int main(int argc, char **argv) { int pid, ret, i, o, blah; /* Flip through the arguments looking for pids */ for(i=1;i<argc; i++) { /* What's the PID? */ pid=atoi(argv[i]); o=owner(pid); if( (pid<1) || (o==-1) ) { /* We're not going to worry about process groups */ blah=fprintf(stderr, "Warning: %s is not a valid PID\n", argv[i]); } else { syslog(LOG_NOTICE|LOG_AUTH, "superkill: %s (%d) wishes to kill %d, owned by %d\n", getlogin(), getuid(), pid, o); /* We start with an INT, same as ^C */ if( kill(pid, SIGINT) <0 ) { perror(argv[i]); } /* Give it a couple of seconds to die */ blah=sleep(2); if( ISRUNNING(pid) ) { /* Do this if it didn't kill the first time */ if( kill(pid, SIGKILL) <0 ) { perror(argv[i]); } /* Check to see if it survived the 9 */ if(ISRUNNING(pid)) { syslog(LOG_NOTICE|LOG_AUTH, "superkill: %s (%d) could not kill %d\n", getlogin(), getuid(), pid); blah=fprintf(stderr, "Couldn't kill %d\n", pid); ret=1; } } } } closelog(); return(ret); }
/* * Look for a given device in the specified list of devices. * * If we find it, return 0 and set *curdev_ret to point to it. * * If we don't find it, check whether we can open it: * * If that fails with PCAP_ERROR_NO_SUCH_DEVICE or * PCAP_ERROR_IFACE_NOT_UP, don't attempt to add an entry for * it, as that probably means it exists but doesn't support * packet capture. * * Otherwise, attempt to add an entry for it, with the specified * ifnet flags and description, and, if that succeeds, return 0 * and set *curdev_ret to point to the new entry, otherwise * return PCAP_ERROR and set errbuf to an error message. */ int add_or_find_if(pcap_if_t **curdev_ret, pcap_if_t **alldevs, const char *name, u_int flags, const char *description, char *errbuf) { pcap_t *p; pcap_if_t *curdev, *prevdev, *nextdev; u_int this_figure_of_merit, nextdev_figure_of_merit; char open_errbuf[PCAP_ERRBUF_SIZE]; int ret; /* * Is there already an entry in the list for this interface? */ for (curdev = *alldevs; curdev != NULL; curdev = curdev->next) { if (strcmp(name, curdev->name) == 0) break; /* yes, we found it */ } if (curdev == NULL) { /* * No, we didn't find it. * * Can we open this interface for live capture? * * We do this check so that interfaces that are * supplied by the interface enumeration mechanism * we're using but that don't support packet capture * aren't included in the list. Loopback interfaces * on Solaris are an example of this; we don't just * omit loopback interfaces on all platforms because * you *can* capture on loopback interfaces on some * OSes. * * On OS X, we don't do this check if the device * name begins with "wlt"; at least some versions * of OS X offer monitor mode capturing by having * a separate "monitor mode" device for each wireless * adapter, rather than by implementing the ioctls * that {Free,Net,Open,DragonFly}BSD provide. * Opening that device puts the adapter into monitor * mode, which, at least for some adapters, causes * them to deassociate from the network with which * they're associated. * * Instead, we try to open the corresponding "en" * device (so that we don't end up with, for users * without sufficient privilege to open capture * devices, a list of adapters that only includes * the wlt devices). */ #ifdef __APPLE__ if (strncmp(name, "wlt", 3) == 0) { char *en_name; size_t en_name_len; /* * Try to allocate a buffer for the "en" * device's name. */ en_name_len = strlen(name) - 1; en_name = malloc(en_name_len + 1); if (en_name == NULL) { (void)snprintf(errbuf, PCAP_ERRBUF_SIZE, "malloc: %s", pcap_strerror(errno)); return (-1); } strcpy(en_name, "en"); strcat(en_name, name + 3); p = pcap_create(en_name, open_errbuf); free(en_name); } else #endif /* __APPLE */ p = pcap_create(name, open_errbuf); if (p == NULL) { /* * The attempt to create the pcap_t failed; * that's probably an indication that we're * out of memory. * * Don't bother including this interface, * but don't treat it as an error. */ *curdev_ret = NULL; return (0); } /* Small snaplen, so we don't try to allocate much memory. */ pcap_set_snaplen(p, 68); ret = pcap_activate(p); pcap_close(p); switch (ret) { case PCAP_ERROR_NO_SUCH_DEVICE: case PCAP_ERROR_IFACE_NOT_UP: /* * We expect these two errors - they're the * reason we try to open the device. * * PCAP_ERROR_NO_SUCH_DEVICE typically means * "there's no such device *known to the * OS's capture mechanism*", so, even though * it might be a valid network interface, you * can't capture on it (e.g., the loopback * device in Solaris up to Solaris 10, or * the vmnet devices in OS X with VMware * Fusion). We don't include those devices * in our list of devices, as there's no * point in doing so - they're not available * for capture. * * PCAP_ERROR_IFACE_NOT_UP means that the * OS's capture mechanism doesn't work on * interfaces not marked as up; some capture * mechanisms *do* support that, so we no * longer reject those interfaces out of hand, * but we *do* want to reject them if they * can't be opened for capture. */ *curdev_ret = NULL; return (0); } /* * Yes, we can open it, or we can't, for some other * reason. * * If we can open it, we want to offer it for * capture, as you can capture on it. If we can't, * we want to offer it for capture, so that, if * the user tries to capture on it, they'll get * an error and they'll know why they can't * capture on it (e.g., insufficient permissions) * or they'll report it as a problem (and then * have the error message to provide as information). * * Allocate a new entry. */ curdev = malloc(sizeof(pcap_if_t)); if (curdev == NULL) { (void)snprintf(errbuf, PCAP_ERRBUF_SIZE, "malloc: %s", pcap_strerror(errno)); return (-1); } /* * Fill in the entry. */ curdev->next = NULL; curdev->name = strdup(name); if (curdev->name == NULL) { (void)snprintf(errbuf, PCAP_ERRBUF_SIZE, "malloc: %s", pcap_strerror(errno)); free(curdev); return (-1); } if (description != NULL) { /* * We have a description for this interface. */ curdev->description = strdup(description); if (curdev->description == NULL) { (void)snprintf(errbuf, PCAP_ERRBUF_SIZE, "malloc: %s", pcap_strerror(errno)); free(curdev->name); free(curdev); return (-1); } } else { /* * We don't. */ curdev->description = NULL; } curdev->addresses = NULL; /* list starts out as empty */ curdev->flags = 0; if (ISLOOPBACK(name, flags)) curdev->flags |= PCAP_IF_LOOPBACK; if (ISUP(flags)) curdev->flags |= PCAP_IF_UP; if (ISRUNNING(flags)) curdev->flags |= PCAP_IF_RUNNING; /* * Add it to the list, in the appropriate location. * First, get the "figure of merit" for this * interface. */ this_figure_of_merit = get_figure_of_merit(curdev); /* * Now look for the last interface with an figure of merit * less than or equal to the new interface's figure of * merit. * * We start with "prevdev" being NULL, meaning we're before * the first element in the list. */ prevdev = NULL; for (;;) { /* * Get the interface after this one. */ if (prevdev == NULL) { /* * The next element is the first element. */ nextdev = *alldevs; } else nextdev = prevdev->next; /* * Are we at the end of the list? */ if (nextdev == NULL) { /* * Yes - we have to put the new entry * after "prevdev". */ break; } /* * Is the new interface's figure of merit less * than the next interface's figure of merit, * meaning that the new interface is better * than the next interface? */ nextdev_figure_of_merit = get_figure_of_merit(nextdev); if (this_figure_of_merit < nextdev_figure_of_merit) { /* * Yes - we should put the new entry * before "nextdev", i.e. after "prevdev". */ break; } prevdev = nextdev; } /* * Insert before "nextdev". */ curdev->next = nextdev; /* * Insert after "prevdev" - unless "prevdev" is null, * in which case this is the first interface. */ if (prevdev == NULL) { /* * This is the first interface. Pass back a * pointer to it, and put "curdev" before * "nextdev". */ *alldevs = curdev; } else prevdev->next = curdev; } *curdev_ret = curdev; return (0); }