Context Navigation

source: trunk/include/samhain.h @ 132

Last change on this file since 132 was 132, checked in by rainer, 12 years ago
Make utility functions thread-safe.
File size: 12.5 KB

Line
1	/* SAMHAIN file system integrity testing */
2	/* Copyright (C) 1999 Rainer Wichmann */
3	/* */
4	/* This program is free software; you can redistribute it */
5	/* and/or modify */
6	/* it under the terms of the GNU General Public License as */
7	/* published by */
8	/* the Free Software Foundation; either version 2 of the License, or */
9	/* (at your option) any later version. */
10	/* */
11	/* This program is distributed in the hope that it will be useful, */
12	/* but WITHOUT ANY WARRANTY; without even the implied warranty of */
13	/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */
14	/* GNU General Public License for more details. */
15	/* */
16	/* You should have received a copy of the GNU General Public License */
17	/* along with this program; if not, write to the Free Software */
18	/* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */
19
20	#ifndef SAMHAIN_H
21	#define SAMHAIN_H
22
23	#include <sys/types.h>
24	#include "slib.h"
25
26	#ifdef SH_ENCRYPT
27	#include "rijndael-api-fst.h"
28	#endif
29
30	/**************************************************
31	*
32	* STANDARD DEFINES
33	*
34	**************************************************/
35
36	#define REPLACE_OLD
37
38	/* Standard buffer sizes.
39	*/
40	#define SH_MINIBUF 64
41	#define SH_BUFSIZE 1024
42	#define SH_MAXBUF 4096
43	#define SH_PATHBUF 256
44
45	#define SH_GRBUF_SIZE 4096
46	#define SH_PWBUF_SIZE 4096
47	#define SH_ERRBUF_SIZE 64
48
49	/* Sizes for arrays (user, group, timestamp).
50	*/
51	#define SOCKPASS_MAX 14
52	#define USER_MAX 20
53	#define GROUP_MAX 20
54	#define TIM_MAX 32
55
56
57	/* The number of bytes in a key,
58	* the number of chars in its hex repesentation,
59	* and the block size of the hash algorithm.
60	*/
61	#define KEY_BYT 24
62	#define KEY_LEN 48
63	#define KEY_BLOCK 24
64
65	/* The length of the compiled-in password.
66	*/
67	#define PW_LEN 8
68
69	#undef GOOD
70	#define GOOD 1
71	#undef BAD
72	#define BAD 0
73	#undef ON
74	#define ON 1
75	#undef OFF
76	#define OFF 0
77	#undef S_TRUE
78	#define S_TRUE 1
79	#undef S_FALSE
80	#define S_FALSE 0
81
82	/* An unsigned integer guaranteed to be 32 bit.
83	*/
84	#if defined(HAVE_INT_32)
85	#define UINT32 unsigned int
86	#define SINT32 int
87	#elif defined(HAVE_LONG_32)
88	#define UINT32 unsigned long
89	#define SINT32 long
90	#elif defined(HAVE_SHORT_32)
91	#define UINT32 unsigned short
92	#define SINT32 short
93	#endif
94
95	#ifdef HAVE_INTTYPES_H
96	#include <inttypes.h>
97	#else
98	#ifdef HAVE_STDINT_H
99	#include <stdint.h>
100	#endif
101	#endif
102
103	#if !defined(HAVE_INTTYPES_H) && !defined(HAVE_STDINT_H)
104
105	#ifdef HAVE_LONG_LONG_64
106	#define UINT64 unsigned long long
107	#else
108	#ifdef HAVE_LONG_64
109	#define UINT64 unsigned long
110	#else
111	#define UINT64_IS_32
112	#define UINT64 unsigned long
113	#endif
114	#endif
115
116	#else
117	#define UINT64 uint64_t
118	#endif
