diff options
author | netblue30 <netblue30@yahoo.com> | 2015-08-08 19:12:30 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2015-08-08 19:12:30 -0400 |
commit | 1379851360349d6617ad32944a25ee5e2bb74fc2 (patch) | |
tree | f69b48e90708bfa3c2723d5a27ed3e024c827b43 /src/lib | |
parent | delete files (diff) | |
download | firejail-1379851360349d6617ad32944a25ee5e2bb74fc2.tar.gz firejail-1379851360349d6617ad32944a25ee5e2bb74fc2.tar.zst firejail-1379851360349d6617ad32944a25ee5e2bb74fc2.zip |
Baseline firejail 0.9.28
Diffstat (limited to 'src/lib')
-rw-r--r-- | src/lib/Makefile.in | 20 | ||||
-rw-r--r-- | src/lib/common.c | 192 | ||||
-rw-r--r-- | src/lib/libnetlink.c | 803 | ||||
-rw-r--r-- | src/lib/pid.c | 392 |
4 files changed, 1407 insertions, 0 deletions
diff --git a/src/lib/Makefile.in b/src/lib/Makefile.in new file mode 100644 index 000000000..6e6be1910 --- /dev/null +++ b/src/lib/Makefile.in | |||
@@ -0,0 +1,20 @@ | |||
1 | PREFIX=@prefix@ | ||
2 | VERSION=@PACKAGE_VERSION@ | ||
3 | NAME=@PACKAGE_NAME@ | ||
4 | |||
5 | H_FILE_LIST = $(wildcard *.[h]) | ||
6 | C_FILE_LIST = $(wildcard *.c) | ||
7 | OBJS = $(C_FILE_LIST:.c=.o) | ||
8 | BINOBJS = $(foreach file, $(OBJS), $file) | ||
9 | CFLAGS += -ggdb -O2 -DVERSION='"$(VERSION)"' -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIC -Wformat -Wformat-security | ||
10 | LDFLAGS:=-pic -Wl,-z,relro -Wl,-z,now | ||
11 | |||
12 | all: $(OBJS) | ||
13 | |||
14 | %.o : %.c $(H_FILE_LIST) | ||
15 | $(CC) $(CFLAGS) $(INCLUDE) -c $< -o $@ | ||
16 | |||
17 | clean:; rm -f $(OBJS) | ||
18 | |||
19 | distclean: clean | ||
20 | rm -fr Makefile | ||
diff --git a/src/lib/common.c b/src/lib/common.c new file mode 100644 index 000000000..6d928abbb --- /dev/null +++ b/src/lib/common.c | |||
@@ -0,0 +1,192 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2014, 2015 netblue30 (netblue30@yahoo.com) | ||
3 | * | ||
4 | * This file is part of firejail project | ||
5 | * | ||
6 | * This program is free software; you can redistribute it and/or modify | ||
7 | * it under the terms of the GNU General Public License as published by | ||
8 | * the Free Software Foundation; either version 2 of the License, or | ||
9 | * (at your option) any later version. | ||
10 | * | ||
11 | * This program is distributed in the hope that it will be useful, | ||
12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
14 | * GNU General Public License for more details. | ||
15 | * | ||
16 | * You should have received a copy of the GNU General Public License along | ||
17 | * with this program; if not, write to the Free Software Foundation, Inc., | ||
18 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. | ||
19 | */ | ||
20 | #define _GNU_SOURCE | ||
21 | #include <stdio.h> | ||
22 | #include <sys/types.h> | ||
23 | #include <sys/stat.h> | ||
24 | #include <sys/wait.h> | ||
25 | #include <fcntl.h> | ||
26 | #include <sys/syscall.h> | ||
27 | #include <errno.h> | ||
28 | #include <unistd.h> | ||
29 | #include <sys/prctl.h> | ||
30 | #include <signal.h> | ||
31 | #include <dirent.h> | ||
32 | #include <string.h> | ||
33 | #include "../include/common.h" | ||
34 | |||
35 | int join_namespace(pid_t pid, char *type) { | ||
36 | char *path; | ||
37 | if (asprintf(&path, "/proc/%u/ns/%s", pid, type) == -1) | ||
38 | errExit("asprintf"); | ||
39 | |||
40 | int fd = open(path, O_RDONLY); | ||
41 | if (fd < 0) { | ||
42 | free(path); | ||
43 | fprintf(stderr, "Error: cannot open /proc/%u/ns/%s.\n", pid, type); | ||
44 | return -1; | ||
45 | } | ||
46 | |||
47 | if (syscall(__NR_setns, fd, 0) < 0) { | ||
48 | free(path); | ||
49 | fprintf(stderr, "Error: cannot join namespace %s.\n", type); | ||
50 | close(fd); | ||
51 | return -1; | ||
52 | } | ||
53 | |||
54 | close(fd); | ||
55 | free(path); | ||
56 | return 0; | ||
57 | } | ||
58 | |||
59 | // return 1 if error | ||
60 | int name2pid(const char *name, pid_t *pid) { | ||
61 | pid_t parent = getpid(); | ||
62 | |||
63 | DIR *dir; | ||
64 | if (!(dir = opendir("/proc"))) { | ||
65 | // sleep 2 seconds and try again | ||
66 | sleep(2); | ||
67 | if (!(dir = opendir("/proc"))) { | ||
68 | fprintf(stderr, "Error: cannot open /proc directory\n"); | ||
69 | exit(1); | ||
70 | } | ||
71 | } | ||
72 | |||
73 | struct dirent *entry; | ||
74 | char *end; | ||
75 | while ((entry = readdir(dir))) { | ||
76 | pid_t newpid = strtol(entry->d_name, &end, 10); | ||
77 | if (end == entry->d_name || *end) | ||
78 | continue; | ||
79 | if (newpid == parent) | ||
80 | continue; | ||
81 | |||
82 | // check if this is a firejail executable | ||
83 | char *comm = pid_proc_comm(newpid); | ||
84 | if (comm) { | ||
85 | // remove \n | ||
86 | char *ptr = strchr(comm, '\n'); | ||
87 | if (ptr) | ||
88 | *ptr = '\0'; | ||
89 | if (strcmp(comm, "firejail")) { | ||
90 | free(comm); | ||
91 | continue; | ||
92 | } | ||
93 | free(comm); | ||
94 | } | ||
95 | |||
96 | char *cmd = pid_proc_cmdline(newpid); | ||
97 | if (cmd) { | ||
98 | // mark the end of the name | ||
99 | char *ptr = strstr(cmd, "--name="); | ||
100 | char *start = ptr; | ||
101 | if (!ptr) { | ||
102 | free(cmd); | ||
103 | continue; | ||
104 | } | ||
105 | while (*ptr != ' ' && *ptr != '\t' && *ptr != '\0') | ||
106 | ptr++; | ||
107 | *ptr = '\0'; | ||
108 | int rv = strcmp(start + 7, name); | ||
109 | if (rv == 0) { | ||
110 | free(cmd); | ||
111 | *pid = newpid; | ||
112 | closedir(dir); | ||
113 | return 0; | ||
114 | } | ||
115 | free(cmd); | ||
116 | } | ||
117 | } | ||
118 | closedir(dir); | ||
119 | return 1; | ||
120 | } | ||
121 | |||
122 | #define BUFLEN 4096 | ||
123 | char *pid_proc_comm(const pid_t pid) { | ||
124 | // open /proc/pid/cmdline file | ||
125 | char *fname; | ||
126 | int fd; | ||
127 | if (asprintf(&fname, "/proc/%d//comm", pid) == -1) | ||
