/*
* ZeroTier One - Network Virtualization Everywhere
* Copyright (C) 2011-2015 ZeroTier, Inc.
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see .
*
* --
*
* ZeroTier may be used and distributed under the terms of the GPLv3, which
* are available at: http://www.gnu.org/licenses/gpl-3.0.html
*
* If you would like to embed ZeroTier into a commercial application or
* redistribute it in a modified binary form, please contact ZeroTier Networks
* LLC. Start here: http://www.zerotier.com/
*/
#ifdef USE_GNU_SOURCE
#define _GNU_SOURCE
#endif
/* Name used in err msgs */
char *progname = "";
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include "Intercept.h"
#include "Common.c"
#ifdef CHECKS
#include
#include /* for NPROTO */
#define SOCK_MAX (SOCK_PACKET + 1)
#define SOCK_TYPE_MASK 0xf
#endif
/* Global Declarations */
#ifdef USE_SOCKS_DNS
static int (*realresinit)(void);
#endif
static int (*realconnect)(CONNECT_SIG);
static int (*realselect)(SELECT_SIG);
static int (*realbind)(BIND_SIG);
static int (*realaccept)(ACCEPT_SIG);
static int (*reallisten)(LISTEN_SIG);
static int (*realsocket)(SOCKET_SIG);
static int (*realsetsockopt)(SETSOCKOPT_SIG);
static int (*realgetsockopt)(GETSOCKOPT_SIG);
static int (*realaccept4)(ACCEPT4_SIG);
static long (*realsyscall)(SYSCALL_SIG);
static int (*realclose)(CLOSE_SIG);
static int (*realclone)(CLONE_SIG);
/* static int (*realpoll)(POLL_SIG); */
static int (*realdup2)(DUP2_SIG);
static int (*realdup3)(DUP3_SIG);
/* Exported Function Prototypes */
void my_init(void);
int connect(CONNECT_SIG);
int select(SELECT_SIG);
int bind(BIND_SIG);
int accept(ACCEPT_SIG);
int listen(LISTEN_SIG);
int socket(SOCKET_SIG);
int setsockopt(SETSOCKOPT_SIG);
int getsockopt(GETSOCKOPT_SIG);
int accept4(ACCEPT4_SIG);
long syscall(SYSCALL_SIG);
int close(CLOSE_SIG);
int clone(CLONE_SIG);
/* int poll(POLL_SIG); */
int dup2(DUP2_SIG);
int dup3(DUP3_SIG);
#ifdef USE_SOCKS_DNS
int res_init(void);
#endif
int connect_to_service(void);
int init_service_connection();
void load_symbols(void);
void set_up_intercept();
int checkpid();
#define SERVICE_CONNECT_ATTEMPTS 30
#define RPC_FD 1023
ssize_t sock_fd_read(int sock, void *buf, ssize_t bufsize, int *fd);
/* threading */
pthread_mutex_t lock;
pthread_mutex_t loglock;
void handle_error(char *name, char *info, int err)
{
#ifdef ERRORS_ARE_FATAL
if(err < 0) {
dwr(MSG_DEBUG,"handle_error(%s)=%d: FATAL: %s\n", name, err, info);
exit(-1);
}
#endif
#ifdef VERBOSE
dwr(MSG_DEBUG,"%s()=%d\n", name, err);
#endif
}
static unsigned long rpc_count = 0;
/*------------------------------------------------------------------------------
------------------- Intercept<--->Service Comm mechanisms-----------------------
------------------------------------------------------------------------------*/
static int is_initialized = 0;
static int fdret_sock; // used for fd-transfers
static int newfd; // used for "this_end" socket
static int thispid;
static char* af_sock_name = "/tmp/.ztnc_e5cd7a9e1c5311ab";
static int instance_count = 0;
/*
* Check for forking
*/
int checkpid() {
if(thispid != getpid()) {
printf("clone/fork detected. re-initializing this instance.\n");
set_up_intercept();
fdret_sock = init_service_connection();
thispid = getpid();
}
return 0;
}
/*
* Sends an RPC command to the service
*/
int send_command(int rpc_fd, char *cmd)
{
char metabuf[BUF_SZ]; // portion of buffer which contains RPC metadata for debugging
#ifdef VERBOSE
/*
#define IDX_PID 0
#define IDX_TID sizeof(pid_t)
#define IDX_COUNT IDX_TID + sizeof(pid_t)
#define IDX_TIME IDX_COUNT + sizeof(int)
#define IDX_CMD IDX_TIME + 20 // 20 being the length of the timestamp string
#define IDX_PAYLOAD IDX_TIME + sizeof(char)
*/
/* [pid_t] [pid_t] [rpc_count] [int] [...] */
memset(metabuf, '\0', BUF_SZ);
