diff options
| author |   Alexander Bersenev <bay@hackerdom.ru> | 2011-06-08 18:28:13 +0000 |
|---|---|---|
| committer | Alexander Bersenev <bay@hackerdom.ru> | 2011-06-08 18:28:13 +0000 |
| commit | fe9c5d3edef96cea2ccc3f83d079cbfa560b6071 (patch) | |
| tree | e5f701b1bc0d1248e60a26af466fe3b340a713c4 | |
| parent | big commit: add one more logger and refactor existing (diff) | |
| download | autodep-fe9c5d3edef96cea2ccc3f83d079cbfa560b6071.tar.gz autodep-fe9c5d3edef96cea2ccc3f83d079cbfa560b6071.tar.bz2 autodep-fe9c5d3edef96cea2ccc3f83d079cbfa560b6071.zip | |
big commit: part 2, modified python and C part of logger library
| -rw-r--r-- | logger/src/autodep/logfs/fstracer.py | 38 | ||||
| -rw-r--r-- | logger/src/autodep/logfs/fstracer.pyc | bin | 3519 -> 0 bytes | |||
| -rw-r--r-- | logger/src/autodep/logfs/test_fstracer.py | 4 | ||||
| -rwxr-xr-x | logger/src/autodep/showfsevents.py | 10 | ||||
| -rw-r--r-- | logger/src/hook_lib/file_hook.c | 99 |
5 files changed, 90 insertions, 61 deletions
diff --git a/logger/src/autodep/logfs/fstracer.py b/logger/src/autodep/logfs/fstracer.py index a4e0bf5..5c522eb 100644 --- a/logger/src/autodep/logfs/fstracer.py +++ b/logger/src/autodep/logfs/fstracer.py @@ -11,6 +11,10 @@ import socket import select import re +import logger_hooklib +import logger_fusefs + + def unescape(s): s=re.sub(r'\\r', '\r', s) s=re.sub(r'\\n', '\n', s) @@ -42,7 +46,7 @@ def checkfinished(pid): # run the program and get file access events -def getfsevents(prog_name,arguments): +def getfsevents(prog_name,arguments,approach="hooklib"): events=[] # generate a random socketname tmpdir = tempfile.mkdtemp() @@ -60,16 +64,21 @@ def getfsevents(prog_name,arguments): #print socketname pid=os.fork() - if pid==0: - # wait while the socket opens - try: - os.execvpe(prog_name, arguments,{ - "LD_PRELOAD":"/home/bay/gsoc/logger/src/hook_lib/file_hook.so", - "LOG_SOCKET":socketname - }) - except OSError, e: - print "Failed to launch the programm: %s" % e + if pid==0: + logger=None + if approach=="hooklib": + logger=logger_hooklib.logger(socketname) + elif approach=="fusefs": + logger=logger_fusefs.logger(socketname) + else: + print "Unknown logging approach" sys.exit(1) + + logger.execprog(prog_name,arguments) + + # should not get here + print "Launch likely was unsuccessful" + sys.exit(1) else: input = [sock_listen] connects = 0; @@ -87,21 +96,18 @@ def getfsevents(prog_name,arguments): pass else: (client,addr)=ret - #print "Client accepted\n"; - connects+=1; + connects+=1; # client accepted input.append(client) buffers[client]='' else: data=s.recv(65536) - #print "Recv: %s" % data - #print "fileno:%d" % s.fileno() buffers[s]+=data if not data: s.close() input.remove(s) - #buffers[s]="" + buffers[s]="" connects-=1; if connects==0: input.remove(sock_listen) @@ -130,7 +136,7 @@ def getfsevents(prog_name,arguments): if len(input)==1 and connects==0: # seems like there is no connect - print "It seems like a logger module was unabe to start." + \ + print "It seems like a logger module was unable to start." + \ "Check that you are not launching a suid program under non-root user." return [] diff --git a/logger/src/autodep/logfs/fstracer.pyc b/logger/src/autodep/logfs/fstracer.pyc Binary files differdeleted file mode 100644 index 9aeedac..0000000 --- a/logger/src/autodep/logfs/fstracer.pyc +++ /dev/null diff --git a/logger/src/autodep/logfs/test_fstracer.py b/logger/src/autodep/logfs/test_fstracer.py index 26253a5..9a3df67 100644 --- a/logger/src/autodep/logfs/test_fstracer.py +++ b/logger/src/autodep/logfs/test_fstracer.py @@ -13,13 +13,13 @@ class simple_tests(unittest.TestCase): ['/bin/cat','/etc/passwd']), [['open', '/etc/passwd']]) - """ + def test_open_many(self): filesnum=200 self.assertEqual(fstracer.getfsevents('/bin/cat', ['/bin/cat']+map(lambda x: 'file'+str(x),range(0,filesnum))), map(lambda x: ['open','file'+str(x)],range(0,filesnum))) - """ + def test_parralel(self): filesnum=200 diff --git a/logger/src/autodep/showfsevents.py b/logger/src/autodep/showfsevents.py index 8e4647a..b53a1da 100755 --- a/logger/src/autodep/showfsevents.py +++ b/logger/src/autodep/showfsevents.py @@ -1,8 +1,16 @@ #!