128 | return NULL; | ||
129 | if ((fd = open(fname, O_RDONLY)) < 0) { | ||
130 | free(fname); | ||
131 | return NULL; | ||
132 | } | ||
133 | free(fname); | ||
134 | |||
135 | // read file | ||
136 | unsigned char buffer[BUFLEN]; | ||
137 | ssize_t len; | ||
138 | if ((len = read(fd, buffer, sizeof(buffer) - 1)) <= 0) { | ||
139 | close(fd); | ||
140 | return NULL; | ||
141 | } | ||
142 | buffer[len] = '\0'; | ||
143 | close(fd); | ||
144 | |||
145 | // return a malloc copy of the command line | ||
146 | char *rv = strdup((char *) buffer); | ||
147 | if (strlen(rv) == 0) { | ||
148 | free(rv); | ||
149 | return NULL; | ||
150 | } | ||
151 | return rv; | ||
152 | } | ||
153 | |||
154 | char *pid_proc_cmdline(const pid_t pid) { | ||
155 | // open /proc/pid/cmdline file | ||
156 | char *fname; | ||
157 | int fd; | ||
158 | if (asprintf(&fname, "/proc/%d/cmdline", pid) == -1) | ||
159 | return NULL; | ||
160 | if ((fd = open(fname, O_RDONLY)) < 0) { | ||
161 | free(fname); | ||
162 | return NULL; | ||
163 | } | ||
164 | free(fname); | ||
165 | |||
166 | // read file | ||
167 | unsigned char buffer[BUFLEN]; | ||
168 | ssize_t len; | ||
169 | if ((len = read(fd, buffer, sizeof(buffer) - 1)) <= 0) { | ||
170 | close(fd); | ||
171 | return NULL; | ||
172 | } | ||
173 | buffer[len] = '\0'; | ||
174 | close(fd); | ||
175 | |||
176 | // clean data | ||
177 | int i; | ||
178 | for (i = 0; i < len; i++) { | ||
179 | if (buffer[i] == '\0') | ||
180 | buffer[i] = ' '; | ||
181 | if (buffer[i] >= 0x80) // execv in progress!!! | ||
182 | return NULL; | ||
183 | } | ||
184 | |||
185 | // return a malloc copy of the command line | ||
186 | char *rv = strdup((char *) buffer); | ||
187 | if (strlen(rv) == 0) { | ||
188 | free(rv); | ||
189 | return NULL; | ||
190 | } | ||
191 | return rv; | ||
192 | } | ||
diff --git a/src/lib/libnetlink.c b/src/lib/libnetlink.c new file mode 100644 index 000000000..264632a01 --- /dev/null +++ b/src/lib/libnetlink.c | |||
@@ -0,0 +1,803 @@ | |||
1 | /* file extracted from iproute2 software package | ||
2 | * | ||
3 | * Original source code: | ||
4 | * | ||
5 | * Information: | ||
6 | * http://www.linuxfoundation.org/collaborate/workgroups/networking/iproute2 | ||
7 | * | ||
8 | * Download: | ||
9 | * http://www.kernel.org/pub/linux/utils/net/iproute2/ | ||
10 | * | ||
11 | * Repository: | ||
12 | * git://git.kernel.org/pub/scm/linux/kernel/git/shemminger/iproute2.git | ||
13 | * | ||
14 | * License: GPL v2 | ||
15 | * | ||
16 | * Original copyright header | ||
17 | * | ||
18 | * libnetlink.c RTnetlink service routines. | ||
19 | * | ||
20 | * This program is free software; you can redistribute it and/or | ||
21 | * modify it under the terms of the GNU General Public License | ||
22 | * as published by the Free Software Foundation; either version | ||
23 | * 2 of the License, or (at your option) any later version. | ||
24 | * | ||
25 | * Authors: Alexey Kuznetsov, <kuznet@ms2.inr.ac.ru> | ||
26 | * | ||
27 | */ | ||
28 | |||
29 | #include <stdio.h> | ||
30 | #include <stdlib.h> | ||
31 | #include <unistd.h> | ||
32 | #include <syslog.h> | ||
33 | #include <fcntl.h> | ||
34 | #include <net/if_arp.h> | ||
35 | #include <sys/socket.h> | ||
36 | #include <netinet/in.h> | ||
37 | #include <string.h> | ||
38 | #include <errno.h> | ||
39 | #include <time.h> | ||
40 | #include <sys/uio.h> | ||
41 | |||
42 | #include "../include/libnetlink.h" | ||
43 | |||
44 | int rcvbuf = 1024 * 1024; | ||
45 | |||
46 | void rtnl_close(struct rtnl_handle *rth) | ||
47 | { | ||
48 | if (rth->fd >= 0) { | ||
49 | close(rth->fd); | ||
50 | rth->fd = -1; | ||
51 | } | ||
52 | } | ||
53 | |||
54 | int rtnl_open_byproto(struct rtnl_handle *rth, unsigned subscriptions, | ||
55 | int protocol) | ||
56 | { | ||
57 | socklen_t addr_len; | ||
58 | int sndbuf = 32768; | ||
59 | |||
60 | memset(rth, 0, sizeof(*rth)); | ||
61 | |||
62 | rth->fd = socket(AF_NETLINK, SOCK_RAW | SOCK_CLOEXEC, protocol); | ||
63 | if (rth->fd < 0) { | ||
64 | perror("Cannot open netlink socket"); | ||
65 | return -1; | ||
66 | } | ||
67 | |||
68 | if (setsockopt(rth->fd,SOL_SOCKET,SO_SNDBUF,&sndbuf,sizeof(sndbuf)) < 0) { | ||
69 | perror("SO_SNDBUF"); | ||
70 | return -1; | ||
71 | } | ||
72 | |||
73 | if (setsockopt(rth->fd,SOL_SOCKET,SO_RCVBUF,&rcvbuf,sizeof(rcvbuf)) < 0) { | ||
74 | perror("SO_RCVBUF"); | ||
75 | return -1; | ||
76 | } | ||
77 | |||
78 | memset(&rth->local, 0, sizeof(rth->local)); | ||
79 | rth->local.nl_family = AF_NETLINK; | ||
80 | rth->local.nl_groups = subscriptions; | ||
81 | |||
82 | if (bind(rth->fd, (struct sockaddr*)&rth->local, sizeof(rth->local)) < 0) { | ||
83 | perror("Cannot bind netlink socket"); | ||
84 | return -1; | ||
85 | } | ||
86 | addr_len = sizeof(rth->local); | ||
87 | if (getsockname(rth->fd, (struct sockaddr*)&rth->local, &addr_len) < 0) { | ||
88 | perror("Cannot getsockname"); | ||
89 | return -1; | ||
90 | } | ||
91 | if (addr_len != sizeof(rth->local)) { | ||
92 | fprintf(stderr, "Wrong address length %d\n", addr_len); | ||
93 | return -1; | ||
94 | } | ||
95 | if (rth->local.nl_family != AF_NETLINK) { | ||
96 | fprintf(stderr, "Wrong address family %d\n", rth->local.nl_family); | ||
97 | return -1; | ||
98 | } | ||
99 | rth->seq = time(NULL); | ||
100 | return 0; | ||
101 | } | ||
102 | |||
103 | int rtnl_open(struct rtnl_handle *rth, unsigned subscriptions) | ||
104 | { | ||
105 | return rtnl_open_byproto(rth, subscriptions, NETLINK_ROUTE); | ||
106 | } | ||
107 | |||
108 | int rtnl_wilddump_request(struct rtnl_handle *rth, int family, int type) | ||
109 | { | ||
110 | return rtnl_wilddump_req_filter(rth, family, type, RTEXT_FILTER_VF); | ||
111 | } | ||
112 | |||
113 | int rtnl_wilddump_req_filter(struct rtnl_handle *rth, int family, int type, | ||
