source: trunk/src/sh_database.c@ 147

Last change on this file since 147 was 116, checked in by rainer, 17 years ago

Move to standard SQL escaping of single quotes for non-mysql db.

File size: 48.7 KB
RevLine 
[1]1/* SAMHAIN file system integrity testing */
2/* Copyright (C) 2001 Rainer Wichmann */
3/* */
4/* This program is free software; you can redistribute it */
5/* and/or modify */
6/* it under the terms of the GNU General Public License as */
7/* published by */
8/* the Free Software Foundation; either version 2 of the License, or */
9/* (at your option) any later version. */
10/* */
11/* This program is distributed in the hope that it will be useful, */
12/* but WITHOUT ANY WARRANTY; without even the implied warranty of */
13/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */
14/* GNU General Public License for more details. */
15/* */
16/* You should have received a copy of the GNU General Public License */
17/* along with this program; if not, write to the Free Software */
18/* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */
19
20#include "config_xor.h"
21
22#include <stdio.h>
23#include <stdlib.h>
24#include <stdarg.h>
25#include <stddef.h>
26#include <string.h>
27#include <ctype.h>
28#include <sys/types.h>
29
30#ifdef WITH_DATABASE
31
32/* define this if you want to debug the Oracle database support */
33/* #define DB_DEBUG */
34
[11]35#define SH_REAL_SET
36
[1]37#include "samhain.h"
38
39#include "sh_cat.h"
40#include "sh_error.h"
41#include "sh_utils.h"
42
43#undef FIL__
44#define FIL__ _("sh_database.c")
45
46typedef struct my_attr_
47{
48 char * attr;
49 char * attr_o;
50 int inHash;
51 int val;
52 int size;
[12]53 int alen;
[1]54 size_t off;
55} my_attr;
56
57typedef struct dbins_ {
58 struct dbins_ * next;
59 char host[64];
60 char time[20];
61 char msg[1024];
62 char sev[8];
63 char path[12288];
64 char user[9];
65 char group[9];
66 char program[8];
67 char subroutine[16];
68 char status[12];
69 char hash[50];
70 char path_data[1024];
71 char hash_data[50];
72 char key_uid[64];
73 char key_uid_data[64];
74 char key_id[16];
75 char module[8];
76 char syscall[16];
77 char ip[16];
78 char tty[16];
79 char peer[64];
80 char fromhost[64];
81 char obj[1024];
82 char interface[64];
83 char ltime[64];
84 char dir[1024];
85 char linked_path[1024];
86 char service[64];
87 char facility[32];
88 char priority[32];
89 char syslog_msg[1024];
90
91 char mode_old[16];
92 char mode_new[16];
93 char attr_old[16];
94 char attr_new[16];
95 char device_old[16];
96 char device_new[16];
97 char owner_old[9];
98 char owner_new[9];
99 char group_old[9];
100 char group_new[9];
101 char ctime_old[20];
102 char ctime_new[20];
103 char atime_old[20];
104 char atime_new[20];
105 char mtime_old[20];
106 char mtime_new[20];
107 char chksum_old[50];
108 char chksum_new[50];
109 char link_old[1024];
110 char link_new[1024];
[68]111 char acl_old[1024];
112 char acl_new[1024];
[1]113
114 long long_data[20];
115
116 /*
117 long size_old;
118 long size_new;
119 long hardlinks_old;
120 long hardlinks_new;
121 long inode_old;
122 long inode_new;
123 */
124
125} dbins;
126
[12]127static my_attr * attr_tab_srch = NULL;
128static int attr_tab_srch_siz = 0;
129
[1]130static my_attr attr_tab[] = {
[12]131 { NULL, N_("sev"), 0, 1, 8, 0, offsetof(struct dbins_, sev) },
132 { NULL, N_("tstamp"), 0, 2, 16, 0, offsetof(struct dbins_, time) },
133 { NULL, N_("remote_host"), 0, 3, 64, 0, offsetof(struct dbins_, host) },
134 { NULL, N_("msg"), 0, 4, 1024, 0, offsetof(struct dbins_, msg) },
[1]135
[12]136 { NULL, N_("path"), 0, 5,12288, 0, offsetof(struct dbins_, path) },
[1]137 /* username -> userid; replace (long) 'userid' - below - by 'dummy' */
[12]138 { NULL, N_("userid"), 0, 6, 9, 0, offsetof(struct dbins_, user) },
139 { NULL, N_("group"), 0, 7, 9, 0, offsetof(struct dbins_, group) },
140 { NULL, N_("program"), 0, 8, 8, 0, offsetof(struct dbins_, program) },
141 { NULL, N_("subroutine"), 0, 9, 16, 0, offsetof(struct dbins_, subroutine)},
142 { NULL, N_("status"), 0, 10, 12, 0, offsetof(struct dbins_, status) },
143 { NULL, N_("hash"), 0, 11, 50, 0, offsetof(struct dbins_, hash) },
144 { NULL, N_("path_data"), 0, 12, 1024, 0, offsetof(struct dbins_, path_data) },
145 { NULL, N_("hash_data"), 0, 13, 50, 0, offsetof(struct dbins_, hash_data) },
146 { NULL, N_("key_uid"), 0, 14, 64, 0, offsetof(struct dbins_, key_uid) },
147 { NULL, N_("key_uid_data"),0, 15, 64, 0, offsetof(struct dbins_, key_uid_data)},
148 { NULL, N_("key_id"), 0, 16, 16, 0, offsetof(struct dbins_, key_id) },
149 { NULL, N_("module"), 0, 17, 8, 0, offsetof(struct dbins_, module) },
150 { NULL, N_("syscall"), 0, 19, 16, 0, offsetof(struct dbins_, syscall) },
151 { NULL, N_("ip"), 0, 20, 16, 0, offsetof(struct dbins_, ip) },
152 { NULL, N_("tty"), 0, 21, 16, 0, offsetof(struct dbins_, tty) },
153 { NULL, N_("peer"), 0, 22, 64, 0, offsetof(struct dbins_, peer) },
154 { NULL, N_("obj"), 0, 23, 1024, 0, offsetof(struct dbins_, obj) },
155 { NULL, N_("interface"), 0, 24, 64, 0, offsetof(struct dbins_, interface)},
156 { NULL, N_("time"), 0, 25, 64, 0, offsetof(struct dbins_, ltime) },
157 { NULL, N_("dir"), 0, 26, 1024, 0, offsetof(struct dbins_, dir) },
158 { NULL, N_("linked_path"), 0, 27, 1024, 0, offsetof(struct dbins_, linked_path)},
159 { NULL, N_("service"), 0, 29, 64, 0, offsetof(struct dbins_, service)},
160 { NULL, N_("facility"), 0, 30, 32, 0, offsetof(struct dbins_, facility) },
161 { NULL, N_("priority"), 0, 31, 32, 0, offsetof(struct dbins_, priority) },
162 { NULL, N_("syslog_msg"), 0, 32, 1024, 0, offsetof(struct dbins_, syslog_msg) },
[1]163
[12]164 { NULL, N_("mode_old"), 0, 33, 16, 0, offsetof(struct dbins_, mode_old) },
165 { NULL, N_("mode_new"), 0, 34, 16, 0, offsetof(struct dbins_, mode_new) },
166 { NULL, N_("device_old"), 0, 35, 16, 0, offsetof(struct dbins_, device_old)},
167 { NULL, N_("device_new"), 0, 36, 16, 0, offsetof(struct dbins_, device_new)},
168 { NULL, N_("owner_old"), 0, 37, 9, 0, offsetof(struct dbins_, owner_old)},
169 { NULL, N_("owner_new"), 0, 38, 9, 0, offsetof(struct dbins_, owner_new)},
170 { NULL, N_("group_old"), 0, 39, 9, 0, offsetof(struct dbins_, group_old)},
171 { NULL, N_("group_new"), 0, 40, 9, 0, offsetof(struct dbins_, group_new)},
172 { NULL, N_("ctime_old"), 0, 41, 20, 0, offsetof(struct dbins_, ctime_old)},
173 { NULL, N_("ctime_new"), 0, 42, 20, 0, offsetof(struct dbins_, ctime_new)},
174 { NULL, N_("atime_old"), 0, 43, 20, 0, offsetof(struct dbins_, atime_old)},
175 { NULL, N_("atime_new"), 0, 44, 20, 0, offsetof(struct dbins_, atime_new)},
176 { NULL, N_("mtime_old"), 0, 45, 20, 0, offsetof(struct dbins_, mtime_old)},
177 { NULL, N_("mtime_new"), 0, 46, 20, 0, offsetof(struct dbins_, mtime_new)},
178 { NULL, N_("chksum_old"), 0, 47, 50, 0, offsetof(struct dbins_, chksum_old)},
179 { NULL, N_("chksum_new"), 0, 48, 50, 0, offsetof(struct dbins_, chksum_new)},
180 { NULL, N_("link_old"), 0, 49, 1024, 0, offsetof(struct dbins_, link_old)},
181 { NULL, N_("link_new"), 0, 50, 1024, 0, offsetof(struct dbins_, link_new)},
182
183 { NULL, N_("size_old"), 0, 51, 0, 0, 0 },
184 { NULL, N_("size_new"), 0, 52, 0, 0, 0 },
185 { NULL, N_("hardlinks_old"),0, 53, 0, 0, 0 },
186 { NULL, N_("hardlinks_new"),0, 54, 0, 0, 0 },
187 { NULL, N_("inode_old"), 0, 55, 0, 0, 0 },
188 { NULL, N_("inode_new"), 0, 56, 0, 0, 0 },
189
190 { NULL, N_("imode_old"), 0, 57, 0, 0, 0 },
191 { NULL, N_("imode_new"), 0, 58, 0, 0, 0 },
192 { NULL, N_("iattr_old"), 0, 59, 0, 0, 0 },
193 { NULL, N_("iattr_new"), 0, 60, 0, 0, 0 },
194 { NULL, N_("idevice_old"), 0, 61, 0, 0, 0 },
195 { NULL, N_("idevice_new"), 0, 62, 0, 0, 0 },
196 { NULL, N_("iowner_old"), 0, 63, 0, 0, 0 },
197 { NULL, N_("iowner_new"), 0, 64, 0, 0, 0 },
198 { NULL, N_("igroup_old"), 0, 65, 0, 0, 0 },
199 { NULL, N_("igroup_new"), 0, 66, 0, 0, 0 },
[1]200
[12]201 { NULL, N_("port"), 0, 67, 0, 0, 0 },
202 { NULL, N_("return_code"), 0, 68, 0, 0, 0 },
[1]203 /* { NULL, N_("userid"), 0, 69, 0, 0 }, old 'userid', 1.8.1 */
204
[12]205 { NULL, N_("host"), 0, 70, 64, 0, offsetof(struct dbins_, fromhost)},
206 { NULL, N_("attr_old"), 0, 71, 16, 0, offsetof(struct dbins_, attr_old)},
207 { NULL, N_("attr_new"), 0, 72, 16, 0, offsetof(struct dbins_, attr_new)},
[68]208 { NULL, N_("acl_old"), 0, 73, 1024, 0, offsetof(struct dbins_, acl_old)},
209 { NULL, N_("acl_new"), 0, 74, 1024, 0, offsetof(struct dbins_, acl_new)},
[1]210
[12]211 { NULL, NULL, 0, 0, 0, 0, 0 }
[1]212};
213
214#define SH_SLOT_HOST 70
215#define SH_SLOT_GROUP 7
216#define START_SEC_LONGS 51
217#define END_SEC_LONGS 68
218
219#if defined(HAVE_INT_32)
220typedef unsigned int uint32;
221#elif defined(HAVE_LONG_32)
222typedef unsigned long uint32;
223#elif defined(HAVE_SHORT_32)
224typedef unsigned short uint32;
225#else
226#error No 32 byte type found !
227#endif
228
229typedef unsigned char uint8;
230
[30]231typedef struct md5_ctx
[1]232{
[30]233 uint32 A;
234 uint32 B;
235 uint32 C;
236 uint32 D;
237
238 uint32 total[2];
239 uint32 buflen;
240 char buffer[128];
[1]241} md5Param;
242
243
244typedef unsigned char sh_byte;
245
246
247extern int md5Reset(register md5Param* p);
248extern int md5Update(md5Param* p, const sh_byte* data, int size);
249extern int md5Digest(md5Param* p, uint32* data);
250
251static char db_name[64] = "";
252static char db_table[64] = "";
253static char db_host[64] = "";
254static char db_user[64] = "";
255static char db_password[64] = "";
256
257static int sh_persistent_dbconn = S_TRUE;
258
[22]259int sh_database_use_persistent (const char * str)
[1]260{
261 return sh_util_flagval (str, &sh_persistent_dbconn);
262}
263
[22]264static int insert_value (char * ptr, const char * str)
[1]265{
266 if (!ptr || !str)
267 return -1;
268 if (strlen(str) > 63)
269 return -1;
270 (void) sl_strlcpy(ptr, str, 64);
271 return 0;
272}
273
274static void init_db_entry (dbins * ptr)
275{
276 memset (ptr, (int) '\0', sizeof(dbins));
277 ptr->next = NULL;
278 return;
279}
280
281
[22]282int sh_database_set_database (const char * str)
[1]283{
284 return insert_value (db_name, str);
285}
[22]286int sh_database_set_table (const char * str)
[1]287{
288 return insert_value (db_table, str);
289}
[22]290int sh_database_set_host (const char * str)
[1]291{
292 return insert_value (db_host, str);
293}
[22]294int sh_database_set_user (const char * str)
[1]295{
296 return insert_value (db_user, str);
297}
[22]298int sh_database_set_password (const char * str)
[1]299{
300 return insert_value (db_password, str);
301}
302
303/******************************************************************
304 *
305 * Oracle and unixODBC stuff, only Oracle tested untested
306 *
307 * Based on the code in the snort output plugin (spo_database.c).
308 * Copyright/license statement in spo_database.c:
309 *
310 * Portions Copyright (C) 2000,2001,2002 Carnegie Mellon University
311 * Copyright (C) 2001 Jed Pickel <jed@pickel.net>
312 * Portions Copyright (C) 2001 Andrew R. Baker <andrewb@farm9.com>
313 *
314 * This program is free software; you can redistribute it and/or modify
315 * it under the terms of the GNU General Public License as published by
316 * the Free Software Foundation; either version 2 of the License, or
317 * (at your option) any later version.
318 *
319 * This program is distributed in the hope that it will be useful,
320 * but WITHOUT ANY WARRANTY; without even the implied warranty of
321 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
322 * GNU General Public License for more details.
323 *
324 * You should have received a copy of the GNU General Public License
325 * along with this program; if not, write to the Free Software
326 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
327 *
328 ******************************************************************/
329#ifdef WITH_ODBC
330
331#include <sql.h>
332#include <sqlext.h>
333#include <sqltypes.h>
334
335static SQLHENV u_handle;
336static SQLHDBC u_connection;
337static SQLHSTMT u_statement;
338static SQLINTEGER u_col;
339static SQLINTEGER u_rows;
340
341void sh_database_reset()
342{
343 return;
344}
345
346static
347int sh_database_query (char * query, /*@out@*/ long * id)
348{
349 static int fatal_error = 0;
350 int result = 0;
351 char row_query[128];
352 long result_call;
353
354 SL_ENTER(_("sh_database_query"));
355
356 *id = 0;
357
358 if (fatal_error == 1)
359 {
360 SL_RETURN((-1), _("sh_database_query"));
361 }
362
363 /* Connect
364 */
365 if (db_name[0] == '\0')
366 sl_strlcpy(db_name, _("samhain"), 64);
367
368 if (db_user[0] == '\0')
369 sl_strlcpy(db_user, _("samhain"), 64);
370
371 result_call = SQLAllocEnv(&u_handle);
372 if ((result_call != SQL_SUCCESS) && (result_call != SQL_SUCCESS_WITH_INFO))
373 {
374 sh_error_handle(SH_ERR_NOTICE, FIL__, __LINE__, result_call,
375 MSG_E_SUBGEN,
376 _("Error in SQLAllocEnv when connecting to ODBC data source"),
377 _("sh_database_query"));
378 fatal_error = 1;
379 SL_RETURN((-1), _("sh_database_query"));
380 }
