Context Navigation

source: trunk/src/sh_err_log.c@ 19

Last change on this file since 19 was 19, checked in by rainer, 19 years ago
Rewrite of test suite, checksum for growing logs, fix for minor bug with dead client detection.
File size: 25.4 KB

Line
1	/* SAMHAIN file system integrity testing */
2	/* Copyright (C) 2000 Rainer Wichmann */
3	/* */
4	/* This program is free software; you can redistribute it */
5	/* and/or modify */
6	/* it under the terms of the GNU General Public License as */
7	/* published by */
8	/* the Free Software Foundation; either version 2 of the License, or */
9	/* (at your option) any later version. */
10	/* */
11	/* This program is distributed in the hope that it will be useful, */
12	/* but WITHOUT ANY WARRANTY; without even the implied warranty of */
13	/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */
14	/* GNU General Public License for more details. */
15	/* */
16	/* You should have received a copy of the GNU General Public License */
17	/* along with this program; if not, write to the Free Software */
18	/* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */
19
20	#include "config_xor.h"
21
22	#include <stdio.h>
23	#include <string.h>
24	#include <sys/types.h>
25	#include <unistd.h>
26
27	#include "samhain.h"
28	#include "sh_error.h"
29	#include "sh_utils.h"
30	#include "sh_tiger.h"
31
32	#if defined(HAVE_MLOCK) && !defined(HAVE_BROKEN_MLOCK)
33	#include <sys/mman.h>
34	#endif
35
36
37	#undef FIL__
38	#define FIL__ _("sh_err_log.c")
39
40	#undef FIX_XML
41	#define FIX_XML 1
42
43	#define MYSIGLEN (2*KEY_LEN + 32)
44
45	typedef struct _sh_log_buf {
46	char signature[KEY_LEN+1];
47	char timestamp[KEY_LEN+1];
48	#ifdef SH_USE_XML
49	char sig[MYSIGLEN];
50	#endif
51	char * msg;
52	} sh_sh_log_buf;
53
54	extern struct _errFlags errFlags;
55
56	#define CHK_KEY 0
57	#define CHK_FIL 1
58	#define CHK_NON 2
59
60	static int get_key_from_file(char * path, char * keyid, char * key)
61	{
62	SL_TICKET fd;
63	char * buf;
64	char * bufc;
65
66	if (path[strlen(path)-1] == '\n')
67	path[strlen(path)-1] = '\0';
68
69	/* open the file, then check it
70	*/
71	if ( SL_ISERROR(fd = sl_open_read (path, SL_NOPRIV)))
72	{
73	fprintf(stderr, _("Could not open file <%s>\n"), path);
74	_exit (EXIT_FAILURE);
75	}
76
77	buf = SH_ALLOC( (size_t)(SH_BUFSIZE+1));
78	bufc = SH_ALLOC( (size_t)(SH_MAXBUF+1));
79
80	while (1 == 1)
81	{
82	buf[0] = '\0';
83	bufc[0] = '\0';
84
85	/* find start of next key
86	*/
87	while (0 != sl_strncmp(buf, _("-----BEGIN LOGKEY-----"),
88	sizeof("-----BEGIN LOGKEY-----")-1))
89	{
90	(void) sh_unix_getline (fd, buf, SH_BUFSIZE);
91	if (buf[0] == '\0')
92	{
93	/* End of file reached, return.
