source: trunk/src/sh_database.c@ 33

Last change on this file since 33 was 30, checked in by rainer, 19 years ago

Release candidate 3 for version 2.2.0
File size: 46.2 KB
RevLine 
[1]1/* SAMHAIN file system integrity testing */
2/* Copyright (C) 2001 Rainer Wichmann */
3/* */
4/* This program is free software; you can redistribute it */
5/* and/or modify */
6/* it under the terms of the GNU General Public License as */
7/* published by */
8/* the Free Software Foundation; either version 2 of the License, or */
9/* (at your option) any later version. */
10/* */
11/* This program is distributed in the hope that it will be useful, */
12/* but WITHOUT ANY WARRANTY; without even the implied warranty of */
13/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */
14/* GNU General Public License for more details. */
15/* */
16/* You should have received a copy of the GNU General Public License */
17/* along with this program; if not, write to the Free Software */
18/* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */
19
20#include "config_xor.h"
21
22#include <stdio.h>
23#include <stdlib.h>
24#include <stdarg.h>
25#include <stddef.h>
26#include <string.h>
27#include <ctype.h>
28#include <sys/types.h>
29
30#ifdef WITH_DATABASE
31
32/* define this if you want to debug the Oracle database support */
33/* #define DB_DEBUG */
34
[11]35#define SH_REAL_SET
36
[1]37#include "samhain.h"
38
39#include "sh_cat.h"
40#include "sh_error.h"
41#include "sh_utils.h"
42
43#undef FIL__
44#define FIL__ _("sh_database.c")
45
46typedef struct my_attr_
47{
48 char * attr;
49 char * attr_o;
50 int inHash;
51 int val;
52 int size;
[12]53 int alen;
[1]54 size_t off;
55} my_attr;
56
57typedef struct dbins_ {
58 struct dbins_ * next;
59 char host[64];
60 char time[20];
61 char msg[1024];
62 char sev[8];
63 char path[12288];
64 char user[9];
65 char group[9];
66 char program[8];
67 char subroutine[16];
68 char status[12];
69 char hash[50];
70 char path_data[1024];
71 char hash_data[50];
72 char key_uid[64];
73 char key_uid_data[64];
74 char key_id[16];
75 char module[8];
76 char syscall[16];
77 char ip[16];
78 char tty[16];
79 char peer[64];
80 char fromhost[64];
81 char obj[1024];
82 char interface[64];
83 char ltime[64];
84 char dir[1024];
85 char linked_path[1024];
86 char service[64];
87 char facility[32];
88 char priority[32];
89 char syslog_msg[1024];
90
91 char mode_old[16];
92 char mode_new[16];
93 char attr_old[16];
94 char attr_new[16];
95 char device_old[16];
96 char device_new[16];
97 char owner_old[9];
98 char owner_new[9];
99 char group_old[9];
100 char group_new[9];
101 char ctime_old[20];
102 char ctime_new[20];
103 char atime_old[20];
104 char atime_new[20];
105 char mtime_old[20];
106 char mtime_new[20];
107 char chksum_old[50];
108 char chksum_new[50];
109 char link_old[1024];
110 char link_new[1024];
111
112 long long_data[20];
113
114 /*
115 long size_old;
116 long size_new;
117 long hardlinks_old;
118 long hardlinks_new;
119 long inode_old;
120 long inode_new;
121 */
122
123} dbins;
124
[12]125static my_attr * attr_tab_srch = NULL;
126static int attr_tab_srch_siz = 0;
127
[1]128static my_attr attr_tab[] = {
[12]129 { NULL, N_("sev"), 0, 1, 8, 0, offsetof(struct dbins_, sev) },
130 { NULL, N_("tstamp"), 0, 2, 16, 0, offsetof(struct dbins_, time) },
131 { NULL, N_("remote_host"), 0, 3, 64, 0, offsetof(struct dbins_, host) },
132 { NULL, N_("msg"), 0, 4, 1024, 0, offsetof(struct dbins_, msg) },
[1]133
[12]134 { NULL, N_("path"), 0, 5,12288, 0, offsetof(struct dbins_, path) },
[1]135 /* username -> userid; replace (long) 'userid' - below - by 'dummy' */
[12]136 { NULL, N_("userid"), 0, 6, 9, 0, offsetof(struct dbins_, user) },
137 { NULL, N_("group"), 0, 7, 9, 0, offsetof(struct dbins_, group) },
138 { NULL, N_("program"), 0, 8, 8, 0, offsetof(struct dbins_, program) },
139 { NULL, N_("subroutine"), 0, 9, 16, 0, offsetof(struct dbins_, subroutine)},
140 { NULL, N_("status"), 0, 10, 12, 0, offsetof(struct dbins_, status) },
141 { NULL, N_("hash"), 0, 11, 50, 0, offsetof(struct dbins_, hash) },
142 { NULL, N_("path_data"), 0, 12, 1024, 0, offsetof(struct dbins_, path_data) },
143 { NULL, N_("hash_data"), 0, 13, 50, 0, offsetof(struct dbins_, hash_data) },
144 { NULL, N_("key_uid"), 0, 14, 64, 0, offsetof(struct dbins_, key_uid) },
145 { NULL, N_("key_uid_data"),0, 15, 64, 0, offsetof(struct dbins_, key_uid_data)},
146 { NULL, N_("key_id"), 0, 16, 16, 0, offsetof(struct dbins_, key_id) },
147 { NULL, N_("module"), 0, 17, 8, 0, offsetof(struct dbins_, module) },
148 { NULL, N_("syscall"), 0, 19, 16, 0, offsetof(struct dbins_, syscall) },
149 { NULL, N_("ip"), 0, 20, 16, 0, offsetof(struct dbins_, ip) },
150 { NULL, N_("tty"), 0, 21, 16, 0, offsetof(struct dbins_, tty) },
151 { NULL, N_("peer"), 0, 22, 64, 0, offsetof(struct dbins_, peer) },
152 { NULL, N_("obj"), 0, 23, 1024, 0, offsetof(struct dbins_, obj) },
153 { NULL, N_("interface"), 0, 24, 64, 0, offsetof(struct dbins_, interface)},
154 { NULL, N_("time"), 0, 25, 64, 0, offsetof(struct dbins_, ltime) },
155 { NULL, N_("dir"), 0, 26, 1024, 0, offsetof(struct dbins_, dir) },
156 { NULL, N_("linked_path"), 0, 27, 1024, 0, offsetof(struct dbins_, linked_path)},
157 { NULL, N_("service"), 0, 29, 64, 0, offsetof(struct dbins_, service)},
158 { NULL, N_("facility"), 0, 30, 32, 0, offsetof(struct dbins_, facility) },
159 { NULL, N_("priority"), 0, 31, 32, 0, offsetof(struct dbins_, priority) },
160 { NULL, N_("syslog_msg"), 0, 32, 1024, 0, offsetof(struct dbins_, syslog_msg) },
[1]161
[12]162 { NULL, N_("mode_old"), 0, 33, 16, 0, offsetof(struct dbins_, mode_old) },