381 result_call = SQLAllocConnect(u_handle, &u_connection);
382 if ((result_call != SQL_SUCCESS) && (result_call != SQL_SUCCESS_WITH_INFO))
383 {
384 sh_error_handle(SH_ERR_NOTICE, FIL__, __LINE__, result_call,
385 MSG_E_SUBGEN,
386 _("Error in SQLAllocEnv when connecting to ODBC data source"),
387 _("sh_database_query"));
388 fatal_error = 1;
389 SL_RETURN((-1), _("sh_database_query"));
390 }
391 result_call = SQLConnect(u_connection, db_name, SQL_NTS,
392 db_user, SQL_NTS, db_password, SQL_NTS);
393 if ((result_call != SQL_SUCCESS) && (result_call != SQL_SUCCESS_WITH_INFO))
394 {
395 sh_error_handle(SH_ERR_NOTICE, FIL__, __LINE__, result_call,
396 MSG_E_SUBGEN,
397 _("Error in SQLAllocEnv when connecting to ODBC data source"),
398 _("sh_database_query"));
399 fatal_error = 1;
400 SL_RETURN((-1), _("sh_database_query"));
401 }
402
403 /* Insert
404 */
405 result_call = SQLAllocStmt(u_connection, &u_statement);
406 if ((result_call == SQL_SUCCESS) || (result_call == SQL_SUCCESS_WITH_INFO))
407 {
408 result_call = SQLPrepare(u_statement, query, SQL_NTS);
409 if ((result_call == SQL_SUCCESS) ||
410 (result_call == SQL_SUCCESS_WITH_INFO))
411 {
412 result_call = SQLExecute(u_statement);
413 if((result_call == SQL_SUCCESS) ||
414 (result_call == SQL_SUCCESS_WITH_INFO))
415 {
416 result = 1;
417 }
418 }
419 }
420
421 if (result == 0)
422 {
423 sh_error_handle(SH_ERR_NOTICE, FIL__, __LINE__, 0, MSG_E_SUBGEN,
424 _("Error inserting into ODBC data source"),
425 _("sh_database_query"));
426 goto odbc_disconnect;
427 }
428
429 /* Select
430 */
431 result = 0;
432
433 sl_strlcpy (row_query, _("SELECT MAX(log_index) FROM "), 128);
434 sl_strlcat (row_query, db_table, 128);
435
436 result_call = SQLAllocStmt(u_connection, &u_statement);
437 if ((result_call == SQL_SUCCESS) ||
438 (result_call == SQL_SUCCESS_WITH_INFO))
439 {
440 result_call = SQLPrepare(u_statement, row_query, SQL_NTS);
441 if ((result_call == SQL_SUCCESS) ||
442 (result_call == SQL_SUCCESS_WITH_INFO))
443 {
444 result_call = SQLExecute(u_statement);
445 if ((result_call == SQL_SUCCESS) ||
446 (result_call == SQL_SUCCESS_WITH_INFO))
447 {
448 result_call = SQLRowCount(u_statement, &u_rows);
449 if ((result_call == SQL_SUCCESS) ||
450 (result_call == SQL_SUCCESS_WITH_INFO))
451 {
452 if((u_rows) && (u_rows == 1))
453 {
454 result_call = SQLFetch(u_statement);
455 if ((result_call == SQL_SUCCESS) ||
456 (result_call == SQL_SUCCESS_WITH_INFO))
457 {
458 result_call = SQLGetData(u_statement, 1,
459 SQL_INTEGER, &u_col,
460 sizeof(u_col), NULL);
461 if ((result_call == SQL_SUCCESS) ||
462 (result_call == SQL_SUCCESS_WITH_INFO))
463 {
464 *id = (long int) u_col;
465 result = 1;
466 }
467 }
468 }
469 }
470 }
471 }
472 }
473
474 if (result == 0)
475 {
476 sh_error_handle(SH_ERR_NOTICE, FIL__, __LINE__, 0, MSG_E_SUBGEN,
477 _("Error selecting MAX(log_index) from ODBC data source"),
478 _("sh_database_query"));
479 }
480
481 odbc_disconnect:
482 SQLFreeHandle(SQL_HANDLE_STMT, u_statement);
483 SQLDisconnect(u_connection);
484 SQLFreeHandle(SQL_HANDLE_DBC, u_connection);
485 SQLFreeHandle(SQL_HANDLE_ENV, u_handle);
486
487 SL_RETURN(((result == 0) ? -1 : 0), _("sh_database_query"));
488
489}
490
491/* #ifdef WITH_ODBC */
492#endif
493
494#ifdef WITH_ORACLE
495
496#include <oci.h>
497
498static OCIDefine * o_define;
499static OCIEnv * o_environment;
500static OCISvcCtx * o_servicecontext;
501static OCIError * o_error = NULL;
502static OCIStmt * o_statement;
[68]503static OCIBind * o_bind = (OCIBind *) 0;
[1]504static text o_errormsg[512];
505static sb4 o_errorcode;
506
507static int connected = 0;
508
509void sh_database_reset()
510{
511 if (connected == 1)
512 {
513 OCILogoff(o_servicecontext, o_error);
514 OCIHandleFree((dvoid *) o_statement, OCI_HTYPE_STMT);
515 OCIHandleFree((dvoid *) o_servicecontext, OCI_HTYPE_SVCCTX);
516 OCIHandleFree((dvoid *) o_error, OCI_HTYPE_ERROR);
517 o_error = NULL;
518 }
519 connected = 0;
520 return;
521}
522
523static char * sh_stripnl (char * str)
524{
525 size_t len = sl_strlen(str);
526 if (len > 0)
527 {
528 if (str[len-1] == '\n')
[45]529 str[len-1] = '\0';
[1]530 }
531 return str;
532}
533
534static
535int sh_database_query (char * query, /*@out@*/ long * id)
536{
537 static int bad_init = 0;
538 int result = 0;
539 char row_query[128];
540 int retry = 0;
541
542 SL_ENTER(_("sh_database_query"));
543
544 *id = 0;
545
546 if (bad_init == 1) {
547 SL_RETURN(-1, _("sh_database_query"));
548 }
549 else if (connected == 1) {
550 goto oracle_connected;
551 }
552
553 /*
554 * Connect
555 */
556#define PRINT_ORACLE_ERR(func_name) \
557 do { \
558 OCIErrorGet(o_error, 1, NULL, &o_errorcode, \
559 o_errormsg, sizeof(o_errormsg), \
560 OCI_HTYPE_ERROR); \
561 sh_stripnl (o_errormsg); \
562 sh_error_handle((-1), FIL__, __LINE__, (long) o_errorcode, MSG_E_SUBGEN, \
563 o_errormsg, _("sh_database_query")); \
564 sl_snprintf(row_query, 127, \
565 _("%s: Connection to database '%s' failed"), \
566 func_name, db_name); \
567 sh_error_handle((-1), FIL__, __LINE__, (long) o_errorcode, MSG_E_SUBGEN, \
568 row_query, _("sh_database_query")); \
569 bad_init = 1; \
570 SL_RETURN(-1, _("sh_database_query")); \
571 } while (1 == 0)
572
573 oracle_doconnect:
574
[22]575 if (!getenv("ORACLE_HOME")) /* flawfinder: ignore */
[1]576 {
577 sh_error_handle((-1), FIL__, __LINE__, 0, MSG_E_SUBGEN,
578 _("ORACLE_HOME environment variable not set"),
579 _("sh_database_query"));
580 }
581 if (db_name[0] == '\0')
582 {
583 sh_error_handle((-1), FIL__, __LINE__, 0, MSG_E_SUBGEN,
584 _("database name not set, using default 'samhain'"),
585 _("sh_database_query"));
586 sl_strlcpy(db_name, _("samhain"), 64);
587 }
588 if (db_user[0] == '\0')
589 {
590 sh_error_handle((-1), FIL__, __LINE__, 0, MSG_E_SUBGEN,
591 _("database user not set, using default 'samhain'"),
592 _("sh_database_query"));
593 sl_strlcpy(db_user, _("samhain"), 64);
594 }
595 if (db_password[0] == '\0')
596 {
597 sh_error_handle((-1), FIL__, __LINE__, 0, MSG_E_SUBGEN,
598 _("database password not set, cannot proceed"),
599 _("sh_database_query"));
600 bad_init = 1;
601 SL_RETURN(-1, _("sh_database_query"));
602 }
603
604
605#ifdef DB_DEBUG
606 sl_snprintf(row_query, 127,
607 _("Conncting to oracle database '%s'"),
608 db_name);
609 sh_error_handle(SH_ERR_NOTICE, FIL__, __LINE__, 0, MSG_E_SUBGEN,
610 row_query,
611 _("sh_database_query"));
612#endif
613
614 /* a) Oracle says use OCIEnvCreate instead of OCIInitialize/OCIEnvcreate
615 * b) why two times OCIEnvInit() ???
616 */
617 if (OCIInitialize(OCI_DEFAULT, NULL, NULL, NULL, NULL))
618 PRINT_ORACLE_ERR("OCIInitialize");
619
620 if (OCIEnvInit(&o_environment, OCI_DEFAULT, 0, NULL))
621 PRINT_ORACLE_ERR("OCIEnvInit");
622
623 if (OCIEnvInit(&o_environment, OCI_DEFAULT, 0, NULL))
624 PRINT_ORACLE_ERR("OCIEnvInit (2)");
625
626 /* allocate and initialize the error handle
627 */
628 if (OCIHandleAlloc(o_environment, (dvoid **)&o_error,
629 OCI_HTYPE_ERROR, (size_t) 0, NULL))
630 PRINT_ORACLE_ERR("OCIHandleAlloc");
631
632 /* logon and allocate the service context handle
633 */
634 if (OCILogon(o_environment, o_error, &o_servicecontext,
635 (OraText*) db_user, sl_strlen(db_user),
636 (OraText*) db_password, sl_strlen(db_password),
637 (OraText*) db_name, sl_strlen(db_name)))
638 {
639 OCIErrorGet(o_error, 1, NULL, &o_errorcode,
640 o_errormsg, sizeof(o_errormsg), OCI_HTYPE_ERROR);
641 sh_stripnl (o_errormsg);
642 sh_error_handle((-1), FIL__, __LINE__, 0, MSG_E_SUBGEN,
643 o_errormsg,
644 _("sh_database_query"));
645 sh_error_handle((-1), FIL__, __LINE__, 0, MSG_E_SUBGEN,
646 _("check database is listed in tnsnames.ora"),
647 _("sh_database_query"));
648 sh_error_handle((-1), FIL__, __LINE__, 0, MSG_E_SUBGEN,
649 _("check tnsnames.ora readable"),
650 _("sh_database_query"));
651 sh_error_handle((-1), FIL__, __LINE__, 0, MSG_E_SUBGEN,
652 _("check database accessible with sqlplus"),
653 _("sh_database_query"));
654 sl_snprintf(row_query, 127,
655 _("OCILogon: Connection to database '%s' failed"),
656 db_name);
657 sh_error_handle((-1), FIL__, __LINE__, 0, MSG_E_SUBGEN,
658 row_query, _("sh_database_query"));
659 bad_init = 1;
660 SL_RETURN(-1, _("sh_database_query"));
661 }
662
663 if (OCIHandleAlloc(o_environment, (dvoid **)&o_statement,
664 OCI_HTYPE_STMT, 0, NULL))
665 PRINT_ORACLE_ERR("OCIHandleAlloc (2)");
666
667 /* Flag connection status
668 */
669 connected = 1;
670
671 oracle_connected:
672
[68]673 /* Get row index
[1]674 */
[68]675 sl_strlcpy (row_query, _("SELECT log_log_index_seq.NEXTVAL FROM dual"), 128);
676
[1]677#ifdef DB_DEBUG
678 sh_error_handle(SH_ERR_NOTICE, FIL__, __LINE__, 0, MSG_E_SUBGEN,
[68]679 row_query,
[1]680 _("sh_database_query"));
681#endif
682
683 if (OCIStmtPrepare(o_statement, o_error,
[68]684 (OraText*) row_query, sl_strlen(row_query),
[1]685 OCI_NTV_SYNTAX, OCI_DEFAULT))
686 {
687 OCIErrorGet(o_error, 1, NULL,
688 &o_errorcode, o_errormsg, sizeof(o_errormsg),
689 OCI_HTYPE_ERROR);
690 sh_stripnl (o_errormsg);
691 sh_error_handle((-1), FIL__, __LINE__, (long) o_errorcode, MSG_E_SUBGEN,
692 o_errormsg,
693 _("sh_database_query"));
694 if (retry == 0 &&
[45]695 (3114 == o_errorcode || 0 == strncmp(o_errormsg, _("ORA-03114"), 9)))
[68]696 {
697 ++retry; sh_database_reset(); goto oracle_doconnect;
698 }
[1]699 goto err_out;
700 }
[68]701
702 if (OCIStmtExecute(o_servicecontext, o_statement, o_error,
703 0, 0, NULL, NULL, OCI_DEFAULT))
[1]704 {
705 OCIErrorGet(o_error, 1, NULL,
706 &o_errorcode, o_errormsg, sizeof(o_errormsg),
707 OCI_HTYPE_ERROR);
708 sh_stripnl (o_errormsg);
709 sh_error_handle((-1), FIL__, __LINE__, (long) o_errorcode, MSG_E_SUBGEN,
710 o_errormsg,
711 _("sh_database_query"));
712 if (retry == 0 &&
[45]713 (3114 == o_errorcode || 0 == strncmp(o_errormsg, _("ORA-03114"), 9)))
[1]714 {
715 ++retry; sh_database_reset(); goto oracle_doconnect;
716 }
717 goto err_out;
718 }
719
[68]720 if (OCIDefineByPos (o_statement, &o_define, o_error, 1,
721 &result, sizeof(result),
722 SQLT_INT, 0, 0, 0, OCI_DEFAULT))
[1]723 {
724 OCIErrorGet(o_error, 1, NULL,
725 &o_errorcode, o_errormsg, sizeof(o_errormsg),
726 OCI_HTYPE_ERROR);
727 sh_stripnl (o_errormsg);
728 sh_error_handle((-1), FIL__, __LINE__, (long) o_errorcode, MSG_E_SUBGEN,
729 o_errormsg,
730 _("sh_database_query"));
731 if (retry == 0 &&
[45]732 (3114 == o_errorcode || 0 == strncmp(o_errormsg, _("ORA-03114"), 9)))
[1]733 {
734 ++retry; sh_database_reset(); goto oracle_doconnect;
735 }
736 goto err_out;
737 }
[68]738 if (OCIStmtFetch (o_statement, o_error, 1, OCI_FETCH_NEXT, OCI_DEFAULT))
[1]739 {
740 OCIErrorGet(o_error, 1, NULL,
741 &o_errorcode, o_errormsg, sizeof(o_errormsg),
742 OCI_HTYPE_ERROR);
743 sh_stripnl (o_errormsg);
744 sh_error_handle((-1), FIL__, __LINE__, (long) o_errorcode, MSG_E_SUBGEN,
745 o_errormsg,
746 _("sh_database_query"));
747 if (retry == 0 &&
[45]748 (3114 == o_errorcode || 0 == strncmp(o_errormsg, _("ORA-03114"), 9)))
[1]749 {
750 ++retry; sh_database_reset(); goto oracle_doconnect;
751 }
752 goto err_out;
753 }
[68]754
755#ifdef DB_DEBUG
756 sl_snprintf(row_query, 127, _("Returned value: %d"), result);
757 sh_error_handle(SH_ERR_NOTICE, FIL__, __LINE__, 0, MSG_E_SUBGEN,
758 row_query,
759 _("sh_database_query"));
760#endif
[1]761
[68]762 *id = result;
763
764 /* do the insert
765 */
766#ifdef DB_DEBUG
767 sh_error_handle(SH_ERR_NOTICE, FIL__, __LINE__, 0, MSG_E_SUBGEN,
768 query,
769 _("sh_database_query"));
770#endif
771
772 if (OCIStmtPrepare(o_statement, o_error,
773 (OraText*) query, sl_strlen(query),
774 OCI_NTV_SYNTAX, OCI_DEFAULT))
[1]775 {
776 OCIErrorGet(o_error, 1, NULL,
777 &o_errorcode, o_errormsg, sizeof(o_errormsg),
778 OCI_HTYPE_ERROR);
779 sh_stripnl (o_errormsg);
780 sh_error_handle((-1), FIL__, __LINE__, (long) o_errorcode, MSG_E_SUBGEN,
781 o_errormsg,
782 _("sh_database_query"));
783 if (retry == 0 &&
[45]784 (3114 == o_errorcode || 0 == strncmp(o_errormsg, _("ORA-03114"), 9)))
[68]785 {
786 ++retry; sh_database_reset(); goto oracle_doconnect;
787 }
788 goto err_out;
789 }
790
791 if (OCIBindByPos(o_statement, &o_bind, o_error, 1,
792 (dvoid *) &result, (sword) sizeof(result), SQLT_INT,
793 (dvoid *) 0, (ub2 *) 0, (ub2 *) 0, (ub4) 0, (ub4 *) 0, OCI_DEFAULT))
794 {
795 OCIErrorGet(o_error, 1, NULL,
796 &o_errorcode, o_errormsg, sizeof(o_errormsg),
797 OCI_HTYPE_ERROR);
798 sh_stripnl (o_errormsg);
799 sh_error_handle((-1), FIL__, __LINE__, (long) o_errorcode, MSG_E_SUBGEN,
800 o_errormsg,
801 _("sh_database_query"));
802 if (retry == 0 &&
803 (3114 == o_errorcode || 0 == strncmp(o_errormsg, _("ORA-03114"), 9)))
[1]804 {
805 ++retry; sh_database_reset(); goto oracle_doconnect;
806 }
807 goto err_out;
808 }
[68]809
810 if (OCIStmtExecute(o_servicecontext,
811 o_statement, o_error, 1, 0,
812 NULL, NULL, OCI_COMMIT_ON_SUCCESS))
[1]813 {
814 OCIErrorGet(o_error, 1, NULL,
815 &o_errorcode, o_errormsg, sizeof(o_errormsg),
816 OCI_HTYPE_ERROR);
817 sh_stripnl (o_errormsg);
818 sh_error_handle((-1), FIL__, __LINE__, (long) o_errorcode, MSG_E_SUBGEN,
819 o_errormsg,
820 _("sh_database_query"));
821 if (retry == 0 &&
[45]822 (3114 == o_errorcode || 0 == strncmp(o_errormsg, _("ORA-03114"), 9)))
[1]823 {
824 ++retry; sh_database_reset(); goto oracle_doconnect;
825 }
826 goto err_out;
827 }
[68]828
[1]829#ifdef DB_DEBUG
830 sh_error_handle(SH_ERR_NOTICE, FIL__, __LINE__, 0, MSG_E_SUBGEN,
[68]831 _("No error on insert"),
[1]832 _("sh_database_query"));
833#endif
834
835 if (sh_persistent_dbconn == S_FALSE)
836 {
837 OCILogoff(o_servicecontext, o_error);
838 OCIHandleFree((dvoid *) o_statement, OCI_HTYPE_STMT);
839 OCIHandleFree((dvoid *) o_servicecontext, OCI_HTYPE_SVCCTX);
840 OCIHandleFree((dvoid *) o_error, OCI_HTYPE_ERROR);
841 o_error = NULL;
842 connected = 0;
843 }
844 SL_RETURN(0, _("sh_database_query"));
845
846 err_out:
847 /*
848 * Error
849 */
850 if (sh_persistent_dbconn == S_FALSE)
851 {
852 OCILogoff(o_servicecontext, o_error);
853 OCIHandleFree((dvoid *) o_statement, OCI_HTYPE_STMT);
854 OCIHandleFree((dvoid *) o_servicecontext, OCI_HTYPE_SVCCTX);
855 OCIHandleFree((dvoid *) o_error, OCI_HTYPE_ERROR);
856 o_error = NULL;
857 connected = 0;
858 }
859 SL_RETURN(-1, _("sh_database_query"));
860}
861
862/* #ifdef WITH_ORACLE */
863#endif
864
865#ifdef WITH_POSTGRES
866/******************************************************************
867 *
868 * Postgresql stuff, tested
869 *
870 ******************************************************************/
871
872#ifdef HAVE_PGSQL_LIBPQ_FE_H
873#include <pgsql/libpq-fe.h>
874#else
875#include <libpq-fe.h>
876#endif
877
878static int connection_status = S_FALSE;
879
880void sh_database_reset()
881{
882 connection_status = S_FALSE;
883 return;
884}
885
886static
887int sh_database_query (char * query, /*@out@*/ long * id)
888{
889 char conninfo[256];
890 char * p;
891 static PGconn * conn = NULL;
892 PGresult * res;
893 unsigned int i;
[35]894 const char * params[1];
895 char id_param[32];
[1]896 static SH_TIMEOUT sh_timer = { 0, 3600, S_TRUE };
897
898 SL_ENTER(_("sh_database_query"));
899
900 *id = 0;
901
902 p = &conninfo[0];
903
904 if (db_host[0] == '\0')
905 sl_strlcpy(db_host, _("localhost"), 64);
906 if (db_name[0] == '\0')
907 sl_strlcpy(db_name, _("samhain"), 64);
908 if (db_user[0] == '\0')
909 sl_strlcpy(db_user, _("samhain"), 64);
910
911 if (db_host[0] != '\0' && NULL != strchr(db_host, '.'))
912 {
913 sl_snprintf(p, 255, "hostaddr=%s ", db_host);
914 p = &conninfo[strlen(conninfo)];
915 }
916 if (db_name[0] != '\0')
917 {
918 sl_snprintf(p, 255 - strlen(conninfo), "dbname=%s ", db_name);
919 p = &conninfo[strlen(conninfo)];
920 }
921
922 if (db_user[0] != '\0')
923 {
924 sl_snprintf(p, 255 - strlen(conninfo), "user=%s ", db_user);
925 p = &conninfo[strlen(conninfo)];
926 }
927
928 if (db_password[0] != '\0')
929 {
930 sl_snprintf(p, 255 - strlen(conninfo), "password=%s ", db_password);
931 }
932
933 if (connection_status == S_FALSE)
934 {
935 if (conn)
936 PQfinish(conn);
937 conn = NULL;
938 conn = PQconnectdb(conninfo);
939 }
940 else
941 {
942 if (PQstatus(conn) == CONNECTION_BAD)
943 PQreset(conn);
944 }
945
946 if ((conn == NULL) || (PQstatus(conn) == CONNECTION_BAD))
947 {
948 connection_status = S_FALSE;
949
950 sh_timer.flag_ok = S_FALSE;
951 if (S_TRUE == sh_util_timeout_check(&sh_timer))
952 {
953 goto err_out;
954 }
955 else
956 {
957 if (conn)
958 PQfinish(conn);
959 conn = NULL;
960 SL_RETURN(0, _("sh_database_query"));
961 }
962 }
963 connection_status = S_TRUE;
964
965
[35]966 /* get the unique row index
[1]967 */
[35]968 res = PQexec(conn, _("SELECT NEXTVAL('log_log_index_seq')"));
969 if (PQresultStatus(res) != PGRES_TUPLES_OK)
[1]970 {
971 PQclear(res);
972 goto err_out;
973 }
[35]974
975 *id = atoi (PQgetvalue(res, 0, 0));
[1]976 PQclear(res);
977
[35]978 sl_snprintf(id_param, 32, "%ld", *id);
979 params[0] = id_param;
980
981 /* do the insert
[1]982 */
[35]983 res = PQexecParams(conn, query, 1, NULL, params, NULL, NULL, 1);
984 if (PQresultStatus(res) != PGRES_COMMAND_OK)
[1]985 {
986 PQclear(res);
987 goto err_out;
988 }
[35]989 PQclear(res);
[1]990
991 if (S_FALSE == sh_persistent_dbconn)
992 {
993 if (conn)
994 PQfinish(conn);
995 conn = NULL;
996 connection_status = S_FALSE;
997 }
998 SL_RETURN(0, _("sh_database_query"));
999
1000
1001 err_out:
1002 if (conn)
1003 {
1004 p = PQerrorMessage(conn);
1005 for (i = 0; i < sl_strlen(p); ++i)
1006 if (p[i] == '\n') p[i] = ' ';
1007 }
1008 else
1009 {
1010 p = NULL;
1011 }
1012 sh_error_handle((-1), FIL__, __LINE__, 0, MSG_E_SUBGEN,
1013 (p == NULL ? _("(null)") : p),
1014 _("sh_database_query"));
1015 if (conn)
1016 PQfinish(conn);
1017 conn = NULL;
1018 connection_status = S_FALSE;
1019 SL_RETURN(-1, _("sh_database_query"));
1020}
1021#endif
1022
1023
1024#ifdef WITH_MYSQL
1025
1026#ifdef HAVE_MYSQL_MYSQL_H
1027#include <mysql/mysql.h>
1028#else
1029#include <mysql.h>
1030#endif
1031
1032extern int flag_err_debug;
1033
1034static int connection_status = S_FALSE;
1035
1036void sh_database_reset()
1037{
1038 connection_status = S_FALSE;
1039 return;
1040}
1041
1042static
1043int sh_database_query (char * query, /*@out@*/ long * id)
1044{
1045 int status = 0;
[3]1046 const char * p;
[1]1047 static MYSQL * db_conn = NULL;
1048 static SH_TIMEOUT sh_timer = { 0, 3600, S_TRUE };
1049
1050 SL_ENTER(_("sh_database_query"));
1051
1052 *id = 0;
1053
1054 if (query == NULL)
1055 {
1056 sh_error_handle(SH_ERR_ALL, FIL__, __LINE__, 0, MSG_E_SUBGEN,
1057 _("NULL query"),
1058 _("sh_database_query"));
1059 SL_RETURN(0, _("sh_database_query"));
1060 }
1061
1062 if (db_host[0] == '\0')
1063 (void) sl_strlcpy(db_host, _("localhost"), 64);
1064 if (db_name[0] == '\0')
1065 (void) sl_strlcpy(db_name, _("samhain"), 64);
1066 if (db_user[0] == '\0')
1067 (void) sl_strlcpy(db_user, _("samhain"), 64);
1068
1069 if ((db_conn == NULL) || (connection_status == S_FALSE))
1070 {
1071 if (db_conn)
1072 {
1073 mysql_close(db_conn);
1074 db_conn = NULL;
1075 }
1076 connection_status = S_FALSE;
1077
1078 db_conn = mysql_init(NULL);
1079 if (NULL == db_conn)
1080 {
1081 p = NULL; status = 0;
1082 sh_timer.flag_ok = S_FALSE;
1083 if (S_TRUE == sh_util_timeout_check(&sh_timer))
1084 {
1085 goto alt_out;
1086 }
1087 else
1088 {
1089 SL_RETURN(0, _("sh_database_query"));
1090 }
1091 }
1092
[18]1093 /* Read in defaults from /etc/my.cnf and associated files,
1094 * suggested by arjones at simultan dyndns org
1095 * see: - http://dev.mysql.com/doc/refman/5.0/en/option-files.html
1096 * for the my.cnf format,
1097 * - http://dev.mysql.com/doc/refman/5.0/en/mysql-options.html
1098 * for possible options
1099 * We don't check the return value because it's useless (failure due
1100 * to lack of access permission is not reported).
1101 */
[97]1102#if !defined(__x86_64__)
1103 /*
1104 * libmysql segfaults on x86-64 if this is used
1105 */
[18]1106 mysql_options(db_conn, MYSQL_READ_DEFAULT_GROUP, _("samhain"));
[97]1107#endif
[18]1108
[1]1109 status = 0;
1110
1111 if (NULL == mysql_real_connect(db_conn,
1112 db_host[0] == '\0' ? NULL : db_host,
1113 db_user[0] == '\0' ? NULL : db_user,
1114 db_password[0] == '\0' ? NULL : db_password,
1115 db_name[0] == '\0' ? NULL : db_name,
1116 0, NULL, 0))
1117 {
1118 sh_timer.flag_ok = S_FALSE;
1119 if (S_TRUE == sh_util_timeout_check(&sh_timer))
1120 {
1121 goto err_out;
1122 }
1123 else
1124 {
1125 SL_RETURN(0, _("sh_database_query"));
1126 }
1127 }
1128 connection_status = S_TRUE;
1129 }
1130 else
1131 {
1132 if (0 != mysql_ping(db_conn))
1133 {
1134 connection_status = S_FALSE;
1135 sh_timer.flag_ok = S_FALSE;
1136 if (S_TRUE == sh_util_timeout_check(&sh_timer))
1137 {
1138 goto err_out;
1139 }
1140 else
1141 {
1142 SL_RETURN(0, _("sh_database_query"));
1143 }
1144 }
1145 }
1146
1147 if (0 != mysql_query(db_conn, query))
1148 {
1149 goto err_out;
1150 }
1151
1152 if (flag_err_debug == SL_TRUE)
1153 {
1154 p = mysql_info (db_conn);
1155 if (p != NULL)
1156 {
1157 sh_error_handle(SH_ERR_ALL, FIL__, __LINE__, 0, MSG_E_SUBGEN,
1158 p,
1159 _("sh_database_query"));
1160 }
1161 }
1162
1163 *id = (long) mysql_insert_id(db_conn);
1164 if (S_FALSE == sh_persistent_dbconn)
1165 {
1166 if (db_conn)
1167 mysql_close(db_conn);
1168 db_conn = NULL;
1169 connection_status = S_FALSE;
1170 }
1171 SL_RETURN(0, _("sh_database_query"));
1172
1173 err_out:
1174
1175 if (db_conn)
1176 {
1177 p = mysql_error (db_conn);
1178 status = (int) mysql_errno (db_conn);
1179 }
1180 else
1181 {
1182 p = NULL; p = 0;
1183 }
1184
1185 alt_out:
1186
1187 *id = 0;
1188 sh_error_handle((-1), FIL__, __LINE__, status, MSG_E_SUBGEN,
1189 (p == NULL ? _("(null)") : p),
1190 _("sh_database_query"));
1191 if (db_conn)
1192 mysql_close(db_conn);
1193 db_conn = NULL;
1194 connection_status = S_FALSE;
1195 SL_RETURN(status, _("sh_database_query"));
1196}
1197#endif
1198
1199static
1200char * null_or_val (char * end, char * val, int * size, int flag)
1201{
1202 long len;
1203
[76]1204 if (!((end == NULL) || (val == NULL) || (size == NULL)))
[1]1205 {
[76]1206 if (val[0] != '\0')
[1]1207 {
[76]1208 if (*size > 1)
1209 {
1210 *end = ','; ++end; (*size) -= 1;
1211 if (flag == 1) { *end = '\''; ++end; (*size) -= 1; }
1212 *end = '\0';
1213 }
1214 len = (long) strlen(val);
1215 if ((long) *size > (len+1))
1216 {
1217 (void) sl_strlcat(end, val, (size_t) *size);
1218 end += len; (*size) -= len;
1219 if (flag == 1) { *end = '\''; ++end; (*size) -= 1; }
1220 *end = '\0';
1221 }
[1]1222 }
1223 }
[76]1224
[1]1225 return end;
1226}
1227
1228#define SH_QUERY_MAX 16383
1229
1230static
1231long sh_database_entry (dbins * db_entry, long id)
1232{
1233 /* This does not need to be re-entrant
1234 */
1235 char * query;
1236 static char columns[1024];
1237 char * values;
1238
1239 int status;
1240 long the_id;
1241 int size;
1242 char * end;
1243 int c_size;
1244 char * c_end;
1245 char * p;
1246 int i;
1247 char num[64];
1248
1249 md5Param crc;
1250 unsigned char md5buffer[16];
1251 char md5out[33];
1252 int cnt;
1253
[76]1254 size_t len_val;
1255 size_t len_col;
1256
[1]1257 SL_ENTER(_("sh_database_entry"));
1258
1259 query = SH_ALLOC(SH_QUERY_MAX+1);
1260 values = SH_ALLOC(SH_QUERY_MAX+1);
1261
1262 (void) md5Reset(&crc);
1263
1264 if (db_entry->host[0] == '\0')
1265 {
1266 if (sh.host.name[0] == '\0')
1267 (void) strcpy (db_entry->host, _("localhost")); /* known to fit */
1268 else
1269 (void) sl_strlcpy (db_entry->host, sh.host.name, 64);
1270 }
1271
1272 /*@-bufferoverflowhigh@*/
1273 if (id >= 0)
1274 sprintf(num, "%ld", id); /* known to fit */
1275 /*@+bufferoverflowhigh@*/
1276
[35]1277#if defined(WITH_ORACLE)
[1]1278 /* Oracle needs some help for the time format (fix by Michael Somers)
1279 */
1280 (void)
1281 sl_snprintf (values, SH_QUERY_MAX,
[68]1282 _("(:1,%s,%c%s%c,to_date(%c%s%c,'YYYY-MM-DD HH24:MI:SS'),%c%s%c,%c%s%c"),
[1]1283 id >= 0 ? num : _("NULL"),
1284 '\'', db_entry->host,'\'',
1285 '\'', db_entry->time,'\'',
1286 '\'', db_entry->sev, '\'',
1287 '\'',
1288 (db_entry->msg[0] == '\0' ? _("NULL") : db_entry->msg),
1289 '\'');
[35]1290 (void) sl_snprintf (columns, 1023,
[68]1291 _("(log_index,log_ref,log_host,log_time,log_sev,log_msg"));
[35]1292#elif defined(WITH_POSTGRES)
1293 /* Prepare query for PQexecParams
1294 */
1295 (void)
1296 sl_snprintf (values, SH_QUERY_MAX,
1297 _("($1,%s,%c%s%c,%c%s%c,%c%s%c,%c%s%c"),
1298 id >= 0 ? num : _("NULL"),
1299 '\'', db_entry->host,'\'',
1300 '\'', db_entry->time,'\'',
1301 '\'', db_entry->sev, '\'',
1302 '\'',
1303 (db_entry->msg[0] == '\0' ? _("NULL") : db_entry->msg),
1304 '\'');
1305 (void) sl_snprintf (columns, 1023,
1306 _("(log_index,log_ref,log_host,log_time,log_sev,log_msg"));
[1]1307#else
1308 (void)
1309 sl_snprintf (values, SH_QUERY_MAX, _("(%s,%c%s%c,%c%s%c,%c%s%c,%c%s%c"),
1310 id >= 0 ? num : _("NULL"),
1311 '\'', db_entry->host,'\'',
1312 '\'', db_entry->time,'\'',
1313 '\'', db_entry->sev, '\'',
1314 '\'',
1315 (db_entry->msg[0] == '\0' ? _("NULL") : db_entry->msg),
1316 '\'');
1317 (void) sl_snprintf (columns, 1023,
1318 _("(log_ref,log_host,log_time,log_sev,log_msg"));
[35]1319#endif
[1]1320
[35]1321
[1]1322 /*@-type@*//* byte* versus char[..] */
1323 if (attr_tab[0].inHash == 1)
1324 (void) md5Update(&crc, (sh_byte*) db_entry->sev,
1325 (int) strlen(db_entry->sev));
1326 if (attr_tab[1].inHash == 1)
1327 (void) md5Update(&crc, (sh_byte*) db_entry->time,
1328 (int) strlen(db_entry->time));
1329 if (attr_tab[2].inHash == 1)
1330 (void) md5Update(&crc, (sh_byte*) db_entry->host,
1331 (int) strlen(db_entry->host));
1332 if (attr_tab[3].inHash == 1 && db_entry->msg[0] != '\0')
1333 (void) md5Update(&crc, (sh_byte*) db_entry->msg,
1334 (int) strlen(db_entry->sev));
1335 /*@+type@*/
1336
[76]1337 len_val = strlen(values);
1338 size = (int) (SH_QUERY_MAX - len_val);
1339 end = values + len_val;
[1]1340
[76]1341 len_col = strlen(columns);
1342 c_size = 1023 - (int) len_col; /* sizeof(colums) == 1024 */
1343 c_end = columns + len_col;
1344
[1]1345 i = 4;
1346
1347 while (attr_tab[i].attr != NULL)
1348 {
1349 if (attr_tab[i].size != 0)
1350 {
1351 if (attr_tab[i].val > 40 && attr_tab[i].val < 47)
1352 {
1353 /* remove the 'T' between date and time
1354 */
1355 p = (char *)(db_entry)+attr_tab[i].off;
1356 p = strchr(p, 'T');
1357 if (p) *p = ' ';
1358 }
1359 p = end;
1360 end = null_or_val(end,((char *)(db_entry)+attr_tab[i].off),&size,1);
1361 if (p != end)
1362 {
[76]1363 if ((attr_tab[i].val != SH_SLOT_HOST) &&
1364 (attr_tab[i].val != SH_SLOT_GROUP))
1365 {
1366 c_end = null_or_val (c_end, attr_tab[i].attr, &c_size,0);
1367 }
[1]1368 else
[76]1369 {
1370 /*
1371 * 'host' is a reserved word in SQL
1372 */
1373 if (attr_tab[i].val == SH_SLOT_HOST)
1374 c_end = null_or_val (c_end, _("fromhost"), &c_size,0);
1375 /*
1376 * 'group' is a reserved word in SQL
1377 */
1378 else /* if (attr_tab[i].val == SH_SLOT_GROUP) */
1379 c_end = null_or_val (c_end, _("grp"), &c_size,0);
1380 }
[1]1381 }
1382 /*@-type@*//* byte* versus char[..] */
1383 if (attr_tab[i].inHash == 1 &&
1384 ((char *)(db_entry)+attr_tab[i].off) != '\0')
1385 {
1386 (void)md5Update(&crc,
1387 (sh_byte*) ((char *)(db_entry)+attr_tab[i].off),
1388 (int)strlen((char *)(db_entry)+attr_tab[i].off));
1389 }
1390 /*@+type@*/
1391 }
1392 else if (attr_tab[i].val >= START_SEC_LONGS &&
1393 attr_tab[i].val <= END_SEC_LONGS)
1394 {
1395 (void)
1396 sl_snprintf(end, (size_t)(size-1), _(",\'%ld\'"),
1397 db_entry->long_data[attr_tab[i].val-START_SEC_LONGS]);
1398 while (*end != '\0') { ++end; --size; }
1399 (void) sl_snprintf(c_end, (size_t)(c_size-1),
1400 _(",%s"), attr_tab[i].attr);
1401 while (*c_end != '\0') { ++c_end; --c_size; }
1402 if (attr_tab[i].inHash == 1)
1403 {
1404 /*@-type@*//* byte* versus char[..] */
1405 (void)
1406 md5Update(&crc,
1407 (sh_byte *) db_entry->long_data[attr_tab[i].val-START_SEC_LONGS],
1408 sizeof(long));
1409 /*@+type@*/
1410 }
1411 }
1412
1413 ++i;
1414 }
1415
1416 (void) md5Digest(&crc, (uint32 *) md5buffer);
1417 /*@-bufferoverflowhigh -usedef@*/
1418 for (cnt = 0; cnt < 16; ++cnt)
1419 sprintf (&md5out[cnt*2], _("%02X"), /* known to fit */
1420 (unsigned int) md5buffer[cnt]);
1421 /*@+bufferoverflowhigh +usedef@*/
1422 md5out[32] = '\0';
1423
1424 (void) sl_snprintf(end, (size_t) (size-1), _(",%c%s%c"), '\'', md5out, '\'');
1425 while (*end != '\0') { ++end; --size; }
1426 (void) sl_snprintf(c_end, (size_t) (c_size-1),_(",log_hash"));
1427 while (*c_end != '\0') { ++c_end; --c_size; }
1428
1429
1430 if (size > 1) { *end = ')'; ++end; *end = '\0'; }
1431 if (c_size > 1) { *c_end = ')'; ++c_end; *c_end = '\0'; }
1432
1433 if (db_table[0] == '\0')
1434 (void) sl_strlcpy(db_table, _("log"), 64);
1435
1436 (void) sl_snprintf (query, SH_QUERY_MAX,
1437 _("INSERT INTO %s %s VALUES %s"),
1438 db_table, columns, values);
1439
1440 status = sh_database_query (query, &the_id);
1441
1442 /*@-usedef@*//* no, 'values' is allocated here */
1443 SH_FREE(values);
1444 /*@+usedef@*/
1445 SH_FREE(query);
1446
1447 SL_RETURN(the_id, _("sh_database_entry"));
1448}
1449
[12]1450static int sh_database_comp_attr (const void *m1, const void *m2)
1451{
1452 my_attr *mi1 = (my_attr *) m1;
1453 my_attr *mi2 = (my_attr *) m2;
1454 return strcmp(mi1->attr, mi2->attr);
1455}
[1]1456
[12]1457
[1]1458static void init_attr_table()
1459{
1460 static int first = S_TRUE;
[12]1461 int i, j;
[1]1462
1463#ifdef SH_STEALTH
[54]1464 int k;
[1]1465
[12]1466 if (first == S_FALSE)
1467 return;
1468
1469 i = 0;
1470 while (attr_tab[i].attr_o != NULL)
[1]1471 {
[12]1472 j = strlen(attr_tab[i].attr_o);
1473 attr_tab[i].attr = malloc (j+1); /* only once */
1474 if (NULL == attr_tab[i].attr)
[13]1475 return;
[12]1476 for (k = 0; k < j; ++k)
1477 attr_tab[i].attr[k] = attr_tab[i].attr_o[k] ^ XOR_CODE;
1478 attr_tab[i].attr[j] = '\0';
1479 attr_tab[i].alen = strlen(attr_tab[i].attr_o);
1480 ++i;
[1]1481 }
[12]1482 first = S_FALSE;
1483
[1]1484#else
[12]1485
[54]1486 if (first == S_FALSE)
1487 return;
1488
[12]1489 i = 0;
1490 while (attr_tab[i].attr_o != NULL)
[1]1491 {
[12]1492 attr_tab[i].attr = attr_tab[i].attr_o;
1493 attr_tab[i].alen = strlen(attr_tab[i].attr_o);
1494 ++i;
[1]1495 }
[12]1496 first = S_FALSE;
1497
[1]1498#endif
[12]1499
1500 /* create a sorted table for binary search
1501 */
1502 attr_tab_srch = SH_ALLOC(i * sizeof(my_attr));
1503 for (j=0; j<i; ++j)
1504 memcpy(&attr_tab_srch[j], &attr_tab[j], sizeof(my_attr));
1505 qsort(attr_tab_srch, i, sizeof(my_attr), sh_database_comp_attr);
1506 attr_tab_srch_siz = i;
1507
[1]1508 return;
1509}
1510
[22]1511int sh_database_add_to_hash (const char * str)
[1]1512{
1513 int i;
1514
1515 if (!str)
1516 return -1;
1517 init_attr_table();
1518 if (0 == strcmp(str, _("log_msg"))) { attr_tab[3].inHash = 1; return 0;}
1519 if (0 == strcmp(str, _("log_sev"))) { attr_tab[0].inHash = 1; return 0;}
1520 if (0 == strcmp(str, _("log_time"))) { attr_tab[1].inHash = 1; return 0;}
1521 if (0 == strcmp(str, _("log_host"))) { attr_tab[2].inHash = 1; return 0;}
1522 i = 4;
1523 while (attr_tab[i].attr != NULL)
1524 {
1525 if (0 == strcmp(str, attr_tab[i].attr))
1526 { attr_tab[i].inHash = 1; return 0; }
1527 ++i;
1528 }
1529 return -1;
1530}
1531
[116]1532static int is_escaped(char * p_in) {
[1]1533
1534 int escp = 0;
1535 int retv = S_TRUE;
[68]1536 unsigned char * p = (unsigned char *) p_in;
[1]1537
[76]1538 if (*p != '\0')
[1]1539 {
[76]1540 do
[1]1541 {
[81]1542 if (*p <= 126 && *p >= 32)
[76]1543 {
1544 if (escp == 0)
1545 {
[81]1546 if (!((*p == '\'') || (*p == '\"') || (*p == '\\')))
[76]1547 /* do nothing */;
[81]1548 else if (*p == '\\')
[116]1549 {
1550#ifndef WITH_MYSQL
1551 if (p[1] == '\'')
1552 {
1553 *p = '\'';
1554 }
1555#endif
1556 escp = 1;
1557 }
[81]1558 else
1559 retv = S_FALSE; /* (*p == '\'' || *p == '\"') */
[76]1560 }
1561 else /* escp == 1 */
1562 {
1563 escp = 0;
1564 }
1565 }
[81]1566 else /* *p > 126 || *p < 32 */
[76]1567 {
1568 retv = S_FALSE;
1569 }
1570
1571 ++p;
1572
1573 }
1574 while (*p != '\0');
[1]1575 }
[76]1576
1577 if (escp == 0)
1578 return retv;
1579 else
1580 return S_FALSE;
[1]1581}
1582
1583/* this is not a real XML parser, but it copes with the XML format of
1584 * the log messages provided by sh_error_handle()
1585 */
1586static
1587char * sh_database_parse (char * message, dbins * db_entry)
1588{
1589 static int first = S_TRUE;
1590 char * p;
1591 char * q;
1592 char * z;
1593 dbins * new;
1594 int i;
1595 size_t j;
[12]1596 my_attr * res;
1597 my_attr key;
1598 char key_str[64];
[1]1599
1600 SL_ENTER(_("sh_database_parse"));
1601
1602 if (!message || *message == '\0')
1603 SL_RETURN (NULL, _("sh_database_parse"));
1604
1605 if (first == S_TRUE)
1606 {
1607 init_attr_table();
1608 first = S_FALSE;
1609 }
1610
1611 p = strchr (message, '<');
1612 if (!p)
1613 SL_RETURN (NULL, _("sh_database_parse"));
1614
[76]1615 while ((*p != '\0') && (*p != '>'))
[1]1616 {
1617 if (p[0] == 'l' && p[1] == 'o' && p[2] == 'g' &&
1618 (p[3] == ' ' || p[3] == '>'))
1619 {
1620 p = &p[4];
1621 goto parse;
1622 }
[12]1623 else if (p[0] == '/' && p[1] == '>')
1624 SL_RETURN (&p[2], _("sh_database_parse"));
1625 else if (p[0] == '/' && p[1] == 'l' && p[2] == 'o' &&
1626 p[3] == 'g' && p[4] == '>')
1627 SL_RETURN (&p[5], _("sh_database_parse"));
[1]1628 ++p;
1629 }
1630 SL_RETURN(NULL, _("sh_database_parse"));
1631
1632 parse:
1633
[13]1634 while (*p == ' ' || *p == '>')
[1]1635 ++p;
1636
[13]1637 if (*p == '\0')
[1]1638 SL_RETURN(NULL, _("sh_database_parse"));
1639
[12]1640 if (*p != '<' && *p != '/')
1641 goto par2;
1642
[1]1643 if (p[0] == '<' && p[1] == 'l' &&
1644 p[2] == 'o' && p[3] == 'g')
1645 {
[40]1646 /*
1647 * recursive call
1648 */
[1]1649 new = SH_ALLOC(sizeof(dbins));
1650 init_db_entry(new);
1651 db_entry->next = new;
1652 p = sh_database_parse (p, new);
1653 }
1654
1655 if (p[0] == '/' && p[1] == '>')
1656 SL_RETURN (&p[1], _("sh_database_parse"));
1657
1658 if (p[0] == '<' && p[1] == '/' && p[2] == 'l' &&
1659 p[3] == 'o' && p[4] == 'g' && p[5] == '>')
1660 SL_RETURN (&p[5], _("sh_database_parse"));
1661
[12]1662 par2:
[1]1663
1664 /* non-whitespace
1665 */
[12]1666 for (i=0; i < 64; ++i)
[1]1667 {
[76]1668 if (p[i] != '=')
[1]1669 {
[76]1670 key_str[i] = p[i];
1671 }
1672 else
1673 {
[12]1674 key_str[i] = '\0';
1675 break;
1676 }
1677 }
1678 key_str[63] = '\0';
1679 key.attr = &key_str[0];
1680
1681 res = bsearch(&key, attr_tab_srch, attr_tab_srch_siz,
1682 sizeof(my_attr), sh_database_comp_attr);
1683
1684 if (res != NULL)
1685 {
1686 j = res->alen; /* strlen(attr_tab[i].attr); */
1687 if (p[j] == '=' && p[j+1] == '"')
1688 {
[1]1689 q = strchr(&p[j+2], '"');
[76]1690 if (q)
[1]1691 {
1692 *q = '\0';
1693
[76]1694 if (S_TRUE == is_escaped(&p[j+2])) {
1695
1696 if (res->val == 1)
1697 (void) sl_strlcpy(db_entry->sev, &p[j+2],
1698 (size_t)res->size);
1699 else if (res->val == 2)
1700 {
1701 z = strchr(&p[j+2], 'T');
1702 if (z) *z = ' ';
1703 (void) sl_strlcpy(db_entry->time, &p[j+2], 20);
1704 }
1705 else if (res->val == 3)
1706 (void) sl_strlcpy(db_entry->host, &p[j+2],
1707 (size_t) res->size);
1708 else if (res->val == 4)
1709 (void) sl_strlcpy(db_entry->msg, &p[j+2],
1710 (size_t) res->size);
1711 else if (res->size != 0)
1712 {
1713 (void) sl_strlcpy( (((char *)(db_entry))+ res->off),
1714 &p[j+2],
1715 (size_t) res->size);
1716 }
1717 else if (res->val >= START_SEC_LONGS)
1718 {
1719 db_entry->long_data[res->val-START_SEC_LONGS]
1720 = atol(&p[j+2]);
1721 }
1722
1723 *q = '"';
1724 p = q;
1725 ++p;
1726
1727 goto parse;
1728 }
1729 else { /* S_FALSE == is_escaped(&p[j+2]) */
[3]1730 sh_error_handle((-1), FIL__, __LINE__, 0, MSG_E_SUBGEN,
1731 _("Message not properly escaped"),
1732 _("sh_database_parse"));
[1]1733 SL_RETURN(NULL, _("sh_database_parse"));
1734 }
1735 }
[76]1736 else /* q == NULL */
1737 {
1738 SL_RETURN(NULL, _("sh_database_parse"));
1739 }
[1]1740 }
1741 }
1742
1743 /* unknown attribute, skip
1744 */
1745 while ((p != NULL) && (*p != '\0') && (*p != ' '))
1746 ++p;
1747
1748 goto parse;
1749}
1750
1751static int enter_wrapper = 1;
1752
[22]1753int set_enter_wrapper (const char * str)
[1]1754{
1755 return sh_util_flagval(str, &enter_wrapper);
1756}
1757
[27]1758/* recursively enter linked list of messages into database, last first
1759 */
[35]1760long sh_database_insert_rec (dbins * curr, int depth)
[1]1761{
[35]1762 unsigned long id = 0;
[1]1763 dbins * prev;
1764
[27]1765 SL_ENTER(_("sh_database_insert_rec"));
[1]1766
1767 if (curr->next)
1768 {
1769 prev = curr->next;
[27]1770 sl_strlcpy(prev->host, curr->host, 64);
1771 id = sh_database_insert_rec (curr->next, (depth + 1));
[1]1772 }
1773
1774 if (id != 0) /* this is a server wrapper */
1775 {
1776 if (enter_wrapper != 0)
[27]1777 {
1778 id = sh_database_entry (curr, id);
1779 }
[1]1780 }
[27]1781 else
[1]1782 {
[27]1783 /*
1784 * id = -1 is the client message; log_ref will be NULL
1785 */
1786 if (depth > 0) /* this is a client message */
1787 id = sh_database_entry (curr, -1);
1788 else /* this is a generic server message */
1789 id = sh_database_entry (curr, 0);
[1]1790 }
[27]1791
[1]1792 SH_FREE(curr);
1793
[35]1794 SL_RETURN(id, _("sh_database_insert_rec"));
[27]1795}
1796
1797int sh_database_insert (char * message)
1798{
1799 dbins * db_entry;
1800
1801 SL_ENTER(_("sh_database_insert"));
1802
1803 db_entry = SH_ALLOC(sizeof(dbins));
1804 init_db_entry(db_entry);
1805
1806 /* recursively parse the message into a linked list
1807 */
1808 (void) sh_database_parse (message, db_entry);
1809
1810 /* recursively enter the linked list into the database
1811 */
1812 (void) sh_database_insert_rec (db_entry, 0);
1813
[1]1814 SL_RETURN(0, _("sh_database_insert"));
1815}
1816
1817#endif
Note: See TracBrowser for help on using the repository browser.