[Forensics-changes] [SCM] Forensics related utilities branch, debian, updated. debian/1.11-6.5-1-gfbd596d
Daniel Baumann
daniel at debian.org
Thu Nov 27 14:47:03 UTC 2008
The following commit has been merged in the debian branch:
commit fbd596d1f944e8816568ca2d0eaecc43416848c3
Author: Daniel Baumann <daniel at debian.org>
Date: Thu Nov 27 15:46:20 2008 +0100
Merging upstream version 1.18.
diff --git a/CHANGES b/CHANGES
index c272bca..86881e0 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,54 @@
+Mon Apr 9 09:36:31 EDT 2007
+
+o Bit-rot: the 64-bit workaround for LINUX lseek() is no
+ longer needed, and it didn't compile on some systems.
+
+Thu Jan 11 16:10:29 EST 2007
+
+o Bugfix: the timeout command always reported zero exit status
+ after voluntary child process exit.
+
+Mon Jun 26 18:44:17 EDT 2006
+
+o Bit-rot: update #include statements because code either
+ no longer compiled or compiled with warnings.
+
+Fri Mar 17 09:25:57 EST 2006
+
+o Bit-rot: update #include statements because code either
+ no longer compiled or compiled with warnings.
+
+Tue Jan 6 12:25:32 EST 2004
+
+o Workaround: mactime treated "," as a special character in
+ file names, now it's 0xff.
+
+o Support for ext[23]fs inode file sizes > 32bits.
+
+o Bugfix: ils file sizes larger than unsigned long.
+
+Tue Oct 14 18:23:49 EDT 2003
+
+o pcat now fully supports FreeBSD systems that do not have
+ /proc mounted (it's no longer mounted by default with
+ FreeBSD 5). pcat tries to use /proc if it can, and uses
+ ptrace() and gropes kernel memory if it has to. Operation
+ without /proc requires super-user privileges.
+
+Thu Oct 2 09:14:00 EDT 2003
+
+o Completed support for UFS1 and UFS2 in FreeBSD 5.x. However,
+ the pcat command still requires that the /proc file system
+ is mounted. This will be fixed later.
+
+Sat Aug 30 19:21:29 EDT 2003
+
+o Preliminary FreeBSD 5.0 port. UFS2 support is still to be done.
+
+Fri Aug 1 10:07:39 EDT 2003
+
+o RedHat 9.0 fix by Florin Andrei for the file command.
+
Sat Oct 5 13:47:29 EDT 2002
o Restored tctutils compatibility, which broke with 20020916.
diff --git a/bin/grave-robber b/bin/grave-robber
index 0be8f44..b41ae74 100644
--- a/bin/grave-robber
+++ b/bin/grave-robber
@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/bin/perl5
#
# Usage: $0 [-filmnpstvDEFIMOPVS] [-b body_file] [-c corpse_dir]
@@ -118,7 +118,7 @@ else {
$TCT_HOME = "";
}
- at INC = ("/etc/tct", "/usr/share/tct", @INC);
+ at INC = ("$TCT_HOME/lib", "$TCT_HOME/conf", @INC);
#
# get user input on what the program should do...
@@ -415,10 +415,10 @@ print "going into grave_robber_init()\n" if $verbose;
#
&log_init_path($logfile);
-$LIB = "/usr/share/tct";
-$BIN = "/usr/bin";
-$ETC = "/etc";
-$CONFIG = "/etc/tct";
+$LIB = "$TCT_HOME/lib";
+$BIN = "$TCT_HOME/bin";
+$ETC = "$TCT_HOME/etc";
+$CONFIG = "$TCT_HOME/conf";
if (!$TCT_HOME) {
die "Can't find TCT_HOME - did you run reconfig?\n";
diff --git a/bin/mactime b/bin/mactime
index 3d7e579..a50e2c3 100644
--- a/bin/mactime
+++ b/bin/mactime
@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/bin/perl5
#
# A program that attempts to determine what files (taken from an already
# calculated DB; see the file "body") were mucked with at a given time...
@@ -97,7 +97,7 @@
BEGIN {
$running_under_grave_robber = 1;
$TCT_HOME = "";
-require "/etc/tct/coroner.cf";
+require "$TCT_HOME/conf/coroner.cf";
}
require "body_init.pl";
@@ -454,10 +454,10 @@ for $n (0..$#{$table{'data'}}) {
#
# If the date on the file is too old, don't put it in the array
#
- $all_files_used{"$st_mtime,$file"} .= "m" if $st_mtime > $in_seconds;
- $all_files_used{"$st_atime,$file"} .= "a" if $st_atime > $in_seconds;
- $all_files_used{"$st_ctime,$file"} .= "c" if $st_ctime > $in_seconds;
- $all_files_used{"$st_dtime,$file"} .= "d" if $st_dtime > $in_seconds;
+ $all_files_used{"$st_mtime\377$file"} .= "m" if $st_mtime > $in_seconds;
+ $all_files_used{"$st_atime\377$file"} .= "a" if $st_atime > $in_seconds;
+ $all_files_used{"$st_ctime\377$file"} .= "c" if $st_ctime > $in_seconds;
+ $all_files_used{"$st_dtime\377$file"} .= "d" if $st_dtime > $in_seconds;
$all_filenames{$file} = $file;
@@ -515,7 +515,7 @@ for $key (sort {$a <=> $b} keys %all_files_used) {
next if $marker;
- ($time, $file) = split(/,/,$key);
+ ($time, $file) = split(/\377/,$key);
print "T-in minus Currfile time = ", $in_seconds - $time, "\n" if $debug;
next if ($in_seconds > $time);
diff --git a/bin/strip_tct_home b/bin/strip_tct_home
index 5127bca..8dd2ff6 100644
--- a/bin/strip_tct_home
+++ b/bin/strip_tct_home
@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/bin/perl5
#
# NOTE!!!
#
diff --git a/conf/coroner.cf b/conf/coroner.cf
index c06eeae..2148670 100644
--- a/conf/coroner.cf
+++ b/conf/coroner.cf
@@ -4,9 +4,9 @@
$TCT_HOME = "";
-$ETC = "/etc";
+$ETC = "$TCT_HOME/etc" unless $ETC;
- at INC = ("/etc/tct/", "/usr/share/tct", @INC);
+ at INC = ("$TCT_HOME/lib", "$TCT_HOME/conf", "$TCT_HOME", @INC);
#
# Where all the full pathnames to the various shell binaries used live
diff --git a/conf/grave-robber.cf b/conf/grave-robber.cf
index 2c6a362..16bffc7 100644
--- a/conf/grave-robber.cf
+++ b/conf/grave-robber.cf
@@ -9,7 +9,7 @@ $BIN = "$TCT_HOME/bin" unless $BIN;
$ETC = "$TCT_HOME/etc" unless $ETC;
$CONFIG = "$TCT_HOME/conf" unless $CONFIG;
- at INC = ("/etc/tct", "/usr/share/tct/", @INC);
+ at INC = ("$TCT_HOME/lib", "$TCT_HOME/conf", @INC);
#
# Where all the full pathnames to the various shell binaries used live
@@ -140,7 +140,7 @@ $strings_log = "strings_log";
#
# What tools/files do we want to investigate immediately?
#
-$toolkit = "/etc/tct/look\@first";
+$toolkit = "$CONFIG/look\@first";
#
# I think BSD ps returns >= 12 fields (after header) when you do a ps -auxwwge
diff --git a/conf/look at first b/conf/look at first
index 78c35a7..ebe85b9 100644
--- a/conf/look at first
+++ b/conf/look at first
@@ -1,6 +1,6 @@
#
# These are dirs containing tools & files we want to investigate first,
-# so we stat/whatever them first, and then we can muck with them without
+# so we stat/whatever them first, and then we can fuck with them without
# worrying about destroying forensic evidence.
#
# We automatically go through the $PATH variable of the user running
diff --git a/conf/paths.pl b/conf/paths.pl
index 00ab540..4b205c7 100644
--- a/conf/paths.pl
+++ b/conf/paths.pl
@@ -13,7 +13,7 @@ $CP="/bin/cp";
$CRONTAB="/usr/bin/crontab";
$DATE="/bin/date";
-$DMESG="/bin/dmesg";
+$DMESG="/sbin/dmesg";
$DOMAINNAME="/bin/domainname";
$ECHO="/bin/echo";
@@ -23,34 +23,34 @@ $IFCONFIG="/sbin/ifconfig";
$IPCS="/usr/bin/ipcs";
$LAST="/usr/bin/last";
-$LSOF="/usr/bin/lsof";
+$LSOF="/usr/local/sbin/lsof";
$MKDIR="/bin/mkdir";
-$NETSTAT="/bin/netstat";
+$NETSTAT="/usr/bin/netstat";
$PS="/bin/ps";
$PWD="/bin/pwd";
$RPCINFO="/usr/bin/rpcinfo";
-$SHOWMOUNT="/sbin/showmount";
+$SHOWMOUNT="/usr/bin/showmount";
$STRINGS="/usr/bin/strings";
-$SU="/bin/su";
+$SU="/usr/bin/su";
$SYNC="/bin/sync";
$TEE="/usr/bin/tee";
$TOP="/usr/bin/top";
-$UNAME="/bin/uname";
+$UNAME="/usr/bin/uname";
$UPTIME="/usr/bin/uptime";
$W="/usr/bin/w";
$WHO="/usr/bin/who";
-$XAUTH="/usr/bin/xauth";
-$XHOST="/usr/bin/xhost";
+$XAUTH="/usr/X11R6/bin/xauth";
+$XHOST="/usr/X11R6/bin/xhost";
$YPCAT="/usr/bin/ypcat";
# suns...
$EEPROM="/usr/sbin/eeprom";
$FORMAT="/etc/format";
$SHOWREV="/bin/showrev";
-$NFSSTAT="/usr/sbin/nfsstat";
+$NFSSTAT="/usr/bin/nfsstat";
# solaris
$SWAP="/etc/swap";
@@ -61,10 +61,9 @@ $DEVINFO="/usr/sbin/devinfo";
$PSTAT="/usr/sbin/pstat";
# linux
-$DPKG="/usr/bin/dpkg";
-$RPM="/usr/bin/rpm";
+$RPM="/usr/local/bin/rpm";
$KSYMS="/sbin/ksyms";
-$LSMOD="/bin/lsmod";
+$LSMOD="/sbin/lsmod";
# kernel modules
$MODINFO="/sbin/modinfo";
@@ -78,12 +77,12 @@ $DF="/bin/df";
#
# our stuff
#
-$FILE = "/usr/bin/file";
-$MD5 = "/usr/bin/md5sum";
-$PCAT = "/usr/bin/pcat";
-$ICAT = "/usr/bin/inode-cat";
-$ILS = "/usr/bin/ils";
-$LASTCOMM = "/usr/bin/lastcomm";
-$MAJ_MIN = "/usr/bin/major_minor";
-$TIMEOUT = "/usr/bin/timeout";
+$FILE = "$TCT_HOME/bin/file";
+$MD5 = "$TCT_HOME/bin/md5";
+$PCAT = "$TCT_HOME/bin/pcat";
+$ICAT = "$TCT_HOME/bin/icat";
+$ILS = "$TCT_HOME/bin/ils";
+$LASTCOMM = "$TCT_HOME/bin/lastcomm";
+$MAJ_MIN = "$TCT_HOME/bin/major_minor";
+$TIMEOUT = "$TCT_HOME/bin/timeout";
diff --git a/extras/bdf b/extras/bdf
index a99f656..6018b4e 100644
--- a/extras/bdf
+++ b/extras/bdf
@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/bin/perl5
#
# Goes through text & binaries files, looking for executables
diff --git a/extras/entropy/makedefs b/extras/entropy/makedefs
index 640a959..3c5140c 100644
--- a/extras/entropy/makedefs
+++ b/extras/entropy/makedefs
@@ -8,6 +8,8 @@ case "$SYSTEM.$RELEASE" in
;;
FreeBSD.4*) DEFS="-DFREEBSD4"
;;
+ FreeBSD.5*) DEFS="-DFREEBSD5"
+ ;;
OpenBSD.2*) DEFS="-DOPENBSD2"
;;
OpenBSD.3*) DEFS="-DOPENBSD3"
diff --git a/extras/findkey/makedefs b/extras/findkey/makedefs
index 640a959..3c5140c 100644
--- a/extras/findkey/makedefs
+++ b/extras/findkey/makedefs
@@ -8,6 +8,8 @@ case "$SYSTEM.$RELEASE" in
;;
FreeBSD.4*) DEFS="-DFREEBSD4"
;;
+ FreeBSD.5*) DEFS="-DFREEBSD5"
+ ;;
OpenBSD.2*) DEFS="-DOPENBSD2"
;;
OpenBSD.3*) DEFS="-DOPENBSD3"
diff --git a/extras/ils2mac b/extras/ils2mac
index e4754dc..249c867 100644
--- a/extras/ils2mac
+++ b/extras/ils2mac
@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/bin/perl5
#
# Take a stream of time machine formatted data from ils and re-arrange
@@ -17,7 +17,7 @@ $debug = 0;
$running_under_grave_robber = 1;
$TCT_HOME = "";
-require "/etc/tct/coroner.cf";
+require "$TCT_HOME/conf/coroner.cf";
require "tm_misc.pl";
require "hostname.pl";
require "crunch.pl";
diff --git a/extras/realpath b/extras/realpath
index 710c0f2..55bead5 100644
--- a/extras/realpath
+++ b/extras/realpath
@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/bin/perl5
#
# Prints out the real pathname of file(s); usage:
diff --git a/lazarus/lazarus b/lazarus/lazarus
index bf7c0aa..14baa29 100644
--- a/lazarus/lazarus
+++ b/lazarus/lazarus
@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/bin/perl5
#
# Lazarus - tries to revive things that have died and gone into the
# binary spirit world... deleted files, data in memory, swap, etc.
@@ -66,7 +66,6 @@
# [...]
#
- at INC = ("/etc/tct", "/usr/share/tct", @INC);
$TCT_HOME = "";
$| = 1;
@@ -78,7 +77,7 @@ if (!$TCT_HOME) {
die "Can't find TCT_HOME - did you run reconfig?\n";
}
else {
- require "/etc/tct/coroner.cf";
+ require "$TCT_HOME/conf/coroner.cf";
}
require "lazarus.cf";
diff --git a/lib/linux.pl b/lib/linux.pl
index ecb2f82..873c685 100644
--- a/lib/linux.pl
+++ b/lib/linux.pl
@@ -35,7 +35,6 @@ print "Running all sorts of commands on host (in &suck_hostinfo_linux())\n" if $
&df();
&ipcs();
-&dpkg();
&rpm();
&lsmod();
@@ -277,22 +276,6 @@ if (-x $RPM ) {
}
}
-sub dpkg {
-
-if (-x $DPKG ) {
- if (!$CORPSE) {
- &date_stamp("$COMM_OUT/dpkg");
- &redirect_command($DPKG, "-l", ">>$COMM_OUT/dpkg");
- &sign_it("$COMM_OUT/dpkg");
- }
- else {
- &date_stamp("$COMM_OUT/dpkg");
- &redirect_command($DPKG, "--root", "$CORPSE", "-l", ">>$COMM_OUT/dpkg");
- &sign_it("$COMM_OUT/dpkg");
- }
- }
-}
-
sub lsmod {
if (-x $LSMOD && !$CORPSE) {
diff --git a/lib/ostype.pl b/lib/ostype.pl
index cb901ef..9efa78e 100644
--- a/lib/ostype.pl
+++ b/lib/ostype.pl
@@ -1,3 +1,4 @@
+#!/bin/perl
#
# Simple test that uses uname to determine what we're running on...
#
@@ -11,6 +12,7 @@ print "Determining OS (in determine_os())\n" if $verbose;
"FREEBSD2", "FreeBSD.2",
"FREEBSD3", "FreeBSD.3",
"FREEBSD4", "FreeBSD.4",
+ "FREEBSD5", "FreeBSD.5",
"OPENBSD2", "OpenBSD.2",
"OPENBSD3", "OpenBSD.3",
"BSDI2", "BSD\/OS.2",
diff --git a/lib/process_dirs.pl b/lib/process_dirs.pl
index 93f4a2f..379dcc4 100644
--- a/lib/process_dirs.pl
+++ b/lib/process_dirs.pl
@@ -1,3 +1,4 @@
+#!/usr/local/bin/perl
#
# given a dir, suck in all the executable files in there
diff --git a/lib/save_the_files.pl b/lib/save_the_files.pl
index ad6dd02..ee5b02d 100644
--- a/lib/save_the_files.pl
+++ b/lib/save_the_files.pl
@@ -30,7 +30,6 @@ while (<STF>) {
print "next file: $files\n" if $debug;
while (<${files}>) {
- next if (/^\Q$DATA\E/o);
print "Going into while...\n" if $debug;
diff --git a/lib/system_stubs.pl b/lib/system_stubs.pl
index 0f52af3..ef771f8 100644
--- a/lib/system_stubs.pl
+++ b/lib/system_stubs.pl
@@ -1,3 +1,4 @@
+#!/usr/local/bin/perl
#
# a simple set of stub routines to call the real functions that do
diff --git a/lib/tree.pl b/lib/tree.pl
index d7aba9c..856f9f8 100644
--- a/lib/tree.pl
+++ b/lib/tree.pl
@@ -150,9 +150,9 @@ sub do_first_looks {
print "\nStarting preprocessing paths and filenames on $hostname...\n";
-die "Can't open $CONFIG/paths.pl (in do_first_looks())!\n" unless open (PATHS, "$CONFIG/paths.pl");
+die "Can't open $TCT_HOME/conf/paths.pl (in do_first_looks())!\n" unless open (PATHS, "$TCT_HOME/conf/paths.pl");
-print "\tpreprocessing $CONFIG/paths.pl\n" if $verbose;
+print "\tpreprocessing $TCT_HOME/conf/paths.pl\n" if $verbose;
while (<PATHS>) {
next if (/^\s*#/ || /^\s*$/);
diff --git a/man/man1/icat.1 b/man/man1/icat.1
index b78c5e5..9126cd7 100644
--- a/man/man1/icat.1
+++ b/man/man1/icat.1
@@ -1,8 +1,8 @@
-.TH INODE-CAT 1
+.TH ICAT 1
.ad
.fi
.SH NAME
-inode-cat
+icat
\-
copy files by inode number
.SH SYNOPSIS
diff --git a/man/man1/pcat.1 b/man/man1/pcat.1
index dd386a4..cbe4cce 100644
--- a/man/man1/pcat.1
+++ b/man/man1/pcat.1
@@ -28,6 +28,7 @@ the output file, and requires that stdout is redirected to file.
This option does not work on some Solaris versions.
.IP "\fB-m\fR \fImapfile\fR"
Print the process memory map to \fImapfile\fR, one entry per line.
+Specify \fB-m-\fR to write to the standard error stream.
Each map entry consists of a region start address and the first
address beyond that region. Addresses are separated by space,
and are printed as hexadecimal numbers (0xhhhh).
diff --git a/man/man1/timeout.1 b/man/man1/timeout.1
index c43ceaf..d2f07f9 100644
--- a/man/man1/timeout.1
+++ b/man/man1/timeout.1
@@ -20,18 +20,26 @@ Arguments:
.IP \fI-signal\fR
Specify an optional signal to send to the controlled process.
By default, \fBtimeout\fR sends SIGKILL, which cannot be caught
-or ignored. The signal must be provided in its numerical value.
+or ignored.
.IP \fItime\fR
-The elapsed time limit in seconds after which the command is terminated.
+The elapsed time limit after which the command is terminated.
.IP \fIcommand\fR
The command to be executed.
.SH DIAGNOSTICS
.ad
.fi
-timeout's exit status is the exit status of the specified command or 1 in
-case of a usage error.
+The command exit status is the exit status of the command
+(status 1 in case of a usage error).
+.SH LICENSE
+.na
+.nf
+The IBM PUBLIC LICENSE must be distributed with this
+software.
+.SH HISTORY
+.na
+.nf
+This program was first released as part of SATAN.
.SH AUTHOR(S)
.na
.nf
Wietse Venema
-This program is part of SATAN.
diff --git a/patchlevel b/patchlevel
index 0960158..63738cc 100644
--- a/patchlevel
+++ b/patchlevel
@@ -1 +1 @@
-1.11
+1.14
diff --git a/reconfig b/reconfig
index 331d189..6f0f426 100644
--- a/reconfig
+++ b/reconfig
@@ -35,9 +35,9 @@ $other_dirs="bin:/etc:/usr/ccs/bin:/bin:/usr/bin:/usr/ucb:/usr/bsd:/usr/ucb/bin:
# Target shell commands in question
@all_commands=("acctcom", "arp", "awk", "at", "basename", "cat", "chmod",
"cmp", "comm", "cp", "crontab", "date", "devinfo", "df", "diff",
- "dmesg", "domainname", "dpkg", "echo", "eeprom", "egrep", "expr",
- "finger", "find", "ftp", "format", "ifconfig", "ipcs", "last",
- "ls", "lsof", "lsmod", "modinfo", "modstat",
+ "dmesg", "domainname", "echo", "eeprom", "egrep", "expr", "finger",
+ "find", "ftp", "format", "ifconfig", "ipcs", "last", "ls", "lsof",
+ "lsmod", "modinfo", "modstat",
"mkdir", "mv", "netstat", "nfsstat", "nslookup", "pkginfo", "ping",
"ps", "pstat", "pwd", "rm", "rpm", "rpcinfo", "rusers", "sed", "sh",
"showmount", "showrev", "sort", "strings", "su", "swap", "sync",
@@ -81,6 +81,7 @@ print "\nPerl5 is in $PERL\n";
for (@perl5_src) { $perl5_src .= "$_ "; }
print "\nchanging the source in: $perl5_src\n";
+system "$PERL -pi -e \"s@^#!.*/perl.*@#!$PERL@;\" $perl5_src";
# make sure things are executable...
system("chmod +x $perl5_src");
@@ -104,7 +105,7 @@ for $command (@all_commands) {
}
# if find the command in one of the directories, print string
- if (-x "$dir/$command" and -f _) {
+ if (-x "$dir/$command") {
# this converts to upper case
($upper = $command) =~ y/[a-z]/[A-Z]/;
$found="true";
@@ -166,7 +167,7 @@ for $file (@files2reconfig) {
die "Can't open $file for reading\n" unless open(FILE, $file);
while (<FILE>) {
if (/^\s*\$TCT_HOME\s*=/ && !$done) {
- $file{$n++} = "\$TCT_HOME = \"/var/cache/tct\";\n";
+ $file{$n++} = "\$TCT_HOME = \"$cwd\";\n";
$done = 1;
next;
}
diff --git a/src/aux/error.h b/src/aux/error.h
index cfc8548..c1582cd 100644
--- a/src/aux/error.h
+++ b/src/aux/error.h
@@ -11,9 +11,16 @@
/*
* External interface.
*/
-extern void remark(char *,...);
-extern void error(char *,...);
-extern void panic(char *,...);
+#ifndef PRINTFLIKE
+#if __GNUC__ == 2 && __GNUC_MINOR__ >= 7
+#define PRINTFLIKE(x,y) __attribute__ ((format (printf, (x), (y))))
+#else
+#define PRINTFLIKE(x,y)
+#endif
+#endif
+extern void PRINTFLIKE(1, 2) remark(char *,...);
+extern void PRINTFLIKE(1, 2) error(char *,...);
+extern void PRINTFLIKE(1, 2) panic(char *,...);
extern char *progname;
extern int verbose;
diff --git a/src/aux/makedefs b/src/aux/makedefs
index 384599e..1e34c54 100644
--- a/src/aux/makedefs
+++ b/src/aux/makedefs
@@ -8,6 +8,8 @@ case "$SYSTEM.$RELEASE" in
;;
FreeBSD.4*) DEFS="-DFREEBSD4"
;;
+ FreeBSD.5*) DEFS="-DFREEBSD5"
+ ;;
OpenBSD.2*) DEFS="-DOPENBSD2"
;;
OpenBSD.3*) DEFS="-DOPENBSD3"
diff --git a/src/file/compress.c b/src/file/compress.c
index 18d9c62..d5253d9 100644
--- a/src/file/compress.c
+++ b/src/file/compress.c
@@ -11,7 +11,6 @@
#include <unistd.h>
#include <string.h>
#include <sys/wait.h>
-#include <errno.h>
#include "file.h"
diff --git a/src/file/file.c b/src/file/file.c
index 051f3c5..dc8772a 100644
--- a/src/file/file.c
+++ b/src/file/file.c
@@ -36,7 +36,6 @@ static char *moduleid =
#include <sys/param.h> /* for MAXPATHLEN */
#include <sys/stat.h>
#include <fcntl.h> /* for open() */
-#include <errno.h>
#if (__COHERENT__ >= 0x420)
#include <sys/utime.h>
#else
diff --git a/src/file/file.h b/src/file/file.h
index ad3e8e0..02d8412 100644
--- a/src/file/file.h
+++ b/src/file/file.h
@@ -102,7 +102,11 @@ extern unsigned long signextend __P((struct magic *, unsigned long));
+#ifdef NEED_ERRNO_H
+#include <errno.h>
+#else
extern int errno; /* Some unixes don't define this.. */
+#endif
extern char *progname; /* the program name */
extern char *magicfile; /* name of the magic file */
diff --git a/src/file/fsmagic.c b/src/file/fsmagic.c
index c24985d..8c112c9 100644
--- a/src/file/fsmagic.c
+++ b/src/file/fsmagic.c
@@ -31,7 +31,6 @@
#include <sys/stat.h>
#include <unistd.h>
#include <stdlib.h>
-#include <errno.h>
#ifndef major /* if `major' not defined in types.h, */
#include <sys/sysmacros.h> /* try this one. */
#endif
diff --git a/src/file/makedefs b/src/file/makedefs
index 576733e..b2f3517 100644
--- a/src/file/makedefs
+++ b/src/file/makedefs
@@ -8,6 +8,8 @@ case "$SYSTEM.$RELEASE" in
;;
FreeBSD.4*) DEFS="-DFREEBSD4"
;;
+ FreeBSD.5*) DEFS="-DFREEBSD5"
+ ;;
OpenBSD.2*) DEFS="-DOPENBSD2"
;;
OpenBSD.3*) DEFS="-DOPENBSD3"
@@ -26,9 +28,9 @@ SunOS.5.[0-5]*) DEFS="-DSUNOS5_0_5"
SunOS.5*) DEFS="-DSUNOS5"
RANLIB=":"
;;
- Linux.2.4*) DEFS="-DLINUX2 -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64"
+Linux.2.[0-3].*) DEFS="-DLINUX2"
;;
- Linux.2*) DEFS="-DLINUX2"
+ Linux.2.*) DEFS="-DLINUX2 -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -DNEED_ERRNO_H"
;;
*) echo unsupported system: $SYSTEM.$RELEASE 1>&2; exit 1
;;
diff --git a/src/fstools/Makefile b/src/fstools/Makefile
index fb83ff2..e4ca8f4 100644
--- a/src/fstools/Makefile
+++ b/src/fstools/Makefile
@@ -5,7 +5,7 @@ DEBUG = -g
INCL = -I../aux
CFLAGS = $(DEFS) $(INCL) $(OPT) $(DEBUG)
LIBOBJ = fs_buf.o fs_inode.o fs_io.o fs_copy_file.o fs_open.o ffs.o \
- ext2fs.o mylseek.o
+ ffs2.o ext2fs.o mylseek.o
LIBS = ../aux/aux_lib.a
LIB = fs_lib.a
BIN_DIR = ../../bin
@@ -57,6 +57,8 @@ ext2fs.o: ext2fs.c
ext2fs.o: fs_tools.h
ffs.o: ffs.c
ffs.o: fs_tools.h
+ffs2.o: ffs2.c
+ffs2.o: fs_tools.h
fs_buf.o: fs_buf.c
fs_buf.o: fs_tools.h
fs_buf.o: ../aux/mymalloc.h
diff --git a/src/fstools/ext2fs.c b/src/fstools/ext2fs.c
index 5ab9984..5cb6f5c 100644
--- a/src/fstools/ext2fs.c
+++ b/src/fstools/ext2fs.c
@@ -194,6 +194,10 @@ static void ext2fs_copy_inode(struct ext2_inode * dino, FS_INODE *fs_inode)
fs_inode->mode = dino->i_mode;
fs_inode->nlink = dino->i_links_count;
fs_inode->size = dino->i_size;
+#ifdef i_size_high
+ if (dino->i_size_high)
+ fs_inode->size |= (((OFF_T) dino->i_size_high) << 32);
+#endif
fs_inode->uid = dino->i_uid;
fs_inode->gid = dino->i_gid;
fs_inode->mtime = dino->i_mtime;
@@ -467,8 +471,8 @@ FS_INFO *ext2fs_open(const char *name)
/*
* Other initialization: caches, callbacks.
*/
- ext2fs->inode_map = mymalloc(ext2fs->fs_info.block_size);
- ext2fs->block_map = mymalloc(ext2fs->fs_info.block_size);
+ ext2fs->inode_map = (UCHAR *) mymalloc(ext2fs->fs_info.block_size);
+ ext2fs->block_map = (UCHAR *) mymalloc(ext2fs->fs_info.block_size);
ext2fs->fs_info.seek_pos = -1;
ext2fs->grpnum = -1;
ext2fs->bmap_num = -1;
diff --git a/src/fstools/ffs.c b/src/fstools/ffs.c
index b78371a..63f5cb9 100644
--- a/src/fstools/ffs.c
+++ b/src/fstools/ffs.c
@@ -395,7 +395,8 @@ FS_INFO *ffs_open(const char *name)
if (read(ffs->fs_info.fd, (char *) ffs->fs, len) != len)
error("%s: read superblock: %m", name);
if (ffs->fs->fs_magic != FS_MAGIC)
- error("%s: bad magic number in superblock", name);
+ error("%s: bad magic number 0x%x in superblock",
+ name, ffs->fs->fs_magic);
/*
* Translate some filesystem-specific information to generic form.
diff --git a/src/fstools/ffs.c b/src/fstools/ffs2.c
similarity index 76%
copy from src/fstools/ffs.c
copy to src/fstools/ffs2.c
index b78371a..0fef055 100644
--- a/src/fstools/ffs.c
+++ b/src/fstools/ffs2.c
@@ -10,6 +10,8 @@
/* DESCRIPTION
/* ffs_open() opens the named block device and makes it accessible
/* for the standard file system operations described in fs_open(3).
+/* This module supports both UFS1 (traditional FFS) and UFS2 (FFS
+/* with expanded range).
/* BUGS
/* On-disk layout and byte order differ per FFS implementation,
/* therefore this code is likely to fail when confronted with
@@ -24,19 +26,24 @@
/*--*/
#include "fs_tools.h"
-#ifdef HAVE_UFS_FFS
+#ifdef FS_UFS2_MAGIC
#include "mymalloc.h"
#include "error.h"
/*
* Structure of a fast file system handle.
*/
+union dinode {
+ struct ufs1_dinode u1; /* UFS1 disk inode */
+ struct ufs2_dinode u2; /* UFS2 disk inode */
+};
+
typedef struct {
FS_INFO fs_info; /* super class */
struct fs *fs; /* super block buffer */
FS_BUF *cg_buf; /* cylinder block buffer */
FS_BUF *dino_buf; /* inode block buffer */
- struct dinode dinode; /* disk inode */
+ union dinode dinode; /* disk inode */
} FFS_INFO;
/* ffs_cgroup_lookup - look up cached cylinder group info */
@@ -84,7 +91,7 @@ static void ffs_cgroup_free(FFS_INFO *ffs)
/* ffs_dinode_lookup - look up cached disk inode */
-static struct dinode *ffs_dinode_lookup(FFS_INFO *ffs, INUM_T inum)
+static union dinode *ffs_dinode_lookup(FFS_INFO *ffs, INUM_T inum)
{
DADDR_T addr;
int offs;
@@ -109,9 +116,15 @@ static struct dinode *ffs_dinode_lookup(FFS_INFO *ffs, INUM_T inum)
* Copy the inode, in order to avoid alignment problems when accessing
* structure members.
*/
- offs = itoo(ffs->fs, inum) * sizeof(struct dinode);
- memcpy((char *) &ffs->dinode, ffs->dino_buf->data + offs,
- sizeof(struct dinode));
+ if (ffs->fs->fs_magic == FS_UFS2_MAGIC) {
+ offs = itoo(ffs->fs, inum) * sizeof(struct ufs2_dinode);
+ memcpy((char *) &ffs->dinode.u2, ffs->dino_buf->data + offs,
+ sizeof(struct ufs2_dinode));
+ } else {
+ offs = itoo(ffs->fs, inum) * sizeof(struct ufs1_dinode);
+ memcpy((char *) &ffs->dinode.u1, ffs->dino_buf->data + offs,
+ sizeof(struct ufs1_dinode));
+ }
return (&ffs->dinode);
}
@@ -125,24 +138,41 @@ static void ffs_dinode_free(FFS_INFO *ffs)
/* ffs_copy_inode - copy disk inode to generic inode */
-static void ffs_copy_inode(struct dinode * dino, FS_INODE *fs_inode)
+static void ffs_copy_inode(struct fs * fs, union dinode * dino, FS_INODE *fs_inode)
{
int i;
- fs_inode->mode = dino->di_mode;
- fs_inode->nlink = dino->di_nlink;
- fs_inode->size = dino->di_size;
- fs_inode->uid = dino->di_uid;
- fs_inode->gid = dino->di_gid;
- fs_inode->mtime = INOTIME(dino->di_mtime);
- fs_inode->atime = INOTIME(dino->di_atime);
- fs_inode->ctime = INOTIME(dino->di_ctime);
- if (fs_inode->direct_count != NDADDR || fs_inode->indir_count != NIADDR)
- fs_inode_realloc(fs_inode, NDADDR, NIADDR);
- for (i = 0; i < NDADDR; i++)
- fs_inode->direct_addr[i] = dino->di_db[i];
- for (i = 0; i < NIADDR; i++)
- fs_inode->indir_addr[i] = dino->di_ib[i];
+ if (fs->fs_magic == FS_UFS2_MAGIC) {
+ fs_inode->mode = dino->u2.di_mode;
+ fs_inode->nlink = dino->u2.di_nlink;
+ fs_inode->size = dino->u2.di_size;
+ fs_inode->uid = dino->u2.di_uid;
+ fs_inode->gid = dino->u2.di_gid;
+ fs_inode->mtime = INOTIME(dino->u2.di_mtime);
+ fs_inode->atime = INOTIME(dino->u2.di_atime);
+ fs_inode->ctime = INOTIME(dino->u2.di_ctime);
+ if (fs_inode->direct_count != NDADDR || fs_inode->indir_count != NIADDR)
+ fs_inode_realloc(fs_inode, NDADDR, NIADDR);
+ for (i = 0; i < NDADDR; i++)
+ fs_inode->direct_addr[i] = dino->u2.di_db[i];
+ for (i = 0; i < NIADDR; i++)
+ fs_inode->indir_addr[i] = dino->u2.di_ib[i];
+ } else {
+ fs_inode->mode = dino->u1.di_mode;
+ fs_inode->nlink = dino->u1.di_nlink;
+ fs_inode->size = dino->u1.di_size;
+ fs_inode->uid = dino->u1.di_uid;
+ fs_inode->gid = dino->u1.di_gid;
+ fs_inode->mtime = INOTIME(dino->u1.di_mtime);
+ fs_inode->atime = INOTIME(dino->u1.di_atime);
+ fs_inode->ctime = INOTIME(dino->u1.di_ctime);
+ if (fs_inode->direct_count != NDADDR || fs_inode->indir_count != NIADDR)
+ fs_inode_realloc(fs_inode, NDADDR, NIADDR);
+ for (i = 0; i < NDADDR; i++)
+ fs_inode->direct_addr[i] = dino->u1.di_db[i];
+ for (i = 0; i < NIADDR; i++)
+ fs_inode->indir_addr[i] = dino->u1.di_ib[i];
+ }
}
/* ffs_inode_lookup - lookup inode, external interface */
@@ -151,9 +181,9 @@ static FS_INODE *ffs_inode_lookup(FS_INFO *fs, INUM_T inum)
{
FFS_INFO *ffs = (FFS_INFO *) fs;
FS_INODE *fs_inode = fs_inode_alloc(NDADDR, NIADDR);
- struct dinode *dino = ffs_dinode_lookup(ffs, inum);
+ union dinode *dino = ffs_dinode_lookup(ffs, inum);
- ffs_copy_inode(dino, fs_inode);
+ ffs_copy_inode(ffs->fs, dino, fs_inode);
return (fs_inode);
}
@@ -168,7 +198,7 @@ void ffs_inode_walk(FS_INFO *fs, INUM_T start, INUM_T last, int flags,
struct cg *cg = 0;
INUM_T inum;
unsigned char *inosused;
- struct dinode *dino;
+ union dinode *dino;
FS_INODE *fs_inode = fs_inode_alloc(NDADDR, NIADDR);
int myflags;
INUM_T ibase;
@@ -208,15 +238,20 @@ void ffs_inode_walk(FS_INFO *fs, INUM_T start, INUM_T last, int flags,
/*
* Apply the linked/unlinked restriction.
*/
+#define UFS_DINO_FIELD(fs, dino, field) ((fs)->fs_magic == FS_UFS2_MAGIC ? \
+ dino->u2.field : dino->u1.field)
+
dino = ffs_dinode_lookup(ffs, inum);
- myflags |= (dino->di_nlink ? FS_FLAG_LINK : FS_FLAG_UNLINK);
+ myflags |= (UFS_DINO_FIELD(ffs->fs, dino, di_nlink) ?
+ FS_FLAG_LINK : FS_FLAG_UNLINK);
if ((flags & myflags) != myflags)
continue;
/*
* Apply the used/unused restriction.
*/
- myflags |= (INOTIME(dino->di_ctime) ? FS_FLAG_USED : FS_FLAG_UNUSED);
+ myflags |= (INOTIME(UFS_DINO_FIELD(ffs->fs, dino, di_ctime)) ?
+ FS_FLAG_USED : FS_FLAG_UNUSED);
if ((flags & myflags) != myflags)
continue;
@@ -224,7 +259,7 @@ void ffs_inode_walk(FS_INFO *fs, INUM_T start, INUM_T last, int flags,
* Fill in a file system-independent inode structure and pass control
* to the application.
*/
- ffs_copy_inode(dino, fs_inode);
+ ffs_copy_inode(ffs->fs, dino, fs_inode);
action(inum, fs_inode, myflags, ptr);
}
@@ -374,7 +409,8 @@ FS_INFO *ffs_open(const char *name)
{
char *myname = "ffs_open";
FFS_INFO *ffs = (FFS_INFO *) mymalloc(sizeof(*ffs));
- int len;
+ static off_t sblock_offs[] = SBLOCKSEARCH;
+ off_t *sp;
/*
* Open the raw device and read the superblock. We must use a read buffer
@@ -388,14 +424,23 @@ FS_INFO *ffs_open(const char *name)
/*
* Read the superblock.
*/
- len = roundup(sizeof(struct fs), DEV_BSIZE);
- ffs->fs = (struct fs *) mymalloc(len);
- if (LSEEK(ffs->fs_info.fd, SBOFF, SEEK_SET) != SBOFF)
- error("%s: lseek: %m", myname);
- if (read(ffs->fs_info.fd, (char *) ffs->fs, len) != len)
- error("%s: read superblock: %m", name);
- if (ffs->fs->fs_magic != FS_MAGIC)
- error("%s: bad magic number in superblock", name);
+ ffs->fs = (struct fs *) mymalloc(SBLOCKSIZE);
+ for (sp = sblock_offs; /* see below */ ; sp++) {
+ if (*sp < 0)
+ error("%s: no recognizable superblock found", name);
+ if (verbose)
+ remark("trying: offset %ld", (long) *sp);
+ if (LSEEK(ffs->fs_info.fd, *sp, SEEK_SET) != *sp)
+ error("%s: lseek: %m", myname);
+ if (read(ffs->fs_info.fd, (char *) ffs->fs, SBLOCKSIZE) != SBLOCKSIZE)
+ error("%s: read superblock: %m", name);
+ if (ffs->fs->fs_magic == FS_UFS2_MAGIC
+ || ffs->fs->fs_magic == FS_UFS1_MAGIC)
+ break;
+ }
+ if (verbose)
+ remark("UFS%d file system", ffs->fs->fs_magic == FS_UFS2_MAGIC ?
+ 2 : 1);
/*
* Translate some filesystem-specific information to generic form.
@@ -403,7 +448,8 @@ FS_INFO *ffs_open(const char *name)
ffs->fs_info.inum_count = ffs->fs->fs_ncg * ffs->fs->fs_ipg;
ffs->fs_info.start_inum = 0;
ffs->fs_info.last_inum = ffs->fs_info.inum_count - 1;
- ffs->fs_info.block_count = ffs->fs->fs_size;
+ ffs->fs_info.block_count = (ffs->fs->fs_magic == FS_UFS2_MAGIC ?
+ ffs->fs->fs_size : ffs->fs->fs_old_size);
ffs->fs_info.start_block = 0;
ffs->fs_info.last_block = ffs->fs_info.block_count - 1;
ffs->fs_info.block_size = ffs->fs->fs_fsize;
diff --git a/src/fstools/fs_tools.h b/src/fstools/fs_tools.h
index 19601d0..5644d1e 100644
--- a/src/fstools/fs_tools.h
+++ b/src/fstools/fs_tools.h
@@ -115,6 +115,24 @@ extern int optind;
#define INO_TO_CG ino_to_cg
#endif
+#if defined(FREEBSD5)
+#define SUPPORTED
+#include <sys/vnode.h>
+#include <ufs/ufs/quota.h>
+#include <ufs/ufs/inode.h>
+#include <ufs/ffs/fs.h>
+#define LSEEK lseek
+#define OFF_T off_t
+#define STRTOUL strtoul
+#define itod(fs,i) ino_to_fsba(fs,i)
+#define itoo(fs,i) ino_to_fsbo(fs,i)
+#define INOTIME(t) (t)
+#define DADDR_T int64_t
+#define UFS_TYPE "ufs"
+#define DEF_FSTYPE UFS_TYPE
+#define INO_TO_CG ino_to_cg
+#endif
+
/*
* BSD/OS can handle filesystems > 2GB.
*/
@@ -183,23 +201,18 @@ extern int optind;
*/
#if defined(LINUX2)
#define SUPPORTED
-#include <ext2fs/ext2_fs.h>
+#include <linux/ext2_fs.h>
#define HAVE_EXT2FS
-
-#if !defined(__ia64__) && !defined(__alpha__) && !defined(__x86_64__)
+#define HAVE_DTIME
+#if (_FILE_OFFSET_BITS == 64)
+#define LSEEK lseek
+#define OFF_T off_t
+#else
#define USE_MYLSEEK
#define HAVE_LLSEEK
-#endif
-
-#define HAVE_DTIME
-
-#if !defined(__ia64__) && !defined(__alpha__) && !defined(__x86_64__)
#define LSEEK mylseek
-#else
-#define LSEEK lseek
-#endif
-
#define OFF_T long long
+#endif
#define STRTOUL strtoul
#define DADDR_T __u32
#define EXT2FS_TYPE "ext2fs"
diff --git a/src/fstools/ils.c b/src/fstools/ils.c
index 6ff6506..56d9882 100644
--- a/src/fstools/ils.c
+++ b/src/fstools/ils.c
@@ -182,10 +182,16 @@ static void print_inode(INUM_T inum, FS_INODE *fs_inode, int flags,
#ifdef HAVE_DTIME
printf("|%lu", (ULONG) fs_inode->dtime);
#endif
- printf("|%lo|%d|%lu|%lu|%lu\n",
- (ULONG) fs_inode->mode, (int) fs_inode->nlink,
- (ULONG) fs_inode->size, (ULONG) fs_inode->direct_addr[0],
- (ULONG) fs_inode->direct_addr[1]);
+ if (sizeof(fs_inode->size) <= sizeof(unsigned long))
+ printf("|%lo|%d|%lu|%lu|%lu\n",
+ (ULONG) fs_inode->mode, (int) fs_inode->nlink,
+ (ULONG) fs_inode->size, (ULONG) fs_inode->direct_addr[0],
+ (ULONG) fs_inode->direct_addr[1]);
+ else
+ printf("|%lo|%d|%llu|%lu|%lu\n",
+ (ULONG) fs_inode->mode, (int) fs_inode->nlink,
+ (unsigned long long) fs_inode->size, (ULONG) fs_inode->direct_addr[0],
+ (ULONG) fs_inode->direct_addr[1]);
}
/* main - open file system, list inode info */
diff --git a/src/fstools/makedefs b/src/fstools/makedefs
index 384599e..0f208bb 100644
--- a/src/fstools/makedefs
+++ b/src/fstools/makedefs
@@ -8,6 +8,8 @@ case "$SYSTEM.$RELEASE" in
;;
FreeBSD.4*) DEFS="-DFREEBSD4"
;;
+ FreeBSD.5*) DEFS="-DFREEBSD5"
+ ;;
OpenBSD.2*) DEFS="-DOPENBSD2"
;;
OpenBSD.3*) DEFS="-DOPENBSD3"
@@ -27,9 +29,9 @@ SunOS.5.[0-5]*) DEFS="-DSUNOS5 -DUSE_PREAD"
SunOS.5*) DEFS="-DSUNOS5 -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64"
RANLIB=":"
;;
- Linux.2.4*) DEFS="-DLINUX2 -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64"
+Linux.2.[0-3].*)DEFS="-DLINUX2"
;;
- Linux.2*) DEFS="-DLINUX2"
+ Linux.2.*) DEFS="-DLINUX2 -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64"
;;
*) echo unsupported system: $SYSTEM.$RELEASE 1>&2; exit 1
;;
@@ -37,5 +39,5 @@ esac
unset MAKELEVEL # shut up chatty GNU make
-make DEFS="$DEFS" CC="${CC-gcc -Wunused}" RANLIB="${RANLIB-ranlib}" \
+make DEFS="$DEFS" CC="${CC-gcc -Wunused -Wformat}" RANLIB="${RANLIB-ranlib}" \
AR="${AR-ar rv}" SYSLIBS="$SYSLIBS" all
diff --git a/src/fstools/mylseek.c b/src/fstools/mylseek.c
index ffc455a..c5c19e4 100644
--- a/src/fstools/mylseek.c
+++ b/src/fstools/mylseek.c
@@ -23,15 +23,16 @@
#ifdef USE_MYLSEEK
#ifdef HAVE_LLSEEK
#include <errno.h>
-#include <sys/syscall.h>
+#include <unistd.h>
+#include <linux/unistd.h>
/*
* This is LINUX, live on the bleeding edge and watch your software break
* with the next release...
*/
-#define _llseek(fd, offset_high, offset_low, result, origin) \
- syscall(SYS__llseek, fd, offset_high, offset_low, result, origin)
-
+static _syscall5(int, _llseek, unsigned int, fd, unsigned long, offset_high,
+ unsigned long, offset_low, OFF_T *, result,
+ unsigned int, origin)
/* mylseek - seek beyond the 32-bit barrier */
OFF_T mylseek(int fd, OFF_T offset, int whence)
diff --git a/src/lastcomm/Makefile b/src/lastcomm/Makefile
index d94fc44..4531e43 100644
--- a/src/lastcomm/Makefile
+++ b/src/lastcomm/Makefile
@@ -2,7 +2,7 @@ SHELL = /bin/sh
CC = gcc
OPT = -O
DEBUG = -g
-INCL =
+INCL = -I.
CFLAGS = $(DEFS) $(INCL) $(OPT) $(DEBUG)
OBJS = lastcomm.o $(MISSING_OBJS)
BIN_DIR = ../../bin
diff --git a/src/lastcomm/makedefs b/src/lastcomm/makedefs
index df2ea63..e16459b 100644
--- a/src/lastcomm/makedefs
+++ b/src/lastcomm/makedefs
@@ -4,10 +4,12 @@ RELEASE=`(uname -r) 2>/dev/null`
case "$SYSTEM.$RELEASE" in
FreeBSD.2*) DEFS="-DFREEBSD2"
;;
- FreeBSD.4*) DEFS="-DFREEBSD3"
- ;;
FreeBSD.3*) DEFS="-DFREEBSD3"
;;
+ FreeBSD.4*) DEFS="-DFREEBSD4"
+ ;;
+ FreeBSD.5*) DEFS="-DFREEBSD5"
+ ;;
OpenBSD.3*) DEFS="-DOPENBSD3"
;;
OpenBSD.2*) DEFS="-DOPENBSD2"
diff --git a/src/lastcomm/sys_defs.h b/src/lastcomm/sys_defs.h
index e759837..e0fd50b 100644
--- a/src/lastcomm/sys_defs.h
+++ b/src/lastcomm/sys_defs.h
@@ -6,6 +6,7 @@
* This software is distributed under the IBM Public License.
*/
#if defined(FREEBSD2) || defined(FREEBSD3) || defined(FREEBSD4) \
+ || defined(FREEBSD5) \
|| defined(BSDI2) || defined(BSDI3) || defined(BSDI4) \
|| defined(OPENBSD2) || defined(OPENBSD3)
#define SUPPORTED
@@ -76,14 +77,10 @@ extern int getopt();
#define NODEV 0xffff
#define HAVE_COMP_MAJOR_PFLTS
#define HAVE_COMP_EXIT_STATUS
-
-#ifndef __alpha__
#define HAVE_COMP_MEMORY_USAGE
#define HAVE_COMP_CHAR_IO_COUNT
#define HAVE_COMP_BLOCK_RW_COUNT
#define HAVE_COMP_SWAP_USAGE
-#endif
-
#define HAVE_EXIT_STATUS
#define PRINT_LINESIZE 8
#define PRINT_NAMESIZE 8
diff --git a/src/major_minor/makedefs b/src/major_minor/makedefs
index 11c2997..0f3c6e6 100644
--- a/src/major_minor/makedefs
+++ b/src/major_minor/makedefs
@@ -6,7 +6,9 @@ case "$SYSTEM.$RELEASE" in
;;
FreeBSD.3*) DEFS="-DFREEBSD3"
;;
- FreeBSD.4*) DEFS="-DFREEBSD3"
+ FreeBSD.4*) DEFS="-DFREEBSD4"
+ ;;
+ FreeBSD.5*) DEFS="-DFREEBSD5"
;;
OpenBSD.2*) DEFS="-DOPENBSD2"
;;
diff --git a/src/misc/makedefs b/src/misc/makedefs
index 640a959..3c5140c 100644
--- a/src/misc/makedefs
+++ b/src/misc/makedefs
@@ -8,6 +8,8 @@ case "$SYSTEM.$RELEASE" in
;;
FreeBSD.4*) DEFS="-DFREEBSD4"
;;
+ FreeBSD.5*) DEFS="-DFREEBSD5"
+ ;;
OpenBSD.2*) DEFS="-DOPENBSD2"
;;
OpenBSD.3*) DEFS="-DOPENBSD3"
diff --git a/src/misc/timeout.c b/src/misc/timeout.c
index 8cda986..e05e007 100644
--- a/src/misc/timeout.c
+++ b/src/misc/timeout.c
@@ -22,14 +22,19 @@
/* DIAGNOSTICS
/* The command exit status is the exit status of the command
/* (status 1 in case of a usage error).
+/* LICENSE
+/* The IBM PUBLIC LICENSE must be distributed with this
+/* software.
+/* HISTORY
+/* This program was first released as part of SATAN.
/* AUTHOR(S)
/* Wietse Venema
-/* This program is part of SATAN.
/*--*/
/* System libraries. */
#include <sys/types.h>
+#include <sys/wait.h>
#include <signal.h>
#include <stdlib.h>
#include <unistd.h>
@@ -103,6 +108,6 @@ char **argv;
alarm(time_to_run);
while ((pid = wait(&status)) != -1 && pid != child_pid)
/* void */ ;
- return (pid == child_pid ? status : -1);
+ return (pid == child_pid ? WEXITSTATUS(status) | WTERMSIG(status) : -1);
}
}
diff --git a/src/pcat/makedefs b/src/pcat/makedefs
index 996b57e..c4f9d4b 100644
--- a/src/pcat/makedefs
+++ b/src/pcat/makedefs
@@ -3,10 +3,16 @@ RELEASE=`(uname -r) 2>/dev/null`
case "$SYSTEM.$RELEASE" in
FreeBSD.2*) DEFS="-DFREEBSD2"
+ SYSLIBS="-lkvm"
;;
FreeBSD.3*) DEFS="-DFREEBSD3"
+ SYSLIBS="-lkvm"
;;
FreeBSD.4*) DEFS="-DFREEBSD4"
+ SYSLIBS="-lkvm"
+ ;;
+ FreeBSD.5*) DEFS="-DFREEBSD5"
+ SYSLIBS="-lkvm"
;;
OpenBSD.2*) DEFS="-DOPENBSD2"
SYSLIBS="-lkvm"
diff --git a/src/pcat/pcat.c b/src/pcat/pcat.c
index a7b7463..4ee2f50 100644
--- a/src/pcat/pcat.c
+++ b/src/pcat/pcat.c
@@ -22,6 +22,7 @@
/* This option does not work on some Solaris versions.
/* .IP "\fB-m\fR \fImapfile\fR"
/* Print the process memory map to \fImapfile\fR, one entry per line.
+/* Specify \fB-m-\fR to write to the standard error stream.
/* Each map entry consists of a region start address and the first
/* address beyond that region. Addresses are separated by space,
/* and are printed as hexadecimal numbers (0xhhhh).
@@ -78,6 +79,7 @@
#include <unistd.h>
#include <fcntl.h>
#include <signal.h>
+#include <string.h>
/*
* Solaris 2.x has /proc, which immensely simplifies our task. However, the
@@ -103,10 +105,40 @@
/*
* FreeBSD 2.x and later have /proc, which immensely simplifies our task.
+ * Unfortunately, FreeBSD 5.x no longer mounts /proc by default. We try to
+ * use /proc first and use ptrace() only if we have to.
+ *
+ * FreeBSD PTRACE_DETACH does not resume the target process so we must send
+ * SIGCONT, but only if the process was stopped by us.
+ *
+ * FreeBSD 5 no longer supports ptrace() access to the u area, so we have to
+ * grope kernel memory instead.
*/
-#if defined(FREEBSD2) || defined(FREEBSD3) || defined(FREEBSD4)
+#if defined(FREEBSD2) || defined(FREEBSD3) || defined(FREEBSD4) \
+ || defined(FREEBSD5)
#define SUPPORTED
+#include <sys/param.h>
+#include <sys/user.h>
+#include <sys/proc.h>
+#include <sys/sysctl.h>
+#include <kvm.h>
+#include <stddef.h>
#define HAVE_PROC_MEM
+#define HAVE_PTRACE_MEM
+#define PTRACE_ATTACH PT_ATTACH
+#define PTRACE_DETACH PT_DETACH
+#define PTRACE_PEEKDATA PT_READ_D
+#define PTRACE_ARG3_T caddr_t
+#endif
+
+#if defined(FREEBSD2) || defined(FREEBSD3) || defined(FREEBSD4)
+#define PROCP_STATUS(p) ((p)->kp_proc.p_stat)
+#define PROCP_VMSPACE(p) ((p)->kp_proc.p_vmspace)
+#endif
+
+#if defined(FREEBSD5)
+#define PROCP_STATUS(p) ((p)->ki_stat)
+#define PROCP_VMSPACE(p) ((p)->ki_vmspace)
#endif
/*
@@ -223,12 +255,13 @@ typedef struct {
/*
* Structure to carry around process-related info.
*/
-typedef struct {
+typedef struct PROC_INFO {
#ifdef HAVE_PROC_MEM
int mem_fd; /* process memory */
#endif
pid_t pid; /* a process id */
int map_count; /* nr of map entries */
+ void (*read_proc) (struct PROC_INFO *, char *, int, off_t);
MAP_INFO map_info[1]; /* actually a bunch. */
} PROC_INFO;
@@ -430,11 +463,12 @@ static int call_ptrace(int request, pid_t pid, int addr, int data)
#endif
-/* read_proc - read block of memory at specified position */
+#ifdef HAVE_PROC_MEM
-static void read_proc(PROC_INFO *proc, char *data, int len, off_t offset)
+/* read_proc_mem - read block of memory at specified position */
+
+static void read_proc_mem(PROC_INFO *proc, char *data, int len, off_t offset)
{
-#ifdef HAVE_PROC_MEM
if (verbose)
fprintf(stderr, "read seek to 0x%lx\n", (long) offset);
#ifdef USE_PREAD
@@ -446,11 +480,19 @@ static void read_proc(PROC_INFO *proc, char *data, int len, off_t offset)
if (read(proc->mem_fd, data, len) != len)
error("read: %m");
#endif
+}
#endif
#ifdef HAVE_PTRACE_MEM
+
+/* read_ptrace_mem - read block of memory at specified position */
+
+static void read_ptrace_mem(PROC_INFO *proc, char *data, int len, off_t offset)
+{
#ifdef USE_PTRACE_READDATA
+ if (verbose)
+ fprintf(stderr, "read seek to 0x%lx\n", (long) offset);
if (ptrace(PTRACE_READDATA, proc->pid, (int) offset, len, data) < 0)
error("PTRACE_READDATA: %m%s", errno == EIO ?
"; did you use GCC with another machine's header files?" : "");
@@ -463,6 +505,8 @@ static void read_proc(PROC_INFO *proc, char *data, int len, off_t offset)
* XXX This breaks when memory segments aren't word-aligned or when
* memory segments sizes aren't a multiple of the word size. Tough.
*/
+ if (verbose)
+ fprintf(stderr, "read seek to 0x%lx\n", (long) offset);
if (offset % sizeof(int))
panic("read_proc: offset 0x%lx is not word-aligned", (long) offset);
if (len % sizeof(int))
@@ -473,9 +517,9 @@ static void read_proc(PROC_INFO *proc, char *data, int len, off_t offset)
words[n] = call_ptrace(PTRACE_PEEKDATA, proc->pid, addr, 0);
memcpy(data, (char *) words, len);
#endif
+}
#endif
-}
/* write_here - write a block at specified position */
@@ -509,7 +553,7 @@ static void copy_process(PROC_INFO *proc, int out_fd)
where = proc->map_info[n].start;
while (size > 0) {
len = (size > sizeof(buf) ? sizeof(buf) : size);
- read_proc(proc, buf, len, where);
+ proc->read_proc(proc, buf, len, where);
if (keep_holes) {
write_here(out_fd, buf, len, where);
} else {
@@ -526,44 +570,121 @@ static void copy_process(PROC_INFO *proc, int out_fd)
static PROC_INFO *open_process(pid_t pid)
{
-#if defined(FREEBSD2) || defined(FREEBSD3) || defined(FREEBSD4)
+#if defined(FREEBSD2) || defined(FREEBSD3) || defined(FREEBSD4) \
+ || defined(FREEBSD5)
PROC_INFO *proc = (PROC_INFO *) mymalloc(sizeof(*proc));
- char buf[READ_BUFSIZ_CHARS];
MAP_INFO *mp;
+ struct kinfo_proc *procp;
+ kvm_t *kd;
+ struct vmspace vmspace;
+ struct vm_map_entry entry;
+ u_long addr;
+ int cnt;
+ char buf[READ_BUFSIZ_CHARS];
FILE *map_fp;
/*
- * Attach to process memory. XXX Suspend/resume the process if it isn't
- * stopped.
+ * Attach to process memory. Try to use /proc first. XXX Suspend/resume
+ * the process if it isn't stopped.
*/
- sprintf(buf, "/proc/%ld/mem", (long) pid);
- if ((proc->mem_fd = open(buf, O_RDONLY)) < 0)
- error("open %s: %m", buf);
init_cleanup(pid);
+ sprintf(buf, "/proc/%ld/mem", (long) pid);
+ if ((proc->mem_fd = open(buf, O_RDONLY)) >= 0) {
+ proc->read_proc = read_proc_mem;
+
+ /*
+ * Look up the process memory map.
+ *
+ * XXX The map must fit inside one read operation. If the read fails
+ * with EFBIG then we should increase the read buffer size and retry.
+ */
+ sprintf(buf, "/proc/%ld/map", (long) pid);
+ if ((map_fp = fopen(buf, "r")) == 0)
+ error("open %s: %m", buf);
+
+ for (proc->map_count = 0; fgets(buf, sizeof(buf), map_fp) != 0; proc->map_count++) {
+ if (proc->map_count > 0)
+ proc = (PROC_INFO *) myrealloc((char *) proc,
+ sizeof(*proc) + proc->map_count * sizeof(proc->map_info[0]));
+ mp = proc->map_info + proc->map_count;
+ if (sscanf(buf, "%lx %lx", &mp->start, &mp->end) != 2)
+ error("unexpected map format: %s", buf);
+ if (verbose)
+ fprintf(stderr, "map entry: 0x%lx 0x%lx\n", mp->start, mp->end);
+ if (map_out)
+ fprintf(map_out, "0x%lx 0x%lx\n", mp->start, mp->end);
+ }
+ if (ferror(map_fp))
+ error("map read: %m");
+ (void) fclose(map_fp);
+ }
/*
- * Look up the process memory map.
+ * We can't use /proc so we fall back to ptrace() and to peeking at
+ * kernel memory. Look up the process status before attaching to it: 1)
+ * the ptrace() detach operation will resume a stopped process, so we
+ * must re-suspend it; 2) the ptrace() detach operation will not resume a
+ * process that wasn't stopped, so we must resume it.
*/
- sprintf(buf, "/proc/%ld/map", (long) pid);
- if ((map_fp = fopen(buf, "r")) == 0)
- error("open %s: %m", buf);
+ else {
+ proc->read_proc = read_ptrace_mem;
+
+ /*
+ * Look up the process status before attaching to it: PTRACE_DETACH
+ * will resume a stopped process, so we must re-suspend it.
+ */
+ if ((kd = kvm_open((char *) 0, (char *) 0, (char *) 0, O_RDONLY, "pcat")) == 0)
+ error("kvm_open: %m");
+ if ((procp = kvm_getprocs(kd, KERN_PROC_PID, pid, &cnt)) == 0 || cnt != 1)
+ error("kvm_getprocs: %m");
+ if (PROCP_STATUS(procp) & SSTOP)
+ pre_detach_signal = post_detach_signal = SIGSTOP;
+ else
+ pre_detach_signal = SIGCONT;
+
+ /*
+ * Attach to process memory and stop the process.
+ */
+ init_cleanup(pid);
+ if (ptrace(PTRACE_ATTACH, pid, 0, 0) < 0)
+ error("ptrace PTRACE_ATTACH: %m");
+ ptrace_attach_wait(pid);
+
+ /*
+ * Look up the process memory map. With FreeBSD 5 the u area is no
+ * longer accessible via ptrace() so we must grope kernel memory.
+ * This requires root privileges.
+ */
+ if (kvm_read(kd, (u_long) PROCP_VMSPACE(procp),
+ (void *) &vmspace, sizeof(vmspace)) != sizeof(vmspace))
+ error("struct vmspace kvm_read: %m");
+
+ /*
+ * Copied from the code that implements /proc/pid/map.
+ */
+ for (proc->map_count = 0, addr = (u_long) vmspace.vm_map.header.next;
+ addr != (u_long) PROCP_VMSPACE(procp)
+ + offsetof(struct vmspace, vm_map)
+ + offsetof(struct vm_map, header);
+ proc->map_count++, addr = (u_long) entry.next) {
+
+ if (kvm_read(kd, addr, (void *) &entry,
+ sizeof(entry)) != sizeof(entry))
+ error("struct vm_map_entry kvm_read: %m");
+ if (proc->map_count > 0)
+ proc = (PROC_INFO *) myrealloc((char *) proc,
+ sizeof(*proc) + proc->map_count * sizeof(proc->map_info[0]));
+ mp = proc->map_info + proc->map_count;
+ mp->start = entry.start;
+ mp->end = entry.end;
+ if (verbose)
+ fprintf(stderr, "map entry: 0x%lx 0x%lx\n", mp->start, mp->end);
+ if (map_out)
+ fprintf(map_out, "0x%lx 0x%lx\n", mp->start, mp->end);
+ }
- for (proc->map_count = 0; fgets(buf, sizeof(buf), map_fp) != 0; proc->map_count++) {
- if (proc->map_count > 0)
- proc = (PROC_INFO *) myrealloc((char *) proc,
- sizeof(*proc) + proc->map_count * sizeof(proc->map_info[0]));
- mp = proc->map_info + proc->map_count;
- if (sscanf(buf, "%lx %lx", &mp->start, &mp->end) != 2)
- error("unexpected map format: %s", buf);
- if (verbose)
- fprintf(stderr, "map entry: 0x%lx 0x%lx\n", mp->start, mp->end);
- if (map_out)
- fprintf(map_out, "0x%lx 0x%lx\n", mp->start, mp->end);
+ kvm_close(kd);
}
- if (ferror(map_fp))
- error("map read: %m");
- (void) fclose(map_fp);
-
proc->pid = pid;
return (proc);
@@ -576,6 +697,8 @@ static PROC_INFO *open_process(pid_t pid)
struct prmap *pr;
MAP_INFO *mp;
+ proc->read_proc = read_proc_mem;
+
/*
* Attach to process memory. XXX Suspend/resume the process if it isn't
* stopped.
@@ -590,6 +713,8 @@ static PROC_INFO *open_process(pid_t pid)
*/
if (ioctl(proc->mem_fd, PIOCNMAP, (char *) &proc->map_count) < 0)
error("ioctl PIOCNMAP: %m");
+ proc = (PROC_INFO *) myrealloc((char *) proc,
+ sizeof(*proc) + proc->map_count * sizeof(proc->map_info[0]));
prmap = (struct prmap *) mymalloc((proc->map_count + 1) * sizeof(*prmap));
if (ioctl(proc->mem_fd, PIOCMAP, (char *) prmap) < 0)
error("ioctl PIOCMAP: %m");
@@ -615,6 +740,8 @@ static PROC_INFO *open_process(pid_t pid)
MAP_INFO *mp;
FILE *map_fp;
+ proc->read_proc = read_proc_mem;
+
/*
* Attach to process memory. XXX Suspend/resume the process if it isn't
* stopped.
@@ -663,11 +790,13 @@ static PROC_INFO *open_process(pid_t pid)
*/
init_cleanup(pid);
#ifdef HAVE_PROC_MEM
+ proc->read_proc = read_proc_mem;
sprintf(buf, "/proc/%ld/mem", (long) pid);
if ((proc->mem_fd = open(buf, O_RDONLY)) < 0)
error("open %s: %m", buf);
#endif
#ifdef HAVE_PTRACE_MEM
+ proc->read_proc = read_ptrace_mem;
if (ptrace(PTRACE_ATTACH, pid, 0, 0) < 0)
error("ptrace PTRACE_ATTACH: %m");
ptrace_attach_wait(pid);
@@ -731,6 +860,7 @@ static PROC_INFO *open_process(pid_t pid)
*/
proc = (PROC_INFO *) mymalloc(sizeof(*proc) + 2 * sizeof(MAP_INFO));
proc->map_count = 3;
+ proc->read_proc = read_ptrace_mem;
/*
* Attach to process memory and stop the process.
@@ -818,6 +948,7 @@ static PROC_INFO *open_process(pid_t pid)
*/
proc = (PROC_INFO *) mymalloc(sizeof(*proc) + 2 * sizeof(MAP_INFO));
proc->map_count = 3;
+ proc->read_proc = read_ptrace_mem;
/*
* Attach to process memory and stop the process.
@@ -896,6 +1027,7 @@ static PROC_INFO *open_process(pid_t pid)
*/
proc = (PROC_INFO *) mymalloc(sizeof(*proc) + 2 * sizeof(MAP_INFO));
proc->map_count = 3;
+ proc->read_proc = read_ptrace_mem;
/*
* Attach to process memory and stop the process.
@@ -957,7 +1089,7 @@ static PROC_INFO *open_process(pid_t pid)
static void close_process(PROC_INFO *proc)
{
#ifdef HAVE_PROC_MEM
- if (close(proc->mem_fd) < 0)
+ if (proc->mem_fd >= 0 && close(proc->mem_fd) < 0)
error("close memory: %m");
#endif
free((char *) proc);
@@ -992,8 +1124,12 @@ int main(int argc, char **argv)
keep_holes = 1;
break;
case 'm':
- if ((map_out = fopen(optarg, "w")) == 0)
- error("create map file %s: %m", optarg);
+ if (strcmp(optarg, "-") == 0) {
+ map_out = stderr;
+ } else {
+ if ((map_out = fopen(optarg, "w")) == 0)
+ error("create map file %s: %m", optarg);
+ }
break;
case 'v':
verbose++;
--
Forensics related utilities
More information about the forensics-changes
mailing list