pid_t pid = syscall(SYS_getpid);
pid_t tid = syscall(SYS_gettid);
rpc_count++;
char timestring[20];
time_t timestamp;
timestamp = time(NULL);
strftime(timestring, sizeof(timestring), "%H:%M:%S", localtime(×tamp));
memcpy(&metabuf[IDX_PID], &pid, sizeof(pid_t) ); /* pid */
memcpy(&metabuf[IDX_TID], &tid, sizeof(pid_t) ); /* tid */
memcpy(&metabuf[IDX_COUNT], &rpc_count, sizeof(rpc_count) ); /* rpc_count */
memcpy(&metabuf[IDX_TIME], ×tring, 20 ); /* timestamp */
#endif
/* Combine command flag+payload with RPC metadata */
memcpy(&metabuf[IDX_PAYLOAD], cmd, PAYLOAD_SZ);
int n_write = write(rpc_fd, &metabuf, BUF_SZ);
if(n_write < 0){
dwr(MSG_DEBUG,"Error writing command to service (CMD = %d)\n", cmd[0]);
errno = 0;
return -1;
}
return 0;
}
/*
* Reads a return value from the service and sets errno (if applicable)
*/
int get_retval()
{
dwr(MSG_DEBUG,"get_retval()\n");
if(fdret_sock >= 0) {
int retval;
int sz = sizeof(char) + sizeof(retval) + sizeof(errno);
char retbuf[BUF_SZ];
memset(&retbuf, '\0', sz);
int n_read = read(fdret_sock, &retbuf, sz);
if(n_read > 0) {
memcpy(&retval, &retbuf[1], sizeof(retval));
memcpy(&errno, &retbuf[1+sizeof(retval)], sizeof(errno));
return retval;
}
}
dwr(MSG_DEBUG,"unable to read return value\n");
return -1;
}
/* Reads a new file descriptor from the service */
int get_new_fd(int oversock)
{
char buf[BUF_SZ];
int newfd;
ssize_t size = sock_fd_read(oversock, buf, sizeof(buf), &newfd);
dwr(MSG_DEBUG, "get_new_fd(): RX: fd = (%d) over (%d)\n", newfd, oversock);
return newfd;
}
/* Check whether the socket is mapped to the service or not. We
need to know if this is a regular AF_LOCAL socket or an end of a socketpair
that the service uses. We don't want to keep state in the intercept, so
we simply ask the service via an RPC */
int is_mapped_to_service(int sockfd)
{
dwr(MSG_DEBUG,"is_mapped_to_service()\n");
char cmd[BUF_SZ];
memset(cmd, '\0', BUF_SZ);
cmd[0] = RPC_MAP_REQ;
memcpy(&cmd[1], &sockfd, sizeof(sockfd));
pthread_mutex_lock(&lock);
if(send_command(fdret_sock, cmd) < 0)
return -1;
int err = get_retval();
pthread_mutex_unlock(&lock);
return err;
}
/*------------------------------------------------------------------------------
---------- Unix-domain socket lazy initializer (for fd-transfers)--------------
------------------------------------------------------------------------------*/
/* Sets up the connection pipes and sockets to the service */
int init_service_connection()
{
instance_count++;
dwr(MSG_DEBUG,"init_service_connection()\n");
struct sockaddr_un addr;
int tfd = -1, attempts = 0, conn_err = -1;
memset(&addr, 0, sizeof(addr));
addr.sun_family = AF_UNIX;
strncpy(addr.sun_path, af_sock_name, sizeof(addr.sun_path)-1);
dwr(MSG_DEBUG, "init(): pre-realsocket\n");
if ( (tfd = realsocket(AF_UNIX, SOCK_STREAM, 0)) == -1) {
perror("socket error");
exit(-1);
}
dwr(MSG_DEBUG, "init(): post-realsocket, conn_err = %d, attempts = %d\n", conn_err, attempts);
while(conn_err < 0 && attempts < SERVICE_CONNECT_ATTEMPTS) {
dwr(MSG_DEBUG, "init(): Attempting!\n");
conn_err = realconnect(tfd, (struct sockaddr*)&addr, sizeof(addr));
dwr(MSG_DEBUG, "init(): post-realconnect\n");
if(conn_err < 0) {
dwr(MSG_DEBUG,"re-attempting connection in %ds\n", 1+attempts);
sleep(1);
}
else {
dwr(MSG_DEBUG,"AF_UNIX connection established: %d\n", tfd);
is_initialized = 1;
int newtfd = realdup2(tfd, RPC_FD-instance_count);
dwr(MSG_DEBUG,"dup'd to rpc_fd = %d\n", newtfd);
close(tfd);
return newtfd;
}
attempts++;
}
return -1;
}
/*------------------------------------------------------------------------------
------------------------ ctors and dtors (and friends)-------------------------
------------------------------------------------------------------------------*/
void my_dest(void) __attribute__ ((destructor));