114 | __u32 filt_mask) | ||
115 | { | ||
116 | struct { | ||
117 | struct nlmsghdr nlh; | ||
118 | struct ifinfomsg ifm; | ||
119 | /* attribute has to be NLMSG aligned */ | ||
120 | struct rtattr ext_req __attribute__ ((aligned(NLMSG_ALIGNTO))); | ||
121 | __u32 ext_filter_mask; | ||
122 | } req; | ||
123 | |||
124 | memset(&req, 0, sizeof(req)); | ||
125 | req.nlh.nlmsg_len = sizeof(req); | ||
126 | req.nlh.nlmsg_type = type; | ||
127 | req.nlh.nlmsg_flags = NLM_F_DUMP|NLM_F_REQUEST; | ||
128 | req.nlh.nlmsg_pid = 0; | ||
129 | req.nlh.nlmsg_seq = rth->dump = ++rth->seq; | ||
130 | req.ifm.ifi_family = family; | ||
131 | |||
132 | req.ext_req.rta_type = IFLA_EXT_MASK; | ||
133 | req.ext_req.rta_len = RTA_LENGTH(sizeof(__u32)); | ||
134 | req.ext_filter_mask = filt_mask; | ||
135 | |||
136 | return send(rth->fd, (void*)&req, sizeof(req), 0); | ||
137 | } | ||
138 | |||
139 | int rtnl_send(struct rtnl_handle *rth, const void *buf, int len) | ||
140 | { | ||
141 | return send(rth->fd, buf, len, 0); | ||
142 | } | ||
143 | |||
144 | int rtnl_send_check(struct rtnl_handle *rth, const void *buf, int len) | ||
145 | { | ||
146 | struct nlmsghdr *h; | ||
147 | int status; | ||
148 | char resp[1024]; | ||
149 | |||
150 | status = send(rth->fd, buf, len, 0); | ||
151 | if (status < 0) | ||
152 | return status; | ||
153 | |||
154 | /* Check for immediate errors */ | ||
155 | status = recv(rth->fd, resp, sizeof(resp), MSG_DONTWAIT|MSG_PEEK); | ||
156 | if (status < 0) { | ||
157 | if (errno == EAGAIN) | ||
158 | return 0; | ||
159 | return -1; | ||
160 | } | ||
161 | |||
162 | for (h = (struct nlmsghdr *)resp; NLMSG_OK(h, status); | ||
163 | h = NLMSG_NEXT(h, status)) { | ||
164 | if (h->nlmsg_type == NLMSG_ERROR) { | ||
165 | struct nlmsgerr *err = (struct nlmsgerr*)NLMSG_DATA(h); | ||
166 | if (h->nlmsg_len < NLMSG_LENGTH(sizeof(struct nlmsgerr))) | ||
167 | fprintf(stderr, "ERROR truncated\n"); | ||
168 | else | ||
169 | errno = -err->error; | ||
170 | return -1; | ||
171 | } | ||
172 | } | ||
173 | |||
174 | return 0; | ||
175 | } | ||
176 | |||
177 | int rtnl_dump_request(struct rtnl_handle *rth, int type, void *req, int len) | ||
178 | { | ||
179 | struct nlmsghdr nlh; | ||
180 | struct sockaddr_nl nladdr = { .nl_family = AF_NETLINK }; | ||
181 | struct iovec iov[2] = { | ||
182 | { .iov_base = &nlh, .iov_len = sizeof(nlh) }, | ||
183 | { .iov_base = req, .iov_len = len } | ||
184 | }; | ||
185 | struct msghdr msg = { | ||
186 | .msg_name = &nladdr, | ||
187 | .msg_namelen = sizeof(nladdr), | ||
188 | .msg_iov = iov, | ||
189 | .msg_iovlen = 2, | ||
190 | }; | ||
191 | |||
192 | nlh.nlmsg_len = NLMSG_LENGTH(len); | ||
193 | nlh.nlmsg_type = type; | ||
194 | nlh.nlmsg_flags = NLM_F_DUMP|NLM_F_REQUEST; | ||
195 | nlh.nlmsg_pid = 0; | ||
196 | nlh.nlmsg_seq = rth->dump = ++rth->seq; | ||
197 | |||
198 | return sendmsg(rth->fd, &msg, 0); | ||
199 | } | ||
200 | |||
201 | int rtnl_dump_filter_l(struct rtnl_handle *rth, | ||
202 | const struct rtnl_dump_filter_arg *arg) | ||
203 | { | ||
204 | struct sockaddr_nl nladdr; | ||
205 | struct iovec iov; | ||
206 | struct msghdr msg = { | ||
207 | .msg_name = &nladdr, | ||
208 | .msg_namelen = sizeof(nladdr), | ||
209 | .msg_iov = &iov, | ||
210 | .msg_iovlen = 1, | ||
211 | }; | ||
212 | char buf[16384]; | ||
213 | int dump_intr = 0; | ||
214 | |||
215 | iov.iov_base = buf; | ||
216 | while (1) { | ||
217 | int status; | ||
218 | const struct rtnl_dump_filter_arg *a; | ||
219 | int found_done = 0; | ||
220 | int msglen = 0; | ||
221 | |||
222 | iov.iov_len = sizeof(buf); | ||
223 | status = recvmsg(rth->fd, &msg, 0); | ||
224 | |||
225 | if (status < 0) { | ||
226 | if (errno == EINTR || errno == EAGAIN) | ||
227 | continue; | ||
228 | fprintf(stderr, "netlink receive error %s (%d)\n", | ||
229 | strerror(errno), errno); | ||
230 | return -1; | ||
231 | } | ||
232 | |||
233 | if (status == 0) { | ||
234 | fprintf(stderr, "EOF on netlink\n"); | ||
235 | return -1; | ||
236 | } | ||
237 | |||
238 | for (a = arg; a->filter; a++) { | ||
239 | struct nlmsghdr *h = (struct nlmsghdr*)buf; | ||
240 | msglen = status; | ||
241 | |||
242 | while (NLMSG_OK(h, msglen)) { | ||
243 | int err; | ||
244 | |||
245 | if (nladdr.nl_pid != 0 || | ||
246 | h->nlmsg_pid != rth->local.nl_pid || | ||
247 | h->nlmsg_seq != rth->dump) | ||
248 | goto skip_it; | ||
249 | |||
250 | if (h->nlmsg_flags & NLM_F_DUMP_INTR) | ||
251 | dump_intr = 1; | ||
252 | |||
253 | if (h->nlmsg_type == NLMSG_DONE) { | ||
254 | found_done = 1; | ||
255 | break; /* process next filter */ | ||
256 | } | ||
257 | if (h->nlmsg_type == NLMSG_ERROR) { | ||
258 | struct nlmsgerr *err = (struct nlmsgerr*)NLMSG_DATA(h); | ||
259 | if (h->nlmsg_len < NLMSG_LENGTH(sizeof(struct nlmsgerr))) { | ||
260 | fprintf(stderr, | ||
261 | "ERROR truncated\n"); | ||
262 | } else { | ||
263 | errno = -err->error; | ||
264 | perror("RTNETLINK answers"); | ||
265 | } | ||
266 | return -1; | ||
267 | } | ||
268 | err = a->filter(&nladdr, h, a->arg1); | ||
269 | if (err < 0) | ||
270 | return err; | ||
271 | |||
272 | skip_it: | ||
273 | h = NLMSG_NEXT(h, msglen); | ||
274 | } | ||
275 | } | ||
276 | |||
277 | if (found_done) { | ||
278 | if (dump_intr) | ||
279 | fprintf(stderr, | ||
280 | "Dump was interrupted and may be inconsistent.\n"); | ||
281 | return 0; | ||
282 | } | ||
283 | |||
284 | if (msg.msg_flags & MSG_TRUNC) { | ||
285 | fprintf(stderr, "Message truncated\n"); | ||
286 | continue; | ||
287 | } | ||
288 | if (msglen) { | ||
289 | fprintf(stderr, "!!!Remnant of size %d\n", msglen); | ||
290 | exit(1); | ||
291 | } | ||
292 | } | ||
293 | } | ||
294 | |||
295 | int rtnl_dump_filter(struct rtnl_handle *rth, | ||
296 | rtnl_filter_t filter, | ||