/usr/bin/env python2 import os +import sys import logfs.fstracer -logfs.fstracer.getfsevents("/bin/sh", ["sh" , "-c", "/usr/bin/tac bay_success; /usr/bin/tac bay_god bay_god2"]) +#logfs.fstracer.getfsevents("/bin/sh", ["sh" , "-c", "/usr/bin/tac bay_success; /usr/bin/tac bay_god bay_god2"]) +#events=logfs.fstracer.getfsevents("/bin/cat", ["cat" , "l l l"]) +if len(sys.argv)<2: + print "Usage: showfsevents.py <command>" + exit(1) + +events=logfs.fstracer.getfsevents(sys.argv[1], sys.argv[1:]) +print events #logfs.fstracer.getfsevents("emerge", ["emerge","--info"])
\ No newline at end of file diff --git a/logger/src/hook_lib/file_hook.c b/logger/src/hook_lib/file_hook.c index ec7658e..d17becc 100644 --- a/logger/src/hook_lib/file_hook.c +++ b/logger/src/hook_lib/file_hook.c @@ -12,6 +12,7 @@ #define _FCNTL_H #include <bits/fcntl.h> +#include <bits/stat.h> #include <sys/socket.h> #include <sys/un.h> @@ -23,21 +24,28 @@ int (*_open)(const char * pathname, int flags, ...); int (*_open64)(const char * pathname, int flags, ...); +FILE * (*_fopen)(const char *path, const char *mode); +FILE * (*_fopen64)(const char *path, const char *mode); int (*_execve)(const char *filename, char *const argv[],char *const envp[]); pid_t (*_fork)(); -FILE *log_file_handle; // one of these two vars will be used for logging +FILE *log_file; // one of these two vars will be used for logging int log_socket=-1; int is_log_into_socket=0; void __doinit(){ + //stat(NULL,NULL); _open = (int (*)(const char * pathname, int flags, ...)) dlsym(RTLD_NEXT, "open"); _open64 = (int (*)(const char * pathname, int flags, ...)) dlsym(RTLD_NEXT, "open64"); + _fopen = (FILE * (*)(const char *path, const char *mode)) dlsym(RTLD_NEXT, "fopen"); + _fopen64 = (FILE * (*)(const char *path, const char *mode)) dlsym(RTLD_NEXT, "fopen64"); _execve = (int (*)(const char *filename, char *const argv[],char *const envp[])) dlsym(RTLD_NEXT, "execve"); _fork = (pid_t (*)()) dlsym(RTLD_NEXT, "fork"); - if(_open==NULL || _open64==NULL || execve==NULL || _fork==NULL) { + if(_open==NULL || _open64==NULL || + _fopen==NULL || _fopen64==NULL || + execve==NULL || _fork==NULL) { fprintf(stderr,"Failed to load original functions of hook\n"); exit(1); } @@ -48,7 +56,7 @@ void __doinit(){ fprintf(stderr,"Using stderr as output for logs " "because the LOG_SOCKET environment variable isn't defined.\n"); - log_file_handle=stderr; + log_file=stderr; } else { is_log_into_socket=1; @@ -56,9 +64,7 @@ void __doinit(){ fprintf(stderr,"Unable to create a unix-socket %s: socket name is too long,exiting\n", log_socket_name); exit(1); } - - //fprintf(stderr,"Using a socket for logging: %s\n",log_socket_name); - + log_socket=socket(AF_UNIX, SOCK_STREAM, 0); if(log_socket==-1) { fprintf(stderr,"Unable to create a unix-socket %s: %s\n", log_socket_name, strerror(errno)); @@ -76,9 +82,9 @@ void __doinit(){ exit(1); } - log_file_handle=fdopen(log_socket,"r+"); + log_file=fdopen(log_socket,"r+"); - if(log_file_handle==NULL) { + if(log_file==NULL) { fprintf(stderr,"Unable to open a socket for a steam writing: %s\n", strerror(errno)); exit(1); } @@ -86,8 +92,8 @@ void __doinit(){ } void __dofini() { - fflush(log_file_handle); - fclose(log_file_handle); + fflush(log_file); + fclose(log_file); if(is_log_into_socket) close(log_socket); @@ -125,12 +131,6 @@ void __print_escaped(FILE *fh ,const char *s){ } /* - * Fprint -*/ - -//void __fprint - -/* * Get a pid of the parent proccess * Parse the /proc/pid/stat * We need a first number after last ')' character @@ -140,14 +140,14 @@ pid_t __getparentpid(pid_t pid){ snprintf(filename,MAXPATHLEN, "/proc/%d/stat",pid); FILE *stat_file_handle=fopen(filename,"r"); if(stat_file_handle==NULL) { - fprintf(log_file_handle,"NULL"); + fprintf(log_file,"NULL"); return 0; } char filedata[MAXFILEBUFFLEN]; size_t bytes_readed=fread(filedata,sizeof(char),MAXFILEBUFFLEN,stat_file_handle); if(bytes_readed==0 || bytes_readed>=MAXFILEBUFFLEN) { - fprintf(log_file_handle,"NULL"); + fprintf(log_file,"NULL"); fclose(stat_file_handle); return 0; } @@ -156,7 +156,7 @@ pid_t __getparentpid(pid_t pid){ char *beg_scan_offset=rindex(filedata,')'); if(beg_scan_offset==NULL) { - fprintf(log_file_handle,"NULL"); + fprintf(log_file,"NULL"); fclose(stat_file_handle); return 0; } @@ -164,7 +164,7 @@ pid_t __getparentpid(pid_t pid){ pid_t parent_pid; int tokens_readed=sscanf(beg_scan_offset,") %*c %d",&parent_pid); if(tokens_readed!=1) { - fprintf(log_file_handle,"NULL"); + fprintf(log_file,"NULL"); fclose(stat_file_handle); return 0; } @@ -185,7 +185,7 @@ void __print_cmdline(pid_t pid) { snprintf(filename,MAXPATHLEN, "/proc/%d/cmdline",pid); FILE *cmdline_file_handle=fopen(filename,"r"); if(cmdline_file_handle==NULL) { - fprintf(log_file_handle,"UNKNOWN"); + fprintf(log_file,"UNKNOWN"); return; } @@ -197,14 +197,14 @@ void __print_cmdline(pid_t pid) { int i; for(i=0; i<readed; i++) { if(read_buffer[i]==0) { - __print_escaped(log_file_handle,last_printed); - fprintf(log_file_handle,"\\0"); + __print_escaped(log_file,last_printed); + fprintf(log_file,"\\0"); last_printed=read_buffer+i+1; } } read_buffer[readed]=0; if(last_printed<read_buffer+readed) - __print_escaped(log_file_handle,last_printed); // print rest of buffer + __print_escaped(log_file,last_printed); // print rest of buffer } while(readed==MAXFILEBUFFLEN); fclose(cmdline_file_handle); @@ -213,26 +213,26 @@ void __print_cmdline(pid_t pid) { /* * Format of log string: time event file flags result parents */ -void __hook_log(const char *event_type, const char *filename, char* result, int err) { +void __hook_log(const char *event_type, const char *filename, int result, int err) { - fprintf(log_file_handle,"%lld ",(unsigned long long)time(NULL)); + fprintf(log_file,"%lld ",(unsigned long long)time(NULL)); - __print_escaped(log_file_handle, event_type); - fprintf(log_file_handle," "); - __print_escaped(log_file_handle, filename); - fprintf(log_file_handle," %s %d ", result, err); + __print_escaped(log_file, event_type); + fprintf(log_file," "); + __print_escaped(log_file, filename); + fprintf(log_file," %d %d %d", result, err, getpid()); // TODO: add a parent processes in output - pid_t pid; - __getparentpid(getpid()); - for(pid=getpid();pid!=0;pid=__getparentpid(pid)){ - __print_cmdline(pid); - if(pid!=1) - fprintf(log_file_handle,","); +// pid_t pid; +// __getparentpid(getpid()); +// for(pid=getpid();pid!=0;pid=__getparentpid(pid)){ +// __print_cmdline(pid); +// if(pid!=1) +// fprintf(log_file,","); - } +// } - fprintf(log_file_handle,"\n"); - fflush(log_file_handle); + fprintf(log_file,"\n"); + fflush(log_file); } int open(const char * pathname, int flags, mode_t mode) { @@ -242,7 +242,7 @@ int open(const char * pathname, int flags, mode_t mode) { else ret=_open(pathname, flags, 0); - __hook_log("open",pathname,"todo",errno); + __hook_log("open",pathname,ret,errno); return ret; } @@ -255,14 +255,29 @@ int open64(const char * pathname, int flags, mode_t mode) { else ret=_open64(pathname, flags, 0); - __hook_log("open64",pathname,"todo",errno); + __hook_log("open",pathname,ret,errno); return ret; } +FILE *fopen(const char *path, const char *mode) { + FILE *ret; + ret=_fopen(path,mode); + __hook_log("open",path,0,errno); + return ret; +} + +FILE *fopen64(const char *path, const char *mode) { + FILE *ret; + ret=_fopen64(path,mode); + __hook_log("open",path,0,errno); + return ret; +} + + int execve(const char *filename, char *const argv[], char *const envp[]) { - __hook_log("execve",filename,"todo",0); + __hook_log("execve",filename,0,0); int ret=_execve(filename, argv, envp); |