From: Michael Altizer (mialtize) <mialtize@cisco.com>
Date: Tue, 7 Nov 2017 23:43:14 +0000 (-0500)
Subject: Merge pull request #1061 in SNORT/snort3 from relative_files to master
X-Git-Tag: 3.0.0-241~24
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=529ff9c7e50fe2d42f7ec5ebc511ef1a36b0abd6;p=thirdparty%2Fsnort3.git

Merge pull request #1061 in SNORT/snort3 from relative_files to master

Squashed commit of the following:

commit a6c60b9518f79884144a702fdc4b0e5c87f4bb6f
Author: Carter Waxman <cwaxman@cisco.com>
Date:   Wed Nov 1 16:22:31 2017 -0400

    parsing: resolve paths from the current config directory instead of process directory
---

diff --git a/src/main/shell.cc b/src/main/shell.cc
index 448fd16e1..5551b8210 100644
--- a/src/main/shell.cc
+++ b/src/main/shell.cc
@@ -23,6 +23,8 @@
 
 #include "shell.h"
 
+#include <libgen.h>
+
 #include <cassert>
 #include <cstring>
 #include <stdexcept>
@@ -32,6 +34,7 @@
 #include "main/policy.h"
 #include "main/snort_config.h"
 #include "managers/module_manager.h"
+#include "parser/parser.h"
 
 using namespace std;
 
@@ -139,8 +142,11 @@ Shell::Shell(const char* s)
     lua_atpanic(lua, Shell::panic);
     luaL_openlibs(lua);
 
+    char pwd[PATH_MAX];
+    parse_from = getcwd(pwd, sizeof(pwd));
+
     if ( s )
-        file = s;
+        set_file(s);
 
     loaded = false;
 }
@@ -153,7 +159,14 @@ Shell::~Shell()
 void Shell::set_file(const char* s)
 {
     assert(file.empty());
-    file = s;
+
+    if ( s && s[0] != '/' && parsing_follows_files )
+    {
+        file += parse_from;
+        file += '/';
+    }
+
+    file += s;
 }
 
 void Shell::set_overrides(const char* s)
@@ -186,10 +199,14 @@ void Shell::configure(SnortConfig* sc)
         set_network_policy(pt->second->network);
     }
 
-    config_lua(lua, file.c_str(), overrides);
+    const char* base_name = push_relative_path(file.c_str());
+    config_lua(lua, base_name, overrides);
+
     set_default_policy(sc);
     ModuleManager::set_config(nullptr);
     loaded = true;
+
+    pop_relative_path();
 }
 
 void Shell::install(const char* name, const luaL_Reg* reg)
diff --git a/src/main/shell.h b/src/main/shell.h
index 742154291..0c2d199e2 100644
--- a/src/main/shell.h
+++ b/src/main/shell.h
@@ -54,6 +54,7 @@ private:
     bool loaded;
     lua_State* lua;
     std::string file;
+    std::string parse_from;
     std::string overrides;
 };
 
diff --git a/src/main/snort_module.cc b/src/main/snort_module.cc
index baab6a4cd..fdad51a0e 100644
--- a/src/main/snort_module.cc
+++ b/src/main/snort_module.cc
@@ -379,6 +379,9 @@ static const Parameter s_params[] =
     { "--pause", Parameter::PT_IMPLIED, nullptr, nullptr,
       "wait for resume/quit command before processing packets/terminating", },
 
+    { "--parsing-follows-files", Parameter::PT_IMPLIED, nullptr, nullptr,
+      "parse relative paths from the perspective of the current configuration file" },
+
     { "--pcap-file", Parameter::PT_STRING, nullptr, nullptr,
       "<file> file that contains a list of pcaps to read - read mode is implied" },
 
@@ -814,6 +817,9 @@ bool SnortModule::set(const char*, Value& v, SnortConfig* sc)
     else if ( v.is("--pause") )
         sc->run_flags |= RUN_FLAG__PAUSE;
 
+    else if ( v.is("--parsing-follows-files") )
+        parsing_follows_files = true;
+
     else if ( v.is("--pcap-file") )
     {
         Trough::add_source(Trough::SOURCE_FILE_LIST, v.get_string());
diff --git a/src/managers/module_manager.cc b/src/managers/module_manager.cc
index 8fb6295c2..e0b398575 100644
--- a/src/managers/module_manager.cc
+++ b/src/managers/module_manager.cc
@@ -23,11 +23,13 @@
 
 #include "module_manager.h"
 
+#include <libgen.h>
 #include <lua.hpp>
 
 #include <cassert>
 #include <iostream>
 #include <mutex>
+#include <stack>
 #include <string>
 
 #include "framework/base_api.h"
@@ -786,6 +788,59 @@ SO_PUBLIC bool set_string(const char* fqn, const char* s)
     return set_value(fqn, v);
 }
 
+struct DirStackItem
+{
+    string previous_dir;
+    string base_name;
+};
+
+static std::stack<DirStackItem> dir_stack;
+
+SO_PUBLIC const char* push_relative_path(const char* file)
+{
+    if ( !parsing_follows_files )
+        return file;
+
+    dir_stack.push(DirStackItem());
+    DirStackItem& dsi = dir_stack.top();
+
+    char pwd[PATH_MAX];
+
+    if ( getcwd(pwd, sizeof(pwd)) == nullptr )
+        FatalError("Unable to determine process running directory\n");
+
+    dsi.previous_dir = pwd;
+
+    char* base_name_buf = snort_strdup(file);
+    dsi.base_name = basename(base_name_buf);
+    snort_free(base_name_buf);
+
+    char* dir_name_buf = snort_strdup(file);
+    char* dir_name = dirname(dir_name_buf);
+
+    if ( chdir(dir_name) != 0 )
+        FatalError("Unable to access %s\n", dir_name);
+
+    snort_free(dir_name_buf);
+
+    return dsi.base_name.c_str();
+}
+
+SO_PUBLIC void pop_relative_path()
+{
+    if ( !parsing_follows_files )
+        return;
+
+    assert( !dir_stack.empty() );
+
+    // We came from this directory, so it should still exist
+    const char* prev_dir = dir_stack.top().previous_dir.c_str();
+    if ( chdir(prev_dir) != 0 )
+        FatalError("Unable to access %s\n", prev_dir);
+
+    dir_stack.pop();
+}
+
 static bool comp_mods(const ModHook* l, const ModHook* r)
 {
     const Module* lm = l->mod;
diff --git a/src/managers/module_manager.h b/src/managers/module_manager.h
index 19d0fc004..ba0d6cae2 100644
--- a/src/managers/module_manager.h
+++ b/src/managers/module_manager.h
@@ -76,5 +76,12 @@ public:
     static std::set<uint32_t> gids;
 };
 
+extern "C"
+{
+    // returns the correct path component to use for referencing the file 
+    const char* push_relative_path(const char*);
+    void pop_relative_path();
+}
+
 #endif
 
diff --git a/src/managers/snort_config.lua b/src/managers/snort_config.lua
index 28c87a812..828343833 100644
--- a/src/managers/snort_config.lua
+++ b/src/managers/snort_config.lua
@@ -30,10 +30,14 @@ bool set_bool(const char*, bool);
 bool set_number(const char*, double);
 bool set_string(const char*, const char*);
 bool set_alias(const char*, const char*);
+const char* push_relative_path(const char*);
+void pop_relative_path();
 ]]
 
 function include(file)
-    dofile(file)
+    local base_name = ffi.C.push_relative_path(file)
+    dofile(ffi.string(base_name))
+    ffi.C.pop_relative_path()
 end
 
 function snort_traverse(tab, fqn)
diff --git a/src/parser/parser.cc b/src/parser/parser.cc
index 102919d37..51058c389 100644
--- a/src/parser/parser.cc
+++ b/src/parser/parser.cc
@@ -55,6 +55,8 @@
 #include "parse_stream.h"
 #include "vars.h"
 
+bool parsing_follows_files = false;
+
 static struct rule_index_map_t* ruleIndexMap = nullptr;
 
 static std::string s_aux_rules;
diff --git a/src/parser/parser.h b/src/parser/parser.h
index 95290d6e5..3760b3592 100644
--- a/src/parser/parser.h
+++ b/src/parser/parser.h
@@ -93,5 +93,6 @@ struct RuleTreeNodeKey
     PolicyId policyId;
 };
 
+extern bool parsing_follows_files;
 #endif