297 | void *arg1) | ||
298 | { | ||
299 | const struct rtnl_dump_filter_arg a[2] = { | ||
300 | { .filter = filter, .arg1 = arg1, }, | ||
301 | { .filter = NULL, .arg1 = NULL, }, | ||
302 | }; | ||
303 | |||
304 | return rtnl_dump_filter_l(rth, a); | ||
305 | } | ||
306 | |||
307 | int rtnl_talk(struct rtnl_handle *rtnl, struct nlmsghdr *n, pid_t peer, | ||
308 | unsigned groups, struct nlmsghdr *answer) | ||
309 | { | ||
310 | int status; | ||
311 | unsigned seq; | ||
312 | struct nlmsghdr *h; | ||
313 | struct sockaddr_nl nladdr; | ||
314 | struct iovec iov = { | ||
315 | .iov_base = (void*) n, | ||
316 | .iov_len = n->nlmsg_len | ||
317 | }; | ||
318 | struct msghdr msg = { | ||
319 | .msg_name = &nladdr, | ||
320 | .msg_namelen = sizeof(nladdr), | ||
321 | .msg_iov = &iov, | ||
322 | .msg_iovlen = 1, | ||
323 | }; | ||
324 | char buf[16384]; | ||
325 | |||
326 | memset(&nladdr, 0, sizeof(nladdr)); | ||
327 | nladdr.nl_family = AF_NETLINK; | ||
328 | nladdr.nl_pid = peer; | ||
329 | nladdr.nl_groups = groups; | ||
330 | |||
331 | n->nlmsg_seq = seq = ++rtnl->seq; | ||
332 | |||
333 | if (answer == NULL) | ||
334 | n->nlmsg_flags |= NLM_F_ACK; | ||
335 | |||
336 | status = sendmsg(rtnl->fd, &msg, 0); | ||
337 | |||
338 | if (status < 0) { | ||
339 | perror("Cannot talk to rtnetlink"); | ||
340 | return -1; | ||
341 | } | ||
342 | |||
343 | memset(buf,0,sizeof(buf)); | ||
344 | |||
345 | iov.iov_base = buf; | ||
346 | |||
347 | while (1) { | ||
348 | iov.iov_len = sizeof(buf); | ||
349 | status = recvmsg(rtnl->fd, &msg, 0); | ||
350 | |||
351 | if (status < 0) { | ||
352 | if (errno == EINTR || errno == EAGAIN) | ||
353 | continue; | ||
354 | fprintf(stderr, "netlink receive error %s (%d)\n", | ||
355 | strerror(errno), errno); | ||
356 | return -1; | ||
357 | } | ||
358 | if (status == 0) { | ||
359 | fprintf(stderr, "EOF on netlink\n"); | ||
360 | return -1; | ||
361 | } | ||
362 | if (msg.msg_namelen != sizeof(nladdr)) { | ||
363 | fprintf(stderr, "sender address length == %d\n", msg.msg_namelen); | ||
364 | exit(1); | ||
365 | } | ||
366 | for (h = (struct nlmsghdr*)buf; status >= sizeof(*h); ) { | ||
367 | int len = h->nlmsg_len; | ||
368 | int l = len - sizeof(*h); | ||
369 | |||
370 | if (l < 0 || len>status) { | ||
371 | if (msg.msg_flags & MSG_TRUNC) { | ||
372 | fprintf(stderr, "Truncated message\n"); | ||
373 | return -1; | ||
374 | } | ||
375 | fprintf(stderr, "!!!malformed message: len=%d\n", len); | ||
376 | exit(1); | ||
377 | } | ||
378 | |||
379 | if (nladdr.nl_pid != peer || | ||
380 | h->nlmsg_pid != rtnl->local.nl_pid || | ||
381 | h->nlmsg_seq != seq) { | ||
382 | /* Don't forget to skip that message. */ | ||
383 | status -= NLMSG_ALIGN(len); | ||
384 | h = (struct nlmsghdr*)((char*)h + NLMSG_ALIGN(len)); | ||
385 | continue; | ||
386 | } | ||
387 | |||
388 | if (h->nlmsg_type == NLMSG_ERROR) { | ||
389 | struct nlmsgerr *err = (struct nlmsgerr*)NLMSG_DATA(h); | ||
390 | if (l < sizeof(struct nlmsgerr)) { | ||
391 | fprintf(stderr, "ERROR truncated\n"); | ||
392 | } else { | ||
393 | if (!err->error) { | ||
394 | if (answer) | ||
395 | memcpy(answer, h, h->nlmsg_len); | ||
396 | return 0; | ||
397 | } | ||
398 | |||
399 | fprintf(stderr, "RTNETLINK answers: %s\n", strerror(-err->error)); | ||
400 | errno = -err->error; | ||
401 | } | ||
402 | return -1; | ||
403 | } | ||
404 | if (answer) { | ||
405 | memcpy(answer, h, h->nlmsg_len); | ||
406 | return 0; | ||
407 | } | ||
408 | |||
409 | fprintf(stderr, "Unexpected reply!!!\n"); | ||
410 | |||
411 | status -= NLMSG_ALIGN(len); | ||
412 | h = (struct nlmsghdr*)((char*)h + NLMSG_ALIGN(len)); | ||
413 | } | ||
414 | if (msg.msg_flags & MSG_TRUNC) { | ||
415 | fprintf(stderr, "Message truncated\n"); | ||
416 | continue; | ||
417 | } | ||
418 | if (status) { | ||
419 | fprintf(stderr, "!!!Remnant of size %d\n", status); | ||
420 | exit(1); | ||
421 | } | ||
422 | } | ||
423 | } | ||
424 | |||
425 | int rtnl_listen(struct rtnl_handle *rtnl, | ||
426 | rtnl_filter_t handler, | ||
427 | void *jarg) | ||
428 | { | ||
429 | int status; | ||
430 | struct nlmsghdr *h; | ||
431 | struct sockaddr_nl nladdr; | ||
432 | struct iovec iov; | ||
433 | struct msghdr msg = { | ||
434 | .msg_name = &nladdr, | ||
435 | .msg_namelen = sizeof(nladdr), | ||
436 | .msg_iov = &iov, | ||
437 | .msg_iovlen = 1, | ||
438 | }; | ||
439 | char buf[8192]; | ||
440 | |||
441 | memset(&nladdr, 0, sizeof(nladdr)); | ||
442 | nladdr.nl_family = AF_NETLINK; | ||
443 | nladdr.nl_pid = 0; | ||
444 | nladdr.nl_groups = 0; | ||
445 | |||
446 | iov.iov_base = buf; | ||
447 | while (1) { | ||
448 | iov.iov_len = sizeof(buf); | ||
449 | status = recvmsg(rtnl->fd, &msg, 0); | ||
450 | |||
451 | if (status < 0) { | ||
452 | if (errno == EINTR || errno == EAGAIN) | ||
453 | continue; | ||
454 | fprintf(stderr, "netlink receive error %s (%d)\n", | ||
455 | strerror(errno), errno); | ||
456 | if (errno == ENOBUFS) | ||
457 | continue; | ||
458 | return -1; | ||
459 | } | ||
460 | if (status == 0) { | ||
461 | fprintf(stderr, "EOF on netlink\n"); | ||
462 | return -1; | ||
463 | } | ||
464 | if (msg.msg_namelen != sizeof(nladdr)) { | ||
465 | fprintf(stderr, "Sender address length == %d\n", msg.msg_namelen); | ||
466 | exit(1); | ||
467 | } | ||
468 | for (h = (struct nlmsghdr*)buf; status >= sizeof(*h); ) { | ||
469 | int err; | ||
470 | int len = h->nlmsg_len; | ||
471 | int l = len - sizeof(*h); | ||
472 | |||
473 | if (l<0 || len>status) { | ||
474 | if (msg.msg_flags & MSG_TRUNC) { | ||
475 | fprintf(stderr, "Truncated message\n"); | ||
476 | return -1; | ||
477 | } | ||
478 | fprintf(stderr, "!!!malformed message: len=%d\n", len); | ||
479 | exit(1); | ||
480 | } | ||
481 | |||
482 | err = handler(&nladdr, h, jarg); | ||
