[gentoo-commits] proj/autodep:master commit in: src/hook_lib/ - gentoo-commits

From:	"Александр Берсенев" <bay@×××××××××.ru>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] proj/autodep:master commit in: src/hook_lib/
Date:	Tue, 02 Aug 2011 20:19:23
Message-Id:	`bd663fa24ca37b2ea697e782f6548e6133f8365f.bay@gentoo`

1

commit:     bd663fa24ca37b2ea697e782f6548e6133f8365f

2

Author:     Alexander Bersenev <bay <AT> hackerdom <DOT> ru>

3

AuthorDate: Wed Aug  3 02:18:25 2011 +0000

4

Commit:     Александр Берсенев <bay <AT> hackerdom <DOT> ru>

5

CommitDate: Wed Aug  3 02:18:25 2011 +0000

6

URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/autodep.git;a=commit;h=bd663fa2

7

8

hooklib: hide blocked files in directories

9

10

---

11

 src/hook_lib/file_hook.c |  158 +++++++++++++++++++++++++++++++++++++++++++++-

12

 1 files changed, 156 insertions(+), 2 deletions(-)

13

14

diff --git a/src/hook_lib/file_hook.c b/src/hook_lib/file_hook.c

15

index 555d6dc..9f114ae 100644

16

--- a/src/hook_lib/file_hook.c

17

+++ b/src/hook_lib/file_hook.c

18

@@ -11,6 +11,8 @@

19

 #include <dlfcn.h>

20

 #include <pthread.h>

21

22

+#include <dirent.h>

23

+

24

 #define _FCNTL_H

25

 #include <bits/fcntl.h>

26

27

@@ -19,7 +21,7 @@

28

 #include <sys/socket.h>

29

 #include <sys/un.h>

30

31

-#define MAXPATHLEN 1024

32

+#define MAXPATHLEN PATH_MAX

33

 #define MAXSOCKETPATHLEN 108

34

 #define MAXFILEBUFFLEN 2048

35

36

@@ -44,6 +46,13 @@ size_t (*_fwrite)(const void *ptr, size_t size, size_t nmemb, FILE *stream);

37

 void *(*_mmap)(void *addr, size_t length, int prot, int flags,

38

                   int fd, off_t offset);

39

40

+struct dirent * (*_readdir)(DIR *dirp);

41

+struct dirent64 * (*_readdir64)(DIR *dirp);

42

+int (*_readdir_r)(DIR *dirp, struct dirent *entry, 

43

+				   struct dirent **result);

44

+int (*_readdir64_r)(DIR *dirp, struct dirent64 *entry, 

45

+				   struct dirent64 **result);

46

+

47

48

 int (*_execve)(const char *filename, char *const argv[],char *const envp[]);

49

 int (*_execv)(const char *path, char *const argv[]);

50

@@ -139,6 +148,12 @@ void _init() {

51

52

   _mmap=(void* (*)(void *addr, size_t length, int prot, int flags,

53

                   int fd, off_t offset)) dlsym(RTLD_NEXT, "mmap");

54

+  _readdir=(struct dirent * (*)(DIR *dirp)) dlsym(RTLD_NEXT, "readdir");

55

+  _readdir64=(struct dirent64 * (*)(DIR *dirp)) dlsym(RTLD_NEXT, "readdir64");

56

+  _readdir_r=(int (*)(DIR *dirp, struct dirent *entry, 

57

+				   struct dirent **result)) dlsym(RTLD_NEXT, "readdir_r");

58

+  _readdir64_r=(int (*)(DIR *dirp, struct dirent64 *entry, 

59

+				   struct dirent64 **result)) dlsym(RTLD_NEXT, "readdir64_r");

60

61

62

   _fork = (pid_t (*)()) dlsym(RTLD_NEXT, "fork");

63

@@ -159,7 +174,9 @@ void _init() {

64

65

   if(_open==NULL || _open64==NULL || 

66

 	 _fopen==NULL || _fopen64==NULL || 

67

-	  _read==NULL || _write==NULL || _mmap==NULL ||

68

+	  _read==NULL || _write==NULL || _mmap==NULL || 

69

+	  _readdir==NULL || _readdir64 == NULL || _readdir_r==NULL || 

70

+	  _readdir64_r==NULL ||

71

 	  _fork==NULL || 

72

 	  _execve==NULL || _execv==NULL || _execvp==NULL || _execvpe==NULL || 

73

 	  _fexecve==NULL || _system==NULL || _setenv==NULL || _close==NULL) {

74

@@ -727,6 +744,143 @@ void *mmap(void *addr, size_t length, int prot, int flags,

75

   return ret;

76

}

77

78

+// directory reading hooks

79

+// the strategy for all functions is basic: skip the file if it is blocked

80

+// all function are in two very similar variants: 32bit and 64bit

81

+struct dirent *readdir(DIR *dirp) {

82

+  char *stage=__get_stage();