94	*/
95	(void) fflush(stdout);
96	(void) sl_close(fd);
97	return -1;
98	}
99	}
100
101	/* read key
102	*/
103	(void) sh_unix_getline (fd, buf, SH_BUFSIZE);
104
105	if (0 == sl_strncmp(keyid, &buf[KEY_LEN], strlen(keyid)))
106	{
107	(void) sl_strlcpy(key, buf, KEY_LEN+1);
108	(void) sl_close(fd);
109	return 0;
110	}
111	}
112
113	/@notreached@/
114	}
115
116	static int just_list = S_FALSE;
117
118	int sh_error_logverify_mod (char * s)
119	{
120	just_list = S_TRUE;
121	if (s) /* compiler warning (unused var) fix */
122	return 0;
123	else
124	return 0;
125	}
126
127	int sh_error_logverify (char * s)
128	{
129	SL_TICKET fd;
130	int len;
131	int status;
132	int count = 0;
133	int start = -1;
134	char * buf;
135	char * bufc;
136	#ifdef SH_USE_XML
137	char * ptr;
138	int fixed_xml = S_TRUE;
139	char c_start;
140	#endif
141	char signature[64];
142	char key[KEY_LEN+2];
143	char path[KEY_LEN+1];
144	char timestamp[64];
145	char c_cont;
146	int chk_mode = CHK_KEY;
147
148	sh_error_logoff();
149
150	if (s == NULL \|\| sl_strlen(s) >= PATH_MAX)
151	{
152	fprintf(stderr, _("FAIL: msg=\"Invalid input\", path=\"%s\"\n"), s);
153	_exit (EXIT_FAILURE);
154	}
155
156	/* Open the file, then check it.
157	*/
158	if (0 != sl_is_suid())
159	{
160	fprintf(stderr, _("Cannot open file %s in suid mode\n"), s);
161	_exit (EXIT_FAILURE);
162	}
163
164	if ( SL_ISERROR(fd = sl_open_read (s, SL_NOPRIV)) )
165	{
166	fprintf(stderr,
167	_("FAIL: msg=\"File not accessible\", error=\"%ld\", path=\"%s\"\n"), fd, s);
168	_exit (EXIT_FAILURE);
169	}
170
171	/* Find space value.
172	*/
173	c_cont = ' ';
174	#ifdef SH_STEALTH
175	c_cont ^= XOR_CODE;
176	#endif
177
178	#ifdef SH_USE_XML
179	c_start = '<';
180	#ifdef SH_STEALTH
181	c_start ^= XOR_CODE;
182	#endif
183	#endif
184
185	buf = (char ) SH_ALLOC( 2SH_BUFSIZE+1 );
186	bufc = (char ) SH_ALLOC( 2SH_BUFSIZE+1 );
187
188	while (1 == 1)
189	{
190	/* get the log message
191	*/
192	if (sh_unix_getline (fd, buf, (2*SH_BUFSIZE)) < 0)
193	break;
194
195	len = (int) sl_strlen(buf);
196
197	#ifdef SH_USE_XML
198	#ifdef SH_STEALTH
199	if (0 == sl_strncmp (buf, N_("<trail>"), 7))
200	#else
201	if (0 == sl_strncmp (buf, _("<trail>"), 7))
202	#endif
203	#else
204	#ifdef SH_STEALTH
205	if (0 == sl_strncmp (buf, N_("[SOF]"), 5))
206	#else
207	if (0 == sl_strncmp (buf, _("[SOF]"), 5))
208	#endif
209	#endif
210	{
211	if (just_list == S_TRUE)
212	{
213	#ifdef SH_STEALTH
214	sh_do_decode (buf, sl_strlen(buf));
215	#endif
216	fprintf (stdout, _("%s\n"), buf);
217	}
218
219	/* Found start of audit trail, read first line.
220	*/
221	start = 1;
222	do {
223	if ( sh_unix_getline (fd, buf, (2*SH_BUFSIZE)) < 0)
224	break;
225	} while (buf[0] == '\0' \|\| buf[0] == '\n');
226	len = (int) sl_strlen(buf);
227
228	if (just_list == S_TRUE)
229	{
230	#ifdef SH_STEALTH
231	if (buf[0] != '\n')
232	sh_do_decode (buf, sl_strlen(buf));
233	#endif
234	fprintf (stdout, _("%s\n"), buf);
235	start = 0;
236	}
237
238	++count;
239	}
240	else if (buf[0] == '\n'
241	#ifdef SH_USE_XML
242	\|\|
243	#ifdef SH_STEALTH
244	0 == sl_strncmp(buf, N_("</trail>"), 7)
245	#else
246	0 == sl_strncmp(buf, _("</trail>"), 7)
247	#endif
248	#endif
249	)
250	{
251	if (just_list == S_TRUE)
252	{
253	#ifdef SH_STEALTH
254	if (buf[0] != '\n')
255	sh_do_decode (buf, sl_strlen(buf));
256	#endif
257	fprintf (stdout, _("%s\n"), buf);
258	}
259
260	/* A newline.
261	*/
262	++count;
263	continue;
264	}
265	else if (start == 0)
266	{
267	/* We are inside an audit trail.
268	*/
269	++count;
270	if (just_list == S_TRUE)
271	{
272	#ifdef SH_STEALTH
273	sh_do_decode (buf, sl_strlen(buf));
274	#endif
275	fprintf (stdout, _("%s\n"), buf);
276	continue;
277	}
278	}
279	else
280	{
281	/* No start-of-file found yet.
282	*/
283	continue;
284	}
285
286	if (just_list == S_TRUE)
287	continue;
288
289	/* Check for a continuation line.
290	*/
291	while (1 == 1)
292	{
293	do {
294	if ( sh_unix_getline (fd, bufc, (2*SH_BUFSIZE)) < 0)
295	break;
296	} while (bufc[0] == '\0' \|\| bufc[0] == '\n');
297	++count;
298	if (bufc[0] == c_cont)
299	{
300	/* A continuation line. Add the newline.
301	*/
302	(void) sl_strlcat(buf, "\n", 2*SH_BUFSIZE+1);
303	++len;
304	(void) sl_strlcat(buf, bufc, 2*SH_BUFSIZE+1);
305	len += (int) sl_strlen(bufc);
306	}
307	else
308	{
309	/* No continuation line. Use it as signature.
310	* A48014C05604EF7C9472330E85453E704024943E556163C2
311	*/
312	#ifdef SH_USE_XML
313	#ifdef SH_STEALTH
314	if (bufc[0] == c_start) /* FIX XML */
315	#else
316	if (bufc[0] == c_start)
317	#endif
318	{
319	(void) sl_strlcpy(signature, &bufc[5], KEY_LEN+1);
320	fixed_xml = S_TRUE;
321	}
322	else
323	{
324	(void) sl_strlcpy(signature, &bufc[4], KEY_LEN+1);
325	fixed_xml = S_FALSE;
326	}
327	if (sl_strlen(bufc) > (KEY_LEN+18))
328	{
329	#ifdef SH_STEALTH
330	if (bufc[0] == c_start) /* FIX XML */
331	#else
332	if (bufc[0] == c_start)
333	#endif
334	(void) sl_strlcpy(timestamp, &bufc[KEY_LEN+5], 64);
335	else
336	(void) sl_strlcpy(timestamp, &bufc[KEY_LEN+4], 64);
337	#ifdef SH_STEALTH
338	ptr = strchr(timestamp, c_start);
339	#else
340	ptr = strchr(timestamp, c_start);
341	#endif
342	if (ptr) *ptr = '\0';
343	}
344	break;
345	#else
346	sl_strlcpy(signature, bufc, KEY_LEN+1);
347	if (sl_strlen(bufc) > KEY_LEN)
348	sl_strlcpy(timestamp, &bufc[KEY_LEN], 64);
349	break;
350	#endif
351	}
352	}
353
354	/* Get starting key from command line.
355	*/
356	if (start == 1)
357	{
358
359	/* Get the timestamp.
360	*/
361
362	#ifdef SH_STEALTH
363	sh_do_decode (timestamp, sl_strlen(timestamp));
364	#endif
365	key[0] = '\0';
366
367	findKey:
368
369	if (chk_mode != CHK_FIL)
370	{
371	/* Ask for the key.
