bool TCred::CanControl(TCred &cred) const {
if (IsRootUser() || Uid == cred.Uid)
return true;
if (cred.IsMemberOf(PORTO_CONT_GROUP_NAME))
return true;
return cred.IsMemberOf(UserName(Uid) + CONT_SUFFIX);
}
/******************************************************************************
* *
* void OptUninstall() *
* *
*******************************************************************************
*
* Removes linice.o module
*
******************************************************************************/
void OptUninstall()
{
int hIce;
int status;
// Only the root user may remove the module
if( IsRootUser() )
{
// Send the exit ioctl to the driver so it can decrement possibly
// multiple usage count to only 1 (useful when loader crashes)
hIce = open("/dev/"DEVICE_NAME, O_RDONLY);
if( hIce>=0 )
{
// Send the EXIT message to the Linice, so it can release its hooks
status = ioctl(hIce, ICE_IOCTL_EXIT, 0);
close(hIce);
// If there are still any extension modules loaded, we cannot unload
// since the modules are linked to us and wont let us unload cleanly.
// Value of 1 for status is the special signal from Linice driver
if( status != 1 )
{
// Unload the linice.o device driver module
status = system2("rmmod linice");
// rmmod must return 0 when uninstalling a module correctly
if( status != 0 )
{
// If we cannot unload linice because it crashed, use the
// last resort and try to force unload it
hIce = open("/dev/"DEVICE_NAME, O_RDONLY);
if( hIce>=0 )
{
VERBOSE1 printf("Forcing unload...\n");
status = ioctl(hIce, ICE_IOCTL_EXIT_FORCE, 0);
close(hIce);
// Theoretically, by now our bad module count is reset back to 0...
// Unload the linice.o device driver module
status = system2("rmmod linice");
}
}
printf("Linice uninstalled.\n");
}
else
fprintf(stderr, "One or more Linice extension modules are still loaded. Unload them first!\n");
}
else
fprintf(stderr, "Cannot communicate with the Linice module! Is Linice installed?\n");
}
}
bool CServerSession::OnKillProcs( CNcpMessage* pMsg, int nBufSize )
{
int nRet = S_OK;
if( IsRootUser() ) {
m_pServApp->KillProcs();
} else {
nRet = E_ACCES;
}
pMsg->Init( CM_ACK, nRet );
pMsg->Send( m_sock );
return true;
}
bool CServerSession::OnSetIdle( CNcpMessage* pMsg, int nBufSize )
{
//parse the parameters
BOOL bIdle = pMsg->GetRet();
int nRet = S_OK;
if( IsRootUser() ) {
m_pServApp->SetServState( bIdle ? SYSTEM_IDLE : SYSTEM_USER_LOGON );
} else {
nRet = E_ACCES;
}
pMsg->Init( CM_ACK, nRet );
pMsg->Send( m_sock );
return true;
}
/* Returns true for priveleged or if uid/gid intersects */
bool TCred::IsPermitted(const TCred &requirement) const {
if (Uid == requirement.Uid)
return true;
if (IsRootUser())
return true;
if (IsMemberOf(requirement.Gid))
return true;
for (auto gid: requirement.Groups)
if (IsMemberOf(gid))
return true;
return false;
}
bool CServerSession::OnGetSysInfo( CNcpMessage* pMsg, int nBufSize )
{
SYSINFO sysinfo;
bzero( &sysinfo, sizeof(SYSINFO) );
#ifdef _WIN32
sysinfo.nOpSystem = SI_WIN32;
#endif
#ifdef _UNIX
sysinfo.nOpSystem = SI_UNIX;
#endif
#ifdef _LINUX
sysinfo.nOpSystem = SI_LINUX;
#endif
#ifdef _SHARED_DISK
sysinfo.bShareDisk = true;
#else
sysinfo.bShareDisk = false;
#endif
if( IsRootUser() ){
sysinfo.bSysIdle = IsSystemFree( m_pServApp->GetServState() );
sysinfo.nSysStat = m_pServApp->GetServState();
sysinfo.nSessions = m_pServApp->GetSessionCount();