483 | if (err < 0) | ||
484 | return err; | ||
485 | |||
486 | status -= NLMSG_ALIGN(len); | ||
487 | h = (struct nlmsghdr*)((char*)h + NLMSG_ALIGN(len)); | ||
488 | } | ||
489 | if (msg.msg_flags & MSG_TRUNC) { | ||
490 | fprintf(stderr, "Message truncated\n"); | ||
491 | continue; | ||
492 | } | ||
493 | if (status) { | ||
494 | fprintf(stderr, "!!!Remnant of size %d\n", status); | ||
495 | exit(1); | ||
496 | } | ||
497 | } | ||
498 | } | ||
499 | |||
500 | int rtnl_from_file(FILE *rtnl, rtnl_filter_t handler, | ||
501 | void *jarg) | ||
502 | { | ||
503 | int status; | ||
504 | struct sockaddr_nl nladdr; | ||
505 | char buf[8192]; | ||
506 | struct nlmsghdr *h = (void*)buf; | ||
507 | |||
508 | memset(&nladdr, 0, sizeof(nladdr)); | ||
509 | nladdr.nl_family = AF_NETLINK; | ||
510 | nladdr.nl_pid = 0; | ||
511 | nladdr.nl_groups = 0; | ||
512 | |||
513 | while (1) { | ||
514 | int err, len; | ||
515 | int l; | ||
516 | |||
517 | status = fread(&buf, 1, sizeof(*h), rtnl); | ||
518 | |||
519 | if (status < 0) { | ||
520 | if (errno == EINTR) | ||
521 | continue; | ||
522 | perror("rtnl_from_file: fread"); | ||
523 | return -1; | ||
524 | } | ||
525 | if (status == 0) | ||
526 | return 0; | ||
527 | |||
528 | len = h->nlmsg_len; | ||
529 | l = len - sizeof(*h); | ||
530 | |||
531 | if (l<0 || len>sizeof(buf)) { | ||
532 | fprintf(stderr, "!!!malformed message: len=%d @%lu\n", | ||
533 | len, ftell(rtnl)); | ||
534 | return -1; | ||
535 | } | ||
536 | |||
537 | status = fread(NLMSG_DATA(h), 1, NLMSG_ALIGN(l), rtnl); | ||
538 | |||
539 | if (status < 0) { | ||
540 | perror("rtnl_from_file: fread"); | ||
541 | return -1; | ||
542 | } | ||
543 | if (status < l) { | ||
544 | fprintf(stderr, "rtnl-from_file: truncated message\n"); | ||
545 | return -1; | ||
546 | } | ||
547 | |||
548 | err = handler(&nladdr, h, jarg); | ||
549 | if (err < 0) | ||
550 | return err; | ||
551 | } | ||
552 | } | ||
553 | |||
554 | int addattr(struct nlmsghdr *n, int maxlen, int type) | ||
555 | { | ||
556 | return addattr_l(n, maxlen, type, NULL, 0); | ||
557 | } | ||
558 | |||
559 | int addattr8(struct nlmsghdr *n, int maxlen, int type, __u8 data) | ||
560 | { | ||
561 | return addattr_l(n, maxlen, type, &data, sizeof(__u8)); | ||
562 | } | ||
563 | |||
564 | int addattr16(struct nlmsghdr *n, int maxlen, int type, __u16 data) | ||
565 | { | ||
566 | return addattr_l(n, maxlen, type, &data, sizeof(__u16)); | ||
567 | } | ||
568 | |||
569 | int addattr32(struct nlmsghdr *n, int maxlen, int type, __u32 data) | ||
570 | { | ||
571 | return addattr_l(n, maxlen, type, &data, sizeof(__u32)); | ||
572 | } | ||
573 | |||
574 | int addattr64(struct nlmsghdr *n, int maxlen, int type, __u64 data) | ||
575 | { | ||
576 | return addattr_l(n, maxlen, type, &data, sizeof(__u64)); | ||
577 | } | ||
578 | |||
579 | int addattrstrz(struct nlmsghdr *n, int maxlen, int type, const char *str) | ||
580 | { | ||
581 | return addattr_l(n, maxlen, type, str, strlen(str)+1); | ||
582 | } | ||
583 | |||
584 | |||
585 | |||
586 | int addattr_l(struct nlmsghdr *n, int maxlen, int type, const void *data, | ||
587 | int alen) | ||
588 | { | ||
589 | |||
590 | #if 0 | ||
591 | printf("%d: %s\n", __LINE__, __FUNCTION__); | ||
592 | printf("\ttype %d - ", type); | ||
593 | if (type == IFLA_LINK) { | ||
594 | printf("IFLA_LINK\n"); | ||
595 | int i; | ||
596 | printf("\tdata - "); | ||
597 | for (i = 0; i < alen; i++) | ||
598 | printf("%02x, ", *((unsigned char *)data + i)); | ||
599 | printf("\n"); | ||
600 | } | ||
601 | else if (type == IFLA_IFNAME) { | ||
602 | printf("IFLA_IFNAME\n"); | ||
603 | printf("\tdata - #%s#\n", data); | ||
604 | } | ||
605 | else if (type == IFLA_LINKINFO) printf("IFLA_LINKINFO\n"); | ||
606 | else if (type == IFLA_ADDRESS) { | ||
607 | printf("IFLA_ADDRESS or IFLA_INFO_KIND\n"); | ||
608 | int i; | ||
609 | printf("\tdata - "); | ||
610 | for (i = 0; i < alen; i++) | ||
611 | printf("%02x, ", *((unsigned char *)data + i)); | ||
612 | printf("\n"); | ||
613 | } | ||
614 | else if (type == IFLA_BROADCAST) printf("IFLA_BROADCAST or IFLA_INFO_DATA\n"); | ||
615 | |||
616 | printf("\tdata length: %d\n", alen); | ||
617 | #endif | ||
618 | |||
619 | int len = RTA_LENGTH(alen); | ||
620 | struct rtattr *rta; | ||
621 | |||
622 | if (NLMSG_ALIGN(n->nlmsg_len) + RTA_ALIGN(len) > maxlen) { | ||
623 | fprintf(stderr, "addattr_l ERROR: message exceeded bound of %d\n",maxlen); | ||
624 | return -1; | ||
625 | } | ||
626 | rta = NLMSG_TAIL(n); | ||
627 | rta->rta_type = type; | ||
628 | rta->rta_len = len; | ||
629 | memcpy(RTA_DATA(rta), data, alen); | ||
630 | n->nlmsg_len = NLMSG_ALIGN(n->nlmsg_len) + RTA_ALIGN(len); | ||
631 | return 0; | ||
632 | } | ||
633 | |||
634 | #if 0 | ||
635 | int addattr_l(struct nlmsghdr *n, int maxlen, int type, const void *data, | ||
636 | int alen) | ||
637 | { | ||
638 | printf("%s: adding type %d, length %d ", __FUNCTION__, type, alen); | ||
639 | if (type == IFLA_INFO_KIND) { | ||
640 | if (alen) | ||
641 | printf("(IFLA_INFO_KIND %s)\n", (char *)data); | ||
642 | else | ||
643 | printf("(VETH_INFO_PEER)\n"); | ||
644 | } | ||
645 | else if (type == IFLA_IFNAME) { | ||
646 | printf("(IFLA_IFNAME %s)\n", (char *) data); | ||
647 | } | ||
648 | else if (type == IFLA_NET_NS_PID) { | ||
649 | printf("(IFLA_NET_NS_PID %u)\n", *((unsigned *) data)); | ||
650 | } | ||
651 | else if (type == IFLA_LINKINFO) | ||
652 | printf("(IFLA_LINKINFO)\n"); | ||
653 | else if (type == IFLA_INFO_DATA) | ||
654 | printf("(IFLA_INFO_DATA)\n"); | ||
655 | else | ||
656 | printf("\n"); | ||
657 | |||
658 | int len = RTA_LENGTH(alen); | ||
659 | struct rtattr *rta; | ||
660 | |||
661 | if (NLMSG_ALIGN(n->nlmsg_len) + RTA_ALIGN(len) > maxlen) { | ||