372	*/
373	chk_mode = CHK_KEY;
374	fprintf(stdout, _("\nNew audit trail (%s), enter key\|keyfile: "),
375	/@-usedef@/timestamp/@+usedef@/);
376	key[0] = '\0';
377
378	while (sl_strlen(key) < KEY_LEN )
379	{
380	if (key[0] != '\n' && key[0] != '\0')
381	fprintf(stdout, _("New audit trail, enter key: "));
382	else if (key[0] == '\n')
383	{
384	(void) sl_strlcpy(key,
385	sh_tiger_hash(NULL, TIGER_DATA, 0),
386	KEY_LEN+1);
387	chk_mode = CHK_NON;
388	break;
389	}
390	(void) fflush(stdout);
391	key[0] = '\0';
392	(void) fgets(key, KEY_LEN+2, stdin);
393	if (key[0] != '\n')
394	{
395	if (key[strlen(key) - 1] == '\n')
396	key[strlen(key) - 1] = '\0';
397	}
398	if (key[0] == '/')
399	{
400	chk_mode = CHK_FIL;
401	(void) sl_strlcpy(path, key, KEY_LEN+1);
402	break;
403	}
404	}
405	}
406	/* we now have either a key (chk_mode == CHK_NON\|CHK_KEY)
407	* or a file (chk_mode == CHK_FIL)
408	*/
409	if (chk_mode == CHK_FIL)
410	{
411	fprintf(stdout, _("\nAudit trail (%s), searching file %s\n"),
412	/@-usedef@/timestamp, path/@+usedef@/);
413	if (-1 == get_key_from_file(path, timestamp, key))
414	{
415	chk_mode = CHK_KEY;
416	fprintf(stdout, _("Key not found in file\n"));
417	goto findKey;
418	}
419	}
420
421
422	sh_util_encode(key, buf, 1, 'B');
423	start = 0;
424	}
425	else
426	{
427	/* Iterate the key.
428	*/
429	(void) sl_strlcpy (key,
430	sh_tiger_hash (key, TIGER_DATA, KEY_LEN),
431	KEY_LEN+1);
432	}
433
434	(void) sl_strlcat ( buf, key, 2*SH_BUFSIZE + 1);
435
436	#ifdef SH_STEALTH
437	sh_do_decode (signature, sl_strlen(signature));
438	#endif
439
440	status = sl_strncmp (signature,
441	sh_tiger_hash (buf, TIGER_DATA,
442	(unsigned long) sl_strlen(buf)),
443	KEY_LEN);
444
445	buf[len] = '\0'; /* do not print out the key */
446	#ifdef SH_STEALTH
447	sh_do_decode (buf, sl_strlen(buf));
448	#endif
449
450	if (status != 0)
451	{
452	#ifdef SH_USE_XML
453	if (chk_mode == CHK_NON)
454	{
455	if (fixed_xml == S_FALSE)
456	fprintf (stdout, _("XFAIL: line=%05d %s/log>\n"),
457	count-1, buf);
458	else
459	fprintf (stdout, _("XFAIL: line=%05d %s</log>\n"),
460	count-1, buf);
461	}
462	else
463	{
464	if (fixed_xml == S_FALSE)
465	fprintf (stdout, _("FAIL: line=%05d %s/log>\n"),
466	count-1, buf);
467	else
468	fprintf (stdout, _("FAIL: line=%05d %s</log>\n"),
469	count-1, buf);
470	}
471	#else
472	if (chk_mode == CHK_NON)
473	fprintf (stdout, _("XFAIL: line=%5d %s\n"), count-1, buf);
474	else
475	fprintf (stdout, _("FAIL: line=%5d %s\n"), count-1, buf);
476	#endif
477	}
478	else
479	{
480	#ifdef SH_USE_XML
481	if (fixed_xml == S_FALSE)
482	fprintf (stdout, _("PASS: line=%05d %s/log>\n"), count-1, buf);
483	else
484	fprintf (stdout, _("PASS: line=%05d %s</log>\n"), count-1, buf);
485	#else
486	fprintf (stdout, _("PASS: line=%5d %s\n"), count-1, buf);
487	#endif
488	}
489	}
490
491	/* Cleanup and exit.
492	*/
493	(void) sl_close (fd);
494	SH_FREE (buf);
495	SH_FREE (bufc);
496	(void) fflush (stdout);
497	_exit (EXIT_SUCCESS);
498
499	/* Make compilers happy.
500	*/
501	/@notreached@/
502	return 0;
503	}
504
505	/********************************************************************
506	*
507	* Runtime code
508	*
509	********************************************************************/
510	static
511	int sh_log_open (char * inet_peer,
512	char * logfile, int * service_failure, SL_TICKET * fildesc)
513	{
514	SL_TICKET fd = -1;
515	long int status;
516	char * tmp = NULL;
517	uid_t uid;
518	size_t len;
519	char * lockfile = NULL;
520
521	SL_ENTER(_("sh_log_open"));
522
523	/* open/create the file, then check it
524	*/
525
526	if ( 0 != (status = tf_trust_check (logfile, SL_YESPRIV))
527	&& (*service_failure) == 0)
528	{
529	tmp = sh_util_safe_name (logfile);
530	sh_error_handle ((-1), FIL__, __LINE__, status, MSG_E_TRUST,
531	(long) sh.effective.uid, tmp);
532	}
533
534	if (status == 0)
535	{
536	fd = sl_open_write (logfile, SL_YESPRIV);
537	if (SL_ISERROR(fd))
538	{
539	tmp = sh_util_safe_name (logfile);
540	(void) sl_get_euid(&uid);
541	if ((*service_failure) == 0)
542	sh_error_handle ((-1), FIL__, __LINE__, fd, MSG_E_ACCESS,
543	(long) uid, tmp);
544	status = -1;
545	}
546	}
547
548
549	if (status == 0 && inet_peer == NULL )
550	{
551	status = sh_unix_write_lock_file(logfile);
552	if (status < 0)
553	{
554	tmp = sh_util_safe_name (logfile);
555	len = 6 + sl_strlen(tmp);
556	lockfile = SH_ALLOC(len);
557	(void) sl_strlcpy(lockfile, tmp, len);
558	(void) sl_strlcat(lockfile, _(".lock"), len);
559	(void) sl_get_euid(&uid);
560	if ((*service_failure) == 0)
561	sh_error_handle ((-1), FIL__, __LINE__, status, MSG_LOCKED,
562	(long) uid, tmp, lockfile);
563	status = -1;
564	SH_FREE(lockfile);
565	(void) sl_close(fd);
566	}
567	}
568
569	if (status == 0)
570	{
571	status = sl_forward(fd);
572	if (SL_ISERROR(status))
573	{
574	tmp = sh_util_safe_name (logfile);
575	(void) sl_get_euid(&uid);
576	if ((*service_failure) == 0)
577	sh_error_handle ((-1), FIL__, __LINE__, status, MSG_E_ACCESS,
578	(long) uid, tmp);
579	status = -1;
580	(void) sl_close(fd);
581	}
582	}
583
584	if (status < 0)
585	{
586	if ((*service_failure) == 0) {
587	sh_error_handle ((-1), FIL__, __LINE__, status, MSG_SRV_FAIL,
588	_("logfile"), tmp);
589	(*service_failure) = 1;
590	}
591	SH_FREE(tmp);
592	SL_RETURN(-1, _("sh_log_open"));
593	}
594
595	*fildesc = fd;
596	*service_failure = 0;
597	SL_RETURN(0, _("sh_log_open"));
598	}
599
600	typedef struct lfstc {
601	char * logfile;
602	int service_failure;
603	int log_start;
604	char sigkey_old[KEY_LEN+1];
605	char sigkey_new[KEY_LEN+1];
606	char crypt[KEY_LEN+1];
607	struct lfstc * next;
608	} open_logfile;
609
610	static open_logfile * logfile_list = NULL;
611
612	static int flag_sep_log = S_FALSE;
613
614	#ifdef SH_WITH_SERVER
615	int set_flag_sep_log (char * str)
616	{
617	return sh_util_flagval(str, &flag_sep_log);
618	}
619	#endif
620
621	/*
622	* --- Log error message to log file. ---
623	*/
624	int sh_log_file (/@null@/char errmsg, /@null@/char inet_peer)
625	{
626	int store1;
627	int store2;
628	int store3;
629	int store4;
630	int store5;
631	int store6;
632	int store7;
633	int store8;
634
635	SL_TICKET fd = -1;
636	long int status;
637	struct _sh_log_buf log_msg;
638
639	char logfile[SH_PATHBUF+SH_MINIBUF+2];
640	open_logfile * current = logfile_list;
641	open_logfile * next = NULL;
642	char * sigkey_new;
643	char * sigkey_old;
644	char * crypt;
645
646	SL_ENTER(_("sh_log_file"));
647
648	if (errFlags.HaveLog == BAD) /* paranoia */
649	SL_RETURN((-1), _("sh_log_file"));
650
651	#ifdef SH_USE_XML
652	if (NULL == errmsg)
653	{
654	while (current != NULL)
655	{
656	/* don't write second EOF mark
657	*/
658	if (current->log_start != S_TRUE)
659	{
660	/* Don't use inet_peer == NULL, userwise a lock file will
661	* be created.
662	*/
663	(void) sh_log_open ("\0",
664	current->logfile,
665	&(current->service_failure), &fd);
666
667	#ifdef SH_STEALTH
668	(void) sl_write_line (fd, N_("</trail>"), 7);
669	(void) sl_write (fd, "\n", 1);
670	(void) sl_sync(fd);
671	#else
672	(void) sl_write_line (fd, _("</trail>\n"), 8);
673	(void) sl_sync(fd);
674	#endif
675	(void) sl_close(fd);
676	/* sh_unix_rm_lock_file (current->logfile); */
677	}
678	next = current->next;
679	SH_FREE(current->logfile);
680	SH_FREE(current);
681	current = next;
682	}
683	logfile_list = NULL;
684	SL_RETURN( 0, _("sh_log_file"));
685	}
686	#else
687	if (NULL == errmsg)
688	{
689	while (current != NULL)
690	{
691	/* sh_unix_rm_lock_file (current->logfile); */
692	next = current->next;
693	SH_FREE(current->logfile);
694	SH_FREE(current);
695	current = next;
696	}
697	logfile_list = NULL;
698	SL_RETURN( 0, _("sh_log_file"));
699	}
700	#endif
701
702	(void) sl_strlcpy (logfile, sh.srvlog.name, sizeof(logfile));
703	if (inet_peer != NULL && flag_sep_log == S_TRUE)
704	{
705	(void) sl_strlcat (logfile, ".", sizeof(logfile));
706	(void) sl_strlcat (logfile, inet_peer, sizeof(logfile));
707	}
708
709	if (sh.flag.log_start == S_TRUE)
710	{
711	while (current != NULL)
712	{
713	current->log_start = S_TRUE;
714	current = current->next;
715	}
716	sh.flag.log_start = S_FALSE;
717	current = logfile_list;
718	}
719
720	while (current != NULL)
721	{
722	if (strcmp(logfile, current->logfile) == 0)
723	break;
724	current = current->next;
725	}
726
727	if (current == NULL)
728	{
729	current = SH_ALLOC(sizeof(open_logfile));
730	current->logfile = SH_ALLOC(strlen(logfile) + 1);
731	(void) sl_strlcpy(current->logfile, logfile, strlen(logfile) + 1);
732	current->service_failure = 0;
733	current->log_start = S_TRUE;
734	memset(current->sigkey_old, (int)'\0', KEY_LEN+1);
735	memset(current->sigkey_new, (int)'\0', KEY_LEN+1);
736	memset(current->crypt, (int)'\0', KEY_LEN+1);
737	current->next = logfile_list;
