Context Navigation

source: trunk/include/samhain.h@ 138

Last change on this file since 138 was 138, checked in by rainer, 17 years ago
More fixes for compile and runtime errors.
File size: 12.5 KB

Line
1	/* SAMHAIN file system integrity testing */
2	/* Copyright (C) 1999 Rainer Wichmann */
3	/* */
4	/* This program is free software; you can redistribute it */
5	/* and/or modify */
6	/* it under the terms of the GNU General Public License as */
7	/* published by */
8	/* the Free Software Foundation; either version 2 of the License, or */
9	/* (at your option) any later version. */
10	/* */
11	/* This program is distributed in the hope that it will be useful, */
12	/* but WITHOUT ANY WARRANTY; without even the implied warranty of */
13	/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */
14	/* GNU General Public License for more details. */
15	/* */
16	/* You should have received a copy of the GNU General Public License */
17	/* along with this program; if not, write to the Free Software */
18	/* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */
19
20	#ifndef SAMHAIN_H
21	#define SAMHAIN_H
22
23	#include <sys/types.h>
24	#include "slib.h"
25
26	#ifdef SH_ENCRYPT
27	#include "rijndael-api-fst.h"
28	#endif
29
30	/**************************************************
31	*
32	* STANDARD DEFINES
33	*
34	**************************************************/
35
36	#define REPLACE_OLD
37
38	/* Standard buffer sizes.
39	*/
40	#define SH_MINIBUF 64
41	#define SH_BUFSIZE 1024
42	#define SH_MAXBUF 4096
43	#define SH_PATHBUF 256
44
45	#define SH_ERRBUF_SIZE 64
46
47	/* Sizes for arrays (user, group, timestamp).
48	*/
49	#define SOCKPASS_MAX 14
50	#define USER_MAX 20
51	#define GROUP_MAX 20
52	#define TIM_MAX 32
53
54
55	/* The number of bytes in a key,
56	* the number of chars in its hex repesentation,
57	* and the block size of the hash algorithm.
58	*/
59	#define KEY_BYT 24
60	#define KEY_LEN 48
61	#define KEY_BLOCK 24
62	#define KEYBUF_SIZE (KEY_LEN+1)
63
64	/* The length of the compiled-in password.
65	*/
66	#define PW_LEN 8
67
68	#undef GOOD
69	#define GOOD 1
70	#undef BAD
71	#define BAD 0
72	#undef ON
73	#define ON 1
74	#undef OFF
75	#define OFF 0
76	#undef S_TRUE
77	#define S_TRUE 1
78	#undef S_FALSE
79	#define S_FALSE 0
80
81	/* An unsigned integer guaranteed to be 32 bit.
82	*/
83	#if defined(HAVE_INT_32)
84	#define UINT32 unsigned int
85	#define SINT32 int
86	#elif defined(HAVE_LONG_32)
87	#define UINT32 unsigned long
88	#define SINT32 long
89	#elif defined(HAVE_SHORT_32)
90	#define UINT32 unsigned short
91	#define SINT32 short
92	#endif
93
94	#ifdef HAVE_INTTYPES_H
95	#include <inttypes.h>
96	#else
97	#ifdef HAVE_STDINT_H
98	#include <stdint.h>
99	#endif
100	#endif
101
102	#if !defined(HAVE_INTTYPES_H) && !defined(HAVE_STDINT_H)
103
104	#ifdef HAVE_LONG_LONG_64
105	#define UINT64 unsigned long long
106	#else
107	#ifdef HAVE_LONG_64
108	#define UINT64 unsigned long
109	#else
110	#define UINT64_IS_32
111	#define UINT64 unsigned long
112	#endif
113	#endif
114
115	#else
116	#define UINT64 uint64_t
117	#endif
118
119
120
121	#define UBYTE unsigned char
122
123
124	enum {
125	SH_CHECK_NONE = 0,
126	SH_CHECK_INIT = 1,
127	SH_CHECK_CHECK = 2
128	};
129
130	/* Flags for file status
131	*/
132	#define SH_FFLAG_ALLIGNORE (1<<0)
133	#define SH_FFLAG_VISITED (1<<1)
134	#define SH_FFLAG_CHECKED (1<<3)
135	#define SH_FFLAG_REPORTED (1<<3)
136	#define SH_FFLAG_SUIDCHK (1<<4)
137
138	#define SH_FFLAG_ALLIGNORE_SET(a) (((a) & SH_FFLAG_ALLIGNORE) != 0)
139	#define SET_SH_FFLAG_ALLIGNORE(a) ((a) \|= SH_FFLAG_ALLIGNORE)
140	#define CLEAR_SH_FFLAG_ALLIGNORE(a) ((a) &= ~SH_FFLAG_ALLIGNORE)
141
142	#define SH_FFLAG_VISITED_SET(a) (((a) & SH_FFLAG_VISITED) != 0)
143	#define SET_SH_FFLAG_VISITED(a) ((a) \|= SH_FFLAG_VISITED)
144	#define CLEAR_SH_FFLAG_VISITED(a) ((a) &= ~SH_FFLAG_VISITED)
145
146	#define SH_FFLAG_CHECKED_SET(a) (((a) & SH_FFLAG_VISITED) != 0)
147	#define SET_SH_FFLAG_CHECKED(a) ((a) \|= SH_FFLAG_VISITED)
148	#define CLEAR_SH_FFLAG_CHECKED(a) ((a) &= ~SH_FFLAG_VISITED)
149
150	#define SH_FFLAG_REPORTED_SET(a) (((a) & SH_FFLAG_REPORTED) != 0)
151	#define SET_SH_FFLAG_REPORTED(a) ((a) \|= SH_FFLAG_REPORTED)
152	#define CLEAR_SH_FFLAG_REPORTED(a) ((a) &= ~SH_FFLAG_REPORTED)
153
154	#define SH_FFLAG_SUIDCHK_SET(a) (((a) & SH_FFLAG_SUIDCHK) != 0)
155	#define SET_SH_FFLAG_SUIDCHK(a) ((a) \|= SH_FFLAG_SUIDCHK)
156	#define CLEAR_SH_FFLAG_SUIDCHK(a) ((a) &= ~SH_FFLAG_SUIDCHK)
157
158
159
160	/**************************************************
161	*
162	* TYPEDEFS
163	*
164	**************************************************/
165
166	enum {
167	SH_LEVEL_READONLY = 1,
168	SH_LEVEL_LOGFILES = 2,
169	SH_LEVEL_LOGGROW = 3,
170	SH_LEVEL_NOIGNORE = 4,
171	SH_LEVEL_ALLIGNORE = 5,
172	SH_LEVEL_ATTRIBUTES = 6,
173	SH_LEVEL_USER0 = 7,
174	SH_LEVEL_USER1 = 8,
175	SH_LEVEL_USER2 = 9,
176	SH_LEVEL_USER3 = 10,
177	SH_LEVEL_USER4 = 11,
178	SH_LEVEL_PRELINK = 12
179	};
180
181	typedef struct {
182	time_t alarm_interval;
183	time_t alarm_last;
184	} sh_timer_t;
185
186	typedef struct {
187	char path[SH_PATHBUF];
188	char hash[KEY_LEN+1];
189	} sh_sh_df;
190
191	typedef struct {
192	char user[USER_MAX];
193	char group[GROUP_MAX];
194	char home[SH_PATHBUF];
195	uid_t uid;
196	gid_t gid;
197	} sh_sh_user;
198
199	typedef struct {
200	char name[SH_PATHBUF]; /* local hostname */
201	char system[SH_MINIBUF]; /* system */
202	char release[SH_MINIBUF]; /* release */
203	char machine[SH_MINIBUF]; /* machine */
204	} sh_sh_local;
205
206	typedef struct {
207	char name[SH_PATHBUF];
208	char alt[SH_PATHBUF];
209	} sh_sh_remote;
210
211	typedef struct {
212	unsigned long bytes_hashed; /* bytes last check */
213	unsigned long bytes_speed; /* bytes/sec last check */
214	unsigned long mail_success; /* mails sent */
215	unsigned long mail_failed; /* mails not sent */
216	time_t time_start; /* start last check */
217	time_t time_check; /* time last check */
218	unsigned long dirs_checked; /* #dirs last check */
219	unsigned long files_checked; /* #files last check */
220	} sh_sh_stat;
221
222	typedef struct {
223	int exit; /* exit value */
224	int checkSum; /* whether to init/check checksums */
