functions

主要实现锁定用户工作目录功能,实装环境:linux

# -----------------------------------------------------------------------------
#
# generic functions
#
# $Id: functions,v 1.3 2004/04/01 16:32:31 assman Exp $
#
# $Log: functions,v $
# Revision 1.3  2004/04/01 16:32:31  assman
# Fixed directory structure, added new url & links, fixed the
# Makefile script.
#
# Revision 1.2  2004/02/08 14:38:56  assman
# Fixed the /etc/shells bug:
#  when installing jail under /etc/shells the bad path was
#  inserted. Thanks to Gon鏰lo Silva for fix it
#
# Revision 1.1  2004/01/01 18:26:10  assman
# Upgraded version
#
# Revision 1.1.1.1  2001/10/26 09:36:09  assman
# Added support for new platforms: FreeBSD, Solaris, IRIX. Now some options
# can be selected from the Makefile script: DEBUG on/off, install path,
# install permissions, etc. The perl scripts have been rewritten so they
# support platform-specific code, so port Jail to another platform should
# be an easy task.
#
#
# -----------------------------------------------------------------------------

use File::Basename;
use File::Copy;
use File::Path;

# -----------------------------------------------------------------------------
#
# show_credits()
# show basic credits
#
# -----------------------------------------------------------------------------

sub show_credits {
  local ($name) = @_;
  
  $name = basename($name);
  print("\n$name\n");
  print("A component of Jail (version $VERSION for $ARCH_NAME)\n");
  print("http://www.jmcresearch.com/projects/jail/\n");
  print("Juan M. Casillas <juanm.casillas\@jmcresearch.com>\n\n");


}

# -----------------------------------------------------------------------------
#
# get_entry_from_pass_file(file,uid)
# get the entry for a passwd or shadow file
#
# -----------------------------------------------------------------------------

sub get_entry_from_pass_file {
  local ($filename,$uid) = @_;
  local $entry;

  open(PASS,$filename) || return();
  while (<PASS>) {
    #
    # if matched, send it to the right file
    #
    if (/^$uid:/) {
      $entry = $_;
      last;
    }
  }

close(PASS);
return($entry);

}


# -----------------------------------------------------------------------------
#
# get_entry_from_group_file(file,uid)
# get the entry for a group
#
# -----------------------------------------------------------------------------

sub get_entry_from_group_file {
  local ($filename,$gid) = @_;
  local $entry;

  open(PASS,$filename) || return();
  while (<PASS>) {
    #
    # if matched, send it to the right file
    #
    if (/^.+:.*:$gid/) {
      $entry = $_;
      last;
    }
  }

close(PASS);
return($entry);

}


# -----------------------------------------------------------------------------
#
# zip_spaces(string)
# compress all the spaces in a single one in a line
#
# -----------------------------------------------------------------------------

sub zip_spaces {
 local ($line) = @_;

 $line =~ s/[\s]+/ /g;
 return($line);
}

# -----------------------------------------------------------------------------
#
# add_line_to_file(file,line)
# add line to the end of the file
#
# -----------------------------------------------------------------------------

sub add_line_to_file {
  local ($filen,$linev) = @_;

  open(FILEH,">>".$filen) || return();
  print FILEH $linev;
  close(FILEH);
  
  return(1);
}


# -----------------------------------------------------------------------------
#
# mkdir_recursive($destination_dir,$permissions)
# create a directory recursively (works as mkdir -p)
# SYSTEM INDEPENDENT
#
# -----------------------------------------------------------------------------

sub mkdir_recursive {

 local ($dst_dir,$perm) = @_;

 local @tmp = split(//,$dst_dir);
 local $createdir = "./";

 if ($tmp[0] eq "/") {
   $createdir = "/";
 } 

 foreach  $i (split(/\//,$dst_dir)) {

   if ($i ne "") {
     $createdir = $createdir.$i;
     mkdir($createdir,$perm);
     
     $createdir = $createdir."/";
   }
 }

 return(1);
}


# -----------------------------------------------------------------------------
#
# build_cmd("command_string")
# build a command, using the PRG_ALIAS array (must be defined before)
# SYSTEM INDEPENDENT
#
# -----------------------------------------------------------------------------

sub build_cmd {
 local ($command) = @_;
  
 local $found = 0;
 
 for $key (keys (%PRG_ALIAS)) {
   if ($key eq $command) {
     $found = 1;
     last;
   }
 }
 if (!$found) {
   $DEBUG && print("command $command doesn't exist.\n");
   return();
 }

 if (!-e $PRG_ALIAS{$command}->{name}) {
   $DEBUG && print("command $command not found in filesystem.\n");
   return();
 }

 $str = $PRG_ALIAS{$command}->{name}." ".$PRG_ALIAS{$command}->{args};
 return($str);
}


# -----------------------------------------------------------------------------
#
# get_device("path_to_device")
# build a command, using the PRG_ALIAS array (must be defined before)
# SYSTEM INDEPENDENT
#
# -----------------------------------------------------------------------------

sub get_device {
  local ($fname) = @_;

  if (!-e $fname) {
    $DEBUG && print("file $fname doesn't exist.\n");
    return();
  }

  local $cmd = build_cmd("ls");
  if (!$cmd) {
    $DEBUG && print("can't build command ls.\n");
    return();
  }

  local $query = "$cmd $fname";
  local $res = `$query`;
  
  #
  # if its a symlink, use the last element again,
  # and build the path right, then extract the
  # information from it. 
  #


  $res = zip_spaces($res);

  local @elem = split(/\s/,$res);
  local $symlink = $elem[$#elem];

  if (-l $fname) {
    local @elemdata = split(//,$symlink);

    if ($elemdata[0] ne  "/") {
      local $dir_name = dirname($fname);
      $symlink = $dir_name."/".$symlink;
    }
   
    $query = "$cmd $symlink";
    $res = `$query`;
    $res = zip_spaces($res);
    @elem = split(/\s/,$res);
  }

  #
  # here we have the right path to the symlink
  # and the data stored into @elem; now, its platform
  # dependant extract the info, so call the function
  #
  
  local (@data) = extract_data_from_ls_output(@elem);

  #print("$data[0]\n");
  #print("$data[1]\n");
  #print("$data[2]\n");
  #print("$data[3]\n");
  #print("$data[4]\n");
  #print("$data[5]\n");


  if (!@data) {
    $DEBUG && print("can't extract data from $symlink.\n");
    return();
  }
  return(@data);

}

# -----------------------------------------------------------------------------
#
# get_perm_to_num(@perm_values)
# convert the textual permissions to octal permissions
# not support setuid, sticky bits, etc. only raw perm
# SYSTEM INDEPENDENT
#
# -----------------------------------------------------------------------------


sub get_perm_to_num {

 local @data = @_;
 local $permu = 0;
 local $permg = 0;
 local $permo = 0;

 if ($data[1] =~ /[^-]/) { $permu = $permu | 04; } # r
 if ($data[2] =~ /[^-]/) { $permu = $permu | 02; } # w
 if ($data[3] =~ /[^-]/) { $permu = $permu | 01; } # x

 if ($data[4] =~ /[^-]/) { $permg = $permg | 04; } # r
 if ($data[5] =~ /[^-]/) { $permg = $permg | 02; } # w
 if ($data[6] =~ /[^-]/) { $permg = $permg | 01; } # x

 if ($data[7] =~ /[^-]/) { $permo = $permo | 04; } # r
 if ($data[8] =~ /[^-]/) { $permo = $permo | 02; } # w
 if ($data[9] =~ /[^-]/) { $permo = $permo | 01; } # x

 local $cero = 0;
 local $perm = $cero.$permu.$permg.$permo;

 return($perm);

}

# -----------------------------------------------------------------------------
#
# extract_data_from_ls_output($ls_output);
# extract info based on the output (space separated) of the ls program
# system dependent
#
# -----------------------------------------------------------------------------

sub extract_data_from_ls_output {
 local @data = @_;

 local @tmp = split(//,$data[0]);
 local $type = $tmp[0];  # block, character, etc
 local $uid  = $data[2];
 local $gid  = $data[3];
 local $major = $data[4]; $major =~ s/([0-9]+),/$1/g;
 local $minor = $data[5];

 local $perm = get_perm_to_num(@tmp);

 $DEBUG && print("type($type), perm($perm), uid($uid), gid($gid),".
		 "major($major), minor($minor)\n");

 local @ret = ($type, $perm, $uid, $gid, $major, $minor);
 return(@ret);

}

# -----------------------------------------------------------------------------
#
# locate_file(filename)
# return a full path to the file, or false
#
# -----------------------------------------------------------------------------

sub locate_file {
  local ($fname) = @_;

  local $whereis_cmd = build_cmd("whereis");
  if (!$whereis_cmd) {
    $DEBUG && print("can't build command whereis.\n");
    return();
  }

  local $query = "$whereis_cmd $fname";
  local $res = `$query`;

  $res = zip_spaces($res);
  local @res_a = split(/\s/,$res);

  if ($res_a[1] eq "") {
    $DEBUG && print("Can't find $fname with whereis (not in path?)\n");
    return();
  }

  return($res_a[1]);
}


# -----------------------------------------------------------------------------
#
# gen_template_password($base_dir)
# this function generates the default template passwd, group and shadow
# files under the chrooted environment
#
# -----------------------------------------------------------------------------

sub gen_template_password {
 local ($basedir) = @_;

 local $pass_file = "${basedir}${PASSWD_FILE}";
 local $grp_file = "$basedir/${GROUP_FILE}";
 local $shw_file = "$basedir/${SHADOW_FILE}";

 #
 # Process Passwd File
 #

 open(PASS,$PASSWD_FILE) || die("Can't open $PASSWD_FILE: $!");
 open(C_PASS,">".$pass_file) || die("Can't open $pass_file: $!");

 while (<PASS>) {
   foreach $i (@PASSWD_USERS) {
     #
     # if matched, send it to the right file
     #
     if (/^$i:/) {
       print C_PASS $_;
     }
   }
 }

 close(PASS);
 close(C_PASS);

 #
 # Process Shadow File
 #

 open(SHW,$SHADOW_FILE) || die("Can't open $SHADOW_FILE: $!");
 open(C_SHW,">".$shw_file) || die("Can't open $shw_file: $!");

 while (<SHW>) {
   foreach $i (@PASSWD_USERS) {
     #
     # if matched, send it to the right file
     #
     if (/^$i:/) {
       print C_SHW $_;
     }
   }
 }

 close(SHW);
 close(C_SHW);

 #