP_SETUID);
+ capng_update(CAPNG_DROP, CAPNG_EFFECTIVE, CAP_SETUID);
+ capng_update(CAPNG_DROP, CAPNG_PERMITTED, CAP_SETUID);
+ capng_update(CAPNG_DROP, CAPNG_PERMITTED, CAP_SETUID);
+ capng_apply(CAPNG_SELECT_BOTH);
+
+#else
+ if (initgroups(pw->pw_name, pw->pw_gid) != 0 ||
+ setgid(pw->pw_gid) != 0 || setuid(pw->pw_uid) != 0) {
+ fprintf(stderr, "tcpdump: Couldn't change to '%.32s' uid=%lu gid=%lu: %s\n",
+ username,
+ (unsigned long)pw->pw_uid,
+ (unsigned long)pw->pw_gid,
+ pcap_strerror(errno));
+ exit(1);
+ }
+#endif /* HAVE_CAP_NG_H */
+ }
+ else {
+ fprintf(stderr, "tcpdump: Couldn't find user '%.32s'\n",
+ username);
+ exit(1);
+ }
+}
+#endif /* WIN32 */
+
+static int
+getWflagChars(int x)
+{
+ int c = 0;
+
+ x -= 1;
+ while (x > 0) {
+ c += 1;
+ x /= 10;
+ }
+
+ return c;
+}
+
+
+static void
+MakeFilename(char *buffer, char *orig_name, int cnt, int max_chars)
+{
+ char *filename = malloc(PATH_MAX + 1);
+ if (filename == NULL)
+ error("Makefilename: malloc");
+
+ /* Process with strftime if Gflag is set. */
+ if (Gflag != 0) {
+ struct tm *local_tm;
+
+ /* Convert Gflag_time to a usable format */
+ if ((local_tm = localtime(&Gflag_time)) == NULL) {
+ error("MakeTimedFilename: localtime");
+ }
+
+ /* There's no good way to detect an error in strftime since a return
+ * value of 0 isn't necessarily failure.
+ */
+ strftime(filename, PATH_MAX, orig_name, local_tm);
+ } else {
+ strncpy(filename, orig_name, PATH_MAX);
+ }
+
+ if (cnt == 0 && max_chars == 0)
+ strncpy(buffer, filename, PATH_MAX + 1);
+ else
+ if (snprintf(buffer, PATH_MAX + 1, "%s%0*d", filename, max_chars, cnt) > PATH_MAX)
+ /* Report an error if the filename is too large */
+ error("too many output files or filename is too long (> %d)", PATH_MAX);
+ free(filename);
+}
+
+static int tcpdump_printf(netdissect_options *ndo _U_,
+ const char *fmt, ...)
+{
+
+ va_list args;
+ int ret;
+
+ va_start(args, fmt);
+ ret=vfprintf(stdout, fmt, args);
+ va_end(args);
+
+ return ret;
+}
+
+static struct print_info
+get_print_info(int type)
+{
+ struct print_info printinfo;
+
+ printinfo.ndo_type = 1;
+ printinfo.ndo = gndo;
+ printinfo.p.ndo_printer = lookup_ndo_printer(type);
+ if (printinfo.p.ndo_printer == NULL) {
+ printinfo.p.printer = lookup_printer(type);
+ printinfo.ndo_type = 0;
+ if (printinfo.p.printer == NULL) {
+ gndo->ndo_dltname = pcap_datalink_val_to_name(type);
+ if (gndo->ndo_dltname != NULL)
+ error("packet printing is not supported for link type %s: use -w",
+ gndo->ndo_dltname);
+ else
+ error("packet printing is not supported for link type %d: use -w", type);
+ }
+ }
+ return (printinfo);
+}
+
+static char *
+get_next_file(FILE *VFile, char *ptr)
+{
+ char *ret;
+
+ ret = fgets(ptr, PATH_MAX, VFile);
+ if (!ret)
+ return NULL;
+
+ if (ptr[strlen(ptr) - 1] == '\n')
+ ptr[strlen(ptr) - 1] = '\0';
+
+ return ret;
+}
+
projects / tcpdump / blobdiff