| 1 | /* SAMHAIN file system integrity testing                                   */ | 
|---|
| 2 | /* Copyright (C) 1999 Rainer Wichmann                                      */ | 
|---|
| 3 | /*                                                                         */ | 
|---|
| 4 | /*  This program is free software; you can redistribute it                 */ | 
|---|
| 5 | /*  and/or modify                                                          */ | 
|---|
| 6 | /*  it under the terms of the GNU General Public License as                */ | 
|---|
| 7 | /*  published by                                                           */ | 
|---|
| 8 | /*  the Free Software Foundation; either version 2 of the License, or      */ | 
|---|
| 9 | /*  (at your option) any later version.                                    */ | 
|---|
| 10 | /*                                                                         */ | 
|---|
| 11 | /*  This program is distributed in the hope that it will be useful,        */ | 
|---|
| 12 | /*  but WITHOUT ANY WARRANTY; without even the implied warranty of         */ | 
|---|
| 13 | /*  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the          */ | 
|---|
| 14 | /*  GNU General Public License for more details.                           */ | 
|---|
| 15 | /*                                                                         */ | 
|---|
| 16 | /*  You should have received a copy of the GNU General Public License      */ | 
|---|
| 17 | /*  along with this program; if not, write to the Free Software            */ | 
|---|
| 18 | /*  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.              */ | 
|---|
| 19 |  | 
|---|
| 20 | #ifndef SAMHAIN_H | 
|---|
| 21 | #define SAMHAIN_H | 
|---|
| 22 |  | 
|---|
| 23 | #include <sys/types.h> | 
|---|
| 24 | #include "slib.h" | 
|---|
| 25 |  | 
|---|
| 26 | #ifdef SH_ENCRYPT | 
|---|
| 27 | #include "rijndael-api-fst.h" | 
|---|
| 28 | #endif | 
|---|
| 29 |  | 
|---|
| 30 | /************************************************** | 
|---|
| 31 | * | 
|---|
| 32 | * STANDARD DEFINES | 
|---|
| 33 | * | 
|---|
| 34 | **************************************************/ | 
|---|
| 35 |  | 
|---|
| 36 | /* IPv6 */ | 
|---|
| 37 | #if defined(HAVE_GETNAMEINFO) && defined(HAVE_GETADDRINFO) | 
|---|
| 38 |  | 
|---|
| 39 | #if defined(SH_COMPILE_STATIC) && defined(__linux__) | 
|---|
| 40 | #undef USE_IPVX | 
|---|
| 41 | #define SH_SOCKMAX 1 | 
|---|
| 42 | #else | 
|---|
| 43 |  | 
|---|
| 44 | #if defined(USE_IPV4) | 
|---|
| 45 | #undef USE_IPVX | 
|---|
| 46 | #else | 
|---|
| 47 | #define USE_IPVX 1 | 
|---|
| 48 | #endif | 
|---|
| 49 |  | 
|---|
| 50 | #define SH_SOCKMAX 8 | 
|---|
| 51 | #endif | 
|---|
| 52 |  | 
|---|
| 53 | #else | 
|---|
| 54 | #undef USE_IPVX | 
|---|
| 55 | #define SH_SOCKMAX 1 | 
|---|
| 56 | #endif | 
|---|
| 57 |  | 
|---|
| 58 | /* end IPv6 */ | 
|---|
| 59 |  | 
|---|
| 60 | #define REPLACE_OLD | 
|---|
| 61 |  | 
|---|
| 62 | /* Standard buffer sizes. | 
|---|
| 63 | * IPv6 is 8 groups of 4 hex digits seperated by colons. | 
|---|
| 64 | */ | 
|---|
| 65 | #define SH_IP_BUF        48 | 
|---|
| 66 | #define SH_MINIBUF       64 | 
|---|
| 67 | #define SH_BUFSIZE     1024 | 
|---|
| 68 | #define SH_MAXBUF      4096 | 
|---|
| 69 | #define SH_PATHBUF      256 | 
|---|
| 70 | #define SH_MSG_BUF    64512 | 
|---|
| 71 |  | 
|---|
| 72 | #define SH_ERRBUF_SIZE   64 | 
|---|
| 73 |  | 
|---|
| 74 | /* MAX_PATH_STORE must be >= KEY_LEN | 
|---|
| 75 | */ | 
|---|
| 76 | #define MAX_PATH_STORE 12287 | 
|---|
| 77 |  | 
|---|
| 78 | /* Sizes for arrays (user, group, timestamp). | 
|---|
| 79 | */ | 
|---|
| 80 | #define SOCKPASS_MAX 14 | 
|---|
| 81 | #define USER_MAX     20 | 
|---|
| 82 | #define GROUP_MAX    20 | 
|---|
| 83 | #define TIM_MAX      32 | 
|---|
| 84 |  | 
|---|
| 85 | #define CMODE_SIZE   11 | 
|---|
| 86 |  | 
|---|
| 87 | #define ATTRBUF_SIZE 16 | 
|---|
| 88 | #define ATTRBUF_USED 12 | 
|---|
| 89 |  | 
|---|
| 90 | /* The number of bytes in a key, | 
|---|
| 91 | * the number of chars in its hex repesentation, | 
|---|
| 92 | * and the block size of the hash algorithm. | 
|---|
| 93 | */ | 
|---|
| 94 | #define KEY_BYT   24 | 
|---|
| 95 | #define KEY_LEN   48 | 
|---|
| 96 | #define KEY_BLOCK 24 | 
|---|
| 97 | #define KEYBUF_SIZE (KEY_LEN+1) | 
|---|
| 98 |  | 
|---|
| 99 | /* The length of the compiled-in password. | 
|---|
| 100 | */ | 
|---|
| 101 | #define PW_LEN     8 | 
|---|
| 102 |  | 
|---|
| 103 | #undef  GOOD | 
|---|
| 104 | #define GOOD  1 | 
|---|
| 105 | #undef  BAD | 
|---|
| 106 | #define BAD   0 | 
|---|
| 107 | #undef  ON | 
|---|
| 108 | #define ON    1 | 
|---|
| 109 | #undef  OFF | 
|---|
| 110 | #define OFF   0 | 
|---|
| 111 | #undef  S_TRUE | 
|---|
| 112 | #define S_TRUE    1 | 
|---|
| 113 | #undef  S_FALSE | 
|---|
| 114 | #define S_FALSE   0 | 
|---|
| 115 |  | 
|---|
| 116 | /* An unsigned integer guaranteed to be 32 bit. | 
|---|
| 117 | */ | 
|---|
| 118 | #if defined(HAVE_INT_32) | 
|---|
| 119 | #define UINT32 unsigned int | 
|---|
| 120 | #define SINT32 int | 
|---|
| 121 | #elif defined(HAVE_LONG_32) | 
|---|
| 122 | #define UINT32 unsigned long | 
|---|
| 123 | #define SINT32 long | 
|---|
| 124 | #elif defined(HAVE_SHORT_32) | 
|---|
| 125 | #define UINT32 unsigned short | 
|---|
| 126 | #define SINT32 short | 
|---|
| 127 | #else | 
|---|
| 128 | #error "No 32 bit integer type found" | 
|---|
| 129 | #endif | 
|---|
| 130 |  | 
|---|
| 131 | #ifdef HAVE_INTTYPES_H | 
|---|
| 132 | #include <inttypes.h> | 
|---|
| 133 | #endif | 
|---|
| 134 | #ifdef HAVE_STDINT_H | 
|---|
| 135 | #include <stdint.h> | 
|---|
| 136 | #endif | 
|---|
| 137 |  | 
|---|
| 138 | #if !defined(HAVE_UINT16_T) | 
|---|
| 139 | #define UINT16 unsigned short | 
|---|
| 140 | #else | 
|---|
| 141 | #define UINT16 uint16_t | 
|---|
| 142 | #endif | 
|---|
| 143 |  | 
|---|
| 144 | #if !defined(HAVE_UINT64_T) | 
|---|
| 145 |  | 
|---|
| 146 | #ifdef HAVE_LONG_LONG_64 | 
|---|
| 147 | #define  UINT64 unsigned long long | 
|---|
| 148 | #else | 
|---|
| 149 | #ifdef HAVE_LONG_64 | 
|---|
| 150 | #define  UINT64 unsigned long | 
|---|
| 151 | #else | 
|---|
| 152 | #error "no 64bit type found" | 
|---|
| 153 | #endif | 
|---|
| 154 | #endif | 
|---|
| 155 |  | 
|---|
| 156 | #else | 
|---|
| 157 | #define  UINT64 uint64_t | 
|---|
| 158 | #endif | 
|---|
| 159 |  | 
|---|
| 160 |  | 
|---|
| 161 |  | 
|---|
| 162 | #define UBYTE unsigned char | 
|---|
| 163 |  | 
|---|
| 164 | enum { | 
|---|
| 165 | SH_TIGER192    = 0, | 
|---|
| 166 | SH_SHA1        = 1, | 
|---|
| 167 | SH_MD5         = 2, | 
|---|
| 168 | SH_SHA256      = 3 | 
|---|
| 169 | }; | 
|---|
| 170 |  | 
|---|
| 171 |  | 
|---|
| 172 | enum { | 
|---|
| 173 | SH_CHECK_NONE    = 0, | 
|---|
| 174 | SH_CHECK_INIT    = 1, | 
|---|
| 175 | SH_CHECK_CHECK   = 2 | 
|---|
| 176 | }; | 
|---|
| 177 |  | 
|---|
| 178 | #define SH_MOD_THREAD  1 | 
|---|
| 179 | #define SH_MOD_ACTIVE  0 | 
|---|
| 180 | #define SH_MOD_FAILED -1 | 
|---|
| 181 | #define SH_MOD_OFFSET 10 | 
|---|
| 182 |  | 
|---|
| 183 | /* Flags for file status | 
|---|
| 184 | */ | 
|---|
| 185 | #define SH_FFLAG_ALLIGNORE (1<<0) | 
|---|
| 186 | #define SH_FFLAG_VISITED   (1<<1) | 
|---|
| 187 | #define SH_FFLAG_CHECKED   (1<<3) | 
|---|
| 188 | #define SH_FFLAG_REPORTED  (1<<3) | 
|---|
| 189 | #define SH_FFLAG_SUIDCHK   (1<<4) | 
|---|
| 190 | #define SH_FFLAG_ENOENT    (1<<5) | 
|---|
| 191 |  | 
|---|
| 192 | #define SH_FFLAG_ALLIGNORE_SET(a)   (((a) & SH_FFLAG_ALLIGNORE) != 0) | 
|---|
| 193 | #define SET_SH_FFLAG_ALLIGNORE(a)   ((a) |= SH_FFLAG_ALLIGNORE) | 
|---|
| 194 | #define CLEAR_SH_FFLAG_ALLIGNORE(a) ((a) &= ~SH_FFLAG_ALLIGNORE) | 
|---|
| 195 |  | 
|---|
| 196 | #define SH_FFLAG_VISITED_SET(a)     (((a) & SH_FFLAG_VISITED) != 0) | 
|---|
| 197 | #define SET_SH_FFLAG_VISITED(a)     ((a) |= SH_FFLAG_VISITED) | 
|---|
| 198 | #define CLEAR_SH_FFLAG_VISITED(a)   ((a) &= ~SH_FFLAG_VISITED) | 
|---|
| 199 |  | 
|---|
| 200 | #define SH_FFLAG_CHECKED_SET(a)     (((a) & SH_FFLAG_VISITED) != 0) | 
|---|
| 201 | #define SET_SH_FFLAG_CHECKED(a)     ((a) |= SH_FFLAG_VISITED) | 
|---|
| 202 | #define CLEAR_SH_FFLAG_CHECKED(a)   ((a) &= ~SH_FFLAG_VISITED) | 
|---|
| 203 |  | 
|---|
| 204 | #define SH_FFLAG_REPORTED_SET(a)    (((a) & SH_FFLAG_REPORTED) != 0) | 
|---|
| 205 | #define SET_SH_FFLAG_REPORTED(a)    ((a) |= SH_FFLAG_REPORTED) | 
|---|
| 206 | #define CLEAR_SH_FFLAG_REPORTED(a)  ((a) &= ~SH_FFLAG_REPORTED) | 
|---|
| 207 |  | 
|---|
| 208 | #define SH_FFLAG_SUIDCHK_SET(a)     (((a) & SH_FFLAG_SUIDCHK) != 0) | 
|---|
| 209 | #define SET_SH_FFLAG_SUIDCHK(a)     ((a) |= SH_FFLAG_SUIDCHK) | 
|---|
| 210 | #define CLEAR_SH_FFLAG_SUIDCHK(a)   ((a) &= ~SH_FFLAG_SUIDCHK) | 
|---|
| 211 |  | 
|---|
| 212 | #define SH_FFLAG_ENOENT_SET(a)      (((a) & SH_FFLAG_ENOENT) != 0) | 
|---|
| 213 | #define SET_SH_FFLAG_ENOENT(a)      ((a) |= SH_FFLAG_ENOENT) | 
|---|
| 214 | #define CLEAR_SH_FFLAG_ENOENT(a)    ((a) &= ~SH_FFLAG_ENOENT) | 
|---|
| 215 |  | 
|---|
| 216 | /* Flags for inotify | 
|---|
| 217 | */ | 
|---|
| 218 | #define SH_INOTIFY_USE      (1<<0) | 
|---|
| 219 | #define SH_INOTIFY_DOSCAN   (1<<1) | 
|---|
| 220 | #define SH_INOTIFY_NEEDINIT (1<<2) | 
|---|
| 221 | #define SH_INOTIFY_INSCAN   (1<<3) | 
|---|
| 222 | #define SH_INOTIFY_IFUSED(a)   if ((sh.flag.inotify & SH_INOTIFY_USE) != 0) { a } | 
|---|
| 223 |  | 
|---|
| 224 |  | 
|---|
| 225 | /************************************************** | 
|---|
| 226 | * | 
|---|
| 227 | * TYPEDEFS | 
|---|
| 228 | * | 
|---|
| 229 | **************************************************/ | 
|---|
| 230 |  | 
|---|
| 231 | enum { | 
|---|
| 232 | SH_LEVEL_READONLY    = 1, | 
|---|
| 233 | SH_LEVEL_LOGFILES    = 2, | 
|---|
| 234 | SH_LEVEL_LOGGROW     = 3, | 
|---|
| 235 | SH_LEVEL_NOIGNORE    = 4, | 
|---|
| 236 | SH_LEVEL_ALLIGNORE   = 5, | 
|---|
| 237 | SH_LEVEL_ATTRIBUTES  = 6, | 
|---|
| 238 | SH_LEVEL_USER0       = 7, | 
|---|
| 239 | SH_LEVEL_USER1       = 8, | 
|---|
| 240 | SH_LEVEL_USER2       = 9, | 
|---|
| 241 | SH_LEVEL_USER3       = 10, | 
|---|
| 242 | SH_LEVEL_USER4       = 11, | 
|---|
| 243 | SH_LEVEL_PRELINK     = 12 | 
|---|
| 244 | }; | 
|---|
| 245 |  | 
|---|
| 246 | typedef struct { | 
|---|
| 247 | time_t  alarm_interval; | 
|---|
| 248 | time_t  alarm_last; | 
|---|
| 249 | } sh_timer_t; | 
|---|
| 250 |  | 
|---|
| 251 | typedef struct { | 
|---|
| 252 | char   path[SH_PATHBUF]; | 
|---|
| 253 | char   hash[KEY_LEN+1]; | 
|---|
| 254 | } sh_sh_df; | 
|---|
| 255 |  | 
|---|
| 256 | typedef struct { | 
|---|
| 257 | char   user[USER_MAX]; | 
|---|
| 258 | char   group[GROUP_MAX]; | 
|---|
| 259 | char   home[SH_PATHBUF]; | 
|---|
| 260 | uid_t  uid; | 
|---|
| 261 | gid_t  gid; | 
|---|
| 262 | } sh_sh_user; | 
|---|
| 263 |  | 
|---|
| 264 | typedef struct { | 
|---|
| 265 | char   name[SH_PATHBUF];      /* local hostname                  */ | 
|---|
| 266 | char   system[SH_MINIBUF];    /* system                          */ | 
|---|
| 267 | char   release[SH_MINIBUF];   /* release                         */ | 
|---|
| 268 | char   machine[SH_MINIBUF];   /* machine                         */ | 
|---|
| 269 | } sh_sh_local; | 
|---|
| 270 |  | 
|---|
| 271 | typedef struct { | 
|---|
| 272 | char   name[SH_PATHBUF]; | 
|---|
| 273 | char   alt[SH_PATHBUF]; | 
|---|
| 274 | } sh_sh_remote; | 
|---|
| 275 |  | 
|---|
| 276 | typedef struct { | 
|---|
| 277 | unsigned long   bytes_hashed;  /* bytes     last check */ | 
|---|
| 278 | unsigned long   bytes_speed;   /* bytes/sec last check */ | 
|---|
| 279 | unsigned long   mail_success;  /* mails sent           */ | 
|---|
| 280 | unsigned long   mail_failed;   /* mails not sent       */ | 
|---|
| 281 | time_t          time_start;    /* start     last check */ | 
|---|
| 282 | time_t          time_check;    /* time      last check */ | 
|---|
| 283 | unsigned long   dirs_checked;  /* #dirs     last check */ | 
|---|
| 284 | unsigned long   files_checked; /* #files    last check */ | 
|---|
| 285 | unsigned long   files_report;  /* #file reports        */ | 
|---|
| 286 | unsigned long   files_error;   /* #file access error   */ | 
|---|
| 287 | unsigned long   files_nodir;   /* #file not a directory*/ | 
|---|
| 288 | } sh_sh_stat; | 
|---|
| 289 |  | 
|---|
