diff options
author | Niels Provos <provos@cvs.openbsd.org> | 2002-06-05 16:09:21 +0000 |
---|---|---|
committer | Niels Provos <provos@cvs.openbsd.org> | 2002-06-05 16:09:21 +0000 |
commit | 77d313c8754158ee248701c5ff4bfc45e4cd1a99 (patch) | |
tree | a2edf076a790ee7ed203d5ca2e6aba0c503837b2 | |
parent | f7a3988cc804a04caf1ca135c8eab792edb05667 (diff) |
inpath logic, for example, filename inpath "$CWD"
-rw-r--r-- | bin/systrace/filter.c | 31 | ||||
-rw-r--r-- | bin/systrace/lex.l | 1 | ||||
-rw-r--r-- | bin/systrace/parse.y | 13 |
3 files changed, 43 insertions, 2 deletions
diff --git a/bin/systrace/filter.c b/bin/systrace/filter.c index 7a005211105..6dbfe3ed65c 100644 --- a/bin/systrace/filter.c +++ b/bin/systrace/filter.c @@ -1,4 +1,4 @@ -/* $OpenBSD: filter.c,v 1.4 2002/06/05 15:59:52 provos Exp $ */ +/* $OpenBSD: filter.c,v 1.5 2002/06/05 16:09:20 provos Exp $ */ /* * Copyright 2002 Niels Provos <provos@citi.umich.edu> * All rights reserved. @@ -466,6 +466,35 @@ filter_negstringmatch(struct intercept_translate *tl, struct logic *logic) } int +filter_inpath(struct intercept_translate *tl, struct logic *logic) +{ + char *line, c; + int len; + + if ((line = intercept_translate_print(tl)) == NULL) + return (0); + + len = strlen(line); + if (len == 0 || len > strlen(logic->filterdata)) + return (0); + + /* Root is always in path */ + if (len == 1) + return (line[0] == '/'); + + /* Complete filename needs to fit */ + if (strncmp(line, logic->filterdata, len)) + return (0); + + /* Termination has to be \0 or / */ + c = ((char *)logic->filterdata)[len]; + if (c != '/' && c != '\0') + return (0); + + return (1); +} + +int filter_true(struct intercept_translate *tl, struct logic *logic) { return (1); diff --git a/bin/systrace/lex.l b/bin/systrace/lex.l index b8828f615dc..4ac4e66abb4 100644 --- a/bin/systrace/lex.l +++ b/bin/systrace/lex.l @@ -77,6 +77,7 @@ eq { return EQ; } neq { return NEQ; } sub { return SUB; } nsub { return NSUB; } +inpath { return INPATH; } true { return TRUE; } "->" { return THEN; } \( { return LBRACE; } diff --git a/bin/systrace/parse.y b/bin/systrace/parse.y index 8391b675407..9c55f398147 100644 --- a/bin/systrace/parse.y +++ b/bin/systrace/parse.y @@ -50,6 +50,7 @@ int filter_stringmatch(struct intercept_translate *, struct logic *); int filter_negstringmatch(struct intercept_translate *, struct logic *); int filter_substrmatch(struct intercept_translate *, struct logic *); int filter_negsubstrmatch(struct intercept_translate *, struct logic *); +int filter_inpath(struct intercept_translate *, struct logic *); int filter_true(struct intercept_translate *, struct logic *); struct logic *parse_newsymbol(char *, int, char *); @@ -63,7 +64,7 @@ struct filter *myfilter; %} %token AND OR NOT LBRACE RBRACE LSQBRACE RSQBRACE THEN MATCH PERMIT DENY -%token EQ NEQ TRUE SUB NSUB +%token EQ NEQ TRUE SUB NSUB INPATH %token <string> STRING %token <string> CMDSTRING %token <number> NUMBER @@ -226,6 +227,16 @@ symbol : STRING typeoff MATCH CMDSTRING node->filter_match = filter_negsubstrmatch; $$ = node; } + | STRING typeoff INPATH CMDSTRING +{ + struct logic *node; + + if ((node = parse_newsymbol($1, $2, $4)) == NULL) + break; + + node->filter_match = filter_inpath; + $$ = node; +} | TRUE { struct logic *node; |