163 { NULL, N_("mode_new"), 0, 34, 16, 0, offsetof(struct dbins_, mode_new) },
164 { NULL, N_("device_old"), 0, 35, 16, 0, offsetof(struct dbins_, device_old)},
165 { NULL, N_("device_new"), 0, 36, 16, 0, offsetof(struct dbins_, device_new)},
166 { NULL, N_("owner_old"), 0, 37, 9, 0, offsetof(struct dbins_, owner_old)},
167 { NULL, N_("owner_new"), 0, 38, 9, 0, offsetof(struct dbins_, owner_new)},
168 { NULL, N_("group_old"), 0, 39, 9, 0, offsetof(struct dbins_, group_old)},
169 { NULL, N_("group_new"), 0, 40, 9, 0, offsetof(struct dbins_, group_new)},
170 { NULL, N_("ctime_old"), 0, 41, 20, 0, offsetof(struct dbins_, ctime_old)},
171 { NULL, N_("ctime_new"), 0, 42, 20, 0, offsetof(struct dbins_, ctime_new)},
172 { NULL, N_("atime_old"), 0, 43, 20, 0, offsetof(struct dbins_, atime_old)},
173 { NULL, N_("atime_new"), 0, 44, 20, 0, offsetof(struct dbins_, atime_new)},
174 { NULL, N_("mtime_old"), 0, 45, 20, 0, offsetof(struct dbins_, mtime_old)},
175 { NULL, N_("mtime_new"), 0, 46, 20, 0, offsetof(struct dbins_, mtime_new)},
176 { NULL, N_("chksum_old"), 0, 47, 50, 0, offsetof(struct dbins_, chksum_old)},
177 { NULL, N_("chksum_new"), 0, 48, 50, 0, offsetof(struct dbins_, chksum_new)},
178 { NULL, N_("link_old"), 0, 49, 1024, 0, offsetof(struct dbins_, link_old)},
179 { NULL, N_("link_new"), 0, 50, 1024, 0, offsetof(struct dbins_, link_new)},
180
181 { NULL, N_("size_old"), 0, 51, 0, 0, 0 },
182 { NULL, N_("size_new"), 0, 52, 0, 0, 0 },
183 { NULL, N_("hardlinks_old"),0, 53, 0, 0, 0 },
184 { NULL, N_("hardlinks_new"),0, 54, 0, 0, 0 },
185 { NULL, N_("inode_old"), 0, 55, 0, 0, 0 },
186 { NULL, N_("inode_new"), 0, 56, 0, 0, 0 },
187
188 { NULL, N_("imode_old"), 0, 57, 0, 0, 0 },
189 { NULL, N_("imode_new"), 0, 58, 0, 0, 0 },
190 { NULL, N_("iattr_old"), 0, 59, 0, 0, 0 },
191 { NULL, N_("iattr_new"), 0, 60, 0, 0, 0 },
192 { NULL, N_("idevice_old"), 0, 61, 0, 0, 0 },
193 { NULL, N_("idevice_new"), 0, 62, 0, 0, 0 },
194 { NULL, N_("iowner_old"), 0, 63, 0, 0, 0 },
195 { NULL, N_("iowner_new"), 0, 64, 0, 0, 0 },
196 { NULL, N_("igroup_old"), 0, 65, 0, 0, 0 },
197 { NULL, N_("igroup_new"), 0, 66, 0, 0, 0 },
[1]198
[12]199 { NULL, N_("port"), 0, 67, 0, 0, 0 },
200 { NULL, N_("return_code"), 0, 68, 0, 0, 0 },
[1]201 /* { NULL, N_("userid"), 0, 69, 0, 0 }, old 'userid', 1.8.1 */
202
[12]203 { NULL, N_("host"), 0, 70, 64, 0, offsetof(struct dbins_, fromhost)},
204 { NULL, N_("attr_old"), 0, 71, 16, 0, offsetof(struct dbins_, attr_old)},
205 { NULL, N_("attr_new"), 0, 72, 16, 0, offsetof(struct dbins_, attr_new)},
[1]206
[12]207 { NULL, NULL, 0, 0, 0, 0, 0 }
[1]208};
209
210#define SH_SLOT_HOST 70
211#define SH_SLOT_GROUP 7
212#define START_SEC_LONGS 51
213#define END_SEC_LONGS 68
214
215#if defined(HAVE_INT_32)
216typedef unsigned int uint32;
217#elif defined(HAVE_LONG_32)
218typedef unsigned long uint32;
219#elif defined(HAVE_SHORT_32)
220typedef unsigned short uint32;
221#else
222#error No 32 byte type found !
223#endif
224
225typedef unsigned char uint8;
226
[30]227typedef struct md5_ctx
[1]228{
[30]229 uint32 A;
230 uint32 B;
231 uint32 C;
232 uint32 D;
233
234 uint32 total[2];
235 uint32 buflen;
236 char buffer[128];
[1]237} md5Param;
238
239
240typedef unsigned char sh_byte;
241
242
243extern int md5Reset(register md5Param* p);
244extern int md5Update(md5Param* p, const sh_byte* data, int size);
245extern int md5Digest(md5Param* p, uint32* data);
246
247static char db_name[64] = "";
248static char db_table[64] = "";
249static char db_host[64] = "";
250static char db_user[64] = "";
251static char db_password[64] = "";
252
253static int sh_persistent_dbconn = S_TRUE;
254
[22]255int sh_database_use_persistent (const char * str)
[1]256{
257 return sh_util_flagval (str, &sh_persistent_dbconn);
258}
259
[22]260static int insert_value (char * ptr, const char * str)
[1]261{
262 if (!ptr || !str)
263 return -1;
264 if (strlen(str) > 63)
265 return -1;
266 (void) sl_strlcpy(ptr, str, 64);
267 return 0;
268}
269
270static void init_db_entry (dbins * ptr)
271{
272 memset (ptr, (int) '\0', sizeof(dbins));
273 ptr->next = NULL;
274 return;
275}
276
277
[22]278int sh_database_set_database (const char * str)
[1]279{
280 return insert_value (db_name, str);
281}
[22]282int sh_database_set_table (const char * str)
[1]283{
284 return insert_value (db_table, str);
285}
[22]286int sh_database_set_host (const char * str)
[1]287{
288 return insert_value (db_host, str);
289}
[22]290int sh_database_set_user (const char * str)
[1]291{
292 return insert_value (db_user, str);
293}
[22]294int sh_database_set_password (const char * str)
[1]295{
296 return insert_value (db_password, str);
297}
298
299/******************************************************************
300 *
301 * Oracle and unixODBC stuff, only Oracle tested untested
302 *
303 * Based on the code in the snort output plugin (spo_database.c).
304 * Copyright/license statement in spo_database.c:
305 *
306 * Portions Copyright (C) 2000,2001,2002 Carnegie Mellon University
307 * Copyright (C) 2001 Jed Pickel <jed@pickel.net>
308 * Portions Copyright (C) 2001 Andrew R. Baker <andrewb@farm9.com>
309 *
310 * This program is free software; you can redistribute it and/or modify
311 * it under the terms of the GNU General Public License as published by
312 * the Free Software Foundation; either version 2 of the License, or
313 * (at your option) any later version.
314 *
315 * This program is distributed in the hope that it will be useful,
316 * but WITHOUT ANY WARRANTY; without even the implied warranty of
317 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
318 * GNU General Public License for more details.