| 290 | typedef struct { | 
|---|
| 291 | int    exit;                     /* exit value                      */ | 
|---|
| 292 | int    checkSum;                 /* whether to init/check checksums */ | 
|---|
| 293 | int    update;                   /* update db                       */ | 
|---|
| 294 | int    opts;                     /* reading cl options              */ | 
|---|
| 295 | int    started;                  /* finished with startup stuff     */ | 
|---|
| 296 | int    isdaemon;                 /* daemon or not                   */ | 
|---|
| 297 | int    loop;                     /* go in loop even if not daemon   */ | 
|---|
| 298 | int    nice;                     /* desired nicety                  */ | 
|---|
| 299 | int    isserver;                 /* server or not                   */ | 
|---|
| 300 | int    islocked;                 /* BAD if logfile not locked       */ | 
|---|
| 301 | int    smsg;                     /* GOOD if end message sent        */ | 
|---|
| 302 | int    log_start;                /* TRUE if new audit trail         */ | 
|---|
| 303 | int    reportonce;               /* TRUE if bad files only once rep.*/ | 
|---|
| 304 | int    fulldetail;               /* TRUE if full details requested  */ | 
|---|
| 305 | int    client_severity;          /* TRUE if client severity used    */ | 
|---|
| 306 | int    client_class;             /* TRUE if client class used       */ | 
|---|
| 307 | int    audit; | 
|---|
| 308 | unsigned long aud_mask; | 
|---|
| 309 | int    hidefile;                 /* TRUE if file not shown in log   */ | 
|---|
| 310 | int    inotify;                  /* Flags for inotify               */ | 
|---|
| 311 | } sh_sh_flag; | 
|---|
| 312 |  | 
|---|
| 313 | typedef struct { | 
|---|
| 314 |  | 
|---|
| 315 | char   prg_name[8]; | 
|---|
| 316 |  | 
|---|
| 317 | UINT64 pid; | 
|---|
| 318 |  | 
|---|
| 319 | sh_sh_df     exec; | 
|---|
| 320 | sh_sh_df     conf; | 
|---|
| 321 | sh_sh_df     data; | 
|---|
| 322 |  | 
|---|
| 323 | sh_sh_user   real; | 
|---|
| 324 | sh_sh_user   effective; | 
|---|
| 325 | sh_sh_user   run; | 
|---|
| 326 |  | 
|---|
| 327 | sh_sh_local  host; | 
|---|
| 328 |  | 
|---|
| 329 | sh_sh_remote srvtime; | 
|---|
| 330 | sh_sh_remote srvmail; | 
|---|
| 331 | sh_sh_remote srvexport; | 
|---|
| 332 | sh_sh_remote srvcons; | 
|---|
| 333 | sh_sh_remote srvlog; | 
|---|
| 334 |  | 
|---|
| 335 | sh_sh_stat   statistics; | 
|---|
| 336 | sh_sh_flag   flag; | 
|---|
| 337 |  | 
|---|
| 338 | #ifdef SH_STEALTH | 
|---|
| 339 | unsigned long off_data; | 
|---|
| 340 | #endif | 
|---|
| 341 |  | 
|---|
| 342 | sh_timer_t mailNum; | 
|---|
| 343 | sh_timer_t mailTime; | 
|---|
| 344 | sh_timer_t fileCheck; | 
|---|
| 345 |  | 
|---|
| 346 | int    looptime;                 /* timing for main loop            */ | 
|---|
| 347 | /*@null@*//*@out@*/ char   * timezone; | 
|---|
| 348 |  | 
|---|
| 349 | #ifdef SCREW_IT_UP | 
|---|
| 350 | int sigtrap_max_duration; | 
|---|
| 351 | #endif | 
|---|
| 352 |  | 
|---|
| 353 | } sh_struct; | 
|---|
| 354 |  | 
|---|
| 355 |  | 
|---|
| 356 | extern volatile  int      sig_raised; | 
|---|
| 357 | extern volatile  int      sig_urgent; | 
|---|
| 358 | extern volatile  int      sig_debug_switch;       /* SIGUSR1 */ | 
|---|
| 359 | extern volatile  int      sig_suspend_switch;     /* SIGUSR2 */ | 
|---|
| 360 | extern volatile  int      sh_global_suspend_flag; | 
|---|
| 361 | extern volatile  int      sig_fresh_trail;        /* SIGIOT  */ | 
|---|
| 362 | extern volatile  int      sh_thread_pause_flag; | 
|---|
| 363 | extern volatile  int      sig_config_read_again;  /* SIGHUP  */ | 
|---|
| 364 | extern volatile  int      sig_terminate;          /* SIGQUIT */ | 
|---|
| 365 | extern volatile  int      sig_termfast;           /* SIGTERM */ | 
|---|
| 366 | extern volatile  int      sig_force_check;        /* SIGTTOU */ | 
|---|
| 367 |  | 
|---|
| 368 | extern long int eintr__result; | 
|---|
| 369 |  | 
|---|
| 370 | extern int     sh_argc_store; | 
|---|
| 371 | extern char ** sh_argv_store; | 
|---|
| 372 |  | 
|---|
| 373 | #include "sh_calls.h" | 
|---|
| 374 |  | 
|---|
| 375 |  | 
|---|
| 376 | typedef struct { | 
|---|
| 377 | char   sh_sockpass[2*SOCKPASS_MAX+2]; | 
|---|
| 378 | char   sigkey_old[KEY_LEN+1]; | 
|---|
| 379 | char   sigkey_new[KEY_LEN+1]; | 
|---|
| 380 | char   mailkey_old[KEY_LEN+1]; | 
|---|
| 381 | char   mailkey_new[KEY_LEN+1]; | 
|---|
| 382 | char   crypt[KEY_LEN+1]; | 
|---|
| 383 | char   session[KEY_LEN+1]; | 
|---|
| 384 | char   vernam[KEY_LEN+1]; | 
|---|
| 385 | int    mlock_failed; | 
|---|
| 386 |  | 
|---|
| 387 | char   pw[PW_LEN]; | 
|---|
| 388 |  | 
|---|
| 389 | char   poolv[KEY_BYT]; | 
|---|
| 390 | int    poolc; | 
|---|
| 391 |  | 
|---|
| 392 | int    rngI; | 
|---|
| 393 | UINT32 rng0[3]; | 
|---|
| 394 | UINT32 rng1[3]; | 
|---|
| 395 | UINT32 rng2[3]; | 
|---|
| 396 |  | 
|---|
| 397 | UINT32 res_vec[6]; | 
|---|
| 398 |  | 
|---|
| 399 | UINT32 ErrFlag[2]; | 
|---|
| 400 |  | 
|---|
| 401 | #ifdef SH_ENCRYPT | 
|---|
| 402 | /*@out@*/ keyInstance             keyInstE; | 
|---|
| 403 | /*@out@*/ keyInstance             keyInstD; | 
|---|
| 404 | #endif | 
|---|
| 405 | } sh_key_t; | 
|---|
| 406 |  | 
|---|
| 407 | extern sh_struct sh; | 
|---|
| 408 | /*@null@*/ extern sh_key_t  *skey; | 
|---|
| 409 |  | 
|---|
| 410 | /************************************************** | 
|---|
| 411 | * | 
|---|
| 412 | * macros | 
|---|
| 413 | * | 
|---|
| 414 | **************************************************/ | 
|---|
| 415 |  | 
|---|
| 416 | #if defined(SH_ABORT_ON_ERROR) | 
|---|
| 417 | #define SH_ABORT abort() | 
|---|
| 418 | #else | 
|---|
| 419 | #define SH_ABORT | 
|---|
| 420 | #endif | 
|---|
| 421 |  | 
|---|
| 422 | #if defined(__GNUC__) && (__GNUC__ >= 4) | 
|---|
| 423 | #define SH_GNUC_SENTINEL __attribute__((__sentinel__)) | 
|---|
| 424 | #else | 
|---|
| 425 | #define SH_GNUC_SENTINEL | 
|---|
| 426 | #endif | 
|---|
| 427 |  | 
|---|
| 428 | #if defined(__GNUC__) && (__GNUC__ >= 3) | 
|---|
| 429 | #undef  SH_GNUC_PURE | 
|---|
| 430 | #define SH_GNUC_PURE     __attribute__((pure)) | 