225	int update; /* update db */
226	int opts; /* reading cl options */
227	int isdaemon; /* daemon or not */
228	int loop; /* go in loop even if not daemon */
229	int nice; /* desired nicety */
230	int isserver; /* server or not */
231	int islocked; /* BAD if logfile not locked */
232	int smsg; /* GOOD if end message sent */
233	int log_start; /* TRUE if new audit trail */
234	int reportonce; /* TRUE if bad files only once rep.*/
235	int fulldetail; /* TRUE if full details requested */
236	int client_severity; /* TRUE if client severity used */
237	int client_class; /* TRUE if client class used */
238	int audit;
239	unsigned long aud_mask;
240	int hidefile; /* TRUE if file not reveled in log */
241	} sh_sh_flag;
242
243	typedef struct {
244
245	char prg_name[8];
246
247	sh_sh_df exec;
248	sh_sh_df conf;
249	sh_sh_df data;
250
251	sh_sh_user real;
252	sh_sh_user effective;
253	sh_sh_user run;
254
255	sh_sh_local host;
256
257	sh_sh_remote srvtime;
258	sh_sh_remote srvmail;
259	sh_sh_remote srvexport;
260	sh_sh_remote srvcons;
261	sh_sh_remote srvlog;
262
263	sh_sh_stat statistics;
264	sh_sh_flag flag;
265
266	#ifdef SH_STEALTH
267	unsigned long off_data;
268	#endif
269
270	sh_timer_t mailNum;
271	sh_timer_t mailTime;
272	sh_timer_t fileCheck;
273
274	int looptime; /* timing for main loop */
275	/@null@//@out@/ char * timezone;
276	} sh_struct;
277
278
279	extern volatile int sig_raised;
280	extern volatile int sig_urgent;
281	extern volatile int sig_debug_switch; /* SIGUSR1 */
282	extern volatile int sig_suspend_switch; /* SIGUSR2 */
283	extern volatile int sh_global_suspend_flag; /* SIGUSR2 */
284	extern volatile int sig_fresh_trail; /* SIGIOT */
285	extern volatile int sig_config_read_again; /* SIGHUP */
286	extern volatile int sig_terminate; /* SIGQUIT */
287	extern volatile int sig_termfast; /* SIGTERM */
288	extern volatile int sig_force_check; /* SIGTTOU */
289
290	extern long int eintr__result;
291
292	extern int sh_argc_store;
293	extern char ** sh_argv_store;
294
295	#include "sh_calls.h"
296
297
298	typedef struct {
299	char sh_sockpass[2*SOCKPASS_MAX+2];
300	char sigkey_old[KEY_LEN+1];
301	char sigkey_new[KEY_LEN+1];
302	char mailkey_old[KEY_LEN+1];
303	char mailkey_new[KEY_LEN+1];
304	char crypt[KEY_LEN+1];
305	char session[KEY_LEN+1];
306	char vernam[KEY_LEN+1];
307	int mlock_failed;
308
309	char pw[PW_LEN];
310
311	char poolv[KEY_BYT];
312	int poolc;
313
314	int rngI;
315	UINT32 rng0[3];
316	UINT32 rng1[3];
317	UINT32 rng2[3];
318
319	UINT32 ErrFlag[2];
320
321	#ifdef SH_ENCRYPT
322	/@out@/ keyInstance keyInstE;
323	/@out@/ keyInstance keyInstD;
324	#endif
325	} sh_key_t;
326
327	extern sh_struct sh;
328	/@null@/ extern sh_key_t *skey;
329
330	/**************************************************
331	*
332	* macros
333	*
334	**************************************************/
335
336	#if defined(__GNUC__) && (__GNUC__ >= 4)
337	#define SH_GNUC_NULL_TERMINATED __attribute__((__sentinel__))
338	#else
339	#define SH_GNUC_NULL_TERMINATED
340	#endif
341
342	/* The semantics of the built-in are that it is expected that expr == const
343	* for __builtin_expect ((expr), const)
344	*/
345	#if defined(__GNUC__) && (__GNUC__ > 2) && defined(__OPTIMIZE__)
346	#define SH_LIKELY(expr) (__builtin_expect((expr), 1))
347	#define SH_UNLIKELY(expr) (__builtin_expect((expr), 0))
348	#else
349	#define SH_LIKELY(expr) (expr)
350	#define SH_UNLIKELY(expr) (expr)
351	#endif
352
353	/* signal-safe log function
354	*/
355	int safe_logger (int signal, int method, char * details);
356	void safe_fatal (char * details, char *f, int l);
357
358	#define SH_VALIDATE_EQ(a,b) \
359	do { \
360	if ((a) != (b)) safe_fatal(#a " != " #b, FIL__, __LINE__);\
361	} while (0)
362
363	#define SH_VALIDATE_NE(a,b) \
364	do { \
365	if ((a) == (b)) safe_fatal(#a " == " #b, FIL__, __LINE__);\
366	} while (0)
367
368	#define SH_VALIDATE_GE(a,b) \
369	do { \
370	if ((a) < (b)) safe_fatal(#a " < " #b, FIL__, __LINE__);\
371	} while (0)
372
373	#if defined(HAVE_MLOCK) && !defined(HAVE_BROKEN_MLOCK)
374	#define MLOCK(a, b) \
375	if ((skey != NULL) && skey->mlock_failed == SL_FALSE){ \
376	(void) sl_set_suid(); \
377	if (sh_unix_mlock(FIL__, __LINE__, a, b) < 0) skey->mlock_failed = SL_TRUE; \
378	(void) sl_unset_suid(); }
379	#else
380	#define MLOCK(a, b) \
381	;
382	#endif
383
384	#if defined(HAVE_MLOCK) && !defined(HAVE_BROKEN_MLOCK)
385	#define MUNLOCK(a, b) \
386	if ((skey != NULL) && skey->mlock_failed == SL_FALSE){ \
387	(void) sl_set_suid(); \
388	(void) sh_unix_munlock( a, b );\
389	(void) sl_unset_suid(); }
390	#else
391	#define MUNLOCK(a, b) \
392	;
393	#endif
394
395	#ifdef SH_STEALTH
396	void sh_do_encode (char * str, int len);
397	#define sh_do_decode sh_do_encode
398	#endif
399
400	/* #if defined(SCREW_IT_UP)
401	* extern volatile int sh_not_traced;
402	* inline int sh_sigtrap_prepare();
403	* inline int sh_derr();
404	* #endif
405	*/
406
407	#if defined(SCREW_IT_UP) && (defined(__FreeBSD__) \|\| defined(__linux__)) && defined(__i386__)
408	#define BREAKEXIT(expr) \
409	do { \
410	int ixi; \
411	for (ixi = 0; ixi < 8; ++ixi) { \
412	if (((volatile unsigned )((unsigned) expr + ixi) & 0xff) == 0xcc) \
413	_exit(EXIT_FAILURE); \
414	} \
415	} \
416	while (1 == 0)
417	#else
418	#define BREAKEXIT(expr)
419	#endif
420
421
422
423	#include "sh_cat.h"
424	#include "sh_trace.h"
425	#include "sh_mem.h"
426
427	#endif
428
429	/* CRIT: */
430	/* NEW_CLIENT <client> */
431	/* BAD_CLIENT <client> -- <details> */
432	/* ERR_CLIENT <client> -- <details> */
433
434	/* ALERT: */
435	/* LOG_KEY samhain\|yule <key> */
436	/* STARTUP samhain\|yule -- user <username> */
437	/* EXIT samhain\|yule */
438	/* GOODSIG <file> <user> */
439	/* FP_KEY <fingerprint> */
440	/* GOODSIG_DAT <file> <user> */
441	/* FP_KEY_DAT <fingerprint> */
442	/* TIGER_CFG <file> <checksum> */
443	/* TIGER_DAT <file> <checksum> */
444
445	/* PANIC -- <details> */
446	/* ERROR -- <details> */
447
448	/* Policy */
449	/* POLICY <code> <file> */
450	/* <code> = MISSING \|\| ADDED \|\| NOT_A_DIRECTORY \|\| <policy> */
451
452
453

Note: See TracBrowser for help on using the repository browser.

Download in other formats: