Changeset 78 for trunk/src/sh_processcheck.c

Timestamp:

Jan 9, 2007, 10:32:21 PM (18 years ago)

Author:

rainer

Message:

Fix for ticket #41 (unable to deactivate processcheck), and minor code cleanup.

File:

• trunk/src/sh_processcheck.c (modified) (11 diffs)

trunk/src/sh_processcheck.c

@@ -48 +48 @@
 #endif
 
+#ifdef HAVE_SYS_STATVFS_H
+#include <sys/statvfs.h>
+#endif
+
+
 #ifdef HAVE_REGEX_H
 #include <regex.h>
@@ -58 +63 @@
 #include "sh_error.h"
 #include "sh_extern.h"
+#include "sh_calls.h"
 
 #ifdef SH_USE_PROCESSCHECK
@@ -157 +163 @@
 
 static const short SH_PR_PRIORITY = 0x0100;
-
-static const short SH_PR_PS2      = 0x0200;
-static const short SH_PR_PS_ANY   = 0x0400;
-static const short SH_PR_ALL      = 0x0800;
-static const short SH_PR_ANY      = 0x1000;
+static const short SH_PR_STATVSF  = 0x0200;
+
+static const short SH_PR_PS2      = 0x1000;
+static const short SH_PR_PS_ANY   = 0x2000;
+static const short SH_PR_ALL      = 0x4000;
+static const short SH_PR_ANY      = 0x8000;
 
 /* /proc: 
@@ -168 +175 @@
  *        solaris10: /proc/pid/path/a.out
  */
+static char * get_user_and_path (pid_t pid, char * user, size_t usrlen)
+{
+  extern char *  sh_unix_getUIDname (int level, uid_t uid);
+
+  char        path[128];
+  char *      buf;
+  struct stat sbuf;
+  int         len;
+  char *      tmp;
+
+  sl_snprintf (path, sizeof(path), "/proc/%ld/exe", (unsigned long) pid);
+
+  if (0 == retry_lstat(FIL__, __LINE__, path, &sbuf) && S_ISLNK(sbuf.st_mode))
+    {
+      goto linkread;
+    }
+
+  sl_snprintf (path, sizeof(path), "/proc/%ld/file", (unsigned long) pid);
+
+  if (0 == retry_lstat(FIL__, __LINE__, path, &sbuf) && S_ISLNK(sbuf.st_mode))
+    {
+      goto linkread;
+    }
+
+  sl_snprintf (path, sizeof(path), "/proc/%ld/path/a.out", (unsigned long) pid);
+
+  if (0 == retry_lstat(FIL__, __LINE__, path, &sbuf) && S_ISLNK(sbuf.st_mode))
+    {
+      goto linkread;
+    }
+
+  return NULL;
+
+ linkread:
+
+  buf = SH_ALLOC(PATH_MAX);
+  len = readlink(path, buf, PATH_MAX);   /* flawfinder: ignore */
+  len = (len >= PATH_MAX) ? (PATH_MAX-1) : len;
+
+  if (len > 0)
+    { 
+      buf[len] = '\0';
+    }
+  else
+    {
+      SH_FREE(buf);
+      return NULL;
+    }
+
+  tmp = sh_unix_getUIDname (SH_ERR_ALL, sbuf.st_uid);
+
+  if (tmp)
+    sl_strlcpy(user, tmp, usrlen);
+  else
+    sl_snprintf (user, usrlen, "%ld", (unsigned long) sbuf.st_uid);
+
+  return buf;
+}
+
 
 struct watchlist {
@@ -483 +549 @@
   size_t  value;
   char * foo;
-  int    retval = 0;
+  int    retval = -1;
 
   SL_ENTER(_("sh_prochk_set_maxpid"));
 
   value = (size_t) strtoul(str, &foo, 0);
-  if (*foo != '\0') {
-    retval = -1;
-  } else {
+
+  if (*foo == '\0' && SL_TRUE == sl_ok_adds(value, 1)) {
     sh_prochk_maxpid = value + 1;
     userdef_maxpid   = 1;
@@ -593 +658 @@
   if (res & SH_PR_GETPGID)  sl_strlcat(list, _(" getpgid"), len);
   if (res & SH_PR_KILL)     sl_strlcat(list, _(" kill"), len);
+  if (res & SH_PR_STATVSF)  sl_strlcat(list, _(" statvfs"), len);
   if (res & SH_PR_PS2)      sl_strlcat(list, _(" ps(final)"), len);
   return;
 }
 
-/* FIXME: add open, statvfs, sched_getaffinity
- */
+
 static short sh_processes_check (pid_t pid, short res)
 {
+  int  retval;
   int  have_checks = 0;
   int  need_checks = 0;
@@ -608 +674 @@
   DIR * dir;
 #endif
+#ifdef HAVE_STATVFS
+  struct statvfs vfsbuf;
+#endif
 
 #if !defined(sun) && !defined(__sun) && !defined(__sun__)
@@ -624 +693 @@
       ++need_checks;
     }
+
 
 #ifdef HAVE_GETPGID
@@ -666 +736 @@
   sl_snprintf (path, sizeof(path), "/proc/%ld", (unsigned long) pid);
 
-  if (0 == lstat (path, &buf))
+  if (0 == retry_lstat (FIL__, __LINE__, path, &buf))
     { 
       res |= SH_PR_LSTAT;   res |= SH_PR_ANY; ++have_checks;
@@ -678 +748 @@
     }
   ++need_checks;
+
+#ifdef HAVE_STATVFS
+  do {
+    retval = statvfs (path, &vfsbuf);
+  } while (retval < 0 && errno == EINTR);
+
+  if (0 == retval)
+    { 
+      res |= SH_PR_STATVSF;   res |= SH_PR_ANY; ++have_checks;
+    }
+  ++need_checks;
+#endif
 
 #if !defined(SH_PROFILE)
@@ -972 +1054 @@
                   if (S_FALSE == is_in_list(&list_hidden, NULL, i))
                     {
-                      sh_error_handle(sh_prochk_severity, FIL__, __LINE__, 0, 
-                                      MSG_PCK_HIDDEN,
-                                      (unsigned long) i, tests);
+                      char   user[16];
+                      char * aout;
+                      char * safe;
+
+                      aout = get_user_and_path ((pid_t) i, user, sizeof(user));
+
+                      if (aout)
+                        {
+                          safe = sh_util_safe_name (aout);
+                          sh_error_handle(sh_prochk_severity, FIL__, __LINE__, 0, 
+                                          MSG_PCK_P_HIDDEN,
+                                          (unsigned long) i, tests, safe, user);
+                          SH_FREE(safe);
+                          SH_FREE(aout);
+                        }
+                      else
+                        sh_error_handle(sh_prochk_severity, FIL__, __LINE__, 0, 
+                                        MSG_PCK_HIDDEN,
+                                        (unsigned long) i, tests);
+                        
                     }
                 }