662 | fprintf(stderr, "addattr_l ERROR: message exceeded bound of %d\n",maxlen); | ||
663 | return -1; | ||
664 | } | ||
665 | rta = NLMSG_TAIL(n); | ||
666 | rta->rta_type = type; | ||
667 | rta->rta_len = len; | ||
668 | memcpy(RTA_DATA(rta), data, alen); | ||
669 | n->nlmsg_len = NLMSG_ALIGN(n->nlmsg_len) + RTA_ALIGN(len); | ||
670 | return 0; | ||
671 | } | ||
672 | #endif | ||
673 | |||
674 | int addraw_l(struct nlmsghdr *n, int maxlen, const void *data, int len) | ||
675 | { | ||
676 | if (NLMSG_ALIGN(n->nlmsg_len) + NLMSG_ALIGN(len) > maxlen) { | ||
677 | fprintf(stderr, "addraw_l ERROR: message exceeded bound of %d\n",maxlen); | ||
678 | return -1; | ||
679 | } | ||
680 | |||
681 | memcpy(NLMSG_TAIL(n), data, len); | ||
682 | memset((void *) NLMSG_TAIL(n) + len, 0, NLMSG_ALIGN(len) - len); | ||
683 | n->nlmsg_len = NLMSG_ALIGN(n->nlmsg_len) + NLMSG_ALIGN(len); | ||
684 | return 0; | ||
685 | } | ||
686 | |||
687 | struct rtattr *addattr_nest(struct nlmsghdr *n, int maxlen, int type) | ||
688 | { | ||
689 | struct rtattr *nest = NLMSG_TAIL(n); | ||
690 | |||
691 | addattr_l(n, maxlen, type, NULL, 0); | ||
692 | return nest; | ||
693 | } | ||
694 | |||
695 | int addattr_nest_end(struct nlmsghdr *n, struct rtattr *nest) | ||
696 | { | ||
697 | nest->rta_len = (void *)NLMSG_TAIL(n) - (void *)nest; | ||
698 | return n->nlmsg_len; | ||
699 | } | ||
700 | |||
701 | struct rtattr *addattr_nest_compat(struct nlmsghdr *n, int maxlen, int type, | ||
702 | const void *data, int len) | ||
703 | { | ||
704 | struct rtattr *start = NLMSG_TAIL(n); | ||
705 | |||
706 | addattr_l(n, maxlen, type, data, len); | ||
707 | addattr_nest(n, maxlen, type); | ||
708 | return start; | ||
709 | } | ||
710 | |||
711 | int addattr_nest_compat_end(struct nlmsghdr *n, struct rtattr *start) | ||
712 | { | ||
713 | struct rtattr *nest = (void *)start + NLMSG_ALIGN(start->rta_len); | ||
714 | |||
715 | start->rta_len = (void *)NLMSG_TAIL(n) - (void *)start; | ||
716 | addattr_nest_end(n, nest); | ||
717 | return n->nlmsg_len; | ||
718 | } | ||
719 | |||
720 | int rta_addattr32(struct rtattr *rta, int maxlen, int type, __u32 data) | ||
721 | { | ||
722 | int len = RTA_LENGTH(4); | ||
723 | struct rtattr *subrta; | ||
724 | |||
725 | if (RTA_ALIGN(rta->rta_len) + len > maxlen) { | ||
726 | fprintf(stderr,"rta_addattr32: Error! max allowed bound %d exceeded\n",maxlen); | ||
727 | return -1; | ||
728 | } | ||
729 | subrta = (struct rtattr*)(((char*)rta) + RTA_ALIGN(rta->rta_len)); | ||
730 | subrta->rta_type = type; | ||
731 | subrta->rta_len = len; | ||
732 | memcpy(RTA_DATA(subrta), &data, 4); | ||
733 | rta->rta_len = NLMSG_ALIGN(rta->rta_len) + len; | ||
734 | return 0; | ||
735 | } | ||
736 | |||
737 | int rta_addattr_l(struct rtattr *rta, int maxlen, int type, | ||
738 | const void *data, int alen) | ||
739 | { | ||
740 | struct rtattr *subrta; | ||
741 | int len = RTA_LENGTH(alen); | ||
742 | |||
743 | if (RTA_ALIGN(rta->rta_len) + RTA_ALIGN(len) > maxlen) { | ||
744 | fprintf(stderr,"rta_addattr_l: Error! max allowed bound %d exceeded\n",maxlen); | ||
745 | return -1; | ||
746 | } | ||
747 | subrta = (struct rtattr*)(((char*)rta) + RTA_ALIGN(rta->rta_len)); | ||
748 | subrta->rta_type = type; | ||
749 | subrta->rta_len = len; | ||
750 | memcpy(RTA_DATA(subrta), data, alen); | ||
751 | rta->rta_len = NLMSG_ALIGN(rta->rta_len) + RTA_ALIGN(len); | ||
752 | return 0; | ||
753 | } | ||
754 | |||
755 | int parse_rtattr(struct rtattr *tb[], int max, struct rtattr *rta, int len) | ||
756 | { | ||
757 | return parse_rtattr_flags(tb, max, rta, len, 0); | ||
758 | } | ||
759 | |||
760 | int parse_rtattr_flags(struct rtattr *tb[], int max, struct rtattr *rta, | ||
761 | int len, unsigned short flags) | ||
762 | { | ||
763 | unsigned short type; | ||
764 | |||
765 | memset(tb, 0, sizeof(struct rtattr *) * (max + 1)); | ||
766 | while (RTA_OK(rta, len)) { | ||
767 | type = rta->rta_type & ~flags; | ||
768 | if ((type <= max) && (!tb[type])) | ||
769 | tb[type] = rta; | ||
770 | rta = RTA_NEXT(rta,len); | ||
771 | } | ||
772 | if (len) | ||
773 | fprintf(stderr, "!!!Deficit %d, rta_len=%d\n", len, rta->rta_len); | ||
774 | return 0; | ||
775 | } | ||
776 | |||
777 | int parse_rtattr_byindex(struct rtattr *tb[], int max, struct rtattr *rta, int len) | ||
778 | { | ||
779 | int i = 0; | ||
780 | |||
781 | memset(tb, 0, sizeof(struct rtattr *) * max); | ||
782 | while (RTA_OK(rta, len)) { | ||
783 | if (rta->rta_type <= max && i < max) | ||
784 | tb[i++] = rta; | ||
785 | rta = RTA_NEXT(rta,len); | ||
786 | } | ||
787 | if (len) | ||
788 | fprintf(stderr, "!!!Deficit %d, rta_len=%d\n", len, rta->rta_len); | ||
789 | return i; | ||
790 | } | ||
791 | |||
792 | int __parse_rtattr_nested_compat(struct rtattr *tb[], int max, struct rtattr *rta, | ||
793 | int len) | ||
794 | { | ||
795 | if (RTA_PAYLOAD(rta) < len) | ||
796 | return -1; | ||
797 | if (RTA_PAYLOAD(rta) >= RTA_ALIGN(len) + sizeof(struct rtattr)) { | ||
798 | rta = RTA_DATA(rta) + RTA_ALIGN(len); | ||
799 | return parse_rtattr_nested(tb, max, rta); | ||
800 | } | ||
801 | memset(tb, 0, sizeof(struct rtattr *) * (max + 1)); | ||
802 | return 0; | ||
803 | } | ||
diff --git a/src/lib/pid.c b/src/lib/pid.c new file mode 100644 index 000000000..a0261ead2 --- /dev/null +++ b/src/lib/pid.c | |||
@@ -0,0 +1,392 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2014, 2015 netblue30 (netblue30@yahoo.com) | ||
3 | * | ||
4 | * This file is part of firejail project | ||
5 | * | ||
6 | * This program is free software; you can redistribute it and/or modify | ||
7 | * it under the terms of the GNU General Public License as published by | ||
8 | * the Free Software Foundation; either version 2 of the License, or | ||
9 | * (at your option) any later version. | ||