319 *
320 * You should have received a copy of the GNU General Public License
321 * along with this program; if not, write to the Free Software
322 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
323 *
324 ******************************************************************/
325#ifdef WITH_ODBC
326
327#include <sql.h>
328#include <sqlext.h>
329#include <sqltypes.h>
330
331static SQLHENV u_handle;
332static SQLHDBC u_connection;
333static SQLHSTMT u_statement;
334static SQLINTEGER u_col;
335static SQLINTEGER u_rows;
336
337void sh_database_reset()
338{
339 return;
340}
341
342static
343int sh_database_query (char * query, /*@out@*/ long * id)
344{
345 static int fatal_error = 0;
346 int result = 0;
347 char row_query[128];
348 long result_call;
349
350 SL_ENTER(_("sh_database_query"));
351
352 *id = 0;
353
354 if (fatal_error == 1)
355 {
356 SL_RETURN((-1), _("sh_database_query"));
357 }
358
359 /* Connect
360 */
361 if (db_name[0] == '\0')
362 sl_strlcpy(db_name, _("samhain"), 64);
363
364 if (db_user[0] == '\0')
365 sl_strlcpy(db_user, _("samhain"), 64);
366
367 result_call = SQLAllocEnv(&u_handle);
368 if ((result_call != SQL_SUCCESS) && (result_call != SQL_SUCCESS_WITH_INFO))
369 {
370 sh_error_handle(SH_ERR_NOTICE, FIL__, __LINE__, result_call,
371 MSG_E_SUBGEN,
372 _("Error in SQLAllocEnv when connecting to ODBC data source"),
373 _("sh_database_query"));
374 fatal_error = 1;
375 SL_RETURN((-1), _("sh_database_query"));
376 }
377 result_call = SQLAllocConnect(u_handle, &u_connection);
378 if ((result_call != SQL_SUCCESS) && (result_call != SQL_SUCCESS_WITH_INFO))
379 {
380 sh_error_handle(SH_ERR_NOTICE, FIL__, __LINE__, result_call,
381 MSG_E_SUBGEN,
382 _("Error in SQLAllocEnv when connecting to ODBC data source"),
383 _("sh_database_query"));
384 fatal_error = 1;
385 SL_RETURN((-1), _("sh_database_query"));
386 }
387 result_call = SQLConnect(u_connection, db_name, SQL_NTS,
388 db_user, SQL_NTS, db_password, SQL_NTS);
389 if ((result_call != SQL_SUCCESS) && (result_call != SQL_SUCCESS_WITH_INFO))
390 {
391 sh_error_handle(SH_ERR_NOTICE, FIL__, __LINE__, result_call,
392 MSG_E_SUBGEN,
393 _("Error in SQLAllocEnv when connecting to ODBC data source"),
394 _("sh_database_query"));
395 fatal_error = 1;
396 SL_RETURN((-1), _("sh_database_query"));
397 }
398
399 /* Insert
400 */
401 result_call = SQLAllocStmt(u_connection, &u_statement);
402 if ((result_call == SQL_SUCCESS) || (result_call == SQL_SUCCESS_WITH_INFO))
403 {
404 result_call = SQLPrepare(u_statement, query, SQL_NTS);
405 if ((result_call == SQL_SUCCESS) ||
406 (result_call == SQL_SUCCESS_WITH_INFO))
407 {
408 result_call = SQLExecute(u_statement);
409 if((result_call == SQL_SUCCESS) ||
410 (result_call == SQL_SUCCESS_WITH_INFO))
411 {
412 result = 1;
413 }
414 }
415 }
416
417 if (result == 0)
418 {
419 sh_error_handle(SH_ERR_NOTICE, FIL__, __LINE__, 0, MSG_E_SUBGEN,
420 _("Error inserting into ODBC data source"),
421 _("sh_database_query"));
422 goto odbc_disconnect;
423 }
424
425 /* Select
426 */
427 result = 0;
428
429 sl_strlcpy (row_query, _("SELECT MAX(log_index) FROM "), 128);
430 sl_strlcat (row_query, db_table, 128);
431
432 result_call = SQLAllocStmt(u_connection, &u_statement);
433 if ((result_call == SQL_SUCCESS) ||
434 (result_call == SQL_SUCCESS_WITH_INFO))
435 {
436 result_call = SQLPrepare(u_statement, row_query, SQL_NTS);
437 if ((result_call == SQL_SUCCESS) ||
438 (result_call == SQL_SUCCESS_WITH_INFO))
439 {
440 result_call = SQLExecute(u_statement);
441 if ((result_call == SQL_SUCCESS) ||
442 (result_call == SQL_SUCCESS_WITH_INFO))
443 {
444 result_call = SQLRowCount(u_statement, &u_rows);
445 if ((result_call == SQL_SUCCESS) ||
446 (result_call == SQL_SUCCESS_WITH_INFO))
447 {
448 if((u_rows) && (u_rows == 1))
449 {
450 result_call = SQLFetch(u_statement);
451 if ((result_call == SQL_SUCCESS) ||
452 (result_call == SQL_SUCCESS_WITH_INFO))
453 {
454 result_call = SQLGetData(u_statement, 1,
455 SQL_INTEGER, &u_col,
456 sizeof(u_col), NULL);
457 if ((result_call == SQL_SUCCESS) ||
458 (result_call == SQL_SUCCESS_WITH_INFO))
459 {
460 *id = (long int) u_col;
461 result = 1;
462 }
463 }
464 }
465 }
466 }
467 }
468 }
469
470 if (result == 0)
471 {
472 sh_error_handle(SH_ERR_NOTICE, FIL__, __LINE__, 0, MSG_E_SUBGEN,
473 _("Error selecting MAX(log_index) from ODBC data source"),
474 _("sh_database_query"));
475 }
476
477 odbc_disconnect:
478 SQLFreeHandle(SQL_HANDLE_STMT, u_statement);
479 SQLDisconnect(u_connection);
480 SQLFreeHandle(SQL_HANDLE_DBC, u_connection);
481 SQLFreeHandle(SQL_HANDLE_ENV, u_handle);
482
483 SL_RETURN(((result == 0) ? -1 : 0), _("sh_database_query"));
484
485}
486
487/* #ifdef WITH_ODBC */
488#endif
489
490#ifdef WITH_ORACLE
491
492#include <oci.h>
493
494static OCIDefine * o_define;
495static OCIEnv * o_environment;
496static OCISvcCtx * o_servicecontext;
497static OCIError * o_error = NULL;
498static OCIStmt * o_statement;
499static text o_errormsg[512];
500static sb4 o_errorcode;
501
502static int connected = 0;
503
504void sh_database_reset()
505{
506 if (connected == 1)
507 {
508 OCILogoff(o_servicecontext, o_error);
509 OCIHandleFree((dvoid *) o_statement, OCI_HTYPE_STMT);
510 OCIHandleFree((dvoid *) o_servicecontext, OCI_HTYPE_SVCCTX);
511 OCIHandleFree((dvoid *) o_error, OCI_HTYPE_ERROR);
512 o_error = NULL;
513 }
514 connected = 0;
515 return;
516}
517
518static char * sh_stripnl (char * str)
519{
520 size_t len = sl_strlen(str);
521 if (len > 0)
522 {
523 if (str[len-1] == '\n')
524 str[len-1] == '\0';
525 }
526 return str;
527}
528
529static
530int sh_database_query (char * query, /*@out@*/ long * id)
531{
532 static int bad_init = 0;
533 int result = 0;
534 char row_query[128];
535 int retry = 0;
536
537 SL_ENTER(_("sh_database_query"));
538
539 *id = 0;
540
541 if (bad_init == 1) {
542 SL_RETURN(-1, _("sh_database_query"));
543 }
544 else if (connected == 1) {
545 goto oracle_connected;
546 }
547
548 /*
549 * Connect
550 */
551#define PRINT_ORACLE_ERR(func_name) \
552 do { \
553 OCIErrorGet(o_error, 1, NULL, &o_errorcode, \
554 o_errormsg, sizeof(o_errormsg), \
555 OCI_HTYPE_ERROR); \
556 sh_stripnl (o_errormsg); \
557 sh_error_handle((-1), FIL__, __LINE__, (long) o_errorcode, MSG_E_SUBGEN, \
558 o_errormsg, _("sh_database_query")); \
559 sl_snprintf(row_query, 127, \
560 _("%s: Connection to database '%s' failed"), \
561 func_name, db_name); \
562 sh_error_handle((-1), FIL__, __LINE__, (long) o_errorcode, MSG_E_SUBGEN, \
563 row_query, _("sh_database_query")); \
564 bad_init = 1; \
565 SL_RETURN(-1, _("sh_database_query")); \
566 } while (1 == 0)
567
568 oracle_doconnect:
569
[22]570 if (!getenv("ORACLE_HOME")) /* flawfinder: ignore */
[1]571 {
572 sh_error_handle((-1), FIL__, __LINE__, 0, MSG_E_SUBGEN,
573 _("ORACLE_HOME environment variable not set"),
574 _("sh_database_query"));
575 }
576 if (db_name[0] == '\0')
577 {
578 sh_error_handle((-1), FIL__, __LINE__, 0, MSG_E_SUBGEN,
579 _("database name not set, using default 'samhain'"),
580 _("sh_database_query"));
581 sl_strlcpy(db_name, _("samhain"), 64);
582 }
583 if (db_user[0] == '\0')
584 {
585 sh_error_handle((-1), FIL__, __LINE__, 0, MSG_E_SUBGEN,
586 _("database user not set, using default 'samhain'"),
587 _("sh_database_query"));
588 sl_strlcpy(db_user, _("samhain"), 64);
589 }
590 if (db_password[0] == '\0')
591 {
592 sh_error_handle((-1), FIL__, __LINE__, 0, MSG_E_SUBGEN,
593 _("database password not set, cannot proceed"),
594 _("sh_database_query"));
595 bad_init = 1;
596 SL_RETURN(-1, _("sh_database_query"));
597 }
598
599
600#ifdef DB_DEBUG
601 sl_snprintf(row_query, 127,
602 _("Conncting to oracle database '%s'"),
603 db_name);
604 sh_error_handle(SH_ERR_NOTICE, FIL__, __LINE__, 0, MSG_E_SUBGEN,
605 row_query,
606 _("sh_database_query"));
607#endif
608
609 /* a) Oracle says use OCIEnvCreate instead of OCIInitialize/OCIEnvcreate
610 * b) why two times OCIEnvInit() ???
611 */
612 if (OCIInitialize(OCI_DEFAULT, NULL, NULL, NULL, NULL))
613 PRINT_ORACLE_ERR("OCIInitialize");
614
615 if (OCIEnvInit(&o_environment, OCI_DEFAULT, 0, NULL))
616 PRINT_ORACLE_ERR("OCIEnvInit");
617
618 if (OCIEnvInit(&o_environment, OCI_DEFAULT, 0, NULL))
619 PRINT_ORACLE_ERR("OCIEnvInit (2)");
620
621 /* allocate and initialize the error handle
622 */
623 if (OCIHandleAlloc(o_environment, (dvoid **)&o_error,
624 OCI_HTYPE_ERROR, (size_t) 0, NULL))
625 PRINT_ORACLE_ERR("OCIHandleAlloc");
626
627 /* logon and allocate the service context handle
628 */
629 if (OCILogon(o_environment, o_error, &o_servicecontext,
630 (OraText*) db_user, sl_strlen(db_user),
631 (OraText*) db_password, sl_strlen(db_password),
632 (OraText*) db_name, sl_strlen(db_name)))
633 {
634 OCIErrorGet(o_error, 1, NULL, &o_errorcode,
635 o_errormsg, sizeof(o_errormsg), OCI_HTYPE_ERROR);
636 sh_stripnl (o_errormsg);
637 sh_error_handle((-1), FIL__, __LINE__, 0, MSG_E_SUBGEN,
638 o_errormsg,
639 _("sh_database_query"));
640 sh_error_handle((-1), FIL__, __LINE__, 0, MSG_E_SUBGEN,
641 _("check database is listed in tnsnames.ora"),
642 _("sh_database_query"));
643 sh_error_handle((-1), FIL__, __LINE__, 0, MSG_E_SUBGEN,
644 _("check tnsnames.ora readable"),
645 _("sh_database_query"));
646 sh_error_handle((-1), FIL__, __LINE__, 0, MSG_E_SUBGEN,
647 _("check database accessible with sqlplus"),
648 _("sh_database_query"));
649 sl_snprintf(row_query, 127,
650 _("OCILogon: Connection to database '%s' failed"),
651 db_name);
652 sh_error_handle((-1), FIL__, __LINE__, 0, MSG_E_SUBGEN,
653 row_query, _("sh_database_query"));
654 bad_init = 1;
655 SL_RETURN(-1, _("sh_database_query"));
656 }
657
658 if (OCIHandleAlloc(o_environment, (dvoid **)&o_statement,
659 OCI_HTYPE_STMT, 0, NULL))
660 PRINT_ORACLE_ERR("OCIHandleAlloc (2)");
661
662 /* Flag connection status
663 */
664 connected = 1;
665
666 oracle_connected:
667
668 /*
669 * Insert
670 */
671#ifdef DB_DEBUG
672 sh_error_handle(SH_ERR_NOTICE, FIL__, __LINE__, 0, MSG_E_SUBGEN,
673 query,
674 _("sh_database_query"));
675#endif
676
677 if (OCIStmtPrepare(o_statement, o_error,
678 (OraText*) query, sl_strlen(query),
679 OCI_NTV_SYNTAX, OCI_DEFAULT))
680 {
681 OCIErrorGet(o_error, 1, NULL,
682 &o_errorcode, o_errormsg, sizeof(o_errormsg),
683 OCI_HTYPE_ERROR);
684 sh_stripnl (o_errormsg);
685 sh_error_handle((-1), FIL__, __LINE__, (long) o_errorcode, MSG_E_SUBGEN,
686 o_errormsg,
687 _("sh_database_query"));
688 if (retry == 0 &&
689 (3114 == o_errorcode || 0 == strncmp(o_errormsg, _("ORA-03114"), 9))
690 {
691 ++retry; sh_database_reset(); goto oracle_doconnect;
692 }
693 goto err_out;
694 }
695
696 if (OCIStmtExecute(o_servicecontext,
697 o_statement, o_error, 1, 0,
698 NULL, NULL, OCI_COMMIT_ON_SUCCESS))
699 {
700 OCIErrorGet(o_error, 1, NULL,
701 &o_errorcode, o_errormsg, sizeof(o_errormsg),
702 OCI_HTYPE_ERROR);
703 sh_stripnl (o_errormsg);
704 sh_error_handle((-1), FIL__, __LINE__, (long) o_errorcode, MSG_E_SUBGEN,
705 o_errormsg,
706 _("sh_database_query"));
707 if (retry == 0 &&
708 (3114 == o_errorcode || 0 == strncmp(o_errormsg, _("ORA-03114"), 9))
709 {
710 ++retry; sh_database_reset(); goto oracle_doconnect;
711 }
712 goto err_out;
713 }
714
715#ifdef DB_DEBUG
716 sh_error_handle(SH_ERR_NOTICE, FIL__, __LINE__, 0, MSG_E_SUBGEN,
717 _("No error on insert"),
718 _("sh_database_query"));
719#endif
720
721 /* Get row index
722 */
723 sl_strlcpy (row_query, _("SELECT MAX(log_index) FROM "), 128);
724 sl_strlcat (row_query, db_table, 128);
725
726#ifdef DB_DEBUG
727 sh_error_handle(SH_ERR_NOTICE, FIL__, __LINE__, 0, MSG_E_SUBGEN,
728 row_query,
729 _("sh_database_query"));
730#endif
731
732 if (OCIStmtPrepare(o_statement, o_error,
733 (OraText*) row_query, sl_strlen(row_query),
734 OCI_NTV_SYNTAX, OCI_DEFAULT))
735 {
736 OCIErrorGet(o_error, 1, NULL,
737 &o_errorcode, o_errormsg, sizeof(o_errormsg),
738 OCI_HTYPE_ERROR);
739 sh_stripnl (o_errormsg);
740 sh_error_handle((-1), FIL__, __LINE__, (long) o_errorcode, MSG_E_SUBGEN,
741 o_errormsg,
742 _("sh_database_query"));
743 if (retry == 0 &&
744 (3114 == o_errorcode || 0 == strncmp(o_errormsg, _("ORA-03114"), 9))
745 {
746 ++retry; sh_database_reset(); goto oracle_doconnect;
747 }
748 goto err_out;
749 }
750
751 if (OCIStmtExecute(o_servicecontext, o_statement, o_error,
752 0, 0, NULL, NULL, OCI_DEFAULT))
753 {
754 OCIErrorGet(o_error, 1, NULL,
755 &o_errorcode, o_errormsg, sizeof(o_errormsg),
756 OCI_HTYPE_ERROR);
757 sh_stripnl (o_errormsg);
758 sh_error_handle((-1), FIL__, __LINE__, (long) o_errorcode, MSG_E_SUBGEN,
759 o_errormsg,
760 _("sh_database_query"));
761 if (retry == 0 &&
762 (3114 == o_errorcode || 0 == strncmp(o_errormsg, _("ORA-03114"), 9))
763 {
764 ++retry; sh_database_reset(); goto oracle_doconnect;
765 }
766 goto err_out;
767 }
768
769 if (OCIDefineByPos (o_statement, &o_define, o_error, 1,
770 &result, sizeof(result),
771 SQLT_INT, 0, 0, 0, OCI_DEFAULT))
772 {
773 OCIErrorGet(o_error, 1, NULL,
774 &o_errorcode, o_errormsg, sizeof(o_errormsg),
775 OCI_HTYPE_ERROR);
776 sh_stripnl (o_errormsg);
777 sh_error_handle((-1), FIL__, __LINE__, (long) o_errorcode, MSG_E_SUBGEN,
778 o_errormsg,
779 _("sh_database_query"));
780 if (retry == 0 &&
781 (3114 == o_errorcode || 0 == strncmp(o_errormsg, _("ORA-03114"), 9))
782 {
783 ++retry; sh_database_reset(); goto oracle_doconnect;
784 }
785 goto err_out;
786 }
787 if (OCIStmtFetch (o_statement, o_error, 1, OCI_FETCH_NEXT, OCI_DEFAULT))
788 {
789 OCIErrorGet(o_error, 1, NULL,
790 &o_errorcode, o_errormsg, sizeof(o_errormsg),
791 OCI_HTYPE_ERROR);
792 sh_stripnl (o_errormsg);
793 sh_error_handle((-1), FIL__, __LINE__, (long) o_errorcode, MSG_E_SUBGEN,
794 o_errormsg,
795 _("sh_database_query"));
796 if (retry == 0 &&
797 (3114 == o_errorcode || 0 == strncmp(o_errormsg, _("ORA-03114"), 9))
798 {
799 ++retry; sh_database_reset(); goto oracle_doconnect;
800 }
801 goto err_out;
802 }
803
804#ifdef DB_DEBUG
805 sl_snprintf(row_query, 127, _("Returned value: %d"), result);
806 sh_error_handle(SH_ERR_NOTICE, FIL__, __LINE__, 0, MSG_E_SUBGEN,
807 row_query,
808 _("sh_database_query"));
809#endif
810
811 *id = result;
812
813 if (sh_persistent_dbconn == S_FALSE)
814 {
815 OCILogoff(o_servicecontext, o_error);
816 OCIHandleFree((dvoid *) o_statement, OCI_HTYPE_STMT);
817 OCIHandleFree((dvoid *) o_servicecontext, OCI_HTYPE_SVCCTX);
818 OCIHandleFree((dvoid *) o_error, OCI_HTYPE_ERROR);
819 o_error = NULL;
820 connected = 0;
821 }
822 SL_RETURN(0, _("sh_database_query"));
823
824 err_out:
825 /*
826 * Error
827 */
828 if (sh_persistent_dbconn == S_FALSE)
829 {
830 OCILogoff(o_servicecontext, o_error);
831 OCIHandleFree((dvoid *) o_statement, OCI_HTYPE_STMT);
832 OCIHandleFree((dvoid *) o_servicecontext, OCI_HTYPE_SVCCTX);
833 OCIHandleFree((dvoid *) o_error, OCI_HTYPE_ERROR);
834 o_error = NULL;
835 connected = 0;
836 }
837 SL_RETURN(-1, _("sh_database_query"));
838}
839
840/* #ifdef WITH_ORACLE */
841#endif
842
843#ifdef WITH_POSTGRES
844/******************************************************************
845 *
846 * Postgresql stuff, tested
847 *
848 ******************************************************************/
849
850#ifdef HAVE_PGSQL_LIBPQ_FE_H
851#include <pgsql/libpq-fe.h>
852#else
853#include <libpq-fe.h>
854#endif
855
856static int connection_status = S_FALSE;
857
858void sh_database_reset()
859{
860 connection_status = S_FALSE;
861 return;
862}
863
864static
865int sh_database_query (char * query, /*@out@*/ long * id)
866{
867 char conninfo[256];
868 char * p;
869 static PGconn * conn = NULL;
870 PGresult * res;
871 unsigned int i;
872 static SH_TIMEOUT sh_timer = { 0, 3600, S_TRUE };
873
874 SL_ENTER(_("sh_database_query"));
875
876 *id = 0;
877
878 p = &conninfo[0];
879
880 if (db_host[0] == '\0')
881 sl_strlcpy(db_host, _("localhost"), 64);
882 if (db_name[0] == '\0')
883 sl_strlcpy(db_name, _("samhain"), 64);
884 if (db_user[0] == '\0')
885 sl_strlcpy(db_user, _("samhain"), 64);
886
887 if (db_host[0] != '\0' && NULL != strchr(db_host, '.'))
888 {
889 sl_snprintf(p, 255, "hostaddr=%s ", db_host);
890 p = &conninfo[strlen(conninfo)];
891 }
892 if (db_name[0] != '\0')
893 {
894 sl_snprintf(p, 255 - strlen(conninfo), "dbname=%s ", db_name);
895 p = &conninfo[strlen(conninfo)];
896 }
897
898 if (db_user[0] != '\0')
899 {
900 sl_snprintf(p, 255 - strlen(conninfo), "user=%s ", db_user);
901 p = &conninfo[strlen(conninfo)];
902 }
903
904 if (db_password[0] != '\0')
905 {
906 sl_snprintf(p, 255 - strlen(conninfo), "password=%s ", db_password);
907 }
908
909 if (connection_status == S_FALSE)
910 {
911 if (conn)
912 PQfinish(conn);
913 conn = NULL;
914 conn = PQconnectdb(conninfo);
915 }
916 else
917 {
918 if (PQstatus(conn) == CONNECTION_BAD)
919 PQreset(conn);
920 }
921
922 if ((conn == NULL) || (PQstatus(conn) == CONNECTION_BAD))
923 {
924 connection_status = S_FALSE;
925
926 sh_timer.flag_ok = S_FALSE;
927 if (S_TRUE == sh_util_timeout_check(&sh_timer))
928 {
929 goto err_out;
930 }
931 else
932 {
933 if (conn)
934 PQfinish(conn);
935 conn = NULL;
936 SL_RETURN(0, _("sh_database_query"));
937 }
938 }
939 connection_status = S_TRUE;
940
941
942 /* do the insert
943 */
944 res = PQexec(conn, query);
945 if (PQresultStatus(res) != PGRES_COMMAND_OK)
946 {
947 PQclear(res);
948 goto err_out;
949 }
950 PQclear(res);
951
952 /* get the unique row index
953 */
954 res = PQexec(conn, _("SELECT last_value FROM log_log_index_seq"));
955 if (PQresultStatus(res) != PGRES_TUPLES_OK)
956 {
957 PQclear(res);
958 goto err_out;
959 }
960
961 *id = atoi (PQgetvalue(res, 0, 0));
962
963 PQclear(res);
964 if (S_FALSE == sh_persistent_dbconn)
965 {
966 if (conn)
967 PQfinish(conn);
968 conn = NULL;
969 connection_status = S_FALSE;
970 }
971 SL_RETURN(0, _("sh_database_query"));
972
973
974 err_out:
975 if (conn)
976 {
977 p = PQerrorMessage(conn);
978 for (i = 0; i < sl_strlen(p); ++i)
979 if (p[i] == '\n') p[i] = ' ';
980 }
981 else
982 {
983 p = NULL;
984 }
985 sh_error_handle((-1), FIL__, __LINE__, 0, MSG_E_SUBGEN,
986 (p == NULL ? _("(null)") : p),
987 _("sh_database_query"));
988 if (conn)
989 PQfinish(conn);
990 conn = NULL;
991 connection_status = S_FALSE;
992 SL_RETURN(-1, _("sh_database_query"));
993}
994#endif
995
996
997#ifdef WITH_MYSQL
998
999#ifdef HAVE_MYSQL_MYSQL_H
1000#include <mysql/mysql.h>
1001#else
1002#include <mysql.h>
1003#endif
1004
1005extern int flag_err_debug;
1006
1007static int connection_status = S_FALSE;
1008
1009void sh_database_reset()
1010{
1011 connection_status = S_FALSE;
1012 return;
1013}
1014
1015static
1016int sh_database_query (char * query, /*@out@*/ long * id)
1017{
1018 int status = 0;
[3]1019 const char * p;
[1]1020 static MYSQL * db_conn = NULL;
1021 static SH_TIMEOUT sh_timer = { 0, 3600, S_TRUE };
1022
1023 SL_ENTER(_("sh_database_query"));
1024
1025 *id = 0;
1026
1027 if (query == NULL)
1028 {
1029 sh_error_handle(SH_ERR_ALL, FIL__, __LINE__, 0, MSG_E_SUBGEN,
1030 _("NULL query"),
1031 _("sh_database_query"));
1032 SL_RETURN(0, _("sh_database_query"));
1033 }
1034
1035 if (db_host[0] == '\0')
1036 (void) sl_strlcpy(db_host, _("localhost"), 64);
1037 if (db_name[0] == '\0')
1038 (void) sl_strlcpy(db_name, _("samhain"), 64);
1039 if (db_user[0] == '\0')
1040 (void) sl_strlcpy(db_user, _("samhain"), 64);
1041
1042 if ((db_conn == NULL) || (connection_status == S_FALSE))
1043 {
1044 if (db_conn)
1045 {
1046 mysql_close(db_conn);
1047 db_conn = NULL;
1048 }
1049 connection_status = S_FALSE;
1050
1051 db_conn = mysql_init(NULL);
1052 if (NULL == db_conn)
1053 {
1054 p = NULL; status = 0;
1055 sh_timer.flag_ok = S_FALSE;
1056 if (S_TRUE == sh_util_timeout_check(&sh_timer))
1057 {
1058 goto alt_out;
1059 }
1060 else
1061 {
1062 SL_RETURN(0, _("sh_database_query"));
1063 }
1064 }
1065
[18]1066 /* Read in defaults from /etc/my.cnf and associated files,
1067 * suggested by arjones at simultan dyndns org
1068 * see: - http://dev.mysql.com/doc/refman/5.0/en/option-files.html
1069 * for the my.cnf format,
1070 * - http://dev.mysql.com/doc/refman/5.0/en/mysql-options.html
1071 * for possible options
1072 * We don't check the return value because it's useless (failure due
1073 * to lack of access permission is not reported).
1074 */
1075 mysql_options(db_conn, MYSQL_READ_DEFAULT_GROUP, _("samhain"));
1076
[1]1077 status = 0;
1078
1079 if (NULL == mysql_real_connect(db_conn,
1080 db_host[0] == '\0' ? NULL : db_host,
1081 db_user[0] == '\0' ? NULL : db_user,
1082 db_password[0] == '\0' ? NULL : db_password,
1083 db_name[0] == '\0' ? NULL : db_name,
1084 0, NULL, 0))
1085 {
1086 sh_timer.flag_ok = S_FALSE;
1087 if (S_TRUE == sh_util_timeout_check(&sh_timer))
1088 {
1089 goto err_out;
1090 }
1091 else
1092 {
1093 SL_RETURN(0, _("sh_database_query"));
1094 }
1095 }
1096 connection_status = S_TRUE;
1097 }
1098 else
1099 {
1100 if (0 != mysql_ping(db_conn))
1101 {
1102 connection_status = S_FALSE;
1103 sh_timer.flag_ok = S_FALSE;
1104 if (S_TRUE == sh_util_timeout_check(&sh_timer))
1105 {
1106 goto err_out;
1107 }
1108 else
1109 {
1110 SL_RETURN(0, _("sh_database_query"));
1111 }
1112 }
1113 }
1114
1115 if (0 != mysql_query(db_conn, query))
1116 {
1117 goto err_out;
1118 }
1119
1120 if (flag_err_debug == SL_TRUE)
1121 {
1122 p = mysql_info (db_conn);
1123 if (p != NULL)
1124 {
1125 sh_error_handle(SH_ERR_ALL, FIL__, __LINE__, 0, MSG_E_SUBGEN,
1126 p,
1127 _("sh_database_query"));
1128 }
1129 }
1130
1131 *id = (long) mysql_insert_id(db_conn);
1132 if (S_FALSE == sh_persistent_dbconn)
1133 {
1134 if (db_conn)
1135 mysql_close(db_conn);
1136 db_conn = NULL;
1137 connection_status = S_FALSE;
1138 }
1139 SL_RETURN(0, _("sh_database_query"));
1140
1141 err_out:
1142
1143 if (db_conn)
1144 {
1145 p = mysql_error (db_conn);
1146 status = (int) mysql_errno (db_conn);
1147 }
1148 else
1149 {
1150 p = NULL; p = 0;
1151 }
1152
1153 alt_out:
1154
1155 *id = 0;
1156 sh_error_handle((-1), FIL__, __LINE__, status, MSG_E_SUBGEN,
1157 (p == NULL ? _("(null)") : p),
1158 _("sh_database_query"));
1159 if (db_conn)
1160 mysql_close(db_conn);
1161 db_conn = NULL;
1162 connection_status = S_FALSE;
1163 SL_RETURN(status, _("sh_database_query"));
1164}
1165#endif
1166
1167static
1168char * null_or_val (char * end, char * val, int * size, int flag)
1169{
1170 long len;
1171
1172 if (!end || !val || !size)
1173 return end;
1174
1175 if (val[0] == '\0')
1176 {
1177 return end;
1178 }
1179 else
1180 {
1181 if (*size > 1)
1182 {
1183 *end = ','; ++end; (*size) -= 1;
1184 if (flag == 1) { *end = '\''; ++end; (*size) -= 1; }
1185 *end = '\0';
1186 }
1187 len = (long) strlen(val);
1188 if ((long) *size > (len+1))
1189 {
1190 (void) sl_strlcat(end, val, (size_t) *size);
1191 end += len; (*size) -= len;
1192 if (flag == 1) { *end = '\''; ++end; (*size) -= 1; }
1193 *end = '\0';
1194 }
1195 }
[12]1196
[1]1197 return end;
1198}
1199
1200#define SH_QUERY_MAX 16383
1201
1202static
1203long sh_database_entry (dbins * db_entry, long id)
1204{
1205 /* This does not need to be re-entrant
1206 */
1207 char * query;
1208 static char columns[1024];
1209 char * values;
1210
1211 int status;
1212 long the_id;
1213 int size;
1214 char * end;
1215 int c_size;
1216 char * c_end;
1217 char * p;
1218 int i;
1219 char num[64];
1220
1221 md5Param crc;
1222 unsigned char md5buffer[16];
1223 char md5out[33];
1224 int cnt;
1225
1226 SL_ENTER(_("sh_database_entry"));
1227
1228 query = SH_ALLOC(SH_QUERY_MAX+1);
1229 values = SH_ALLOC(SH_QUERY_MAX+1);
1230
1231 (void) md5Reset(&crc);
1232
1233 if (db_entry->host[0] == '\0')
1234 {
1235 if (sh.host.name[0] == '\0')
1236 (void) strcpy (db_entry->host, _("localhost")); /* known to fit */
1237 else
1238 (void) sl_strlcpy (db_entry->host, sh.host.name, 64);
1239 }
1240
1241 /*@-bufferoverflowhigh@*/
1242 if (id >= 0)
1243 sprintf(num, "%ld", id); /* known to fit */
1244 /*@+bufferoverflowhigh@*/
1245
1246#ifdef WITH_ORACLE
1247 /* Oracle needs some help for the time format (fix by Michael Somers)
1248 */
1249 (void)
1250 sl_snprintf (values, SH_QUERY_MAX,
1251 _("(%s,%c%s%c,to_date(%c%s%c,'YYYY-MM-DD HH24:MI:SS'),%c%s%c,%c%s%c"),
1252 id >= 0 ? num : _("NULL"),
1253 '\'', db_entry->host,'\'',
1254 '\'', db_entry->time,'\'',
1255 '\'', db_entry->sev, '\'',
1256 '\'',
1257 (db_entry->msg[0] == '\0' ? _("NULL") : db_entry->msg),
1258 '\'');
1259#else
1260 (void)
1261 sl_snprintf (values, SH_QUERY_MAX, _("(%s,%c%s%c,%c%s%c,%c%s%c,%c%s%c"),
1262 id >= 0 ? num : _("NULL"),
1263 '\'', db_entry->host,'\'',
1264 '\'', db_entry->time,'\'',
1265 '\'', db_entry->sev, '\'',
1266 '\'',
1267 (db_entry->msg[0] == '\0' ? _("NULL") : db_entry->msg),
1268 '\'');
1269#endif
1270
1271 (void) sl_snprintf (columns, 1023,
1272 _("(log_ref,log_host,log_time,log_sev,log_msg"));
1273
1274 /*@-type@*//* byte* versus char[..] */
1275 if (attr_tab[0].inHash == 1)
1276 (void) md5Update(&crc, (sh_byte*) db_entry->sev,
1277 (int) strlen(db_entry->sev));
1278 if (attr_tab[1].inHash == 1)
1279 (void) md5Update(&crc, (sh_byte*) db_entry->time,
1280 (int) strlen(db_entry->time));
1281 if (attr_tab[2].inHash == 1)
1282 (void) md5Update(&crc, (sh_byte*) db_entry->host,
1283 (int) strlen(db_entry->host));
1284 if (attr_tab[3].inHash == 1 && db_entry->msg[0] != '\0')
1285 (void) md5Update(&crc, (sh_byte*) db_entry->msg,
1286 (int) strlen(db_entry->sev));
1287 /*@+type@*/
1288
1289 size = (int) (SH_QUERY_MAX - strlen(values));
1290 end = values + strlen(values);
1291 c_size = 1023 - (int) strlen(columns); /* sizeof(colums) == 1024 */
1292 c_end = columns + strlen(columns);
1293
1294 i = 4;
1295
1296 while (attr_tab[i].attr != NULL)
1297 {
1298 if (attr_tab[i].size != 0)
1299 {
1300 if (attr_tab[i].val > 40 && attr_tab[i].val < 47)
1301 {
1302 /* remove the 'T' between date and time
1303 */
1304 p = (char *)(db_entry)+attr_tab[i].off;
1305 p = strchr(p, 'T');
1306 if (p) *p = ' ';
1307 }
1308 p = end;
1309 end = null_or_val(end,((char *)(db_entry)+attr_tab[i].off),&size,1);
1310 if (p != end)
1311 {
1312 /*
1313 * 'host' is a reserved word in SQL
1314 */
1315 if (attr_tab[i].val == SH_SLOT_HOST)
1316 c_end = null_or_val (c_end, _("fromhost"), &c_size,0);
1317 /*
1318 * 'group' is a reserved word in SQL
1319 */
1320 else if (attr_tab[i].val == SH_SLOT_GROUP)
1321 c_end = null_or_val (c_end, _("grp"), &c_size,0);
1322 else
1323 c_end = null_or_val (c_end, attr_tab[i].attr, &c_size,0);
1324 }
1325 /*@-type@*//* byte* versus char[..] */
1326 if (attr_tab[i].inHash == 1 &&
1327 ((char *)(db_entry)+attr_tab[i].off) != '\0')
1328 {
1329 (void)md5Update(&crc,
1330 (sh_byte*) ((char *)(db_entry)+attr_tab[i].off),
1331 (int)strlen((char *)(db_entry)+attr_tab[i].off));
1332 }
1333 /*@+type@*/
1334 }
1335 else if (attr_tab[i].val >= START_SEC_LONGS &&
1336 attr_tab[i].val <= END_SEC_LONGS)
1337 {
1338 (void)
1339 sl_snprintf(end, (size_t)(size-1), _(",\'%ld\'"),
1340 db_entry->long_data[attr_tab[i].val-START_SEC_LONGS]);
1341 while (*end != '\0') { ++end; --size; }
1342 (void) sl_snprintf(c_end, (size_t)(c_size-1),
1343 _(",%s"), attr_tab[i].attr);
1344 while (*c_end != '\0') { ++c_end; --c_size; }
1345 if (attr_tab[i].inHash == 1)
1346 {
1347 /*@-type@*//* byte* versus char[..] */
1348 (void)
1349 md5Update(&crc,
1350 (sh_byte *) db_entry->long_data[attr_tab[i].val-START_SEC_LONGS],
1351 sizeof(long));
1352 /*@+type@*/
1353 }
1354 }
1355
1356 ++i;
1357 }
1358
1359 (void) md5Digest(&crc, (uint32 *) md5buffer);
1360 /*@-bufferoverflowhigh -usedef@*/
1361 for (cnt = 0; cnt < 16; ++cnt)
1362 sprintf (&md5out[cnt*2], _("%02X"), /* known to fit */
1363 (unsigned int) md5buffer[cnt]);
1364 /*@+bufferoverflowhigh +usedef@*/
1365 md5out[32] = '\0';
1366
1367 (void) sl_snprintf(end, (size_t) (size-1), _(",%c%s%c"), '\'', md5out, '\'');
1368 while (*end != '\0') { ++end; --size; }
1369 (void) sl_snprintf(c_end, (size_t) (c_size-1),_(",log_hash"));
1370 while (*c_end != '\0') { ++c_end; --c_size; }
1371
1372
1373 if (size > 1) { *end = ')'; ++end; *end = '\0'; }
1374 if (c_size > 1) { *c_end = ')'; ++c_end; *c_end = '\0'; }
1375
1376 if (db_table[0] == '\0')
1377 (void) sl_strlcpy(db_table, _("log"), 64);
1378
1379 (void) sl_snprintf (query, SH_QUERY_MAX,
1380 _("INSERT INTO %s %s VALUES %s"),
1381 db_table, columns, values);
1382
1383 status = sh_database_query (query, &the_id);
1384
1385 /*@-usedef@*//* no, 'values' is allocated here */
1386 SH_FREE(values);
1387 /*@+usedef@*/
1388 SH_FREE(query);
1389
1390 SL_RETURN(the_id, _("sh_database_entry"));
1391}
1392
[12]1393static int sh_database_comp_attr (const void *m1, const void *m2)
1394{
1395 my_attr *mi1 = (my_attr *) m1;
1396 my_attr *mi2 = (my_attr *) m2;
1397 return strcmp(mi1->attr, mi2->attr);
1398}
[1]1399
[12]1400
[1]1401static void init_attr_table()
1402{
1403 static int first = S_TRUE;
[12]1404 int i, j;
[1]1405
1406#ifdef SH_STEALTH
1407 int j, k;
1408
[12]1409 if (first == S_FALSE)
1410 return;
1411
1412 i = 0;
1413 while (attr_tab[i].attr_o != NULL)
[1]1414 {
[12]1415 j = strlen(attr_tab[i].attr_o);
1416 attr_tab[i].attr = malloc (j+1); /* only once */
1417 if (NULL == attr_tab[i].attr)
[13]1418 return;
[12]1419 for (k = 0; k < j; ++k)
1420 attr_tab[i].attr[k] = attr_tab[i].attr_o[k] ^ XOR_CODE;
1421 attr_tab[i].attr[j] = '\0';
1422 attr_tab[i].alen = strlen(attr_tab[i].attr_o);
1423 ++i;
[1]1424 }
[12]1425 first = S_FALSE;
1426
[1]1427#else
[12]1428
1429 i = 0;
1430 while (attr_tab[i].attr_o != NULL)
[1]1431 {
[12]1432 attr_tab[i].attr = attr_tab[i].attr_o;
1433 attr_tab[i].alen = strlen(attr_tab[i].attr_o);
1434 ++i;
[1]1435 }
[12]1436 first = S_FALSE;
1437
[1]1438#endif
[12]1439
1440 /* create a sorted table for binary search
1441 */
1442 attr_tab_srch = SH_ALLOC(i * sizeof(my_attr));
1443 for (j=0; j<i; ++j)
1444 memcpy(&attr_tab_srch[j], &attr_tab[j], sizeof(my_attr));
1445 qsort(attr_tab_srch, i, sizeof(my_attr), sh_database_comp_attr);
1446 attr_tab_srch_siz = i;
1447
[1]1448 return;
1449}
1450
[22]1451int sh_database_add_to_hash (const char * str)
[1]1452{
1453 int i;
1454
1455 if (!str)
1456 return -1;
1457 init_attr_table();
1458 if (0 == strcmp(str, _("log_msg"))) { attr_tab[3].inHash = 1; return 0;}
1459 if (0 == strcmp(str, _("log_sev"))) { attr_tab[0].inHash = 1; return 0;}
1460 if (0 == strcmp(str, _("log_time"))) { attr_tab[1].inHash = 1; return 0;}
1461 if (0 == strcmp(str, _("log_host"))) { attr_tab[2].inHash = 1; return 0;}
1462 i = 4;
1463 while (attr_tab[i].attr != NULL)
1464 {
1465 if (0 == strcmp(str, attr_tab[i].attr))
1466 { attr_tab[i].inHash = 1; return 0; }
1467 ++i;
1468 }
1469 return -1;
1470}
1471
1472static int is_escaped(char * p) {
1473
1474 int escp = 0;
1475 int retv = S_TRUE;
1476
1477 while (*p != '\0')
1478 {
1479 if (*p == '\\')
1480 {
1481 escp = (escp == 1) ? 0 : 1;
1482 }
[13]1483 else if ((*p == '\'' || *p == '\"') && escp == 0)
[1]1484 {
1485 retv = S_FALSE;
1486 }
1487 else
1488 {
1489 escp = 0;
1490 }
1491 ++p;
1492 }
[3]1493 if (escp == 1)
1494 retv = S_FALSE;
[1]1495 return retv;
1496}
1497
1498/* this is not a real XML parser, but it copes with the XML format of
1499 * the log messages provided by sh_error_handle()