83

+  struct dirent *ep;

84

+

85

+  char dirpath[MAXPATHLEN];

86

+

87

+  int fd;

88

+  fd=dirfd(dirp);

89

+

90

+  // get dirname in dirpath

91

+  if (__get_path_by_fd(fd,dirpath,MAXPATHLEN)==-1)

92

+	return _readdir(dirp);

93

+

94

+  while((ep=_readdir(dirp))!=NULL) { 	// Hope that readdir is not looping

95

+	char fullpath[MAXPATHLEN];	

96

+	snprintf(fullpath,MAXPATHLEN,"%s/%s",dirpath,ep->d_name);

97

+

98

+	char abspath[MAXPATHLEN];

99

+	realpath(fullpath,abspath);

100

+

101

+	if(! __is_event_allowed("open",abspath,stage)) {

102

+	  __log_event("open",abspath,"DENIED",errno,stage);

103

+

104

+	  continue;

105

+	} else

106

+	  break;

107

+  }

108

+  return ep;

109

+}

110

+

111

+struct dirent64 *readdir64(DIR *dirp) {

112

+  char *stage=__get_stage();

113

+  struct dirent64 *ep;

114

+

115

+  char dirpath[MAXPATHLEN];

116

+

117

+  int fd;

118

+  fd=dirfd(dirp);

119

+

120

+  // get dirname in dirpath

121

+  if (__get_path_by_fd(fd,dirpath,MAXPATHLEN)==-1)

122

+	return _readdir64(dirp);

123

+

124

+  while((ep=_readdir64(dirp))!=NULL) { 	// Hope that readdir is not looping

125

+	char fullpath[MAXPATHLEN];	

126

+	snprintf(fullpath,MAXPATHLEN,"%s/%s",dirpath,ep->d_name);

127

+

128

+	char abspath[MAXPATHLEN];

129

+	realpath(fullpath,abspath);

130

+

131

+	if(! __is_event_allowed("open",abspath,stage)) {

132

+	  __log_event("open",abspath,"DENIED",errno,stage);

133

+

134

+	  continue;

135

+	} else

136

+	  break;

137

+  }

138

+  return ep;

139

+}

140

+

141

+

142

+// next two functions are almost equal

143

+int readdir_r(DIR *dirp, struct dirent *entry, struct dirent **result){

144

+  char *stage=__get_stage();

145

+  char dirpath[MAXPATHLEN];

146

+

147

+  int fd;

148

+  fd=dirfd(dirp);

149

+

150

+  // get dirname in dirpath

151

+  if (__get_path_by_fd(fd,dirpath,MAXPATHLEN)==-1)

152

+	return _readdir_r(dirp, entry, result);

153

+

154

+  int ret;

155

+

156

+  while((ret=_readdir_r(dirp, entry, result))==0) {

157

+	if(*result==NULL) {

158

+	  break; // end of directory

159

+	}

160

+

161

+	char fullpath[MAXPATHLEN];	

162

+	snprintf(fullpath,MAXPATHLEN,"%s/%s",dirpath,entry->d_name);

163

+

164

+	char abspath[MAXPATHLEN];

165

+	realpath(fullpath,abspath);

166

+

167

+	if(! __is_event_allowed("open",abspath,stage)) {

168

+	  __log_event("open",abspath,"DENIED",errno,stage);

169

+

170

+	  continue;

171

+	} else

172

+	  break;

173

+  }

174

+

175

+  return ret;

176

+}

177

+

178

+

179

+int readdir64_r(DIR *dirp, struct dirent64 *entry, struct dirent64 **result){

180

+  char *stage=__get_stage();

181

+  char dirpath[MAXPATHLEN];

182

+

183

+  int fd;

184

+  fd=dirfd(dirp);

185

+

186

+  // get dirname in dirpath

187

+  if (__get_path_by_fd(fd,dirpath,MAXPATHLEN)==-1)

188

+	return _readdir64_r(dirp, entry, result);

189

+

190

+  int ret;

191

+

192

+  while((ret=_readdir64_r(dirp, entry, result))==0) {

193

+	if(*result==NULL) {

194

+	  break; // end of directory

195

+	}

196

+

197

+	char fullpath[MAXPATHLEN];	

198

+	snprintf(fullpath,MAXPATHLEN,"%s/%s",dirpath,entry->d_name);

199

+

200

+	char abspath[MAXPATHLEN];

201

+	realpath(fullpath,abspath);

202

+

203

+	if(! __is_event_allowed("open",abspath,stage)) {

204

+	  __log_event("open",abspath,"DENIED",errno,stage);

205

+

206

+	  continue;

207

+	} else

208

+	  break;

209

+  }

210

+

211

+  return ret;

212

+}

213

+

214

+

215

 int setenv(const char *name, const char *value, int overwrite) {

216

 	//printf ("   CHANGING name: %s, value: %s",name,value);

217

 	if(strcmp(name,"LD_PRELOAD")==0 ||

1	commit: bd663fa24ca37b2ea697e782f6548e6133f8365f
2	Author: Alexander Bersenev <bay <AT> hackerdom <DOT> ru>
3	AuthorDate: Wed Aug 3 02:18:25 2011 +0000
4	Commit: Александр Берсенев <bay <AT> hackerdom <DOT> ru>
5	CommitDate: Wed Aug 3 02:18:25 2011 +0000
6	URL: http://git.overlays.gentoo.org/gitweb/?p=proj/autodep.git;a=commit;h=bd663fa2
7
8	hooklib: hide blocked files in directories
9
10	---
11	src/hook_lib/file_hook.c \| 158 +++++++++++++++++++++++++++++++++++++++++++++-
12	1 files changed, 156 insertions(+), 2 deletions(-)
13
14	diff --git a/src/hook_lib/file_hook.c b/src/hook_lib/file_hook.c
15	index 555d6dc..9f114ae 100644
16	--- a/src/hook_lib/file_hook.c
17	+++ b/src/hook_lib/file_hook.c
18	@@ -11,6 +11,8 @@
19	#include <dlfcn.h>
20	#include <pthread.h>
21
22	+#include <dirent.h>
23	+
24	#define _FCNTL_H
25	#include <bits/fcntl.h>
26
27	@@ -19,7 +21,7 @@
28	#include <sys/socket.h>
29	#include <sys/un.h>
30
31	-#define MAXPATHLEN 1024
32	+#define MAXPATHLEN PATH_MAX
33	#define MAXSOCKETPATHLEN 108
34	#define MAXFILEBUFFLEN 2048
35
36	@@ -44,6 +46,13 @@ size_t (_fwrite)(const void ptr, size_t size, size_t nmemb, FILE *stream);
37	void (_mmap)(void *addr, size_t length, int prot, int flags,
38	int fd, off_t offset);
39
40	+struct dirent * (_readdir)(DIR dirp);
41	+struct dirent64 * (_readdir64)(DIR dirp);
42	+int (_readdir_r)(DIR dirp, struct dirent *entry,
43	+ struct dirent **result);
44	+int (_readdir64_r)(DIR dirp, struct dirent64 *entry,
45	+ struct dirent64 **result);
46	+
47
48	int (_execve)(const char filename, char const argv[],char const envp[]);
49	int (_execv)(const char path, char *const argv[]);
50	@@ -139,6 +148,12 @@ void _init() {
51
52	_mmap=(void* ()(void addr, size_t length, int prot, int flags,
53	int fd, off_t offset)) dlsym(RTLD_NEXT, "mmap");
54	+ _readdir=(struct dirent * ()(DIR dirp)) dlsym(RTLD_NEXT, "readdir");
55	+ _readdir64=(struct dirent64 * ()(DIR dirp)) dlsym(RTLD_NEXT, "readdir64");
56	+ _readdir_r=(int ()(DIR dirp, struct dirent *entry,
57	+ struct dirent **result)) dlsym(RTLD_NEXT, "readdir_r");
58	+ _readdir64_r=(int ()(DIR dirp, struct dirent64 *entry,
59	+ struct dirent64 **result)) dlsym(RTLD_NEXT, "readdir64_r");
60
61
62	_fork = (pid_t (*)()) dlsym(RTLD_NEXT, "fork");
63	@@ -159,7 +174,9 @@ void _init() {
64
65	if(_open==NULL \|\| _open64==NULL \|\|
66	_fopen==NULL \|\| _fopen64==NULL \|\|
67	- _read==NULL \|\| _write==NULL \|\| _mmap==NULL \|\|
68	+ _read==NULL \|\| _write==NULL \|\| _mmap==NULL \|\|
69	+ _readdir==NULL \|\| _readdir64 == NULL \|\| _readdir_r==NULL \|\|
70	+ _readdir64_r==NULL \|\|
71	_fork==NULL \|\|
72	_execve==NULL \|\| _execv==NULL \|\| _execvp==NULL \|\| _execvpe==NULL \|\|
73	_fexecve==NULL \|\| _system==NULL \|\| _setenv==NULL \|\| _close==NULL) {
74	@@ -727,6 +744,143 @@ void mmap(void addr, size_t length, int prot, int flags,
75	return ret;
76	}
77
78	+// directory reading hooks
79	+// the strategy for all functions is basic: skip the file if it is blocked
80	+// all function are in two very similar variants: 32bit and 64bit
81	+struct dirent readdir(DIR dirp) {
82	+ char *stage=__get_stage();
83	+ struct dirent *ep;
84	+
85	+ char dirpath[MAXPATHLEN];
86	+
87	+ int fd;
88	+ fd=dirfd(dirp);
89	+
90	+ // get dirname in dirpath
91	+ if (__get_path_by_fd(fd,dirpath,MAXPATHLEN)==-1)
92	+ return _readdir(dirp);
93	+
94	+ while((ep=_readdir(dirp))!=NULL) { // Hope that readdir is not looping
95	+ char fullpath[MAXPATHLEN];
96	+ snprintf(fullpath,MAXPATHLEN,"%s/%s",dirpath,ep->d_name);
97	+
98	+ char abspath[MAXPATHLEN];
99	+ realpath(fullpath,abspath);
100	+
101	+ if(! __is_event_allowed("open",abspath,stage)) {
102	+ __log_event("open",abspath,"DENIED",errno,stage);
103	+
104	+ continue;
105	+ } else
106	+ break;
107	+ }
108	+ return ep;
109	+}
110	+
111	+struct dirent64 readdir64(DIR dirp) {
112	+ char *stage=__get_stage();
113	+ struct dirent64 *ep;
114	+
115	+ char dirpath[MAXPATHLEN];
116	+
117	+ int fd;
118	+ fd=dirfd(dirp);
119	+
120	+ // get dirname in dirpath
121	+ if (__get_path_by_fd(fd,dirpath,MAXPATHLEN)==-1)
122	+ return _readdir64(dirp);
123	+
124	+ while((ep=_readdir64(dirp))!=NULL) { // Hope that readdir is not looping
125	+ char fullpath[MAXPATHLEN];
126	+ snprintf(fullpath,MAXPATHLEN,"%s/%s",dirpath,ep->d_name);
127	+
128	+ char abspath[MAXPATHLEN];
129	+ realpath(fullpath,abspath);
130	+
131	+ if(! __is_event_allowed("open",abspath,stage)) {
132	+ __log_event("open",abspath,"DENIED",errno,stage);
133	+
134	+ continue;
135	+ } else
136	+ break;
137	+ }
138	+ return ep;
139	+}
140	+
141	+
142	+// next two functions are almost equal
143	+int readdir_r(DIR dirp, struct dirent entry, struct dirent **result){
144	+ char *stage=__get_stage();
145	+ char dirpath[MAXPATHLEN];
146	+
147	+ int fd;
148	+ fd=dirfd(dirp);
149	+
150	+ // get dirname in dirpath
151	+ if (__get_path_by_fd(fd,dirpath,MAXPATHLEN)==-1)
152	+ return _readdir_r(dirp, entry, result);
153	+
154	+ int ret;
155	+
156	+ while((ret=_readdir_r(dirp, entry, result))==0) {
157	+ if(*result==NULL) {
158	+ break; // end of directory
159	+ }
160	+
161	+ char fullpath[MAXPATHLEN];
162	+ snprintf(fullpath,MAXPATHLEN,"%s/%s",dirpath,entry->d_name);
163	+
164	+ char abspath[MAXPATHLEN];
165	+ realpath(fullpath,abspath);
166	+
167	+ if(! __is_event_allowed("open",abspath,stage)) {
168	+ __log_event("open",abspath,"DENIED",errno,stage);
169	+
170	+ continue;
171	+ } else
172	+ break;
173	+ }
174	+
175	+ return ret;
176	+}
177	+
178	+
179	+int readdir64_r(DIR dirp, struct dirent64 entry, struct dirent64 **result){
180	+ char *stage=__get_stage();
181	+ char dirpath[MAXPATHLEN];
182	+
183	+ int fd;
184	+ fd=dirfd(dirp);
185	+
186	+ // get dirname in dirpath
187	+ if (__get_path_by_fd(fd,dirpath,MAXPATHLEN)==-1)
188	+ return _readdir64_r(dirp, entry, result);
189	+
190	+ int ret;
191	+
192	+ while((ret=_readdir64_r(dirp, entry, result))==0) {
193	+ if(*result==NULL) {
194	+ break; // end of directory
195	+ }
196	+
197	+ char fullpath[MAXPATHLEN];
198	+ snprintf(fullpath,MAXPATHLEN,"%s/%s",dirpath,entry->d_name);
199	+
200	+ char abspath[MAXPATHLEN];
201	+ realpath(fullpath,abspath);
202	+
203	+ if(! __is_event_allowed("open",abspath,stage)) {
204	+ __log_event("open",abspath,"DENIED",errno,stage);
205	+
206	+ continue;
207	+ } else
208	+ break;
209	+ }
210	+
211	+ return ret;
212	+}
213	+
214	+
215	int setenv(const char name, const char value, int overwrite) {
216	//printf (" CHANGING name: %s, value: %s",name,value);
217	if(strcmp(name,"LD_PRELOAD")==0 \|\|

Gentoo Archives: gentoo-commits