void my_dest(void) {
dwr(MSG_DEBUG,"closing connections to service...\n");
close(fdret_sock);
pthread_mutex_destroy(&lock);
}
void load_symbols(void)
{
#ifdef USE_OLD_DLSYM
void *lib;
#endif
/* possibly add check to beginning of each method to avoid needing to cll the constructor */
if(thispid == getpid()) {
dwr(MSG_DEBUG,"detected duplicate call to global ctor (pid=%d).\n", thispid);
}
thispid = getpid();
#ifndef USE_OLD_DLSYM
realconnect = dlsym(RTLD_NEXT, "connect");
realbind = dlsym(RTLD_NEXT, "bind");
realaccept = dlsym(RTLD_NEXT, "accept");
reallisten = dlsym(RTLD_NEXT, "listen");
realsocket = dlsym(RTLD_NEXT, "socket");
realbind = dlsym(RTLD_NEXT, "bind");
realselect = dlsym(RTLD_NEXT, "select");
realsetsockopt = dlsym(RTLD_NEXT, "setsockopt");
realgetsockopt = dlsym(RTLD_NEXT, "getsockopt");
realaccept4 = dlsym(RTLD_NEXT, "accept4");
realclone = dlsym(RTLD_NEXT, "clone");
realclose = dlsym(RTLD_NEXT, "close");
realsyscall = dlsym(RTLD_NEXT, "syscall");
/* realsyscall = dlsym(RTLD_NEXT, "poll"); */
realdup2 = dlsym(RTLD_NEXT, "dup2");
realdup3 = dlsym(RTLD_NEXT, "dup3");
#ifdef USE_SOCKS_DNS
realresinit = dlsym(RTLD_NEXT, "res_init");
#endif
#else
lib = dlopen(LIBCONNECT, RTLD_LAZY);
realconnect = dlsym(lib, "connect");
realbind = dlsym(lib, "bind");
realaccept = dlsym(lib, "accept");
reallisten = dlsym(lib, "listen");
realsocket = dlsym(lib, "socket");
realselect = dlsym(lib, "select");
realsetsockopt = dlsym(lib, "setsockopt");
realgetsockopt = dlsym(lib, "getsockopt");
realaccept4 = dlsym(lib), "accept4");
realclone = dlsym(lib, "clone");
realclose = dlsym(lib, "close");
realsyscall = dlsym(lib, "syscall");
/* realsyscall = dlsym(lib, "poll"); */
realdup2 = dlsym(RTLD_NEXT, "dup2");
realdup3 = dlsym(RTLD_NEXT, "dup3");
#ifdef USE_SOCKS_DNS
realresinit = dlsym(lib, "res_init");
#endif
dlclose(lib);
lib = dlopen(LIBC, RTLD_LAZY);
dlclose(lib);
#endif
}
/* Private Function Prototypes */
void _init(void) __attribute__ ((constructor));
void _init(void) {
set_up_intercept();
}
/* get symbols and initialize mutexes */
void set_up_intercept()
{
load_symbols();
if(pthread_mutex_init(&lock, NULL) != 0) {
dwr(MSG_ERROR, "error while initializing service call mutex\n");
}
if(pthread_mutex_init(&loglock, NULL) != 0) {
dwr(MSG_ERROR, "error while initializing log mutex mutex\n");
}
}
/*------------------------------------------------------------------------------
--------------------------------- setsockopt() ---------------------------------
------------------------------------------------------------------------------*/
/* int socket, int level, int option_name, const void *option_value, socklen_t option_len */
int setsockopt(SETSOCKOPT_SIG)
{
if(realsetsockopt == NULL){
dwr(MSG_ERROR, "setsockopt(): SYMBOL NOT FOUND.\n");
return -1;
}
dwr(MSG_DEBUG,"\nsetsockopt(%d)\n", socket);
/*
if(is_mapped_to_service(socket) < 0) { // First, check if the service manages this
return realsetsockopt(socket, level, option_name, option_value, option_len);
}
*/
/* return(realsetsockopt(socket, level, option_name, option_value, option_len)); */
if(level == SOL_IPV6 && option_name == IPV6_V6ONLY)
return 0;
if(level == SOL_IP && option_name == IP_TTL)
return 0;
if(level == IPPROTO_TCP || (level == SOL_SOCKET && option_name == SO_KEEPALIVE))
return 0;
/* make sure we don't touch any standard outputs */
if(socket == STDIN_FILENO || socket == STDOUT_FILENO || socket == STDERR_FILENO)
return(realsetsockopt(socket, level, option_name, option_value, option_len));
int err = realsetsockopt(socket, level, option_name, option_value, option_len);
if(err < 0){
perror("setsockopt():\n");
}
return 0;
}
/*------------------------------------------------------------------------------