sysinfo.nChildPorcs = m_pServApp->GetProcCount();
}
pMsg->Init( CM_ACK );
sysinfo_hton( &sysinfo );
bcopy( &sysinfo, pMsg->GetData(), sizeof(SYSINFO) );
pMsg->SetDataSize( sizeof(SYSINFO) );
pMsg->Send( m_sock );
return true;
}
/*>int main(int argc, char **argv)
-------------------------------
*//**
Main program
- 16.10.15 Original By: ACRM
*/
int main(int argc, char **argv)
{
BOOL runDaemon = FALSE,
listJobs = FALSE;
int progArg = (-1),
verbose = 0,
jobInfoID = 0,
sleepTime = DEF_POLLTIME,
maxWait = DEF_WAITTIME;
char queueDir[MAXBUFF];
uid_t uid;
gid_t gid;
if(ParseCmdLine(argc, argv, &runDaemon, &progArg, &sleepTime,
&verbose, queueDir, &maxWait, &listJobs,
&jobInfoID))
{
char lockFullFile[MAXBUFF];
sprintf(lockFullFile, "%s/%s", queueDir, LOCKFILE);
MakeDirectory(queueDir);
if(runDaemon)
{
if(!IsRootUser(&uid, &gid))
{
Message(PROGNAME, MSG_FATAL,
"With -run, the program must be run as root.");
}
unlink(lockFullFile);
SpawnJobRunner(queueDir, sleepTime, verbose);
}
else if (listJobs)
{
ListJobs(queueDir, verbose);
}
else if(jobInfoID)
{
CountdownJob(queueDir, jobInfoID, sleepTime);
}
else
{
int nJobs,
jobID;
char msg[MAXBUFF];
if(IsRootUser(&uid, &gid))
{
Message(PROGNAME, MSG_FATAL,
"Jobs may not be submitted by root");
}
jobID = QueueJob(queueDir, lockFullFile, argv+progArg,
argc-progArg, maxWait, &nJobs);
sprintf(msg, "Submitted job id: %d", jobID);
Message(PROGNAME, MSG_INFO, msg);
if(verbose)
{
sprintf(msg, "There are now %d jobs in the queue", nJobs);
Message(PROGNAME, MSG_INFO, msg);
}
}
}
else
{
UsageDie();
}
return(0);
}
/******************************************************************************
* *
* BOOL OptInstall(char *pSystemMap) *
* *
*******************************************************************************
*
* Loads linice.o module. Feeds it the init file so it can configure itself.
* Looks for the System.map file and read all necessary symbols that linice
* cannot obtain as a kernel module and needs for proper operation.
*
* Where:
* pSystemMap is the user-add path/name of the System.map file
*
* Returns:
* TRUE - module loaded and initialized
* FALSE - a problem happened, we need to exit
*
******************************************************************************/
BOOL OptInstall(char *pSystemMap)
{
int hIce;
FILE *fp;
int status;
char sLine[256], *pStr;
char sKey[16], sValue[256];
TINITPACKET Init;
int nLine, i;
// Only the root user may install the module
if( !IsRootUser() )
return( FALSE );
// Initialization: zero out the init packet
memset(&Init, 0, sizeof(TINITPACKET));
Init.nSize = sizeof(TINITPACKET);
//====================================================================
// Installation check - If Linice module already installed, return
//====================================================================
hIce = open("/dev/"DEVICE_NAME, O_RDONLY);
if( hIce>=0 )
{
fprintf(stderr, "Linice module already installed, or /dev/%s exists.\n", DEVICE_NAME);
return( TRUE );
}
// When looking for the System.map file, user command line argument
// has precedence over linice.dat file specification and lastly, default
// It makes sense to display error and exit if the user-specified map
// file can't be opened since he probably mistyped it
if( pSystemMap )
{
if( OpenSystemMap(pSystemMap)==FALSE )
{
fprintf(stderr, "Unable to open specified map file: %s\n", pSystemMap);
return( FALSE );
}
}
//====================================================================
// Look for the linice config file and read its assignments
//====================================================================
fp = fopen("linice.dat", "r");
if( fp==NULL )
{
VERBOSE1 printf("Looking for linice.dat in /etc");
// Look in the /etc directory
fp = fopen("/etc/linice.dat", "r");
if( fp==NULL )
{
// Failed to open the config file - load default settings
fprintf(stderr, "Failed to open linice.dat file - loading default settings.\n");
// Set up default values:
strcpy(Init.keyFn[ 0], "h;"); // F1
strcpy(Init.keyFn[ 1], "^wr;"); // F2
strcpy(Init.keyFn[ 2], "^src;"); // F3
strcpy(Init.keyFn[ 3], "^rs;"); // F4
strcpy(Init.keyFn[ 4], "^x;"); // F5
strcpy(Init.keyFn[ 5], "^ec;"); // F6
strcpy(Init.keyFn[ 6], "^here;"); // F7
strcpy(Init.keyFn[ 7], "^t;"); // F8
strcpy(Init.keyFn[ 8], "^bpx;"); // F9
strcpy(Init.keyFn[ 9], "^p;"); // F10
strcpy(Init.keyFn[10], "^G @SS:ESP;"); // F11
strcpy(Init.keyFn[11], "^p ret;"); // F12
strcpy(Init.keyFn[12], "^format;"); // SF1
strcpy(Init.keyFn[24], "^wr;"); // AF1
strcpy(Init.keyFn[25], "^wd;"); // AF2
strcpy(Init.keyFn[26], "^wc;"); // AF3
strcpy(Init.keyFn[27], "^ww;"); // AF4
strcpy(Init.keyFn[28], "CLS;"); // AF5
strcpy(Init.keyFn[34], "^dd dataaddr->0;"); // AF11
strcpy(Init.keyFn[35], "^dd dataaddr->4;"); // AF12
strcpy(Init.keyFn[36], "altscr off; lines 60; wc 32; wd 8;"); // CF1
strcpy(Init.keyFn[37], "^wr;^wd;^wc;"); // CF2
Init.fLowercase = 1; // Use lowercase disassembly
}
}
// Set default values - these we do in any case before parsing the linice.dat file
Init.nHistorySize = 16; // 16 Kb
Init.nSymbolSize = 128; // 128 Kb
Init.nMacros = 32; // 32 macro entries
Init.nVars = 32; // 32 user variables
nLine = 0;
// Read config file line by line and build the config packet
while( fp && !feof(fp) )
{
nLine++;
fgets(sLine, sizeof(sLine), fp);
// Cut off end of line characters
if( strchr(sLine, '\n') ) *(char *)strchr(sLine, '\n') = 0;
if( strchr(sLine, '\r') ) *(char *)strchr(sLine, '\r') = 0;
// Change all TABs into spaces
while( strchr(sLine, '\t') )
{
*(char *)strchr(sLine, '\t') = ' ';
}
// Get to the first meaningful character in a line
pStr = sLine;
while( *pStr==' ' ) pStr++;
// Skip comment line and empty lines
if((*pStr==';')||(*pStr=='#')||(*pStr==0))
continue;
// Get the assignment in the form KEY=VALUE or KEY="value"
sscanf(pStr, "%[a-zA-Z0-9.]s", sKey);
pStr = strchr(pStr,'=') + 1;
// Decipher the key and load the appropriate value (number, boolean or string)
if(stricmp(sKey, "lowercase")==0)
{
sscanf(pStr, "%s", sValue);
if(stricmp(sValue,"on")==0)
Init.fLowercase = 1;
} else
if(stricmp(sKey, "sym")==0)
sscanf(pStr, "%d", &Init.nSymbolSize);
else
if(stricmp(sKey, "drawsize")==0)
sscanf(pStr, "%d", &Init.nDrawSize);
else
if(stricmp(sKey, "hst")==0)
sscanf(pStr, "%d", &Init.nHistorySize);
else
if(stricmp(sKey, "macros")==0)
sscanf(pStr, "%d", &Init.nMacros);
else
if(stricmp(sKey, "vars")==0)
sscanf(pStr, "%d", &Init.nVars);
else
if(stricmp(sKey, "init")==0)
GetString(Init.sInit, pStr);
else
if(stricmp(sKey, "layout" )==0)
{
// If we return TRUE, Init.Layout has been updated
if( ReadKbdMapping(Init.Layout, pStr)==TRUE )
{
VERBOSE2 printf("Keyboard layout: %s\n", pStr);
}
else
{
fprintf(stderr, "Invalid keyboard layout %s!\n", pStr);