10 | * | ||
11 | * This program is distributed in the hope that it will be useful, | ||
12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
14 | * GNU General Public License for more details. | ||
15 | * | ||
16 | * You should have received a copy of the GNU General Public License along | ||
17 | * with this program; if not, write to the Free Software Foundation, Inc., | ||
18 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. | ||
19 | */ | ||
20 | #include "../include/common.h" | ||
21 | #include "../include/pid.h" | ||
22 | #include <string.h> | ||
23 | #include <sys/types.h> | ||
24 | #include <pwd.h> | ||
25 | #include <sys/ioctl.h> | ||
26 | #include <dirent.h> | ||
27 | |||
28 | #define PIDS_BUFLEN 4096 | ||
29 | //Process pids[max_pids]; | ||
30 | Process *pids = NULL; | ||
31 | int max_pids=32769; | ||
32 | #define PIDS_BUFLEN 4096 | ||
33 | |||
34 | // get the memory associated with this pid | ||
35 | void pid_getmem(unsigned pid, unsigned *rss, unsigned *shared) { | ||
36 | // open stat file | ||
37 | char *file; | ||
38 | if (asprintf(&file, "/proc/%u/statm", pid) == -1) { | ||
39 | perror("asprintf"); | ||
40 | exit(1); | ||
41 | } | ||
42 | FILE *fp = fopen(file, "r"); | ||
43 | if (!fp) { | ||
44 | free(file); | ||
45 | return; | ||
46 | } | ||
47 | free(file); | ||
48 | |||
49 | unsigned a, b, c; | ||
50 | if (3 != fscanf(fp, "%u %u %u", &a, &b, &c)) { | ||
51 | fclose(fp); | ||
52 | return; | ||
53 | } | ||
54 | *rss += b; | ||
55 | *shared += c; | ||
56 | fclose(fp); | ||
57 | } | ||
58 | |||
59 | |||
60 | void pid_get_cpu_time(unsigned pid, unsigned *utime, unsigned *stime) { | ||
61 | // open stat file | ||
62 | char *file; | ||
63 | if (asprintf(&file, "/proc/%u/stat", pid) == -1) { | ||
64 | perror("asprintf"); | ||
65 | exit(1); | ||
66 | } | ||
67 | FILE *fp = fopen(file, "r"); | ||
68 | if (!fp) { | ||
69 | free(file); | ||
70 | return; | ||
71 | } | ||
72 | free(file); | ||
73 | |||
74 | char line[PIDS_BUFLEN]; | ||
75 | if (fgets(line, PIDS_BUFLEN - 1, fp)) { | ||
76 | char *ptr = line; | ||
77 | // jump 13 fields | ||
78 | int i; | ||
79 | for (i = 0; i < 13; i++) { | ||
80 | while (*ptr != ' ' && *ptr != '\t' && *ptr != '\0') | ||
81 | ptr++; | ||
82 | if (*ptr == '\0') | ||
83 | goto myexit; | ||
84 | ptr++; | ||
85 | } | ||
86 | if (2 != sscanf(ptr, "%u %u", utime, stime)) | ||
87 | goto myexit; | ||
88 | } | ||
89 | |||
90 | myexit: | ||
91 | fclose(fp); | ||
92 | } | ||
93 | |||
94 | unsigned long long pid_get_start_time(unsigned pid) { | ||
95 | // open stat file | ||
96 | char *file; | ||
97 | if (asprintf(&file, "/proc/%u/stat", pid) == -1) { | ||
98 | perror("asprintf"); | ||
99 | exit(1); | ||
100 | } | ||
101 | FILE *fp = fopen(file, "r"); | ||
102 | if (!fp) { | ||
103 | free(file); | ||
104 | return 0; | ||
105 | } | ||
106 | free(file); | ||
107 | |||
108 | char line[PIDS_BUFLEN]; | ||
109 | unsigned long long retval = 0; | ||
110 | if (fgets(line, PIDS_BUFLEN - 1, fp)) { | ||
111 | char *ptr = line; | ||
112 | // jump 21 fields | ||
113 | int i; | ||
114 | for (i = 0; i < 21; i++) { | ||
115 | while (*ptr != ' ' && *ptr != '\t' && *ptr != '\0') | ||
116 | ptr++; | ||
117 | if (*ptr == '\0') | ||
118 | goto myexit; | ||
119 | ptr++; | ||
120 | } | ||
121 | if (1 != sscanf(ptr, "%llu", &retval)) | ||
122 | goto myexit; | ||
123 | } | ||
124 | |||
125 | myexit: | ||
126 | fclose(fp); | ||
127 | return retval; | ||
128 | } | ||
129 | |||
130 | char *pid_get_user_name(uid_t uid) { | ||
131 | struct passwd *pw = getpwuid(uid); | ||
132 | if (pw) | ||
133 | return strdup(pw->pw_name); | ||
134 | return NULL; | ||
135 | } | ||
136 | |||
137 | uid_t pid_get_uid(pid_t pid) { | ||
138 | uid_t rv = 0; | ||
139 | |||
140 | // open stat file | ||
141 | char *file; | ||
142 | if (asprintf(&file, "/proc/%u/status", pid) == -1) { | ||
143 | perror("asprintf"); | ||
144 | exit(1); | ||
145 | } | ||
146 | FILE *fp = fopen(file, "r"); | ||
147 | if (!fp) { | ||
148 | free(file); | ||
149 | return 0; | ||
150 | } | ||
151 | |||
152 | // look for firejail executable name | ||
153 | char buf[PIDS_BUFLEN]; | ||
154 | while (fgets(buf, PIDS_BUFLEN - 1, fp)) { | ||
155 | if (strncmp(buf, "Uid:", 4) == 0) { | ||
156 | char *ptr = buf + 5; | ||
157 | while (*ptr != '\0' && (*ptr == ' ' || *ptr == '\t')) { | ||
158 | ptr++; | ||
159 | } | ||
160 | if (*ptr == '\0') | ||
161 | goto doexit; | ||
162 | |||
163 | rv = atoi(ptr); | ||
164 | break; // break regardless! | ||
165 | } | ||
166 | } | ||
167 | doexit: | ||
168 | fclose(fp); | ||
169 | free(file); | ||
170 | return rv; | ||
171 | } | ||
172 | |||
173 | static void print_elem(unsigned index, int nowrap) { | ||
174 | // get terminal size | ||
175 | struct winsize sz; | ||
176 | int col = 0; | ||
177 | if (isatty(STDIN_FILENO)) { | ||
178 | if (!ioctl(0, TIOCGWINSZ, &sz)) | ||
179 | col = sz.ws_col; | ||
180 | } | ||
181 | |||
182 | // indent | ||
183 | char indent[(pids[index].level - 1) * 2 + 1]; | ||
184 | memset(indent, ' ', sizeof(indent)); | ||
185 | indent[(pids[index].level - 1) * 2] = '\0'; | ||
186 | |||
187 | // get data | ||
188 | uid_t uid = pids[index].uid; | ||
189 | char *cmd = pid_proc_cmdline(index); | ||
190 | char *user = pid_get_user_name(uid); | ||
191 | char *allocated = user; | ||
192 | if (user ==NULL) | ||
193 | user = ""; | ||
194 | if (cmd) { | ||
195 | if (col < 4 || nowrap) | ||
196 | printf("%s%u:%s:%s\n", indent, index, user, cmd); | ||
197 | else { | ||
198 | char *out; | ||
199 | if (asprintf(&out, "%s%u:%s:%s\n", indent, index, user, cmd) == -1) | ||
200 | errExit("asprintf"); | ||
201 | int len = strlen(out); | ||
202 | if (len > col) { | ||
203 | out[col] = '\0'; | ||
204 | out[col - 1] = '\n'; | ||
205 | } | ||
