forked from getlantern/lantern
-
Notifications
You must be signed in to change notification settings - Fork 0
/
copyPolicy.c
126 lines (111 loc) · 2.59 KB
/
copyPolicy.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
#define _GNU_SOURCE
#include <ctype.h>
#include <dirent.h>
#include <fcntl.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <sys/stat.h>
#include <sys/types.h>
#include "policy_jars.h"
#ifdef _WIN32
#include <windows.h>
//this is a total hack
int asprintf(char** strp, const char *format, ...) {
*strp = malloc(10000);
va_list args;
va_start (args, format);
int result = vsprintf (*strp, format, args);
va_end (args);
return result;
}
#endif
const char* POLICY_JARS [] = {
"local_policy.jar",
"US_export_policy.jar",
0
};
int file_exists_and_is_owned_by_root(const char* filename) {
//file exists (and has at least one byte)
FILE* in_fp = fopen(filename, "rb");
if (!in_fp) {
printf("No existing file to overwrite: %s\n", filename);
return 0;
}
int c = fgetc(in_fp);
if (c == EOF) {
printf("Existing file has no contents %s\n", filename);
fclose(in_fp);
return 0;
}
fclose(in_fp);
#ifdef _WIN32
// on Windows, we'll ignore the owner and lstat checks
// since setuid does not exist
return 1;
#else
struct stat info;
if (lstat(filename, &info)) {
printf("Can't lstat %s\n", filename);
return 0;
}
if (S_ISLNK(info.st_mode)) {
printf("Is symlink %s\n", filename);
//symlinks are forbidden
return 0;
}
if (info.st_uid==geteuid()) {
return 1;
} else {
printf("Wrong owner %s\n", filename);
return 0;
}
#endif
}
/*
write _len_ bytes from _data_ to the file named _dest_
*/
int write_file(const char* data, const int len, const char* dest) {
FILE* out_fp = fopen(dest, "wb");
if (!out_fp) {
char* error_message;
asprintf(&error_message,"failed to open output file %s for writing", dest);
perror(error_message);
free(error_message);
return 1;
}
size_t wrc = fwrite(data, 1, len, out_fp);
if (wrc != len) {
//too few bytes copied
printf("Too few bytes copied to %s\n", dest);
fclose(out_fp);
return 1;
}
if (ferror(out_fp)) {
perror("Error reading or writing");
fclose(out_fp);
return 1;
}
fclose(out_fp);
return 0;
}
int main(int argc, char** argv) {
if (argc != 2) {
printf("Required argument: path to JAVA_HOME\n");
return 1;
}
for (int i = 0; POLICY_JARS[i]; ++i) {
const char* jar = POLICY_JARS[i];
char* dest;
asprintf(&dest, "%s/lib/security/%s", argv[1], jar);
if (file_exists_and_is_owned_by_root(dest)) {
const char* data = POLICY_JAR_CONTENTS[i];
int len = POLICY_JAR_LEN[i];
if (write_file(data, len, dest)) {
return 1;
}
}
}
return 0;
}