source: trunk/include/samhain.h@ 140

Last change on this file since 140 was 140, checked in by rainer, 17 years ago

Utility function for threaded modules.

File size: 12.6 KB
Line 
1/* SAMHAIN file system integrity testing */
2/* Copyright (C) 1999 Rainer Wichmann */
3/* */
4/* This program is free software; you can redistribute it */
5/* and/or modify */
6/* it under the terms of the GNU General Public License as */
7/* published by */
8/* the Free Software Foundation; either version 2 of the License, or */
9/* (at your option) any later version. */
10/* */
11/* This program is distributed in the hope that it will be useful, */
12/* but WITHOUT ANY WARRANTY; without even the implied warranty of */
13/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */
14/* GNU General Public License for more details. */
15/* */
16/* You should have received a copy of the GNU General Public License */
17/* along with this program; if not, write to the Free Software */
18/* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */
19
20#ifndef SAMHAIN_H
21#define SAMHAIN_H
22
23#include <sys/types.h>
24#include "slib.h"
25
26#ifdef SH_ENCRYPT
27#include "rijndael-api-fst.h"
28#endif
29
30/**************************************************
31 *
32 * STANDARD DEFINES
33 *
34 **************************************************/
35
36#define REPLACE_OLD
37
38/* Standard buffer sizes.
39 */
40#define SH_MINIBUF 64
41#define SH_BUFSIZE 1024
42#define SH_MAXBUF 4096
43#define SH_PATHBUF 256
44
45#define SH_ERRBUF_SIZE 64
46
47/* Sizes for arrays (user, group, timestamp).
48 */
49#define SOCKPASS_MAX 14
50#define USER_MAX 20
51#define GROUP_MAX 20
52#define TIM_MAX 32
53
54
55/* The number of bytes in a key,
56 * the number of chars in its hex repesentation,
57 * and the block size of the hash algorithm.
58 */
59#define KEY_BYT 24
60#define KEY_LEN 48
61#define KEY_BLOCK 24
62#define KEYBUF_SIZE (KEY_LEN+1)
63
64/* The length of the compiled-in password.
65 */
66#define PW_LEN 8
67
68#undef GOOD
69#define GOOD 1
70#undef BAD
71#define BAD 0
72#undef ON
73#define ON 1
74#undef OFF
75#define OFF 0
76#undef S_TRUE
77#define S_TRUE 1
78#undef S_FALSE
79#define S_FALSE 0
80
81/* An unsigned integer guaranteed to be 32 bit.
82 */
83#if defined(HAVE_INT_32)
84#define UINT32 unsigned int
85#define SINT32 int
86#elif defined(HAVE_LONG_32)
87#define UINT32 unsigned long
88#define SINT32 long
89#elif defined(HAVE_SHORT_32)
90#define UINT32 unsigned short
91#define SINT32 short
92#endif
93
94#ifdef HAVE_INTTYPES_H
95#include <inttypes.h>
96#else
97#ifdef HAVE_STDINT_H
98#include <stdint.h>
99#endif
100#endif
101
102#if !defined(HAVE_INTTYPES_H) && !defined(HAVE_STDINT_H)
103
104#ifdef HAVE_LONG_LONG_64
105#define UINT64 unsigned long long
106#else
107#ifdef HAVE_LONG_64
108#define UINT64 unsigned long
109#else
110#define UINT64_IS_32
111#define UINT64 unsigned long
112#endif
113#endif
114
115#else
116#define UINT64 uint64_t
117#endif
118
119
120
121#define UBYTE unsigned char
122
123
124enum {
125 SH_CHECK_NONE = 0,
