Context Navigation

source: trunk/include/samhain.h@ 149

Last change on this file since 149 was 149, checked in by katerina, 17 years ago
Make sh_hash.c thread-safe, remove plenty of tiny allocations, improve sh_mem_dump, modify port check to run as thread, and fix unsetting of sh_thread_pause_flag (was too early).
File size: 13.2 KB

Line
1	/* SAMHAIN file system integrity testing */
2	/* Copyright (C) 1999 Rainer Wichmann */
3	/* */
4	/* This program is free software; you can redistribute it */
5	/* and/or modify */
6	/* it under the terms of the GNU General Public License as */
7	/* published by */
8	/* the Free Software Foundation; either version 2 of the License, or */
9	/* (at your option) any later version. */
10	/* */
11	/* This program is distributed in the hope that it will be useful, */
12	/* but WITHOUT ANY WARRANTY; without even the implied warranty of */
13	/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */
14	/* GNU General Public License for more details. */
15	/* */
16	/* You should have received a copy of the GNU General Public License */
17	/* along with this program; if not, write to the Free Software */
18	/* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */
19
20	#ifndef SAMHAIN_H
21	#define SAMHAIN_H
22
23	#include <sys/types.h>
24	#include "slib.h"
25
26	#ifdef SH_ENCRYPT
27	#include "rijndael-api-fst.h"
28	#endif
29
30	/**************************************************
31	*
32	* STANDARD DEFINES
33	*
34	**************************************************/
35
36	#define REPLACE_OLD
37
38	/* Standard buffer sizes.
39	*/
40	#define SH_MINIBUF 64
41	#define SH_BUFSIZE 1024
42	#define SH_MAXBUF 4096
43	#define SH_PATHBUF 256
44
45	#define SH_ERRBUF_SIZE 64
46
47	/* Sizes for arrays (user, group, timestamp).
48	*/
49	#define SOCKPASS_MAX 14
50	#define USER_MAX 20
51	#define GROUP_MAX 20
52	#define TIM_MAX 32
53
54	#define CMODE_SIZE 11
55
56	#define ATTRBUF_SIZE 16
57	#define ATTRBUF_USED 12
58
59	/* The number of bytes in a key,
60	* the number of chars in its hex repesentation,
61	* and the block size of the hash algorithm.
62	*/
63	#define KEY_BYT 24
64	#define KEY_LEN 48
65	#define KEY_BLOCK 24
66	#define KEYBUF_SIZE (KEY_LEN+1)
67
68	/* The length of the compiled-in password.
69	*/
70	#define PW_LEN 8
71
72	#undef GOOD
73	#define GOOD 1
74	#undef BAD
75	#define BAD 0
76	#undef ON
77	#define ON 1
78	#undef OFF
79	#define OFF 0
80	#undef S_TRUE
81	#define S_TRUE 1
82	#undef S_FALSE
83	#define S_FALSE 0
84
85	/* An unsigned integer guaranteed to be 32 bit.
86	*/
87	#if defined(HAVE_INT_32)
88	#define UINT32 unsigned int
89	#define SINT32 int
90	#elif defined(HAVE_LONG_32)
91	#define UINT32 unsigned long
92	#define SINT32 long
93	#elif defined(HAVE_SHORT_32)
94	#define UINT32 unsigned short
95	#define SINT32 short
96	#endif
97
98	#ifdef HAVE_INTTYPES_H
99	#include <inttypes.h>
100	#else
101	#ifdef HAVE_STDINT_H
102	#include <stdint.h>
103	#endif
104	#endif
105
106	#if !defined(HAVE_INTTYPES_H) && !defined(HAVE_STDINT_H)
107
108	#ifdef HAVE_LONG_LONG_64
109	#define UINT64 unsigned long long
110	#else
111	#ifdef HAVE_LONG_64
112	#define UINT64 unsigned long
113	#else
114	#define UINT64_IS_32
115	#define UINT64 unsigned long
116	#endif
117	#endif
118
119	#else
120	#define UINT64 uint64_t
121	#endif
122
123
124
