From 8f1c0713e3483d55c5ccd8c04f96355b1ed561eb Mon Sep 17 00:00:00 2001 From: Alexander Bersenev Date: Tue, 16 Aug 2011 13:30:19 +0000 Subject: access calls catching and disable show blocking events on readdir --- src/hook_lib/file_hook.c | 87 +++++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 82 insertions(+), 5 deletions(-) diff --git a/src/hook_lib/file_hook.c b/src/hook_lib/file_hook.c index 9f114ae..36e1328 100644 --- a/src/hook_lib/file_hook.c +++ b/src/hook_lib/file_hook.c @@ -54,6 +54,14 @@ int (*_readdir64_r)(DIR *dirp, struct dirent64 *entry, struct dirent64 **result); +int (*_access)(const char *pathname, int mode); +int (*_euidaccess)(const char *pathname, int mode); + +// these stat functions are only source level standart of glibc +// we no catch fxstat +int (*___xstat)(int vers, const char *name, struct stat *buf); +int (*___lxstat)(int vers, const char *name, struct stat *buf); + int (*_execve)(const char *filename, char *const argv[],char *const envp[]); int (*_execv)(const char *path, char *const argv[]); int (*_execvp)(const char *file, char *const argv[]); @@ -155,7 +163,12 @@ void _init() { _readdir64_r=(int (*)(DIR *dirp, struct dirent64 *entry, struct dirent64 **result)) dlsym(RTLD_NEXT, "readdir64_r"); - + _access=(int (*)(const char *pathname, int mode)) dlsym(RTLD_NEXT, "access"); + _euidaccess=(int (*)(const char *pathname, int mode)) dlsym(RTLD_NEXT, "euidaccess"); + + ___xstat=(int (*)(int vers, const char *name, struct stat *buf)) dlsym(RTLD_NEXT, "__xstat"); + ___lxstat=(int (*)(int vers, const char *name, struct stat *buf)) dlsym(RTLD_NEXT, "__lxstat"); + _fork = (pid_t (*)()) dlsym(RTLD_NEXT, "fork"); _execve = (int (*)(const char *filename, char *const argv[],char *const envp[])) dlsym(RTLD_NEXT, "execve"); @@ -177,6 +190,7 @@ void _init() { _read==NULL || _write==NULL || _mmap==NULL || _readdir==NULL || _readdir64 == NULL || _readdir_r==NULL || _readdir64_r==NULL || + _access==NULL || _euidaccess==NULL || _fork==NULL || _execve==NULL || _execv==NULL || _execvp==NULL || _execvpe==NULL || _fexecve==NULL || _system==NULL || _setenv==NULL || _close==NULL) { @@ -768,7 +782,7 @@ struct dirent *readdir(DIR *dirp) { realpath(fullpath,abspath); if(! __is_event_allowed("open",abspath,stage)) { - __log_event("open",abspath,"DENIED",errno,stage); + //__log_event("open",abspath,"DENIED",errno,stage); continue; } else @@ -798,7 +812,7 @@ struct dirent64 *readdir64(DIR *dirp) { realpath(fullpath,abspath); if(! __is_event_allowed("open",abspath,stage)) { - __log_event("open",abspath,"DENIED",errno,stage); + //__log_event("open",abspath,"DENIED",errno,stage); continue; } else @@ -834,7 +848,7 @@ int readdir_r(DIR *dirp, struct dirent *entry, struct dirent **result){ realpath(fullpath,abspath); if(! __is_event_allowed("open",abspath,stage)) { - __log_event("open",abspath,"DENIED",errno,stage); + //__log_event("open",abspath,"DENIED",errno,stage); continue; } else @@ -870,7 +884,7 @@ int readdir64_r(DIR *dirp, struct dirent64 *entry, struct dirent64 **result){ realpath(fullpath,abspath); if(! __is_event_allowed("open",abspath,stage)) { - __log_event("open",abspath,"DENIED",errno,stage); + //__log_event("open",abspath,"DENIED",errno,stage); continue; } else @@ -881,6 +895,69 @@ int readdir64_r(DIR *dirp, struct dirent64 *entry, struct dirent64 **result){ } +int __xstat (int vers, const char *name, struct stat *buf) { + char *stage=__get_stage(); + + char fullpath[MAXPATHLEN]; + realpath(name,fullpath); + + if(! __is_event_allowed("open",fullpath,stage)) + return -1; + + if(___xstat==NULL) + return -1; + + return ___xstat(vers,name,buf); +} + +int __lxstat (int vers, const char *name, struct stat *buf) { + char *stage=__get_stage(); + + char fullpath[MAXPATHLEN]; + realpath(name,fullpath); + + + if(! __is_event_allowed("open",fullpath,stage)) { + errno = 2; + return -1; + } + + if(___lxstat==NULL) + return -1; + + return ___lxstat(vers,name,buf); +} + +int access(const char *pathname, int mode) { + char *stage=__get_stage(); + + char fullpath[MAXPATHLEN]; + realpath(pathname,fullpath); + + if(! __is_event_allowed("open",fullpath,stage)) { + errno = 2; + return -1; + } + + return _access(pathname,mode); +} + +int euidaccess(const char *pathname, int mode) { + char *stage=__get_stage(); + + char fullpath[MAXPATHLEN]; + realpath(pathname,fullpath); + + if(! __is_event_allowed("open",fullpath,stage)) { + errno = 2; + return -1; + } + + return _euidaccess(pathname,mode); +} + + + int setenv(const char *name, const char *value, int overwrite) { //printf (" CHANGING name: %s, value: %s",name,value); if(strcmp(name,"LD_PRELOAD")==0 || -- cgit v1.2.3-65-gdbad