126 SH_CHECK_INIT = 1,
127 SH_CHECK_CHECK = 2
128};
129
130enum {
131 SH_MOD_ACTIVE = 0,
132 SH_MOD_THREAD = 1,
133 SH_MOD_FAILED = 2
134};
135
136/* Flags for file status
137 */
138#define SH_FFLAG_ALLIGNORE (1<<0)
139#define SH_FFLAG_VISITED (1<<1)
140#define SH_FFLAG_CHECKED (1<<3)
141#define SH_FFLAG_REPORTED (1<<3)
142#define SH_FFLAG_SUIDCHK (1<<4)
143
144#define SH_FFLAG_ALLIGNORE_SET(a) (((a) & SH_FFLAG_ALLIGNORE) != 0)
145#define SET_SH_FFLAG_ALLIGNORE(a) ((a) |= SH_FFLAG_ALLIGNORE)
146#define CLEAR_SH_FFLAG_ALLIGNORE(a) ((a) &= ~SH_FFLAG_ALLIGNORE)
147
148#define SH_FFLAG_VISITED_SET(a) (((a) & SH_FFLAG_VISITED) != 0)
149#define SET_SH_FFLAG_VISITED(a) ((a) |= SH_FFLAG_VISITED)
150#define CLEAR_SH_FFLAG_VISITED(a) ((a) &= ~SH_FFLAG_VISITED)
151
152#define SH_FFLAG_CHECKED_SET(a) (((a) & SH_FFLAG_VISITED) != 0)
153#define SET_SH_FFLAG_CHECKED(a) ((a) |= SH_FFLAG_VISITED)
154#define CLEAR_SH_FFLAG_CHECKED(a) ((a) &= ~SH_FFLAG_VISITED)
155
156#define SH_FFLAG_REPORTED_SET(a) (((a) & SH_FFLAG_REPORTED) != 0)
157#define SET_SH_FFLAG_REPORTED(a) ((a) |= SH_FFLAG_REPORTED)
158#define CLEAR_SH_FFLAG_REPORTED(a) ((a) &= ~SH_FFLAG_REPORTED)
159
160#define SH_FFLAG_SUIDCHK_SET(a) (((a) & SH_FFLAG_SUIDCHK) != 0)
161#define SET_SH_FFLAG_SUIDCHK(a) ((a) |= SH_FFLAG_SUIDCHK)
162#define CLEAR_SH_FFLAG_SUIDCHK(a) ((a) &= ~SH_FFLAG_SUIDCHK)
163
164
165
166/**************************************************
167 *
168 * TYPEDEFS
169 *
170 **************************************************/
171
172enum {
173 SH_LEVEL_READONLY = 1,
174 SH_LEVEL_LOGFILES = 2,
175 SH_LEVEL_LOGGROW = 3,
176 SH_LEVEL_NOIGNORE = 4,
177 SH_LEVEL_ALLIGNORE = 5,
178 SH_LEVEL_ATTRIBUTES = 6,
179 SH_LEVEL_USER0 = 7,
180 SH_LEVEL_USER1 = 8,
181 SH_LEVEL_USER2 = 9,
182 SH_LEVEL_USER3 = 10,
183 SH_LEVEL_USER4 = 11,
184 SH_LEVEL_PRELINK = 12
185};
186
187typedef struct {
188 time_t alarm_interval;
189 time_t alarm_last;
190} sh_timer_t;
191
192typedef struct {
193 char path[SH_PATHBUF];
194 char hash[KEY_LEN+1];
195} sh_sh_df;
196
197typedef struct {
198 char user[USER_MAX];
199 char group[GROUP_MAX];
200 char home[SH_PATHBUF];
201 uid_t uid;
202 gid_t gid;
203} sh_sh_user;
204
205typedef struct {
206 char name[SH_PATHBUF]; /* local hostname */
207 char system[SH_MINIBUF]; /* system */
208 char release[SH_MINIBUF]; /* release */
209 char machine[SH_MINIBUF]; /* machine */
210} sh_sh_local;
211
212typedef struct {
213 char name[SH_PATHBUF];
214 char alt[SH_PATHBUF];
215} sh_sh_remote;
216
217typedef struct {
218 unsigned long bytes_hashed; /* bytes last check */
219 unsigned long bytes_speed; /* bytes/sec last check */
220 unsigned long mail_success; /* mails sent */
221 unsigned long mail_failed; /* mails not sent */
222 time_t time_start; /* start last check */
223 time_t time_check; /* time last check */
224 unsigned long dirs_checked; /* #dirs last check */
225 unsigned long files_checked; /* #files last check */
226} sh_sh_stat;
227
228typedef struct {
229 int exit; /* exit value */
230 int checkSum; /* whether to init/check checksums */