--------------------------------- getsockopt() ---------------------------------
------------------------------------------------------------------------------*/
/* int sockfd, int level, int optname, void *optval, socklen_t *optlen */
int getsockopt(GETSOCKOPT_SIG)
{
if(realgetsockopt == NULL){
dwr(MSG_ERROR, "getsockopt(): SYMBOL NOT FOUND.\n");
return -1;
}
dwr(MSG_DEBUG,"\ngetsockopt(%d)\n", sockfd);
/*
if(is_mapped_to_service(sockfd) < 0) { // First, check if the service manages this
return realgetsockopt(sockfd, level, optname, optval, optlen);
}
*/
int err = realgetsockopt(sockfd, level, optname, optval, optlen);
/* TODO: this condition will need a little more intelligence later on
-- we will need to know if this fd is a local we are spoofing, or a true local */
if(optname == SO_TYPE)
{
int* val = (int*)optval;
*val = 2;
optval = (void*)val;
}
if(err < 0){
perror("setsockopt():\n");
}
return 0;
}
/*------------------------------------------------------------------------------
----------------------------------- socket() -----------------------------------
------------------------------------------------------------------------------*/
/* int socket_family, int socket_type, int protocol
socket() intercept function */
int socket(SOCKET_SIG)
{
if(realsocket == NULL){
dwr(MSG_ERROR, "socket(): SYMBOL NOT FOUND.\n");
return -1;
}
dwr(MSG_DEBUG,"\nsocket():\n");
int err;
#ifdef CHECKS
/* Check that type makes sense */
int flags = socket_type & ~SOCK_TYPE_MASK;
if (flags & ~(SOCK_CLOEXEC | SOCK_NONBLOCK)) {
errno = EINVAL;
handle_error("socket1", "", -1);
return -1;
}
socket_type &= SOCK_TYPE_MASK;
/* Check protocol is in range */
if (socket_family < 0 || socket_family >= NPROTO){
errno = EAFNOSUPPORT;
handle_error("socket2", "", -1);
return -1;
}
if (socket_type < 0 || socket_type >= SOCK_MAX) {
errno = EINVAL;
handle_error("socket3", "", -1);
return -1;
}
/* Check that we haven't hit the soft-limit file descriptors allowed */
/* FIXME: Find number of open fds
struct rlimit rl;
getrlimit(RLIMIT_NOFILE, &rl);
if(sockfd >= rl.rlim_cur){
errno = EMFILE;
return -1;
}
*/
/* TODO: detect ENFILE condition */
#endif
char cmd[BUF_SZ];
fdret_sock = !is_initialized ? init_service_connection() : fdret_sock;
if(fdret_sock < 0) {
dwr(MSG_DEBUG,"BAD service connection. exiting.\n");
handle_error("socket4", "", -1);
exit(-1);
}
if(socket_family == AF_LOCAL
|| socket_family == AF_NETLINK
|| socket_family == AF_UNIX) {
int err = realsocket(socket_family, socket_type, protocol);
dwr(MSG_DEBUG,"realsocket, err = %d\n", err);
handle_error("socket5", "", err);
return err;
}
/* Assemble and send RPC */
struct socket_st rpc_st;
rpc_st.socket_family = socket_family;
rpc_st.socket_type = socket_type;
rpc_st.protocol = protocol;
rpc_st.__tid = syscall(SYS_gettid);
memset(cmd, '\0', BUF_SZ);
cmd[0] = RPC_SOCKET;
memcpy(&cmd[1], &rpc_st, sizeof(struct socket_st));
pthread_mutex_lock(&lock);
send_command(fdret_sock, cmd);
/* get new fd */
char rbuf[16];
newfd = get_new_fd(fdret_sock);
if(newfd > 0)
{
dwr(MSG_DEBUG,"sending fd = %d to Service over (%d)\n", newfd, fdret_sock);
/* send our local-fd number back to service so
it can complete its mapping table entry */
memset(cmd, '\0', BUF_SZ);
cmd[0] = RPC_MAP;
memcpy(&cmd[1], &newfd, sizeof(newfd));
if(newfd > -1) {
send_command(fdret_sock, cmd);
pthread_mutex_unlock(&lock);
errno = ERR_OK; /* OK */
handle_error("socket6", "", newfd);
return newfd;
}
else { /* Try to read retval+errno since we RXed a bad fd */
dwr(MSG_DEBUG,"Error, service sent bad fd.\n");
err = get_retval();
pthread_mutex_unlock(&lock);
handle_error("socket7", "", -1);
return err;
}
}
else {
dwr(MSG_DEBUG,"Error while receiving new FD.\n");
err = get_retval();
pthread_mutex_unlock(&lock);
handle_error("socket8", "", -1);
return err;
}
}
/*------------------------------------------------------------------------------
---------------------------------- connect() -----------------------------------
------------------------------------------------------------------------------*/
/* int __fd, const struct sockaddr * __addr, socklen_t __len
connect() intercept function */
int connect(CONNECT_SIG)
{
if(realconnect == NULL){
dwr(MSG_ERROR, "connect(): SYMBOL NOT FOUND.\n");
return -1;
}
dwr(MSG_DEBUG,"\nconnect(%d):\n", __fd);
print_addr(__addr);
struct sockaddr_in *connaddr;
connaddr = (struct sockaddr_in *) __addr;
#ifdef CHECKS
/* Check that this is a valid fd */
if(fcntl(__fd, F_GETFD) < 0) {
errno = EBADF;
handle_error("connect", "EBADF", -1);
return -1;
}
/* Check that it is a socket */
int sock_type;
socklen_t sock_type_len = sizeof(sock_type);
if(getsockopt(__fd, SOL_SOCKET, SO_TYPE, (void *) &sock_type, &sock_type_len) < 0) {
errno = ENOTSOCK;
handle_error("connect", "ENOTSOCK", -1);
return -1;
}
/* Check family */
if (connaddr->sin_family < 0 || connaddr->sin_family >= NPROTO){
errno = EAFNOSUPPORT;
handle_error("connect", "EAFNOSUPPORT", -1);
return -1;
}
/* FIXME: Check that address is in user space, return EFAULT ? */
#endif
/* make sure we don't touch any standard outputs */
if(__fd == STDIN_FILENO || __fd == STDOUT_FILENO || __fd == STDERR_FILENO){
if (realconnect == NULL) {
handle_error("connect", "Unresolved symbol [connect]", -1);
exit(-1);
}
return(realconnect(__fd, __addr, __len));
}
if(__addr != NULL && (connaddr->sin_family == AF_LOCAL
|| connaddr->sin_family == PF_NETLINK
|| connaddr->sin_family == AF_NETLINK
|| connaddr->sin_family == AF_UNIX)) {
int err = realconnect(__fd, __addr, __len);
perror("connect():");
/* handle_error("connect", "Cannot connect to local socket", err); */
return err;
}
/* Assemble and send RPC */
int err;
char cmd[BUF_SZ];
memset(cmd, '\0', BUF_SZ);
struct connect_st rpc_st;
rpc_st.__tid = syscall(SYS_gettid);
rpc_st.__fd = __fd;
memcpy(&rpc_st.__addr, __addr, sizeof(struct sockaddr));
memcpy(&rpc_st.__len, &__len, sizeof(socklen_t));
cmd[0] = RPC_CONNECT;
memcpy(&cmd[1], &rpc_st, sizeof(struct connect_st));
pthread_mutex_lock(&lock);
send_command(fdret_sock, cmd);
/*
if(sock_type && O_NONBLOCK) {
pthread_mutex_unlock(&lock);
return EINPROGRESS;
}
*/
err = get_retval();
pthread_mutex_unlock(&lock);
/* handle_error("connect", "", err); */
return err;
}
/*------------------------------------------------------------------------------
---------------------------------- select() ------------------------------------
------------------------------------------------------------------------------*/
/* int n, fd_set *readfds, fd_set *writefds,
fd_set *exceptfds, struct timeval *timeout */
int select(SELECT_SIG)
{
if(realselect == NULL){
dwr(MSG_ERROR, "select(): SYMBOL NOT FOUND.\n");
return -1;
}
/* dwr(MSG_DEBUG,"select():\n"); */
return realselect(n, readfds, writefds, exceptfds, timeout);
}
/*------------------------------------------------------------------------------
------------------------------------ bind() ------------------------------------
------------------------------------------------------------------------------*/
/* int sockfd, const struct sockaddr *addr, socklen_t addrlen
bind() intercept function */
int bind(BIND_SIG)
{
if(realbind == NULL){
dwr(MSG_ERROR, "bind(): SYMBOL NOT FOUND.\n");
return -1;
}
dwr(MSG_DEBUG,"\nbind(%d):\n", sockfd);
print_addr(addr);
#ifdef CHECKS
/* Check that this is a valid fd */
if(fcntl(sockfd, F_GETFD) < 0) {
errno = EBADF;
handle_error("bind", "EBADF", -1);
return -1;
}
/* Check that it is a socket */
int opt = -1;
socklen_t opt_len;
if(getsockopt(sockfd, SOL_SOCKET, SO_TYPE, (void *) &opt, &opt_len) < 0) {
errno = ENOTSOCK;
handle_error("bind", "ENOTSOCK", -1);
