1 |
commit: bd663fa24ca37b2ea697e782f6548e6133f8365f |
2 |
Author: Alexander Bersenev <bay <AT> hackerdom <DOT> ru> |
3 |
AuthorDate: Wed Aug 3 02:18:25 2011 +0000 |
4 |
Commit: Александр Берсенев <bay <AT> hackerdom <DOT> ru> |
5 |
CommitDate: Wed Aug 3 02:18:25 2011 +0000 |
6 |
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/autodep.git;a=commit;h=bd663fa2 |
7 |
|
8 |
hooklib: hide blocked files in directories |
9 |
|
10 |
--- |
11 |
src/hook_lib/file_hook.c | 158 +++++++++++++++++++++++++++++++++++++++++++++- |
12 |
1 files changed, 156 insertions(+), 2 deletions(-) |
13 |
|
14 |
diff --git a/src/hook_lib/file_hook.c b/src/hook_lib/file_hook.c |
15 |
index 555d6dc..9f114ae 100644 |
16 |
--- a/src/hook_lib/file_hook.c |
17 |
+++ b/src/hook_lib/file_hook.c |
18 |
@@ -11,6 +11,8 @@ |
19 |
#include <dlfcn.h> |
20 |
#include <pthread.h> |
21 |
|
22 |
+#include <dirent.h> |
23 |
+ |
24 |
#define _FCNTL_H |
25 |
#include <bits/fcntl.h> |
26 |
|
27 |
@@ -19,7 +21,7 @@ |
28 |
#include <sys/socket.h> |
29 |
#include <sys/un.h> |
30 |
|
31 |
-#define MAXPATHLEN 1024 |
32 |
+#define MAXPATHLEN PATH_MAX |
33 |
#define MAXSOCKETPATHLEN 108 |
34 |
#define MAXFILEBUFFLEN 2048 |
35 |
|
36 |
@@ -44,6 +46,13 @@ size_t (*_fwrite)(const void *ptr, size_t size, size_t nmemb, FILE *stream); |
37 |
void *(*_mmap)(void *addr, size_t length, int prot, int flags, |
38 |
int fd, off_t offset); |
39 |
|
40 |
+struct dirent * (*_readdir)(DIR *dirp); |
41 |
+struct dirent64 * (*_readdir64)(DIR *dirp); |
42 |
+int (*_readdir_r)(DIR *dirp, struct dirent *entry, |
43 |
+ struct dirent **result); |
44 |
+int (*_readdir64_r)(DIR *dirp, struct dirent64 *entry, |
45 |
+ struct dirent64 **result); |
46 |
+ |
47 |
|
48 |
int (*_execve)(const char *filename, char *const argv[],char *const envp[]); |
49 |
int (*_execv)(const char *path, char *const argv[]); |
50 |
@@ -139,6 +148,12 @@ void _init() { |
51 |
|
52 |
_mmap=(void* (*)(void *addr, size_t length, int prot, int flags, |
53 |
int fd, off_t offset)) dlsym(RTLD_NEXT, "mmap"); |
54 |
+ _readdir=(struct dirent * (*)(DIR *dirp)) dlsym(RTLD_NEXT, "readdir"); |
55 |
+ _readdir64=(struct dirent64 * (*)(DIR *dirp)) dlsym(RTLD_NEXT, "readdir64"); |
56 |
+ _readdir_r=(int (*)(DIR *dirp, struct dirent *entry, |
57 |
+ struct dirent **result)) dlsym(RTLD_NEXT, "readdir_r"); |
58 |
+ _readdir64_r=(int (*)(DIR *dirp, struct dirent64 *entry, |
59 |
+ struct dirent64 **result)) dlsym(RTLD_NEXT, "readdir64_r"); |
60 |
|
61 |
|
62 |
_fork = (pid_t (*)()) dlsym(RTLD_NEXT, "fork"); |
63 |
@@ -159,7 +174,9 @@ void _init() { |
64 |
|
65 |
if(_open==NULL || _open64==NULL || |
66 |
_fopen==NULL || _fopen64==NULL || |
67 |
- _read==NULL || _write==NULL || _mmap==NULL || |
68 |
+ _read==NULL || _write==NULL || _mmap==NULL || |
69 |
+ _readdir==NULL || _readdir64 == NULL || _readdir_r==NULL || |
70 |
+ _readdir64_r==NULL || |
71 |
_fork==NULL || |
72 |
_execve==NULL || _execv==NULL || _execvp==NULL || _execvpe==NULL || |
73 |
_fexecve==NULL || _system==NULL || _setenv==NULL || _close==NULL) { |
74 |
@@ -727,6 +744,143 @@ void *mmap(void *addr, size_t length, int prot, int flags, |
75 |
return ret; |
76 |
} |
77 |
|
78 |
+// directory reading hooks |
79 |
+// the strategy for all functions is basic: skip the file if it is blocked |
80 |
+// all function are in two very similar variants: 32bit and 64bit |
81 |
+struct dirent *readdir(DIR *dirp) { |
82 |
+ char *stage=__get_stage(); |
83 |
+ struct dirent *ep; |
84 |
+ |
85 |
+ char dirpath[MAXPATHLEN]; |
86 |
+ |
87 |
+ int fd; |
88 |
+ fd=dirfd(dirp); |
89 |
+ |
90 |
+ // get dirname in dirpath |
91 |
+ if (__get_path_by_fd(fd,dirpath,MAXPATHLEN)==-1) |
92 |
+ return _readdir(dirp); |
93 |
+ |
94 |
+ while((ep=_readdir(dirp))!=NULL) { // Hope that readdir is not looping |
95 |
+ char fullpath[MAXPATHLEN]; |
96 |
+ snprintf(fullpath,MAXPATHLEN,"%s/%s",dirpath,ep->d_name); |
97 |
+ |
98 |
+ char abspath[MAXPATHLEN]; |
99 |
+ realpath(fullpath,abspath); |
100 |
+ |
101 |
+ if(! __is_event_allowed("open",abspath,stage)) { |
102 |
+ __log_event("open",abspath,"DENIED",errno,stage); |
103 |
+ |
104 |
+ continue; |
105 |
+ } else |
106 |
+ break; |
107 |
+ } |
108 |
+ return ep; |
109 |
+} |
110 |
+ |
111 |
+struct dirent64 *readdir64(DIR *dirp) { |
112 |
+ char *stage=__get_stage(); |
113 |
+ struct dirent64 *ep; |
114 |
+ |
115 |
+ char dirpath[MAXPATHLEN]; |
116 |
+ |
117 |
+ int fd; |
118 |
+ fd=dirfd(dirp); |
119 |
+ |
120 |
+ // get dirname in dirpath |
121 |
+ if (__get_path_by_fd(fd,dirpath,MAXPATHLEN)==-1) |
122 |
+ return _readdir64(dirp); |
123 |
+ |
124 |
+ while((ep=_readdir64(dirp))!=NULL) { // Hope that readdir is not looping |
125 |
+ char fullpath[MAXPATHLEN]; |
126 |
+ snprintf(fullpath,MAXPATHLEN,"%s/%s",dirpath,ep->d_name); |
127 |
+ |
128 |
+ char abspath[MAXPATHLEN]; |
129 |
+ realpath(fullpath,abspath); |
130 |
+ |
131 |
+ if(! __is_event_allowed("open",abspath,stage)) { |
132 |
+ __log_event("open",abspath,"DENIED",errno,stage); |
133 |
+ |
134 |
+ continue; |
135 |
+ } else |
136 |
+ break; |
137 |
+ } |
138 |
+ return ep; |
139 |
+} |
140 |
+ |
141 |
+ |
142 |
+// next two functions are almost equal |
143 |
+int readdir_r(DIR *dirp, struct dirent *entry, struct dirent **result){ |
144 |
+ char *stage=__get_stage(); |
145 |
+ char dirpath[MAXPATHLEN]; |
146 |
+ |
147 |
+ int fd; |
148 |
+ fd=dirfd(dirp); |
149 |
+ |
150 |
+ // get dirname in dirpath |
151 |
+ if (__get_path_by_fd(fd,dirpath,MAXPATHLEN)==-1) |
152 |
+ return _readdir_r(dirp, entry, result); |
153 |
+ |
154 |
+ int ret; |
155 |
+ |
156 |
+ while((ret=_readdir_r(dirp, entry, result))==0) { |
157 |
+ if(*result==NULL) { |
158 |
+ break; // end of directory |
159 |
+ } |
160 |
+ |
161 |
+ char fullpath[MAXPATHLEN]; |
162 |
+ snprintf(fullpath,MAXPATHLEN,"%s/%s",dirpath,entry->d_name); |
163 |
+ |
164 |
+ char abspath[MAXPATHLEN]; |
165 |
+ realpath(fullpath,abspath); |
166 |
+ |
167 |
+ if(! __is_event_allowed("open",abspath,stage)) { |
168 |
+ __log_event("open",abspath,"DENIED",errno,stage); |
169 |
+ |
170 |
+ continue; |
171 |
+ } else |
172 |
+ break; |
173 |
+ } |
174 |
+ |
175 |
+ return ret; |
176 |
+} |
177 |
+ |
178 |
+ |
179 |
+int readdir64_r(DIR *dirp, struct dirent64 *entry, struct dirent64 **result){ |
180 |
+ char *stage=__get_stage(); |
181 |
+ char dirpath[MAXPATHLEN]; |
182 |
+ |
183 |
+ int fd; |
184 |
+ fd=dirfd(dirp); |
185 |
+ |
186 |
+ // get dirname in dirpath |
187 |
+ if (__get_path_by_fd(fd,dirpath,MAXPATHLEN)==-1) |
188 |
+ return _readdir64_r(dirp, entry, result); |
189 |
+ |
190 |
+ int ret; |
191 |
+ |
192 |
+ while((ret=_readdir64_r(dirp, entry, result))==0) { |
193 |
+ if(*result==NULL) { |
194 |
+ break; // end of directory |
195 |
+ } |
196 |
+ |
197 |
+ char fullpath[MAXPATHLEN]; |
198 |
+ snprintf(fullpath,MAXPATHLEN,"%s/%s",dirpath,entry->d_name); |
199 |
+ |
200 |
+ char abspath[MAXPATHLEN]; |
201 |
+ realpath(fullpath,abspath); |
202 |
+ |
203 |
+ if(! __is_event_allowed("open",abspath,stage)) { |
204 |
+ __log_event("open",abspath,"DENIED",errno,stage); |
205 |
+ |
206 |
+ continue; |
207 |
+ } else |
208 |
+ break; |
209 |
+ } |
210 |
+ |
211 |
+ return ret; |
212 |
+} |
213 |
+ |
214 |
+ |
215 |
int setenv(const char *name, const char *value, int overwrite) { |
216 |
//printf (" CHANGING name: %s, value: %s",name,value); |
217 |
if(strcmp(name,"LD_PRELOAD")==0 || |