// We probably dont want to continue if the keyboard layout is bad
return( FALSE );
}
}else
if(stricmp(sKey, "f1" )==0) GetString(Init.keyFn[ 0], pStr); else
if(stricmp(sKey, "f2" )==0) GetString(Init.keyFn[ 1], pStr); else
if(stricmp(sKey, "f3" )==0) GetString(Init.keyFn[ 2], pStr); else
if(stricmp(sKey, "f4" )==0) GetString(Init.keyFn[ 3], pStr); else
if(stricmp(sKey, "f5" )==0) GetString(Init.keyFn[ 4], pStr); else
if(stricmp(sKey, "f6" )==0) GetString(Init.keyFn[ 5], pStr); else
if(stricmp(sKey, "f7" )==0) GetString(Init.keyFn[ 6], pStr); else
if(stricmp(sKey, "f8" )==0) GetString(Init.keyFn[ 7], pStr); else
if(stricmp(sKey, "f9" )==0) GetString(Init.keyFn[ 8], pStr); else
if(stricmp(sKey, "f10" )==0) GetString(Init.keyFn[ 9], pStr); else
if(stricmp(sKey, "f11" )==0) GetString(Init.keyFn[10], pStr); else
if(stricmp(sKey, "f12" )==0) GetString(Init.keyFn[11], pStr); else
if(stricmp(sKey, "sf1" )==0) GetString(Init.keyFn[12], pStr); else
if(stricmp(sKey, "sf2" )==0) GetString(Init.keyFn[13], pStr); else
if(stricmp(sKey, "sf3" )==0) GetString(Init.keyFn[14], pStr); else
if(stricmp(sKey, "sf4" )==0) GetString(Init.keyFn[15], pStr); else
if(stricmp(sKey, "sf5" )==0) GetString(Init.keyFn[16], pStr); else
if(stricmp(sKey, "sf6" )==0) GetString(Init.keyFn[17], pStr); else
if(stricmp(sKey, "sf7" )==0) GetString(Init.keyFn[18], pStr); else
if(stricmp(sKey, "sf8" )==0) GetString(Init.keyFn[19], pStr); else
if(stricmp(sKey, "sf9" )==0) GetString(Init.keyFn[20], pStr); else
if(stricmp(sKey, "sf10")==0) GetString(Init.keyFn[21], pStr); else
if(stricmp(sKey, "sf11")==0) GetString(Init.keyFn[22], pStr); else
if(stricmp(sKey, "sf12")==0) GetString(Init.keyFn[23], pStr); else
if(stricmp(sKey, "af1" )==0) GetString(Init.keyFn[24], pStr); else
if(stricmp(sKey, "af2" )==0) GetString(Init.keyFn[25], pStr); else
if(stricmp(sKey, "af3" )==0) GetString(Init.keyFn[26], pStr); else
if(stricmp(sKey, "af4" )==0) GetString(Init.keyFn[27], pStr); else
if(stricmp(sKey, "af5" )==0) GetString(Init.keyFn[28], pStr); else
if(stricmp(sKey, "af6" )==0) GetString(Init.keyFn[29], pStr); else
if(stricmp(sKey, "af7" )==0) GetString(Init.keyFn[30], pStr); else
if(stricmp(sKey, "af8" )==0) GetString(Init.keyFn[31], pStr); else
if(stricmp(sKey, "af9" )==0) GetString(Init.keyFn[32], pStr); else
if(stricmp(sKey, "af10")==0) GetString(Init.keyFn[33], pStr); else
if(stricmp(sKey, "af11")==0) GetString(Init.keyFn[34], pStr); else
if(stricmp(sKey, "af12")==0) GetString(Init.keyFn[35], pStr); else
if(stricmp(sKey, "cf1" )==0) GetString(Init.keyFn[36], pStr); else
if(stricmp(sKey, "cf2" )==0) GetString(Init.keyFn[37], pStr); else
if(stricmp(sKey, "cf3" )==0) GetString(Init.keyFn[38], pStr); else
if(stricmp(sKey, "cf4" )==0) GetString(Init.keyFn[39], pStr); else
if(stricmp(sKey, "cf5" )==0) GetString(Init.keyFn[40], pStr); else
if(stricmp(sKey, "cf6" )==0) GetString(Init.keyFn[41], pStr); else
if(stricmp(sKey, "cf7" )==0) GetString(Init.keyFn[42], pStr); else
if(stricmp(sKey, "cf8" )==0) GetString(Init.keyFn[43], pStr); else
if(stricmp(sKey, "cf9" )==0) GetString(Init.keyFn[44], pStr); else
if(stricmp(sKey, "cf10")==0) GetString(Init.keyFn[45], pStr); else
if(stricmp(sKey, "cf11")==0) GetString(Init.keyFn[46], pStr); else
if(stricmp(sKey, "cf12")==0) GetString(Init.keyFn[47], pStr); else
// Try to open the system map file...
// TODO: This is not documented
if(stricmp(sKey, "System.map")==0) OpenSystemMap(pStr); else
{
VERBOSE2 printf("Line %d skipped: %s\n", nLine, sLine);
}
}
// Close the linice.dat file
if( fp )
fclose(fp);
// Modify function key assignments to substitute the trailing semicolon
// with the newline character
for( i=0; i<48; i++)
{
if( strlen(Init.keyFn[i]) > 0 )
{
pStr = Init.keyFn[i] + strlen(Init.keyFn[i]) - 1;
if( *pStr==';' )
*pStr = '\n';
}
}
Init.nSymbolSize *= 1024; // Make these values kilobytes
Init.nDrawSize *= 1024;
Init.nHistorySize *= 1024;
// Lastly, try several more default locations for System.map file
OpenSystemMap("/boot/System.map"); // Default for RedHat
OpenSystemMap(MkSuSE()); // Make default for SuSE linux
OpenSystemMap("./System.map"); // Current directory
OpenSystemMap("/System.map"); // File system root
// Scan system map file for some symbols that we need to send to linice
if( GetSymbolExports() )
{
// In order to do "insmod" with the module name, we need to know where to
// find it (user might called linsym from any directory). Environment variable
// LINICE should be set to the 'bin' of the linice built module IF the linsym
// is not being executed from the default place (bin).
// Load the linice.o device driver module:
// -x do not export externs
// -f force load even if kernel version does not match
sprintf(sLine, "insmod -f linice_`uname -r`/linice.o ice_debug_level=1 kbd=%d scan=%d pmodule=%d sys=%d switchto=%d start_sym=%d stop_sym=%d start_sym_gpl=%d stop_sym_gpl=%d",
handle_kbd_event,
handle_scancode,
module_list,
sys_call_table,
switch_to,
start_symtab,
stop_symtab,
start_symtab_gpl,
stop_symtab_gpl);
VERBOSE2 printf("%s\n", sLine);
status = system2(sLine); // Execute the module load...
// If failed on a first try, change the directory to the environment LINICE and retry
if( status && getenv("LINICE") )
{
VERBOSE2 printf("Using environment variable LINICE = %s\n", getenv("LINICE"));
chdir(getenv("LINICE")); // Change directory to it
status = system2(sLine); // Try the module load again...
}
// insmod must return 0 to load module correctly
if( status==0 )
{
//====================================================================
// Send the init packet down to the module
//====================================================================
hIce = open("/dev/"DEVICE_NAME, O_RDONLY);
if( hIce>=0 )
{
status = ioctl(hIce, ICE_IOCTL_INIT, &Init);
close(hIce);
printf("Linice installed.\n");
// Return success
return( TRUE );
}
fprintf(stderr, "Error opening /dev/%s device!\n", DEVICE_NAME);
// Unload linice module
system2("rmmod linice");
}
else
{ // We could not load linice module!
fprintf(stderr, "Error loading linice module!\n\n");
}
VERBOSE2 printf("system(insmod()) returns %d\n", status);
fprintf(stderr, "Possible causes are:\n");
fprintf(stderr, " * /dev/ice exists (delete it)\n");
fprintf(stderr, " * Not calling Linsym from the default Linice directory (its 'bin') -\n");
fprintf(stderr, " Set the environment variable LINICE with the path to that directory:\n");
fprintf(stderr, " Example: export LINICE=/usr/src/linice/bin\n");
fprintf(stderr, " * Linice did not compile correctly so the module does not exist\n");
fprintf(stderr, " * Your Symbol.map file is not correct (use option -m <map>)\n");
fprintf(stderr, " * Unsupported kernel version 2.6.9 and above\n");
fprintf(stderr, "\n");
}
else
{
// We did not find System.map - this file needs to be used since we
// really can't hook without it..
fprintf(stderr, "Failed to open System.map file!\n");
fprintf(stderr, "Please use option --map <System.map> to specify its path and name.\n");
fprintf(stderr, "\n");
}
// Return failure
return( FALSE );
}
bool TCred::IsPortoUser() const {
return IsRootUser() || IsMemberOf(PortoGroup);
}