119
120
121
122	#define UBYTE unsigned char
123
124
125	enum {
126	SH_CHECK_NONE = 0,
127	SH_CHECK_INIT = 1,
128	SH_CHECK_CHECK = 2
129	};
130
131	/* Flags for file status
132	*/
133	#define SH_FFLAG_ALLIGNORE (1<<0)
134	#define SH_FFLAG_VISITED (1<<1)
135	#define SH_FFLAG_CHECKED (1<<3)
136	#define SH_FFLAG_REPORTED (1<<3)
137	#define SH_FFLAG_SUIDCHK (1<<4)
138
139	#define SH_FFLAG_ALLIGNORE_SET(a) (((a) & SH_FFLAG_ALLIGNORE) != 0)
140	#define SET_SH_FFLAG_ALLIGNORE(a) ((a) \|= SH_FFLAG_ALLIGNORE)
141	#define CLEAR_SH_FFLAG_ALLIGNORE(a) ((a) &= ~SH_FFLAG_ALLIGNORE)
142
143	#define SH_FFLAG_VISITED_SET(a) (((a) & SH_FFLAG_VISITED) != 0)
144	#define SET_SH_FFLAG_VISITED(a) ((a) \|= SH_FFLAG_VISITED)
145	#define CLEAR_SH_FFLAG_VISITED(a) ((a) &= ~SH_FFLAG_VISITED)
146
147	#define SH_FFLAG_CHECKED_SET(a) (((a) & SH_FFLAG_VISITED) != 0)
148	#define SET_SH_FFLAG_CHECKED(a) ((a) \|= SH_FFLAG_VISITED)
149	#define CLEAR_SH_FFLAG_CHECKED(a) ((a) &= ~SH_FFLAG_VISITED)
150
151	#define SH_FFLAG_REPORTED_SET(a) (((a) & SH_FFLAG_REPORTED) != 0)
152	#define SET_SH_FFLAG_REPORTED(a) ((a) \|= SH_FFLAG_REPORTED)
153	#define CLEAR_SH_FFLAG_REPORTED(a) ((a) &= ~SH_FFLAG_REPORTED)
154
155	#define SH_FFLAG_SUIDCHK_SET(a) (((a) & SH_FFLAG_SUIDCHK) != 0)
156	#define SET_SH_FFLAG_SUIDCHK(a) ((a) \|= SH_FFLAG_SUIDCHK)
157	#define CLEAR_SH_FFLAG_SUIDCHK(a) ((a) &= ~SH_FFLAG_SUIDCHK)
158
159
160
161	/**************************************************
162	*
163	* TYPEDEFS
164	*
165	**************************************************/
166
167	enum {
168	SH_LEVEL_READONLY = 1,
169	SH_LEVEL_LOGFILES = 2,
170	SH_LEVEL_LOGGROW = 3,
171	SH_LEVEL_NOIGNORE = 4,
172	SH_LEVEL_ALLIGNORE = 5,
173	SH_LEVEL_ATTRIBUTES = 6,
174	SH_LEVEL_USER0 = 7,
175	SH_LEVEL_USER1 = 8,
176	SH_LEVEL_USER2 = 9,
177	SH_LEVEL_USER3 = 10,
178	SH_LEVEL_USER4 = 11,
179	SH_LEVEL_PRELINK = 12
180	};
181
182	typedef struct {
183	time_t alarm_interval;
184	time_t alarm_last;
185	} sh_timer_t;
186
187	typedef struct {
188	char path[SH_PATHBUF];
189	char hash[KEY_LEN+1];
190	} sh_sh_df;
191
192	typedef struct {
193	char user[USER_MAX];
194	char group[GROUP_MAX];
195	char home[SH_PATHBUF];
196	uid_t uid;
197	gid_t gid;
198	} sh_sh_user;
199
200	typedef struct {
201	char name[SH_PATHBUF]; /* local hostname */
202	char system[SH_MINIBUF]; /* system */
203	char release[SH_MINIBUF]; /* release */
204	char machine[SH_MINIBUF]; /* machine */
205	} sh_sh_local;
206
207	typedef struct {
208	char name[SH_PATHBUF];
209	char alt[SH_PATHBUF];
210	} sh_sh_remote;
211
212	typedef struct {
213	unsigned long bytes_hashed; /* bytes last check */
214	unsigned long bytes_speed; /* bytes/sec last check */
215	unsigned long mail_success; /* mails sent */
216	unsigned long mail_failed; /* mails not sent */
217	time_t time_start; /* start last check */
218	time_t time_check; /* time last check */
219	unsigned long dirs_checked; /* #dirs last check */
220	unsigned long files_checked; /* #files last check */
221	} sh_sh_stat;
222
223	typedef struct {
224	int exit; /* exit value */
225	int checkSum; /* whether to init/check checksums */