1500 */
1501static
1502char * sh_database_parse (char * message, dbins * db_entry)
1503{
1504 static int first = S_TRUE;
1505 char * p;
1506 char * q;
1507 char * z;
1508 dbins * new;
1509 int i;
1510 size_t j;
[12]1511 my_attr * res;
1512 my_attr key;
1513 char key_str[64];
[1]1514
1515 SL_ENTER(_("sh_database_parse"));
1516
1517 if (!message || *message == '\0')
1518 SL_RETURN (NULL, _("sh_database_parse"));
1519
1520 if (first == S_TRUE)
1521 {
1522 init_attr_table();
1523 first = S_FALSE;
1524 }
1525
1526 p = strchr (message, '<');
1527 if (!p)
1528 SL_RETURN (NULL, _("sh_database_parse"));
1529
1530 while ((p != NULL) && (*p != '\0') && (*p != '>'))
1531 {
1532 if (p[0] == 'l' && p[1] == 'o' && p[2] == 'g' &&
1533 (p[3] == ' ' || p[3] == '>'))
1534 {
1535 p = &p[4];
1536 goto parse;
1537 }
[12]1538 else if (p[0] == '/' && p[1] == '>')
1539 SL_RETURN (&p[2], _("sh_database_parse"));
1540 else if (p[0] == '/' && p[1] == 'l' && p[2] == 'o' &&
1541 p[3] == 'g' && p[4] == '>')
1542 SL_RETURN (&p[5], _("sh_database_parse"));
[1]1543 ++p;
1544 }
1545 SL_RETURN(NULL, _("sh_database_parse"));
1546
1547 parse:
1548
[13]1549 while (*p == ' ' || *p == '>')
[1]1550 ++p;
1551
[13]1552 if (*p == '\0')
[1]1553 SL_RETURN(NULL, _("sh_database_parse"));
1554
[12]1555 if (*p != '<' && *p != '/')
1556 goto par2;
1557
[1]1558 if (p[0] == '<' && p[1] == 'l' &&
1559 p[2] == 'o' && p[3] == 'g')
1560 {
1561 new = SH_ALLOC(sizeof(dbins));
1562 init_db_entry(new);
1563 db_entry->next = new;
1564 p = sh_database_parse (p, new);
1565 }
1566
1567 if (p[0] == '/' && p[1] == '>')
1568 SL_RETURN (&p[1], _("sh_database_parse"));
1569
1570 if (p[0] == '<' && p[1] == '/' && p[2] == 'l' &&
1571 p[3] == 'o' && p[4] == 'g' && p[5] == '>')
1572 SL_RETURN (&p[5], _("sh_database_parse"));
1573
[12]1574 par2:
[1]1575
1576 /* non-whitespace
1577 */
1578 i = 0;
[12]1579 for (i=0; i < 64; ++i)
[1]1580 {
[12]1581 key_str[i] = p[i];
1582 if (p[i] == '=')
[1]1583 {
[12]1584 key_str[i] = '\0';
1585 break;
1586 }
1587 }
1588 key_str[63] = '\0';
1589 key.attr = &key_str[0];
1590
1591 res = bsearch(&key, attr_tab_srch, attr_tab_srch_siz,
1592 sizeof(my_attr), sh_database_comp_attr);
1593
1594 if (res != NULL)
1595 {
1596 j = res->alen; /* strlen(attr_tab[i].attr); */
1597 if (p[j] == '=' && p[j+1] == '"')
1598 {
[1]1599 q = strchr(&p[j+2], '"');
1600 if (!q)
1601 {
1602 SL_RETURN(NULL, _("sh_database_parse"));
1603 }
1604 else
1605 {
1606 *q = '\0';
1607
1608 if (S_FALSE == is_escaped(&p[j+2])) {
[3]1609 sh_error_handle((-1), FIL__, __LINE__, 0, MSG_E_SUBGEN,
1610 _("Message not properly escaped"),
1611 _("sh_database_parse"));
[1]1612 SL_RETURN(NULL, _("sh_database_parse"));
1613 }
1614
[12]1615 if (res->val == 1)
[1]1616 (void) sl_strlcpy(db_entry->sev, &p[j+2],
[12]1617 (size_t)res->size);
1618 else if (res->val == 2)
[1]1619 {
1620 z = strchr(&p[j+2], 'T');
1621 if (z) *z = ' ';
1622 (void) sl_strlcpy(db_entry->time, &p[j+2], 20);
1623 }
[12]1624 else if (res->val == 3)
[1]1625 (void) sl_strlcpy(db_entry->host, &p[j+2],
[12]1626 (size_t) res->size);
1627 else if (res->val == 4)
[1]1628 (void) sl_strlcpy(db_entry->msg, &p[j+2],
[12]1629 (size_t) res->size);
1630 else if (res->size != 0)
[1]1631 {
[12]1632 (void) sl_strlcpy( (((char *)(db_entry))+ res->off),
[1]1633 &p[j+2],
[12]1634 (size_t) res->size);
[1]1635 }
[12]1636 else if (res->val >= START_SEC_LONGS)
[1]1637 {
[12]1638 db_entry->long_data[res->val-START_SEC_LONGS]
[1]1639 = atol(&p[j+2]);
1640 }
1641
1642 *q = '"';
1643 p = q;
1644 ++p;
1645
1646 goto parse;
1647 }
1648 }
1649 }
1650
1651 /* unknown attribute, skip
1652 */
1653 while ((p != NULL) && (*p != '\0') && (*p != ' '))
1654 ++p;
1655
1656 goto parse;
1657}
1658
1659static int enter_wrapper = 1;
1660
[22]1661int set_enter_wrapper (const char * str)
[1]1662{
1663 return sh_util_flagval(str, &enter_wrapper);
1664}
1665
[27]1666/* recursively enter linked list of messages into database, last first
1667 */
1668int sh_database_insert_rec (dbins * curr, unsigned int depth)
[1]1669{
[27]1670 long id = 0;
[1]1671 dbins * prev;
1672
[27]1673 SL_ENTER(_("sh_database_insert_rec"));
[1]1674
1675 if (curr->next)
1676 {
1677 prev = curr->next;
[27]1678 sl_strlcpy(prev->host, curr->host, 64);
1679 id = sh_database_insert_rec (curr->next, (depth + 1));
[1]1680 }
1681
1682 if (id != 0) /* this is a server wrapper */
1683 {
1684 if (enter_wrapper != 0)
[27]1685 {
1686 id = sh_database_entry (curr, id);
1687 }
[1]1688 }
[27]1689 else
[1]1690 {
[27]1691 /*
1692 * id = -1 is the client message; log_ref will be NULL
1693 */
1694 if (depth > 0) /* this is a client message */
1695 id = sh_database_entry (curr, -1);
1696 else /* this is a generic server message */
1697 id = sh_database_entry (curr, 0);
[1]1698 }
[27]1699
[1]1700 SH_FREE(curr);
1701
[27]1702 SL_RETURN(id, _("sh_database_insert"));
1703}
1704
1705int sh_database_insert (char * message)
1706{
1707 dbins * db_entry;
1708
1709 SL_ENTER(_("sh_database_insert"));
1710
1711 db_entry = SH_ALLOC(sizeof(dbins));
1712 init_db_entry(db_entry);
1713
1714 /* recursively parse the message into a linked list
1715 */
1716 (void) sh_database_parse (message, db_entry);
1717
1718 /* recursively enter the linked list into the database
1719 */
1720 (void) sh_database_insert_rec (db_entry, 0);
1721
[1]1722 SL_RETURN(0, _("sh_database_insert"));
1723}
1724
1725#endif
Note: See TracBrowser for help on using the repository browser.