125	#define UBYTE unsigned char
126
127
128	enum {
129	SH_CHECK_NONE = 0,
130	SH_CHECK_INIT = 1,
131	SH_CHECK_CHECK = 2
132	};
133
134	#define SH_MOD_THREAD 1
135	#define SH_MOD_ACTIVE 0
136	#define SH_MOD_FAILED -1
137
138	/* Flags for file status
139	*/
140	#define SH_FFLAG_ALLIGNORE (1<<0)
141	#define SH_FFLAG_VISITED (1<<1)
142	#define SH_FFLAG_CHECKED (1<<3)
143	#define SH_FFLAG_REPORTED (1<<3)
144	#define SH_FFLAG_SUIDCHK (1<<4)
145
146	#define SH_FFLAG_ALLIGNORE_SET(a) (((a) & SH_FFLAG_ALLIGNORE) != 0)
147	#define SET_SH_FFLAG_ALLIGNORE(a) ((a) \|= SH_FFLAG_ALLIGNORE)
148	#define CLEAR_SH_FFLAG_ALLIGNORE(a) ((a) &= ~SH_FFLAG_ALLIGNORE)
149
150	#define SH_FFLAG_VISITED_SET(a) (((a) & SH_FFLAG_VISITED) != 0)
151	#define SET_SH_FFLAG_VISITED(a) ((a) \|= SH_FFLAG_VISITED)
152	#define CLEAR_SH_FFLAG_VISITED(a) ((a) &= ~SH_FFLAG_VISITED)
153
154	#define SH_FFLAG_CHECKED_SET(a) (((a) & SH_FFLAG_VISITED) != 0)
155	#define SET_SH_FFLAG_CHECKED(a) ((a) \|= SH_FFLAG_VISITED)
156	#define CLEAR_SH_FFLAG_CHECKED(a) ((a) &= ~SH_FFLAG_VISITED)
157
158	#define SH_FFLAG_REPORTED_SET(a) (((a) & SH_FFLAG_REPORTED) != 0)
159	#define SET_SH_FFLAG_REPORTED(a) ((a) \|= SH_FFLAG_REPORTED)
160	#define CLEAR_SH_FFLAG_REPORTED(a) ((a) &= ~SH_FFLAG_REPORTED)
161
162	#define SH_FFLAG_SUIDCHK_SET(a) (((a) & SH_FFLAG_SUIDCHK) != 0)
163	#define SET_SH_FFLAG_SUIDCHK(a) ((a) \|= SH_FFLAG_SUIDCHK)
164	#define CLEAR_SH_FFLAG_SUIDCHK(a) ((a) &= ~SH_FFLAG_SUIDCHK)
165
166
167	/**************************************************
168	*
169	* TYPEDEFS
170	*
171	**************************************************/
172
173	enum {
174	SH_LEVEL_READONLY = 1,
175	SH_LEVEL_LOGFILES = 2,
176	SH_LEVEL_LOGGROW = 3,
177	SH_LEVEL_NOIGNORE = 4,
178	SH_LEVEL_ALLIGNORE = 5,
179	SH_LEVEL_ATTRIBUTES = 6,
180	SH_LEVEL_USER0 = 7,
181	SH_LEVEL_USER1 = 8,
182	SH_LEVEL_USER2 = 9,
183	SH_LEVEL_USER3 = 10,
184	SH_LEVEL_USER4 = 11,
185	SH_LEVEL_PRELINK = 12
186	};
187
188	typedef struct {
189	time_t alarm_interval;
190	time_t alarm_last;
191	} sh_timer_t;
192
193	typedef struct {
194	char path[SH_PATHBUF];
195	char hash[KEY_LEN+1];
196	} sh_sh_df;
197
198	typedef struct {
199	char user[USER_MAX];
200	char group[GROUP_MAX];
201	char home[SH_PATHBUF];
202	uid_t uid;
203	gid_t gid;
204	} sh_sh_user;
205
206	typedef struct {
207	char name[SH_PATHBUF]; /* local hostname */
208	char system[SH_MINIBUF]; /* system */
209	char release[SH_MINIBUF]; /* release */
210	char machine[SH_MINIBUF]; /* machine */
211	} sh_sh_local;
212
213	typedef struct {
214	char name[SH_PATHBUF];
215	char alt[SH_PATHBUF];
216	} sh_sh_remote;
217
218	typedef struct {
219	unsigned long bytes_hashed; /* bytes last check */
220	unsigned long bytes_speed; /* bytes/sec last check */
221	unsigned long mail_success; /* mails sent */
222	unsigned long mail_failed; /* mails not sent */
223	time_t time_start; /* start last check */
224	time_t time_check; /* time last check */
225	unsigned long dirs_checked; /* #dirs last check */
226	unsigned long files_checked; /* #files last check */
227	} sh_sh_stat;
228
229	typedef struct {
230	int exit; /* exit value */
231	int checkSum; /* whether to init/check checksums */
232	int update; /* update db */
233	int opts; /* reading cl options */
234	int isdaemon; /* daemon or not */
235	int loop; /* go in loop even if not daemon */
236	int nice; /* desired nicety */
237	int isserver; /* server or not */
238	int islocked; /* BAD if logfile not locked */
239	int smsg; /* GOOD if end message sent */
240	int log_start; /* TRUE if new audit trail */
241	int reportonce; /* TRUE if bad files only once rep.*/
242	int fulldetail; /* TRUE if full details requested */
243	int client_severity; /* TRUE if client severity used */
244	int client_class; /* TRUE if client class used */
245	int audit;
246	unsigned long aud_mask;
247	int hidefile; /* TRUE if file not reveled in log */
248	} sh_sh_flag;
249
250	typedef struct {
251
252	char prg_name[8];
253
254	sh_sh_df exec;
255	sh_sh_df conf;
256	sh_sh_df data;
257
258	sh_sh_user real;
259	sh_sh_user effective;
260	sh_sh_user run;
261
262	sh_sh_local host;
263
264	sh_sh_remote srvtime;
265	sh_sh_remote srvmail;
266	sh_sh_remote srvexport;
267	sh_sh_remote srvcons;
268	sh_sh_remote srvlog;
269
270	sh_sh_stat statistics;
271	sh_sh_flag flag;
272
273	#ifdef SH_STEALTH
274	unsigned long off_data;
275	#endif
276
277	sh_timer_t mailNum;
278	sh_timer_t mailTime;
279	sh_timer_t fileCheck;
280
281	int looptime; /* timing for main loop */
282	/@null@//@out@/ char * timezone;
283	} sh_struct;
284
285
286	extern volatile int sig_raised;
287	extern volatile int sig_urgent;
288	extern volatile int sig_debug_switch; /* SIGUSR1 */
289	extern volatile int sig_suspend_switch; /* SIGUSR2 */
290	extern volatile int sh_global_suspend_flag;
291	extern volatile int sig_fresh_trail; /* SIGIOT */
292	extern volatile int sh_thread_pause_flag;
293	extern volatile int sig_config_read_again; /* SIGHUP */
294	extern volatile int sig_terminate; /* SIGQUIT */
295	extern volatile int sig_termfast; /* SIGTERM */
296	extern volatile int sig_force_check; /* SIGTTOU */
297
298	extern long int eintr__result;
299
300	extern int sh_argc_store;
301	extern char ** sh_argv_store;
302
303	#include "sh_calls.h"
304
305
306	typedef struct {
307	char sh_sockpass[2*SOCKPASS_MAX+2];
308	char sigkey_old[KEY_LEN+1];
309	char sigkey_new[KEY_LEN+1];
310	char mailkey_old[KEY_LEN+1];
311	char mailkey_new[KEY_LEN+1];
312	char crypt[KEY_LEN+1];
313	char session[KEY_LEN+1];
314	char vernam[KEY_LEN+1];
315	int mlock_failed;
316
317	char pw[PW_LEN];
318
319	char poolv[KEY_BYT];
320	int poolc;
321
322	int rngI;
323	UINT32 rng0[3];
324	UINT32 rng1[3];
325	UINT32 rng2[3];
326
327	UINT32 ErrFlag[2];
328
329	#ifdef SH_ENCRYPT
330	/@out@/ keyInstance keyInstE;
331	/@out@/ keyInstance keyInstD;
332	#endif
333	} sh_key_t;
334
335	extern sh_struct sh;
336	/@null@/ extern sh_key_t *skey;
337
338	/**************************************************
339	*
340	* macros
341	*
342	**************************************************/
343
344	#if defined(__GNUC__) && (__GNUC__ >= 4)
345	#define SH_GNUC_SENTINEL __attribute__((__sentinel__))
346	#else
347	#define SH_GNUC_SENTINEL
348	#endif
349
350	#if defined(__GNUC__) && (__GNUC__ >= 3)
351	#undef SH_GNUC_PURE
352	#define SH_GNUC_PURE __attribute__((pure))
353	#undef SH_GNUC_CONST
354	#define SH_GNUC_CONST __attribute__((const))
355	#undef SH_GNUC_NORETURN
356	#define SH_GNUC_NORETURN __attribute__((noreturn))
357	#undef SH_GNUC_MALLOC
358	#define SH_GNUC_MALLOC __attribute__((malloc))
359	#else
360	#undef SH_GNUC_PURE
361	#define SH_GNUC_PURE
362	#undef SH_GNUC_CONST
363	#define SH_GNUC_CONST
364	#undef SH_GNUC_NORETURN
365	#define SH_GNUC_NORETURN
366	#undef SH_GNUC_MALLOC
367	#define SH_GNUC_MALLOC
368	#endif
369
370
371	/* The semantics of the built-in are that it is expected that expr == const
372	* for __builtin_expect ((expr), const)
373	*/
374	#if defined(__GNUC__) && (__GNUC__ > 2) && defined(__OPTIMIZE__)
375	#define SH_LIKELY(expr) (__builtin_expect((expr), 1))
376	#define SH_UNLIKELY(expr) (__builtin_expect((expr), 0))
377	#else
378	#define SH_LIKELY(expr) (expr)
379	#define SH_UNLIKELY(expr) (expr)
380	#endif
381
382	/* signal-safe log function
383	*/
384	int safe_logger (int signal, int method, char * details);
385	void safe_fatal (char * details, char *f, int l);
386
387	#define SH_VALIDATE_EQ(a,b) \
388	do { \
389	if ((a) != (b)) safe_fatal(#a " != " #b, FIL__, __LINE__);\
390	} while (0)
391
392	#define SH_VALIDATE_NE(a,b) \
393	do { \
394	if ((a) == (b)) safe_fatal(#a " == " #b, FIL__, __LINE__);\
395	} while (0)
396
397	#define SH_VALIDATE_GE(a,b) \
398	do { \
399	if ((a) < (b)) safe_fatal(#a " < " #b, FIL__, __LINE__);\
400	} while (0)
401
402	#if defined(HAVE_MLOCK) && !defined(HAVE_BROKEN_MLOCK)
403	#define MLOCK(a, b) \
404	if ((skey != NULL) && skey->mlock_failed == SL_FALSE){ \
405	(void) sl_set_suid(); \
406	if (sh_unix_mlock(FIL__, __LINE__, a, b) < 0) skey->mlock_failed = SL_TRUE; \
407	(void) sl_unset_suid(); }
408	#else
409	#define MLOCK(a, b) \
410	;
411	#endif
412
413	#if defined(HAVE_MLOCK) && !defined(HAVE_BROKEN_MLOCK)
414	#define MUNLOCK(a, b) \
415	if ((skey != NULL) && skey->mlock_failed == SL_FALSE){ \
416	(void) sl_set_suid(); \
417	(void) sh_unix_munlock( a, b );\
418	(void) sl_unset_suid(); }
419	#else
420	#define MUNLOCK(a, b) \
421	;
422	#endif
423
424	#ifdef SH_STEALTH
425	void sh_do_encode (char * str, int len);
426	#define sh_do_decode sh_do_encode
427	#endif
428
429	/* #if defined(SCREW_IT_UP)
430	* extern volatile int sh_not_traced;
431	* inline int sh_sigtrap_prepare();
432	* inline int sh_derr();
433	* #endif
434	*/
435
436	#if defined(SCREW_IT_UP) && (defined(__FreeBSD__) \|\| defined(__linux__)) && defined(__i386__)
437	#define BREAKEXIT(expr) \
438	do { \
439	int ixi; \
440	for (ixi = 0; ixi < 8; ++ixi) { \
441	if (((volatile unsigned )((unsigned) expr + ixi) & 0xff) == 0xcc) \
442	_exit(EXIT_FAILURE); \
443	} \
444	} \
445	while (1 == 0)
446	#else
447	#define BREAKEXIT(expr)
448	#endif
449
450
451
452	#include "sh_cat.h"
453	#include "sh_trace.h"
454	#include "sh_mem.h"
455
456	#endif
457
458	/* CRIT: */
459	/* NEW_CLIENT <client> */
460	/* BAD_CLIENT <client> -- <details> */
461	/* ERR_CLIENT <client> -- <details> */
462
463	/* ALERT: */
464	/* LOG_KEY samhain\|yule <key> */
465	/* STARTUP samhain\|yule -- user <username> */
466	/* EXIT samhain\|yule */
467	/* GOODSIG <file> <user> */
468	/* FP_KEY <fingerprint> */
469	/* GOODSIG_DAT <file> <user> */
470	/* FP_KEY_DAT <fingerprint> */
471	/* TIGER_CFG <file> <checksum> */
472	/* TIGER_DAT <file> <checksum> */
473
474	/* PANIC -- <details> */
475	/* ERROR -- <details> */
476
477	/* Policy */
478	/* POLICY <code> <file> */
479	/* <code> = MISSING \|\| ADDED \|\| NOT_A_DIRECTORY \|\| <policy> */
480
481
482

Note: See TracBrowser for help on using the repository browser.

Download in other formats: