From f9d7cadf4b38f351221776d787dc07cc8314ad92 Mon Sep 17 00:00:00 2001
From: Gauravsingh Sisodia <xaerru@gmail.com>
Date: Mon, 17 Mar 2025 18:36:42 +0000
Subject: [PATCH] fix: create fopen wrapper and block default hostkey paths

Signed-off-by: Gauravsingh Sisodia <xaerru@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
---
 tests/CMakeLists.txt |  2 +-
 tests/fs_wrapper.c   | 41 +++++++++++++++++++++++++++++++++++++++++
 2 files changed, 42 insertions(+), 1 deletion(-)

diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
index 60604110..afd8eff9 100644
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt
@@ -332,7 +332,7 @@ if (CLIENT_TESTING OR SERVER_TESTING)
 
 
     set(TORTURE_ENVIRONMENT
-        "LD_PRELOAD=${SOCKET_WRAPPER_LIBRARY}:${NSS_WRAPPER_LIBRARY}:${UID_WRAPPER_LIBRARY}:${PAM_WRAPPER_LIBRARY}:${CHROOT_WRAPPER}:${FS_WRAPPER}")
+        "LD_PRELOAD=${FS_WRAPPER}:${SOCKET_WRAPPER_LIBRARY}:${NSS_WRAPPER_LIBRARY}:${UID_WRAPPER_LIBRARY}:${PAM_WRAPPER_LIBRARY}:${CHROOT_WRAPPER}")
     if (priv_wrapper_FOUND)
         list(APPEND TORTURE_ENVIRONMENT PRIV_WRAPPER=1 PRIV_WRAPPER_CHROOT_DISABLE=1)
         list(APPEND TORTURE_ENVIRONMENT PRIV_WRAPPER_PRCTL_DISABLE="ALL" PRIV_WRAPPER_SETRLIMIT_DISABLE="ALL")
diff --git a/tests/fs_wrapper.c b/tests/fs_wrapper.c
index 2df7406c..4dc200a2 100644
--- a/tests/fs_wrapper.c
+++ b/tests/fs_wrapper.c
@@ -6,6 +6,8 @@
 #include <string.h>
 #include <sys/stat.h>
 #include <unistd.h>
+#include <errno.h>
+#include <sys/syscall.h>
 
 /*******************************************************************************
  *                            Structs
@@ -211,3 +213,42 @@ statx(int dirfd,
 
     return rc;
 }
+
+static int is_file_blocked(const char *pathname)
+{
+    if (pathname == NULL) {
+        return 0;
+    }
+
+    static const char *blocked_files[] = {
+        /* Block for torture_gssapi_server_key_exchange_null */
+        "/etc/ssh/ssh_host_ecdsa_key",
+        "/etc/ssh/ssh_host_rsa_key",
+        "/etc/ssh/ssh_host_ed25519_key"
+    };
+
+    for (size_t i = 0; i < sizeof(blocked_files) / sizeof(blocked_files[0]); i++) {
+        if (strcmp(pathname, blocked_files[i]) == 0) {
+            errno = ENOENT;  /* No such file or directory */
+            return 1;
+        }
+    }
+    return 0;
+}
+
+#define WRAP_FOPEN(func_name) \
+FILE *func_name(const char *pathname, const char *mode) \
+{ \
+    typedef FILE *(*orig_func_t)(const char *pathname, const char *mode); \
+    static orig_func_t orig_func = NULL; \
+    if (orig_func == NULL) { \
+        orig_func = (orig_func_t)dlsym(RTLD_NEXT, #func_name); \
+    } \
+    if (is_file_blocked(pathname)) { \
+        return NULL; \
+    } \
+    return orig_func(pathname, mode); \
+}
+
+WRAP_FOPEN(fopen)
+WRAP_FOPEN(fopen64)