|---|
| 431 | #undef  SH_GNUC_CONST | 
|---|
| 432 | #define SH_GNUC_CONST    __attribute__((const)) | 
|---|
| 433 | #undef  SH_GNUC_NORETURN | 
|---|
| 434 | #define SH_GNUC_NORETURN __attribute__((noreturn)) | 
|---|
| 435 | #undef  SH_GNUC_MALLOC | 
|---|
| 436 | #define SH_GNUC_MALLOC   __attribute__((malloc)) | 
|---|
| 437 | #else | 
|---|
| 438 | #undef  SH_GNUC_PURE | 
|---|
| 439 | #define SH_GNUC_PURE | 
|---|
| 440 | #undef  SH_GNUC_CONST | 
|---|
| 441 | #define SH_GNUC_CONST | 
|---|
| 442 | #undef  SH_GNUC_NORETURN | 
|---|
| 443 | #define SH_GNUC_NORETURN | 
|---|
| 444 | #undef  SH_GNUC_MALLOC | 
|---|
| 445 | #define SH_GNUC_MALLOC | 
|---|
| 446 | #endif | 
|---|
| 447 |  | 
|---|
| 448 |  | 
|---|
| 449 | /* The semantics of the built-in are that it is expected that expr == const | 
|---|
| 450 | * for __builtin_expect ((expr), const) | 
|---|
| 451 | */ | 
|---|
| 452 | #if defined(__GNUC__) && (__GNUC__ > 2) && defined(__OPTIMIZE__) | 
|---|
| 453 | #define SH_LIKELY(expr)   (__builtin_expect((expr), 1)) | 
|---|
| 454 | #define SH_UNLIKELY(expr) (__builtin_expect((expr), 0)) | 
|---|
| 455 | #else | 
|---|
| 456 | #define SH_LIKELY(expr) (expr) | 
|---|
| 457 | #define SH_UNLIKELY(expr) (expr) | 
|---|
| 458 | #endif | 
|---|
| 459 |  | 
|---|
| 460 | /* signal-safe log function | 
|---|
| 461 | */ | 
|---|
| 462 | int  safe_logger (int thesignal, int method, char * details); | 
|---|
| 463 | void safe_fatal  (const char * details, const char *f, int l); | 
|---|
| 464 |  | 
|---|
| 465 | #define SH_VALIDATE_EQ(a,b) \ | 
|---|
| 466 | do { \ | 
|---|
| 467 | if ((a) != (b)) safe_fatal(#a " != " #b, FIL__, __LINE__);\ | 
|---|
| 468 | } while (0) | 
|---|
| 469 |  | 
|---|
| 470 | #define SH_VALIDATE_NE(a,b) \ | 
|---|
| 471 | do { \ | 
|---|
| 472 | if ((a) == (b)) safe_fatal(#a " == " #b, FIL__, __LINE__);\ | 
|---|
| 473 | } while (0) | 
|---|
| 474 |  | 
|---|
| 475 | #define SH_VALIDATE_GE(a,b) \ | 
|---|
| 476 | do { \ | 
|---|
| 477 | if ((a) < (b)) safe_fatal(#a " < " #b, FIL__, __LINE__);\ | 
|---|
| 478 | } while (0) | 
|---|
| 479 |  | 
|---|
| 480 | #if defined(HAVE_MLOCK) && !defined(HAVE_BROKEN_MLOCK) | 
|---|
| 481 | #ifdef USE_SUID | 
|---|
| 482 | #define MLOCK(a, b) \ | 
|---|
| 483 | if ((skey != NULL) && skey->mlock_failed == SL_FALSE){ \ | 
|---|
| 484 | (void) sl_set_suid(); \ | 
|---|
| 485 | if (sh_unix_mlock(FIL__, __LINE__, a, b) < 0) skey->mlock_failed = SL_TRUE; \ | 
|---|
| 486 | (void) sl_unset_suid(); } | 
|---|
| 487 | #else | 
|---|
| 488 | #define MLOCK(a, b) \ | 
|---|
| 489 | if ((skey != NULL) && skey->mlock_failed == SL_FALSE){ \ | 
|---|
| 490 | if (sh_unix_mlock(FIL__, __LINE__, a, b) < 0) skey->mlock_failed = SL_TRUE; } | 
|---|
| 491 | #endif | 
|---|
| 492 | #else | 
|---|
| 493 | #define MLOCK(a, b) \ | 
|---|
| 494 | ; | 
|---|
| 495 | #endif | 
|---|
| 496 |  | 
|---|
| 497 | #if defined(HAVE_MLOCK) && !defined(HAVE_BROKEN_MLOCK) | 
|---|
| 498 | #ifdef USE_SUID | 
|---|
| 499 | #define MUNLOCK(a, b) \ | 
|---|
| 500 | if ((skey != NULL) && skey->mlock_failed == SL_FALSE){ \ | 
|---|
| 501 | (void) sl_set_suid(); \ | 
|---|
| 502 | (void) sh_unix_munlock( a, b );\ | 
|---|
| 503 | (void) sl_unset_suid(); } | 
|---|
| 504 | #else | 
|---|
| 505 | #define MUNLOCK(a, b) \ | 
|---|
| 506 | if ((skey != NULL) && skey->mlock_failed == SL_FALSE){ \ | 
|---|
| 507 | (void) sh_unix_munlock( a, b ); } | 
|---|
| 508 | #endif | 
|---|
| 509 | #else | 
|---|
| 510 | #define MUNLOCK(a, b) \ | 
|---|
| 511 | ; | 
|---|
| 512 | #endif | 
|---|
| 513 |  | 
|---|
| 514 | #ifdef SH_STEALTH | 
|---|
| 515 | void sh_do_encode (char * str, int len); | 
|---|
| 516 | #define sh_do_decode sh_do_encode | 
|---|
| 517 | #endif | 
|---|
| 518 |  | 
|---|
| 519 | /* #if defined(SCREW_IT_UP) | 
|---|
| 520 | * extern volatile int sh_not_traced; | 
|---|
| 521 | * inline int  sh_sigtrap_prepare(); | 
|---|
| 522 | * inline int  sh_derr(); | 
|---|
| 523 | * #endif | 
|---|
| 524 | */ | 
|---|
| 525 |  | 
|---|
| 526 | #if defined(SCREW_IT_UP) && (defined(__FreeBSD__) || defined(__linux__)) && defined(__i386__) | 
|---|
| 527 | #define BREAKEXIT(expr) \ | 
|---|
| 528 | do { \ | 
|---|
| 529 | int ixi; \ | 
|---|
| 530 | for (ixi = 0; ixi < 8; ++ixi) { \ | 
|---|
| 531 | if ((*(volatile unsigned *)((unsigned) expr + ixi) & 0xff) == 0xcc) \ | 
|---|
| 532 | _exit(EXIT_FAILURE); \ | 
|---|
| 533 | } \ | 
|---|
| 534 | } \ | 
|---|
| 535 | while (1 == 0) | 
|---|
| 536 | #else | 
|---|
| 537 | #define BREAKEXIT(expr) | 
|---|
| 538 | #endif | 
|---|
| 539 |  | 
|---|
| 540 |  | 
|---|
| 541 |  | 
|---|
| 542 | #include "sh_cat.h" | 
|---|
| 543 | #include "sh_trace.h" | 
|---|
| 544 | #include "sh_mem.h" | 
|---|
| 545 |  | 
|---|
| 546 | #endif | 
|---|
| 547 |  | 
|---|
| 548 | /* CRIT:                                       */ | 
|---|
| 549 | /* NEW_CLIENT  <client>                        */ | 
|---|
| 550 | /* BAD_CLIENT  <client> -- <details>           */ | 
|---|
| 551 | /* ERR_CLIENT  <client> -- <details>           */ | 
|---|
| 552 |  | 
|---|
| 553 | /* ALERT:                                      */ | 
|---|
| 554 | /* LOG_KEY     samhain|yule <key>              */ | 
|---|
| 555 | /* STARTUP     samhain|yule -- user <username> */ | 
|---|
| 556 | /* EXIT        samhain|yule                    */ | 
|---|
| 557 | /* GOODSIG     <file> <user>                   */ | 
|---|
| 558 | /* FP_KEY      <fingerprint>                   */ | 
|---|
| 559 | /* GOODSIG_DAT <file> <user>                   */ | 
|---|
| 560 | /* FP_KEY_DAT  <fingerprint>                   */ | 
|---|
| 561 | /* TIGER_CFG   <file> <checksum>               */ | 
|---|
| 562 | /* TIGER_DAT   <file> <checksum>               */ | 
|---|
| 563 |  | 
|---|
| 564 | /* PANIC       -- <details>                    */ | 
|---|
| 565 | /* ERROR       -- <details>                    */ | 
|---|
| 566 |  | 
|---|
| 567 | /* Policy                                      */ | 
|---|
| 568 | /* POLICY      <code> <file>                   */ | 
|---|
| 569 | /* <code> = MISSING || ADDED || NOT_A_DIRECTORY || <policy> */ | 
|---|
| 570 |  | 
|---|
| 571 |  | 
|---|
| 572 |  | 
|---|