226	int update; /* update db */
227	int opts; /* reading cl options */
228	int isdaemon; /* daemon or not */
229	int loop; /* go in loop even if not daemon */
230	int nice; /* desired nicety */
231	int isserver; /* server or not */
232	int islocked; /* BAD if logfile not locked */
233	int smsg; /* GOOD if end message sent */
234	int log_start; /* TRUE if new audit trail */
235	int reportonce; /* TRUE if bad files only once rep.*/
236	int fulldetail; /* TRUE if full details requested */
237	int client_severity; /* TRUE if client severity used */
238	int client_class; /* TRUE if client class used */
239	int audit;
240	unsigned long aud_mask;
241	int hidefile; /* TRUE if file not reveled in log */
242	} sh_sh_flag;
243
244	typedef struct {
245
246	char prg_name[8];
247
248	sh_sh_df exec;
249	sh_sh_df conf;
250	sh_sh_df data;
251
252	sh_sh_user real;
253	sh_sh_user effective;
254	sh_sh_user run;
255
256	sh_sh_local host;
257
258	sh_sh_remote srvtime;
259	sh_sh_remote srvmail;
260	sh_sh_remote srvexport;
261	sh_sh_remote srvcons;
262	sh_sh_remote srvlog;
263
264	sh_sh_stat statistics;
265	sh_sh_flag flag;
266
267	#ifdef SH_STEALTH
268	unsigned long off_data;
269	#endif
270
271	sh_timer_t mailNum;
272	sh_timer_t mailTime;
273	sh_timer_t fileCheck;
274
275	int looptime; /* timing for main loop */
276	/@null@//@out@/ char * timezone;
277	} sh_struct;
278
279
280	extern volatile int sig_raised;
281	extern volatile int sig_urgent;
282	extern volatile int sig_debug_switch; /* SIGUSR1 */
283	extern volatile int sig_suspend_switch; /* SIGUSR2 */
284	extern volatile int sh_global_suspend_flag; /* SIGUSR2 */
285	extern volatile int sig_fresh_trail; /* SIGIOT */
286	extern volatile int sig_config_read_again; /* SIGHUP */
287	extern volatile int sig_terminate; /* SIGQUIT */
288	extern volatile int sig_termfast; /* SIGTERM */
289	extern volatile int sig_force_check; /* SIGTTOU */
290
291	extern long int eintr__result;
292
293	extern int sh_argc_store;
294	extern char ** sh_argv_store;
295
296	#include "sh_calls.h"
297
298
299	typedef struct {
300	char sh_sockpass[2*SOCKPASS_MAX+2];
301	char sigkey_old[KEY_LEN+1];
302	char sigkey_new[KEY_LEN+1];
303	char mailkey_old[KEY_LEN+1];
304	char mailkey_new[KEY_LEN+1];
305	char crypt[KEY_LEN+1];
306	char session[KEY_LEN+1];
307	char vernam[KEY_LEN+1];
308	int mlock_failed;
309
310	char pw[PW_LEN];
311
312	char poolv[KEY_BYT];
313	int poolc;
314
315	int rngI;
316	UINT32 rng0[3];
317	UINT32 rng1[3];
318	UINT32 rng2[3];
319
320	UINT32 ErrFlag[2];
321
322	#ifdef SH_ENCRYPT
323	/@out@/ keyInstance keyInstE;
324	/@out@/ keyInstance keyInstD;
325	#endif
326	} sh_key_t;
327
328	extern sh_struct sh;
329	/@null@/ extern sh_key_t *skey;
330
331	/**************************************************
332	*
333	* macros
334	*
335	**************************************************/
336
337	#if defined(__GNUC__) && (__GNUC__ >= 4)
338	#define SH_GNUC_NULL_TERMINATED __attribute__((__sentinel__))
339	#else
340	#define SH_GNUC_NULL_TERMINATED
341	#endif
342
343	/* The semantics of the built-in are that it is expected that expr == const
