From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1QoLQx-0005Ab-8Q for garchives@archives.gentoo.org; Tue, 02 Aug 2011 20:19:23 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 3A2FF21C060; Tue, 2 Aug 2011 20:19:16 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) by pigeon.gentoo.org (Postfix) with ESMTP id E998521C060 for ; Tue, 2 Aug 2011 20:19:14 +0000 (UTC) Received: from pelican.gentoo.org (unknown [66.219.59.40]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id EBD381B400D for ; Tue, 2 Aug 2011 20:19:13 +0000 (UTC) Received: from localhost.localdomain (localhost [127.0.0.1]) by pelican.gentoo.org (Postfix) with ESMTP id 521573C004 for ; Tue, 2 Aug 2011 20:19:13 +0000 (UTC) From: "Александр Берсенев" To: gentoo-commits@lists.gentoo.org Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Александр Берсенев" Message-ID: Subject: [gentoo-commits] proj/autodep:master commit in: src/hook_lib/ X-VCS-Repository: proj/autodep X-VCS-Files: src/hook_lib/file_hook.c X-VCS-Directories: src/hook_lib/ X-VCS-Committer: bay X-VCS-Committer-Name: Александр Берсенев X-VCS-Revision: bd663fa24ca37b2ea697e782f6548e6133f8365f Date: Tue, 2 Aug 2011 20:19:13 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: quoted-printable X-Archives-Salt: X-Archives-Hash: c9da58b6db3c5c9f764e1e9a5b528759 commit: bd663fa24ca37b2ea697e782f6548e6133f8365f Author: Alexander Bersenev hackerdom ru> AuthorDate: Wed Aug 3 02:18:25 2011 +0000 Commit: =D0=90=D0=BB=D0=B5=D0=BA=D1=81=D0=B0=D0=BD=D0=B4=D1=80 =D0=91= =D0=B5=D1=80=D1=81=D0=B5=D0=BD=D0=B5=D0=B2 hackerdom ru> CommitDate: Wed Aug 3 02:18:25 2011 +0000 URL: http://git.overlays.gentoo.org/gitweb/?p=3Dproj/autodep.git;a= =3Dcommit;h=3Dbd663fa2 hooklib: hide blocked files in directories --- src/hook_lib/file_hook.c | 158 ++++++++++++++++++++++++++++++++++++++++= +++++- 1 files changed, 156 insertions(+), 2 deletions(-) diff --git a/src/hook_lib/file_hook.c b/src/hook_lib/file_hook.c index 555d6dc..9f114ae 100644 --- a/src/hook_lib/file_hook.c +++ b/src/hook_lib/file_hook.c @@ -11,6 +11,8 @@ #include #include =20 +#include + #define _FCNTL_H #include =20 @@ -19,7 +21,7 @@ #include #include =20 -#define MAXPATHLEN 1024 +#define MAXPATHLEN PATH_MAX #define MAXSOCKETPATHLEN 108 #define MAXFILEBUFFLEN 2048 =20 @@ -44,6 +46,13 @@ size_t (*_fwrite)(const void *ptr, size_t size, size_t= nmemb, FILE *stream); void *(*_mmap)(void *addr, size_t length, int prot, int flags, int fd, off_t offset); =20 +struct dirent * (*_readdir)(DIR *dirp); +struct dirent64 * (*_readdir64)(DIR *dirp); +int (*_readdir_r)(DIR *dirp, struct dirent *entry,=20 + struct dirent **result); +int (*_readdir64_r)(DIR *dirp, struct dirent64 *entry,=20 + struct dirent64 **result); + =20 int (*_execve)(const char *filename, char *const argv[],char *const envp= []); int (*_execv)(const char *path, char *const argv[]); @@ -139,6 +148,12 @@ void _init() { =20 _mmap=3D(void* (*)(void *addr, size_t length, int prot, int flags, int fd, off_t offset)) dlsym(RTLD_NEXT, "mmap"); + _readdir=3D(struct dirent * (*)(DIR *dirp)) dlsym(RTLD_NEXT, "readdir"= ); + _readdir64=3D(struct dirent64 * (*)(DIR *dirp)) dlsym(RTLD_NEXT, "read= dir64"); + _readdir_r=3D(int (*)(DIR *dirp, struct dirent *entry,=20 + struct dirent **result)) dlsym(RTLD_NEXT, "readdir_r"); + _readdir64_r=3D(int (*)(DIR *dirp, struct dirent64 *entry,=20 + struct dirent64 **result)) dlsym(RTLD_NEXT, "readdir64_r"); =20 =20 _fork =3D (pid_t (*)()) dlsym(RTLD_NEXT, "fork"); @@ -159,7 +174,9 @@ void _init() { =20 if(_open=3D=3DNULL || _open64=3D=3DNULL ||=20 _fopen=3D=3DNULL || _fopen64=3D=3DNULL ||=20 - _read=3D=3DNULL || _write=3D=3DNULL || _mmap=3D=3DNULL || + _read=3D=3DNULL || _write=3D=3DNULL || _mmap=3D=3DNULL ||=20 + _readdir=3D=3DNULL || _readdir64 =3D=3D NULL || _readdir_r=3D=3DNULL = ||=20 + _readdir64_r=3D=3DNULL || _fork=3D=3DNULL ||=20 _execve=3D=3DNULL || _execv=3D=3DNULL || _execvp=3D=3DNULL || _execvp= e=3D=3DNULL ||=20 _fexecve=3D=3DNULL || _system=3D=3DNULL || _setenv=3D=3DNULL || _clos= e=3D=3DNULL) { @@ -727,6 +744,143 @@ void *mmap(void *addr, size_t length, int prot, int= flags, return ret; } =20 +// directory reading hooks +// the strategy for all functions is basic: skip the file if it is block= ed +// all function are in two very similar variants: 32bit and 64bit +struct dirent *readdir(DIR *dirp) { + char *stage=3D__get_stage(); + struct dirent *ep; + + char dirpath[MAXPATHLEN]; + + int fd; + fd=3Ddirfd(dirp); + =20 + // get dirname in dirpath + if (__get_path_by_fd(fd,dirpath,MAXPATHLEN)=3D=3D-1) + return _readdir(dirp); + =20 + while((ep=3D_readdir(dirp))!=3DNULL) { // Hope that readdir is not lo= oping + char fullpath[MAXPATHLEN];=09 + snprintf(fullpath,MAXPATHLEN,"%s/%s",dirpath,ep->d_name); + + char abspath[MAXPATHLEN]; + realpath(fullpath,abspath); + + if(! __is_event_allowed("open",abspath,stage)) { + __log_event("open",abspath,"DENIED",errno,stage); + =20 + continue; + } else + break; + } + return ep; +} + +struct dirent64 *readdir64(DIR *dirp) { + char *stage=3D__get_stage(); + struct dirent64 *ep; + + char dirpath[MAXPATHLEN]; + + int fd; + fd=3Ddirfd(dirp); + =20 + // get dirname in dirpath + if (__get_path_by_fd(fd,dirpath,MAXPATHLEN)=3D=3D-1) + return _readdir64(dirp); + =20 + while((ep=3D_readdir64(dirp))!=3DNULL) { // Hope that readdir is not = looping + char fullpath[MAXPATHLEN];=09 + snprintf(fullpath,MAXPATHLEN,"%s/%s",dirpath,ep->d_name); + + char abspath[MAXPATHLEN]; + realpath(fullpath,abspath); + + if(! __is_event_allowed("open",abspath,stage)) { + __log_event("open",abspath,"DENIED",errno,stage); + =20 + continue; + } else + break; + } + return ep; +} + + +// next two functions are almost equal +int readdir_r(DIR *dirp, struct dirent *entry, struct dirent **result){ + char *stage=3D__get_stage(); + char dirpath[MAXPATHLEN]; + + int fd; + fd=3Ddirfd(dirp); + + // get dirname in dirpath + if (__get_path_by_fd(fd,dirpath,MAXPATHLEN)=3D=3D-1) + return _readdir_r(dirp, entry, result); + + int ret; + =20 + while((ret=3D_readdir_r(dirp, entry, result))=3D=3D0) { + if(*result=3D=3DNULL) { + break; // end of directory + } +=09 + char fullpath[MAXPATHLEN];=09 + snprintf(fullpath,MAXPATHLEN,"%s/%s",dirpath,entry->d_name); +=09 + char abspath[MAXPATHLEN]; + realpath(fullpath,abspath); + =09 + if(! __is_event_allowed("open",abspath,stage)) { + __log_event("open",abspath,"DENIED",errno,stage); + =20 + continue; + } else + break; + } + =20 + return ret; +} + + +int readdir64_r(DIR *dirp, struct dirent64 *entry, struct dirent64 **res= ult){ + char *stage=3D__get_stage(); + char dirpath[MAXPATHLEN]; + + int fd; + fd=3Ddirfd(dirp); + + // get dirname in dirpath + if (__get_path_by_fd(fd,dirpath,MAXPATHLEN)=3D=3D-1) + return _readdir64_r(dirp, entry, result); + + int ret; + =20 + while((ret=3D_readdir64_r(dirp, entry, result))=3D=3D0) { + if(*result=3D=3DNULL) { + break; // end of directory + } +=09 + char fullpath[MAXPATHLEN];=09 + snprintf(fullpath,MAXPATHLEN,"%s/%s",dirpath,entry->d_name); +=09 + char abspath[MAXPATHLEN]; + realpath(fullpath,abspath); + =09 + if(! __is_event_allowed("open",abspath,stage)) { + __log_event("open",abspath,"DENIED",errno,stage); + =20 + continue; + } else + break; + } + =20 + return ret; +} + + int setenv(const char *name, const char *value, int overwrite) { //printf (" CHANGING name: %s, value: %s",name,value); if(strcmp(name,"LD_PRELOAD")=3D=3D0 ||