return -1;
}
#endif
int err;
/* make sure we don't touch any standard outputs */
if(sockfd == STDIN_FILENO || sockfd == STDOUT_FILENO || sockfd == STDERR_FILENO)
return(realbind(sockfd, addr, addrlen));
/* If local, just use normal syscall */
struct sockaddr_in *connaddr;
connaddr = (struct sockaddr_in *)addr;
if(connaddr->sin_family == AF_LOCAL
|| connaddr->sin_family == AF_NETLINK
|| connaddr->sin_family == AF_UNIX) {
int err = realbind(sockfd, addr, addrlen);
dwr(MSG_DEBUG,"realbind, err = %d\n", err);
return err;
}
/* Assemble and send RPC */
char cmd[BUF_SZ];
struct bind_st rpc_st;
rpc_st.sockfd = sockfd;
rpc_st.__tid = syscall(SYS_gettid);
memcpy(&rpc_st.addr, addr, sizeof(struct sockaddr));
memcpy(&rpc_st.addrlen, &addrlen, sizeof(socklen_t));
cmd[0]=RPC_BIND;
memcpy(&cmd[1], &rpc_st, sizeof(struct bind_st));
pthread_mutex_lock(&lock);
send_command(fdret_sock, cmd);
err = get_retval();
pthread_mutex_unlock(&lock);
errno = ERR_OK;
handle_error("bind", "", err);
return err;
}
/*------------------------------------------------------------------------------
----------------------------------- accept4() ----------------------------------
------------------------------------------------------------------------------*/
/* int sockfd, struct sockaddr *addr, socklen_t *addrlen, int flags */
int accept4(ACCEPT4_SIG)
{
if(realaccept4 == NULL){
dwr(MSG_ERROR, "accept4(): SYMBOL NOT FOUND.\n");
return -1;
}
dwr(MSG_DEBUG,"\naccept4(%d):\n", sockfd);
#ifdef CHECKS
if (flags & ~(SOCK_CLOEXEC | SOCK_NONBLOCK)) {
errno = EINVAL;
return -1;
}
#endif
int newfd = accept(sockfd, addr, addrlen);
if(newfd > 0) {
if(flags & SOCK_CLOEXEC)
fcntl(newfd, F_SETFL, FD_CLOEXEC);
if(flags & SOCK_NONBLOCK)
fcntl(newfd, F_SETFL, O_NONBLOCK);
}
handle_error("accept4", "", newfd);
return newfd;
}
/*------------------------------------------------------------------------------
----------------------------------- accept() -----------------------------------
------------------------------------------------------------------------------*/
/* int sockfd struct sockaddr *addr, socklen_t *addrlen
accept() intercept function */
int accept(ACCEPT_SIG)
{
if(realaccept == NULL){
dwr(MSG_ERROR, "accept(): SYMBOL NOT FOUND.\n");
return -1;
}
dwr(MSG_DEBUG,"\naccept(%d):\n", sockfd);
#ifdef CHECKS
/* Check that this is a valid fd */
if(fcntl(sockfd, F_GETFD) < 0) {
return -1;
errno = EBADF;
dwr(MSG_DEBUG,"EBADF\n");
handle_error("accept", "EBADF", -1);
return -1;
}
/* Check that it is a socket */
int opt;
socklen_t opt_len;
if(getsockopt(sockfd, SOL_SOCKET, SO_TYPE, (void *) &opt, &opt_len) < 0) {
errno = ENOTSOCK;
dwr(MSG_DEBUG,"ENOTSOCK\n");
handle_error("accept", "ENOTSOCK", -1);
return -1;
}
/* Check that this socket supports accept() */
if(!(opt && (SOCK_STREAM | SOCK_SEQPACKET))) {
errno = EOPNOTSUPP;
dwr(MSG_DEBUG,"EOPNOTSUPP\n");
handle_error("accept", "EOPNOTSUPP", -1);
return -1;
}
/* Check that we haven't hit the soft-limit file descriptors allowed */
struct rlimit rl;
getrlimit(RLIMIT_NOFILE, &rl);
if(sockfd >= rl.rlim_cur){
errno = EMFILE;
dwr(MSG_DEBUG,"EMFILE\n");
handle_error("accept", "EMFILE", -1);
return -1;
}
/* Check address length */
if(addrlen < 0) {
errno = EINVAL;
dwr(MSG_DEBUG,"EINVAL\n");
handle_error("accept", "EINVAL", -1);
return -1;
}
#endif
/* redirect calls for standard I/O descriptors to kernel */
if(sockfd == STDIN_FILENO || sockfd == STDOUT_FILENO || sockfd == STDERR_FILENO){
dwr(MSG_DEBUG,"realaccept():\n");
return(realaccept(sockfd, addr, addrlen));
}
if(addr)
addr->sa_family = AF_INET;
/* TODO: also get address info */
char cmd[BUF_SZ];
if(realaccept == NULL) {
handle_error("accept", "Unresolved symbol [accept]", -1);
return -1;
}
/*
if(opt & O_NONBLOCK)
fcntl(sockfd, F_SETFL, O_NONBLOCK);
*/
char rbuf[16], c[1];
int new_conn_socket;
int n = read(sockfd, c, sizeof(c)); /* Read signal byte */
if(n > 0)
{
new_conn_socket = get_new_fd(fdret_sock);
dwr(MSG_DEBUG, " accept(): RX: fd = (%d) over (%d)\n", new_conn_socket, fdret_sock);
if(new_conn_socket > 0) {
/* Send our local-fd number back to service so it can complete its mapping table */
memset(cmd, '\0', BUF_SZ);
cmd[0] = RPC_MAP;
memcpy(&cmd[1], &new_conn_socket, sizeof(new_conn_socket));
pthread_mutex_lock(&lock);
dwr(MSG_DEBUG, "accept(): sending perceived fd (%d) to service.\n", new_conn_socket);
int n_write = send_command(fdret_sock, cmd);
if(n_write < 0) {
errno = ECONNABORTED; /* TODO: Closest match, service unreachable */
handle_error("accept", "ECONNABORTED - Error sending perceived FD to service", -1);
return -1;
}
pthread_mutex_unlock(&lock);
errno = ERR_OK;
dwr(MSG_DEBUG,"*accept()=%d\n", new_conn_socket);
handle_error("accept", "", new_conn_socket);
return new_conn_socket; /* OK */
}
else {
errno = ECONNABORTED; /* TODO: Closest match, service unreachable */
handle_error("accept", "ECONNABORTED - Error receiving new FD from service", -1);
return -1;
}
}
errno = EBADF;
handle_error("accept", "EBADF - Error reading signal byte from service", -1);
return -1;
}
/*------------------------------------------------------------------------------
------------------------------------- listen()----------------------------------
------------------------------------------------------------------------------*/
/* int sockfd, int backlog
listen() intercept function */
int listen(LISTEN_SIG)
{
if(reallisten == NULL){
dwr(MSG_ERROR, "listen(): SYMBOL NOT FOUND.\n");
return -1;
}
dwr(MSG_DEBUG,"\nlisten(%d):\n", sockfd);
int sock_type;
socklen_t sock_type_len = sizeof(sock_type);
#ifdef CHECKS
/* Check that this is a valid fd */
if(fcntl(sockfd, F_GETFD) < 0) {
errno = EBADF;
handle_error("listen", "EBADF", -1);
return -1;
}
/* Check that it is a socket */
if(getsockopt(sockfd, SOL_SOCKET, SO_TYPE, (void *) &sock_type, &sock_type_len) < 0) {
errno = ENOTSOCK;
handle_error("listen", "ENOTSOCK", -1);
return -1;
}
/* Check that this socket supports accept() */
if(!(sock_type && (SOCK_STREAM | SOCK_SEQPACKET))) {
errno = EOPNOTSUPP;
handle_error("listen", "EOPNOTSUPP", -1);
return -1;
}
#endif
/* make sure we don't touch any standard outputs */
if(sockfd == STDIN_FILENO || sockfd == STDOUT_FILENO || sockfd == STDERR_FILENO)
return(reallisten(sockfd, backlog));
if(is_mapped_to_service(sockfd) < 0) {
/* We now know this socket is not one of our socketpairs */
int err = reallisten(sockfd, backlog);
dwr(MSG_DEBUG,"reallisten()=%d\n", err);
return err;
}
/* Assemble and send RPC */
char cmd[BUF_SZ];
memset(cmd, '\0', BUF_SZ);
struct listen_st rpc_st;
rpc_st.sockfd = sockfd;
rpc_st.backlog = backlog;
rpc_st.__tid = syscall(SYS_gettid);
cmd[0] = RPC_LISTEN;
memcpy(&cmd[1], &rpc_st, sizeof(struct listen_st));
pthread_mutex_lock(&lock);
send_command(fdret_sock, cmd);
get_retval();
pthread_mutex_unlock(&lock);
handle_error("listen", "", ERR_OK);
return ERR_OK;
}
/*------------------------------------------------------------------------------
-------------------------------------- clone()----------------------------------
------------------------------------------------------------------------------*/
/* int (*fn)(void *), void *child_stack, int flags, void *arg, ... */
int clone(CLONE_SIG)
{
if(realclone == NULL){
dwr(MSG_ERROR, "clone(): SYMBOL NOT FOUND.\n");
return -1;
}
dwr(MSG_DEBUG,"clone()\n");
int err = realclone(fn, child_stack, flags, arg);
checkpid();
return err;
}
/*------------------------------------------------------------------------------
-------------------------------------- poll()-----------------------------------
------------------------------------------------------------------------------*/
/* struct pollfd *fds, nfds_t nfds, int timeout */
/*
int poll(POLL_SIG)
{
dwr(MSG_DEBUG,"poll()\n");
return realpoll(fds, nfds, timeout);
}
*/
/*------------------------------------------------------------------------------
-------------------------------------- close()-----------------------------------
------------------------------------------------------------------------------*/
/* int fd */
int close(CLOSE_SIG)
{
/* checkpid(); // Required for httpd-2.4.17-3.x86_64 -- After clone, some symbols aren't initialized yet */
if(realclose == NULL){
dwr(MSG_ERROR, "close(): SYMBOL NOT FOUND.\n");
return -1;
}
dwr(MSG_DEBUG,"close(%d)\n", fd);
if(fd == fdret_sock)
return -1; /* TODO: Ignore request to shut down our rpc fd, this is *almost always* safe */
if(fd != STDIN_FILENO && fd != STDOUT_FILENO && fd != STDERR_FILENO)
return realclose(fd);
return -1;
}
/*------------------------------------------------------------------------------
-------------------------------------- dup2()-----------------------------------
------------------------------------------------------------------------------*/
/* int oldfd, int newfd */
int dup2(DUP2_SIG)
{
if(realdup2 == NULL){
dwr(MSG_ERROR, "dup2(): SYMBOL NOT FOUND.\n");
return -1;
}
dwr(MSG_DEBUG,"dup2(%d, %d)\n", oldfd, newfd);
if(oldfd == fdret_sock) {
dwr(MSG_DEBUG,"client application attempted to dup2 RPC socket (%d). This is not allowed.\n", oldfd);
errno = EBADF;
return -1;
}
if(oldfd != STDIN_FILENO && oldfd != STDOUT_FILENO && oldfd != STDERR_FILENO)
if(newfd != STDIN_FILENO && newfd != STDOUT_FILENO && newfd != STDERR_FILENO)
return realdup2(oldfd, newfd);
return -1;
}
/*------------------------------------------------------------------------------
-------------------------------------- dup3()-----------------------------------
------------------------------------------------------------------------------*/
/* int oldfd, int newfd, int flags */
int dup3(DUP3_SIG)
{
if(realdup3 == NULL){
dwr(MSG_ERROR, "dup3(): SYMBOL NOT FOUND.\n");
return -1;
}
dwr(MSG_DEBUG,"dup3(%d, %d, %d)\n", oldfd, newfd, flags);
#ifdef DEBUG
/* Only do this check if we want to debug the intercept, otherwise, dont mess with
the client application's logging methods */
if(newfd == STDIN_FILENO || newfd == STDOUT_FILENO || newfd == STDERR_FILENO)
return newfd; /* FIXME: This is to prevent httpd from dup'ing over our stderr
and preventing us from debugging */
else
#endif
return realdup3(oldfd, newfd, flags);
}
/*------------------------------------------------------------------------------
------------------------------------ syscall()----------------------------------
------------------------------------------------------------------------------*/
long syscall(SYSCALL_SIG){
if(realsyscall == NULL){
dwr(MSG_ERROR, "syscall(): SYMBOL NOT FOUND.\n");
return -1;
}
dwr(MSG_DEBUG_EXTRA,"syscall(%u, ...):\n", number);
va_list ap;
uintptr_t a,b,c,d,e,f;
va_start(ap, number);
a=va_arg(ap, uintptr_t);
b=va_arg(ap, uintptr_t);
c=va_arg(ap, uintptr_t);
d=va_arg(ap, uintptr_t);
e=va_arg(ap, uintptr_t);
f=va_arg(ap, uintptr_t);
va_end(ap);
#if defined(__i386__)
/* TODO: Implement for 32-bit systems: syscall(__NR_socketcall, 18, args);
args[0] = (unsigned long) fd;
args[1] = (unsigned long) addr;
args[2] = (unsigned long) addrlen;
args[3] = (unsigned long) flags;
*/
#else
if(number == __NR_accept4) {
int sockfd = a;
struct sockaddr * addr = (struct sockaddr*)b;
socklen_t * addrlen = (socklen_t*)c;
int flags = d;
int old_errno = errno;
int err = accept4(sockfd, addr, addrlen, flags);
errno = old_errno;
if(err == -EBADF) {
err = -EAGAIN; /* For hysterical raisins */
}
return err;
}
#endif
return realsyscall(number,a,b,c,d,e,f);
}