344	* for __builtin_expect ((expr), const)
345	*/
346	#if defined(__GNUC__) && (__GNUC__ > 2) && defined(__OPTIMIZE__)
347	#define SH_LIKELY(expr) (__builtin_expect((expr), 1))
348	#define SH_UNLIKELY(expr) (__builtin_expect((expr), 0))
349	#else
350	#define SH_LIKELY(expr) (expr)
351	#define SH_UNLIKELY(expr) (expr)
352	#endif
353
354	/* signal-safe log function
355	*/
356	int safe_logger (int signal, int method, char * details);
357	void safe_fatal (char * details, char *f, int l);
358
359	#define SH_VALIDATE_EQ(a,b) \
360	do { \
361	if ((a) != (b)) safe_fatal(#a " != " #b, FIL__, __LINE__);\
362	} while (0)
363
364	#define SH_VALIDATE_NE(a,b) \
365	do { \
366	if ((a) == (b)) safe_fatal(#a " == " #b, FIL__, __LINE__);\
367	} while (0)
368
369	#define SH_VALIDATE_GE(a,b) \
370	do { \
371	if ((a) < (b)) safe_fatal(#a " < " #b, FIL__, __LINE__);\
372	} while (0)
373
374	#if defined(HAVE_MLOCK) && !defined(HAVE_BROKEN_MLOCK)
375	#define MLOCK(a, b) \
376	if ((skey != NULL) && skey->mlock_failed == SL_FALSE){ \
377	(void) sl_set_suid(); \
378	if (sh_unix_mlock(FIL__, __LINE__, a, b) < 0) skey->mlock_failed = SL_TRUE; \
379	(void) sl_unset_suid(); }
380	#else
381	#define MLOCK(a, b) \
382	;
383	#endif
384
385	#if defined(HAVE_MLOCK) && !defined(HAVE_BROKEN_MLOCK)
386	#define MUNLOCK(a, b) \
387	if ((skey != NULL) && skey->mlock_failed == SL_FALSE){ \
388	(void) sl_set_suid(); \
389	(void) sh_unix_munlock( a, b );\
390	(void) sl_unset_suid(); }
391	#else
392	#define MUNLOCK(a, b) \
393	;
394	#endif
395
396	#ifdef SH_STEALTH
397	void sh_do_encode (char * str, int len);
398	#define sh_do_decode sh_do_encode
399	#endif
400
401	/* #if defined(SCREW_IT_UP)
402	* extern volatile int sh_not_traced;
403	* inline int sh_sigtrap_prepare();
404	* inline int sh_derr();
405	* #endif
406	*/
407
408	#if defined(SCREW_IT_UP) && (defined(__FreeBSD__) \|\| defined(__linux__)) && defined(__i386__)
409	#define BREAKEXIT(expr) \
410	do { \
411	int ixi; \
412	for (ixi = 0; ixi < 8; ++ixi) { \
413	if (((volatile unsigned )((unsigned) expr + ixi) & 0xff) == 0xcc) \
414	_exit(EXIT_FAILURE); \
415	} \
416	} \
417	while (1 == 0)
418	#else
419	#define BREAKEXIT(expr)
420	#endif
421
422
423
424	#include "sh_cat.h"
425	#include "sh_trace.h"
426	#include "sh_mem.h"
427
428	#endif
429
430	/* CRIT: */
431	/* NEW_CLIENT <client> */
432	/* BAD_CLIENT <client> -- <details> */
433	/* ERR_CLIENT <client> -- <details> */
434
435	/* ALERT: */
436	/* LOG_KEY samhain\|yule <key> */
437	/* STARTUP samhain\|yule -- user <username> */
438	/* EXIT samhain\|yule */
439	/* GOODSIG <file> <user> */
440	/* FP_KEY <fingerprint> */
441	/* GOODSIG_DAT <file> <user> */
442	/* FP_KEY_DAT <fingerprint> */
443	/* TIGER_CFG <file> <checksum> */
444	/* TIGER_DAT <file> <checksum> */
445
446	/* PANIC -- <details> */
447	/* ERROR -- <details> */
448
449	/* Policy */
450	/* POLICY <code> <file> */
451	/* <code> = MISSING \|\| ADDED \|\| NOT_A_DIRECTORY \|\| <policy> */
452
453
454

Note: See TracBrowser for help on using the repository browser.

Download in other formats: