From: Ian Jackson Date: Wed, 18 Oct 2017 14:18:36 +0000 (+0100) Subject: fishdescriptor: wip reconsider approach X-Git-Tag: archive/debian/6.0.0~1^2~30 X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ian/git?p=chiark-utils.git;a=commitdiff_plain;h=16d5c02a1c894a2fa2cb31c6e3c916418ce71747;ds=sidebyside fishdescriptor: wip reconsider approach Signed-off-by: Ian Jackson --- diff --git a/fishdescriptor/py/fishdescriptor/fish.py b/fishdescriptor/py/fishdescriptor/fish.py index 1418aa1..101a461 100644 --- a/fishdescriptor/py/fishdescriptor/fish.py +++ b/fishdescriptor/py/fishdescriptor/fish.py @@ -3,6 +3,19 @@ import socket import subprocess +class Donor(): + def __init__(s): + pass + + def _ancilmsg(fds): + ''' + use Socket; + use Socket::MsgHdr; + my $fds = pack "i*", @ARGV; + my $m = Socket::MsgHdr::pack_cmsghdr SOL_SOCKET, SCM_RIGHTS, $fds; + print join ", ", unpack "C*", $m + ''' + def _geteuid(pid): def _shuffle_fd3(): dup(1,3) diff --git a/fishdescriptor/py/fishdescriptor/indonor.py b/fishdescriptor/py/fishdescriptor/indonor.py index f0e621b..74c34a1 100644 --- a/fishdescriptor/py/fishdescriptor/indonor.py +++ b/fishdescriptor/py/fishdescriptor/indonor.py @@ -2,23 +2,10 @@ # class for use inside gdb which is debugging the donor process import gdb +import copy import os -try: - rtld_now = os.RTLD_NOW -except AttributeError: - try: - import dl - rtld_now = dl.RTLD_NOW - except ImportError: - # some installations lack dl, it seems - # https://bugs.launchpad.net/ubuntu/+source/python2.7/+bug/1721840 - # bodge: - rtld_now = 2 - def _string_escape_for_c(s): - if not isinstance(s, bytes): - s = s.encode('utf-8') # sigh, python 2/3 compat out = '' for c in bytearray(s): # gets us bytes in py2 and py3 if c == ord('\\') or c == ord('=') or c < 32 or c > 126: @@ -27,58 +14,148 @@ def _string_escape_for_c(s): out += chr(c) return out +# constructing values + +def _lit_integer(v): + return '%d' % v + +def _lit_aggregate_uncasted(val_lit_strs): + return '{' + ', '.join(['(%s)' % v for v in val_lit_strs]) + ' }' + +def _lit_string_uncasted(s): + if not isinstance(s, bytes): + s = s.encode('utf-8') # sigh, python 2/3 compat + b = bytearray(s) + return _lit_aggregate_uncasted(map(_lit_integer, b) + [ '0' ]) + +def _lit_array(elemtype, val_lit_strs): + return ( + '((%s[%d])%s)' % + (elem_type, len(val_lit_strs), _lit_aggregate_uncasted(val_lit_strs)) + ) + +def _lit_addressof(v): + return '&(%s)' % v + +def _make_lit(v): + if isinstance(v, int): + return _lit_integer(v) + else: + return v # should already be an integer + +class DonorStructLayout(): + def __init__(l, typename): + x = gdb.parse_and_eval('(%s){ }' % typename) + l._typename = typename + l._template = [ ] + l._posns = { } + for f in x.type.fields(): + l._posns[f.name] = len(l._template) + try f.type.fields(): blank = '{ }' + except AttributeError: blank = '0' + l._template.append(blank) + def substitute(l, values): + build = copy.deepcopy(l._template) + for (k,v) in values.items(): + build[ l._posns[k] ] = _make_lit(v) + return '((%s)%s)' % (l._typename, _lit_aggregate_uncasted(build)) + class DonorImplementation(): - def __init__(self, preloaded=False): - # works on the current gdb.Inferior - # ideally should be reused if the same process is targetd - self._open = None - self._sym = None - if preloaded: - self._sym = 'fishdescriptor_donate' - - def _func(self, functype, funcname, realargs): + def __init__(d): + d._structs = { } + + # assembling structs + # sigh, we have to record the order of the arguments! + def d._find_fields(typename): + try: + fields = d._structs[typename] + except AttributeError: + fields = DonorStructLayout(typename) + d._structs[typename] = fields + return fields + + def d._make(typename, values): + fields = d._find_fields(typename) + return fieldd.substitute(values) + + # calling functions (need to cast the function name to the right + # type in case maybe gdb doesn't know the type) + + def _func(d, functype, funcname, realargs): expr = '((%s) %s) %s' % (functype, funcname, realargs) return gdb.parse_and_eval(expr) - def _dlfunc(self, functype, funcname, realargs): - r = self._func(functype,funcname,realargs) - if not r: - err = self._func('char* (*)(void)', 'dlerror', '()') - if not err: - err = 'dlerror said NULL!' - else: - err = err.string() - raise RuntimeError("%s failed: %s" % (funcname, err)) - return r - - def _dlopen(self): - if self._open is not None: return - o = self._dlfunc('void* (*)(const char*, int)', - 'dlopen', - '("libfishdescriptor-donate.so.1.0", %s)' % rtld_now) - self._open = '((void*)%s)' % o - - def _dlsym(self): - if self._sym is not None: return - self._dlopen() - self._sym = self._dlfunc('void* (*)(void*, const char*)' - 'dlsym', - '(%s, "fishdescriptor_donate")' % self._open) - - def donate(self, path, fds): - self._dlsym() - r = self._func('int (*)(const char*, const int*)', - self._sym, - '("%s", (int[%d]){ %s, -1 })' - % (_string_escape_for_c(path), - len(fds) + 1, - ', '.join(["%d" % fd for fd in fds]))) - if r: - err = self._func('char* (*)(int)', - strerror, - r) - if not err: - err = 'strerror failed' - else: - err = err.string() - raise RuntimeError("donate failed: %s" % err) + def _must_func(d, functype, funcname, realargs): + retval = d._func(functype, funcname, realargs) + if retval < 0: + errnoval = gdb.parse_and_eval('errno') + raise RuntimeError("%s gave errno=%d `%s'" % + (funcname, errnoval, od.strerror(errnoval))) + + # wrappers for the syscalls that do what we want + + def _sendmsg(d, carrier, control_msg): + iov_base = _lit_array('int', map(str,fds)) + iov = d._make('struct iovec', { + 'iov_base': iov_base, + 'iov_len' : len(fds), + }) + + msg = d._make('struct msghdr', { + 'msg_iov' : _lit_addressof(iov), + 'msg_iovlen' : 1, + 'msg_control' : _lit_array('char', control_msg), + 'msg_controllen': len(control_msg), + }) + + d._must_func( + 'ssize_t (*)(int, const struct msghdr*, int flags)', + 'sendmsg', + '(%s, %s, 0)' % (carrier, _lit_addressof(msg)) + ) + + def _socket(d): + return d._must_func( + 'int (*)(int, int, int)', + 'socket', + '(%d, %d, 0)' % (socket.AF_UNIX, socket.SOCK_STREAM) + ) + + def _connect(d, fd, path): + addr = d._make('struct sockaddr_un', { + 'sun_family' : _lit_integer(socket.AF_UNIX), + 'sun_path' : _lit_string_uncasted(path), + }) + + d._must_func( + 'int (*)(int, const struct sockaddr*, socklen_t)', + 'connect', + '(%d, (const struct sockaddr*)%s, sizeof(struct sockaddr_un))' + % (fd, _lit_addressof(addr) + ) + + def _close(d, fd): + d._must_func('int (*)(int)', 'close', '(%d)' % fd) + + # main entrypoints + + def donate(d, path, control_msg): + # control_msg is an array of integers being the ancillary data + # array ("control") for sendmsg, and hence specifies which fds + # to pass + + carrier = None + errnoval = None + try: + errnoval = gdb.parse_and_eval('errno') + carrier = d._socket() + d._connect(carrier, path) + d._sendmsg(carrier, control_msg) + d._close(carrier) + carrier = None + finally: + if carrier is not None: + try: d._close(carrier) + except Exception: pass + if errnoval is not None: + gdb.parse_and_eval('errno = %d' % errnoval)