206 | printf("%s", out); | ||
207 | free(out); | ||
208 | } | ||
209 | |||
210 | free(cmd); | ||
211 | } | ||
212 | else { | ||
213 | if (pids[index].zombie) | ||
214 | printf("%s%u: (zombie)\n", indent, index); | ||
215 | else | ||
216 | printf("%s%u:\n", indent, index); | ||
217 | } | ||
218 | if (allocated) | ||
219 | free(allocated); | ||
220 | } | ||
221 | |||
222 | // recursivity!!! | ||
223 | void pid_print_tree(unsigned index, unsigned parent, int nowrap) { | ||
224 | print_elem(index, nowrap); | ||
225 | |||
226 | int i; | ||
227 | for (i = index + 1; i < max_pids; i++) { | ||
228 | if (pids[i].parent == index) | ||
229 | pid_print_tree(i, index, nowrap); | ||
230 | } | ||
231 | |||
232 | for (i = 0; i < index; i++) { | ||
233 | if (pids[i].parent == index) | ||
234 | pid_print_tree(i, index, nowrap); | ||
235 | } | ||
236 | } | ||
237 | |||
238 | void pid_print_list(unsigned index, int nowrap) { | ||
239 | print_elem(index, nowrap); | ||
240 | } | ||
241 | |||
242 | // recursivity!!! | ||
243 | void pid_store_cpu(unsigned index, unsigned parent, unsigned *utime, unsigned *stime) { | ||
244 | if (pids[index].level == 1) { | ||
245 | *utime = 0; | ||
246 | *stime = 0; | ||
247 | } | ||
248 | |||
249 | unsigned utmp = 0; | ||
250 | unsigned stmp = 0; | ||
251 | pid_get_cpu_time(index, &utmp, &stmp); | ||
252 | *utime += utmp; | ||
253 | *stime += stmp; | ||
254 | |||
255 | int i; | ||
256 | for (i = index + 1; i < max_pids; i++) { | ||
257 | if (pids[i].parent == index) | ||
258 | pid_store_cpu(i, index, utime, stime); | ||
259 | } | ||
260 | |||
261 | if (pids[index].level == 1) { | ||
262 | pids[index].utime = *utime; | ||
263 | pids[index].stime = *stime; | ||
264 | } | ||
265 | } | ||
266 | |||
267 | // mon_pid: pid of sandbox to be monitored, 0 if all sandboxes are included | ||
268 | void pid_read(pid_t mon_pid) { | ||
269 | if (pids == NULL) { | ||
270 | FILE *fp = fopen("/proc/sys/kernel/pid_max", "r"); | ||
271 | if (fp) { | ||
272 | int val; | ||
273 | if (fscanf(fp, "%d", &val) == 1) { | ||
274 | if (val >= max_pids) | ||
275 | max_pids = val + 1; | ||
276 | } | ||
277 | fclose(fp); | ||
278 | } | ||
279 | pids = malloc(sizeof(Process) * max_pids); | ||
280 | if (pids == NULL) | ||
281 | errExit("malloc"); | ||
282 | } | ||
283 | memset(pids, 0, sizeof(Process) * max_pids); | ||
284 | pid_t mypid = getpid(); | ||
285 | |||
286 | DIR *dir; | ||
287 | if (!(dir = opendir("/proc"))) { | ||
288 | // sleep 2 seconds and try again | ||
289 | sleep(2); | ||
290 | if (!(dir = opendir("/proc"))) { | ||
291 | fprintf(stderr, "Error: cannot open /proc directory\n"); | ||
292 | exit(1); | ||
293 | } | ||
294 | } | ||
295 | |||
296 | pid_t child = -1; | ||
297 | struct dirent *entry; | ||
298 | char *end; | ||
299 | while (child < 0 && (entry = readdir(dir))) { | ||
300 | pid_t pid = strtol(entry->d_name, &end, 10); | ||
301 | pid %= max_pids; | ||
302 | if (end == entry->d_name || *end) | ||
303 | continue; | ||
304 | if (pid == mypid) | ||
305 | continue; | ||
306 | |||
307 | // open stat file | ||
308 | char *file; | ||
309 | if (asprintf(&file, "/proc/%u/status", pid) == -1) { | ||
310 | perror("asprintf"); | ||
311 | exit(1); | ||
312 | } | ||
313 | FILE *fp = fopen(file, "r"); | ||
314 | if (!fp) { | ||
315 | free(file); | ||
316 | continue; | ||
317 | } | ||
318 | |||
319 | // look for firejail executable name | ||
320 | char buf[PIDS_BUFLEN]; | ||
321 | while (fgets(buf, PIDS_BUFLEN - 1, fp)) { | ||
322 | if (strncmp(buf, "Name:", 5) == 0) { | ||
323 | char *ptr = buf + 5; | ||
324 | while (*ptr != '\0' && (*ptr == ' ' || *ptr == '\t')) { | ||
325 | ptr++; | ||
326 | } | ||
327 | if (*ptr == '\0') { | ||
328 | fprintf(stderr, "Error: cannot read /proc file\n"); | ||
329 | exit(1); | ||
330 | } | ||
331 | |||
332 | if (mon_pid == 0 && strncmp(ptr, "firejail", 8) == 0) { | ||
333 | pids[pid].level = 1; | ||
334 | } | ||
335 | else if (mon_pid == pid && strncmp(ptr, "firejail", 8) == 0) { | ||
336 | pids[pid].level = 1; | ||
337 | } | ||
338 | // else if (mon_pid == 0 && strncmp(ptr, "lxc-execute", 11) == 0) { | ||
339 | // pids[pid].level = 1; | ||
340 | // } | ||
341 | // else if (mon_pid == pid && strncmp(ptr, "lxc-execute", 11) == 0) { | ||
342 | // pids[pid].level = 1; | ||
343 | // } | ||
344 | else | ||
345 | pids[pid].level = -1; | ||
346 | } | ||
347 | if (strncmp(buf, "State:", 6) == 0) { | ||
348 | if (strstr(buf, "(zombie)")) | ||
349 | pids[pid].zombie = 1; | ||
350 | } | ||
351 | else if (strncmp(buf, "PPid:", 5) == 0) { | ||
352 | char *ptr = buf + 5; | ||
353 | while (*ptr != '\0' && (*ptr == ' ' || *ptr == '\t')) { | ||
354 | ptr++; | ||
355 | } | ||
356 | if (*ptr == '\0') { | ||
357 | fprintf(stderr, "Error: cannot read /proc file\n"); | ||
358 | exit(1); | ||
359 | } | ||
360 | unsigned parent = atoi(ptr); | ||
361 | parent %= max_pids; | ||
362 | if (pids[parent].level > 0) { | ||
363 | pids[pid].level = pids[parent].level + 1; | ||
364 | } | ||
365 | pids[pid].parent = parent; | ||
366 | } | ||
367 | else if (strncmp(buf, "Uid:", 4) == 0) { | ||
368 | char *ptr = buf + 5; | ||
369 | while (*ptr != '\0' && (*ptr == ' ' || *ptr == '\t')) { | ||
370 | ptr++; | ||
371 | } | ||
372 | if (*ptr == '\0') { | ||
373 | fprintf(stderr, "Error: cannot read /proc file\n"); | ||
374 | exit(1); | ||
375 | } | ||
376 | pids[pid].uid = atoi(ptr); | ||
377 | break; | ||
378 | } | ||
379 | } | ||
380 | fclose(fp); | ||
381 | free(file); | ||
382 | } | ||
383 | closedir(dir); | ||
384 | |||
385 | pid_t pid; | ||
386 | for (pid = 0; pid < max_pids; pid++) { | ||
387 | int parent = pids[pid].parent; | ||
388 | if (pids[parent].level > 0) { | ||
389 | pids[pid].level = pids[parent].level + 1; | ||
390 | } | ||
391 | } | ||
392 | } | ||