231 int update; /* update db */
232 int opts; /* reading cl options */
233 int isdaemon; /* daemon or not */
234 int loop; /* go in loop even if not daemon */
235 int nice; /* desired nicety */
236 int isserver; /* server or not */
237 int islocked; /* BAD if logfile not locked */
238 int smsg; /* GOOD if end message sent */
239 int log_start; /* TRUE if new audit trail */
240 int reportonce; /* TRUE if bad files only once rep.*/
241 int fulldetail; /* TRUE if full details requested */
242 int client_severity; /* TRUE if client severity used */
243 int client_class; /* TRUE if client class used */
244 int audit;
245 unsigned long aud_mask;
246 int hidefile; /* TRUE if file not reveled in log */
247} sh_sh_flag;
248
249typedef struct {
250
251 char prg_name[8];
252
253 sh_sh_df exec;
254 sh_sh_df conf;
255 sh_sh_df data;
256
257 sh_sh_user real;
258 sh_sh_user effective;
259 sh_sh_user run;
260
261 sh_sh_local host;
262
263 sh_sh_remote srvtime;
264 sh_sh_remote srvmail;
265 sh_sh_remote srvexport;
266 sh_sh_remote srvcons;
267 sh_sh_remote srvlog;
268
269 sh_sh_stat statistics;
270 sh_sh_flag flag;
271
272#ifdef SH_STEALTH
273 unsigned long off_data;
274#endif
275
276 sh_timer_t mailNum;
277 sh_timer_t mailTime;
278 sh_timer_t fileCheck;
279
280 int looptime; /* timing for main loop */
281 /*@null@*//*@out@*/ char * timezone;
282} sh_struct;
283
284
285extern volatile int sig_raised;
286extern volatile int sig_urgent;
287extern volatile int sig_debug_switch; /* SIGUSR1 */
288extern volatile int sig_suspend_switch; /* SIGUSR2 */
289extern volatile int sh_global_suspend_flag; /* SIGUSR2 */
290extern volatile int sig_fresh_trail; /* SIGIOT */
291extern volatile int sig_config_read_again; /* SIGHUP */
292extern volatile int sig_terminate; /* SIGQUIT */
293extern volatile int sig_termfast; /* SIGTERM */
294extern volatile int sig_force_check; /* SIGTTOU */
295
296extern long int eintr__result;
297
298extern int sh_argc_store;
299extern char ** sh_argv_store;
300
301#include "sh_calls.h"
302
303
304typedef struct {
305 char sh_sockpass[2*SOCKPASS_MAX+2];
306 char sigkey_old[KEY_LEN+1];
307 char sigkey_new[KEY_LEN+1];
308 char mailkey_old[KEY_LEN+1];
309 char mailkey_new[KEY_LEN+1];
310 char crypt[KEY_LEN+1];
311 char session[KEY_LEN+1];
312 char vernam[KEY_LEN+1];
313 int mlock_failed;
314
315 char pw[PW_LEN];
316
317 char poolv[KEY_BYT];
318 int poolc;
319
320 int rngI;
321 UINT32 rng0[3];
322 UINT32 rng1[3];
323 UINT32 rng2[3];
324
325 UINT32 ErrFlag[2];
326
327#ifdef SH_ENCRYPT
328 /*@out@*/ keyInstance keyInstE;
329 /*@out@*/ keyInstance keyInstD;
330#endif
331} sh_key_t;
332
333extern sh_struct sh;
334/*@null@*/ extern sh_key_t *skey;
335
336/**************************************************
337 *
338 * macros
339 *
340 **************************************************/
341
342#if defined(__GNUC__) && (__GNUC__ >= 4)
343#define SH_GNUC_NULL_TERMINATED __attribute__((__sentinel__))
344#else
345#define SH_GNUC_NULL_TERMINATED
346#endif
347
348/* The semantics of the built-in are that it is expected that expr == const
349 * for __builtin_expect ((expr), const)
350 */
351#if defined(__GNUC__) && (__GNUC__ > 2) && defined(__OPTIMIZE__)
352#define SH_LIKELY(expr) (__builtin_expect((expr), 1))
353#define SH_UNLIKELY(expr) (__builtin_expect((expr), 0))
354#else
355#define SH_LIKELY(expr) (expr)
356#define SH_UNLIKELY(expr) (expr)
357#endif
358
359/* signal-safe log function
360 */
361int safe_logger (int signal, int method, char * details);
362void safe_fatal (char * details, char *f, int l);
363
364#define SH_VALIDATE_EQ(a,b) \
365 do { \
366 if ((a) != (b)) safe_fatal(#a " != " #b, FIL__, __LINE__);\
367 } while (0)
368
369#define SH_VALIDATE_NE(a,b) \
370 do { \
371 if ((a) == (b)) safe_fatal(#a " == " #b, FIL__, __LINE__);\
372 } while (0)
373
374#define SH_VALIDATE_GE(a,b) \
375 do { \
376 if ((a) < (b)) safe_fatal(#a " < " #b, FIL__, __LINE__);\
377 } while (0)
378
379#if defined(HAVE_MLOCK) && !defined(HAVE_BROKEN_MLOCK)
380#define MLOCK(a, b) \
381 if ((skey != NULL) && skey->mlock_failed == SL_FALSE){ \
382 (void) sl_set_suid(); \
383 if (sh_unix_mlock(FIL__, __LINE__, a, b) < 0) skey->mlock_failed = SL_TRUE; \
384 (void) sl_unset_suid(); }
385#else
386#define MLOCK(a, b) \
387 ;
388#endif
389
390#if defined(HAVE_MLOCK) && !defined(HAVE_BROKEN_MLOCK)
391#define MUNLOCK(a, b) \
392 if ((skey != NULL) && skey->mlock_failed == SL_FALSE){ \
393 (void) sl_set_suid(); \
394 (void) sh_unix_munlock( a, b );\
395 (void) sl_unset_suid(); }
396#else
397#define MUNLOCK(a, b) \
398 ;
399#endif
400
401#ifdef SH_STEALTH
402void sh_do_encode (char * str, int len);
403#define sh_do_decode sh_do_encode
404#endif
405
406/* #if defined(SCREW_IT_UP)
407 * extern volatile int sh_not_traced;
408 * inline int sh_sigtrap_prepare();
409 * inline int sh_derr();
410 * #endif
411 */
412
413#if defined(SCREW_IT_UP) && (defined(__FreeBSD__) || defined(__linux__)) && defined(__i386__)
414#define BREAKEXIT(expr) \
415 do { \
416 int ixi; \
417 for (ixi = 0; ixi < 8; ++ixi) { \
418 if ((*(volatile unsigned *)((unsigned) expr + ixi) & 0xff) == 0xcc) \
419 _exit(EXIT_FAILURE); \
420 } \
421 } \
422 while (1 == 0)
423#else
424#define BREAKEXIT(expr)
425#endif
426
427
428
429#include "sh_cat.h"
430#include "sh_trace.h"
431#include "sh_mem.h"
432
433#endif
434
435/* CRIT: */
436/* NEW_CLIENT <client> */
437/* BAD_CLIENT <client> -- <details> */
438/* ERR_CLIENT <client> -- <details> */
439
440/* ALERT: */
441/* LOG_KEY samhain|yule <key> */
442/* STARTUP samhain|yule -- user <username> */
443/* EXIT samhain|yule */
444/* GOODSIG <file> <user> */
445/* FP_KEY <fingerprint> */
446/* GOODSIG_DAT <file> <user> */
447/* FP_KEY_DAT <fingerprint> */
448/* TIGER_CFG <file> <checksum> */
449/* TIGER_DAT <file> <checksum> */
450
451/* PANIC -- <details> */
452/* ERROR -- <details> */
453
454/* Policy */
455/* POLICY <code> <file> */
456/* <code> = MISSING || ADDED || NOT_A_DIRECTORY || <policy> */
457
458
459
Note: See TracBrowser for help on using the repository browser.