738	logfile_list = current;
739	}
740
741	if (0 != sh_log_open (inet_peer, current->logfile,
742	&(current->service_failure), &fd))
743	{
744	SL_RETURN ((-1), _("sh_log_file"));
745	}
746
747
748	/* --- Allocate storage and mlock it. ---
749	*/
750
751	status = (long) sl_strlen (errmsg);
752	log_msg.msg = (char ) SH_ALLOC ((size_t) (2KEY_LEN + status + 32));
753
754	#if defined(HAVE_MLOCK) && !defined(HAVE_BROKEN_MLOCK)
755	if (skey->mlock_failed == SL_FALSE)
756	{
757	if ( (-1) == sh_unix_mlock( FIL__, __LINE__, log_msg.msg,
758	(size_t)(2*KEY_LEN + status + 32) ) )
759	{
760	skey->mlock_failed = SL_TRUE;
761	#if defined (SH_WITH_CLIENT) \|\| defined (SH_STANDALONE)
762	sh_error_handle ((-1), FIL__, __LINE__, EPERM, MSG_MLOCK);
763	#endif
764	}
765	}
766	#else
767	if (skey->mlock_failed == SL_FALSE)
768	{
769	skey->mlock_failed = SL_TRUE;
770	#if defined (SH_WITH_CLIENT) \|\| defined (SH_STANDALONE)
771	sh_error_handle ((-1), FIL__, __LINE__, EPERM, MSG_MLOCK);
772	#endif
773	}
774	#endif
775
776	/* --- Write the start marker. ---
777	*/
778
779	if (current->log_start == S_TRUE)
780	{
781	#ifdef SH_USE_XML
782	#ifdef SH_STEALTH
783	(void) sl_write (fd, "\n", 1);
784	(void) sl_write_line (fd, N_("<trail>"), 7);
785	(void) sl_sync(fd);
786	#else
787	(void) sl_write_line (fd, _("\n<trail>"), 8);
788	(void) sl_sync(fd);
789	#endif
790	#else
791	#ifdef SH_STEALTH
792	(void) sl_write (fd, "\n", 1);
793	(void) sl_write_line (fd, N_("[SOF]"), 5);
794	(void) sl_sync(fd);
795	#else
796	(void) sl_write_line (fd, _("\n[SOF]"), 6);
797	(void) sl_sync(fd);
798	#endif
799	#endif
800	}
801
802	/* reserve KEY_LEN chars at end for key
803	*/
804	(void) sl_strlcpy (log_msg.msg, errmsg, (size_t) status+1 );
805
806
807	#ifdef SH_USE_XML
808	/* cut the trailing "/>"
809	*/
810	if (log_msg.msg[status-2] == '/')
811	{
812	#ifdef FIX_XML
813	log_msg.msg[status-2] = ' '; /* ' ' FIX XML */
814	log_msg.msg[status-1] = '>'; /* '>' FIX XML */
815	#else
816	log_msg.msg[status-2] = '>'; /* ' ' FIX XML */
817	log_msg.msg[status-1] = '<'; /* '>' FIX XML */
818	#endif
819	log_msg.msg[status] = '\0';
820	}
821	else if (status >= 6 && log_msg.msg[status-5] == '/' &&
822	log_msg.msg[status-6] == '<')
823	{
824	#ifdef FIX_XML
825	log_msg.msg[status-6] = '\0';
826	status -= 6;
827	#else
828	log_msg.msg[status-5] = '\0';
829	status -= 5;
830	#endif
831	}
832	#endif
833
834
835	#ifdef SH_STEALTH
836	sh_do_encode (log_msg.msg, status);
837	#endif
838
839	if (flag_sep_log == S_TRUE && inet_peer != NULL)
840	{
841	sigkey_old = current->sigkey_old;
842	sigkey_new = current->sigkey_new;
843	crypt = current->crypt;
844	}
845	else
846	{
847	sigkey_old = skey->sigkey_old;
848	sigkey_new = skey->sigkey_new;
849	crypt = skey->crypt;
850	}
851
852	/* write the signature
853	*/
854	if (current->log_start == S_TRUE)
855	{
856	if (sh.real.user[0] == '\0')
857	(void) sh_unix_getUser();
858
859	/* Initialize the key.
860	*/
861	(void) sh_util_keyinit(sigkey_old, KEY_LEN+1);
862
863	/* Hash the key to make sure it has the correct format.
864	*/
865	(void) sl_strlcpy(sigkey_new,
866	sh_tiger_hash (sigkey_old, TIGER_DATA, KEY_LEN),
867	KEY_LEN+1);
868
869	/* Copy it to 'crypt' for encryption.
870	*/
871	(void) sl_strlcpy(crypt, sigkey_new, KEY_LEN+1);
872
873	/* Use message and compiled-in key to encrypt.
874	*/
875	BREAKEXIT(sh_util_encode);
876	sh_util_encode(crypt, log_msg.msg, 0, 'B');
877
878	/* Send out the key.
879	*/
880	(void) sl_strlcpy(log_msg.timestamp, sh_unix_time(0), KEY_LEN+1);
881
882	store1 = errFlags.loglevel;
883	store2 = errFlags.sysloglevel;
884	store3 = errFlags.printlevel;
885	store4 = errFlags.exportlevel;
886	store5 = errFlags.maillevel;
887	store6 = errFlags.externallevel;
888	store7 = errFlags.databaselevel;
889	store8 = errFlags.preludelevel;
890
891	/* mail the key
892	*/
893	errFlags.loglevel = SH_ERR_NOT;
894	errFlags.sysloglevel = SH_ERR_NOT;
895	errFlags.printlevel = SH_ERR_NOT;
896	errFlags.exportlevel = SH_ERR_NOT;
897	errFlags.externallevel = SH_ERR_NOT;
898	errFlags.databaselevel = SH_ERR_NOT;
899	errFlags.preludelevel = SH_ERR_NOT;
900
901	sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_START_KEY_MAIL,
902	sh.prg_name, crypt,
903	crypt, log_msg.timestamp);
904
905	/* send to other allowed channels
906	*/
907	errFlags.maillevel = SH_ERR_NOT;
908	/* errFlags.printlevel = store3; */
909	errFlags.exportlevel = store4;
910	errFlags.externallevel = store6;
911	errFlags.databaselevel = store7;
912	errFlags.preludelevel = store8;
913
914	sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_START_KEY,
915	sh.prg_name, crypt);
916
917	/* Cleanup.
918	*/
919	errFlags.loglevel = store1;
920	errFlags.sysloglevel = store2;
921	errFlags.printlevel = store3;
922	errFlags.exportlevel = store4;
923	errFlags.maillevel = store5;
924	errFlags.externallevel = store6;
925	errFlags.databaselevel = store7;
926
927
928	memset (crypt, (int) '\0', KEY_LEN);
929	sh.flag.log_start = S_FALSE;
930	current->log_start = S_FALSE;
931	}
932	else
933	{
934	log_msg.timestamp[0] = '\0';
935	(void) sl_strlcpy (sigkey_new,
936	sh_tiger_hash (sigkey_old, TIGER_DATA, KEY_LEN),
937	KEY_LEN+1);
938	}
939
940	/* --- Sign the message with the signature key. ---
941	*/
942
943	(void) sl_strlcat (log_msg.msg, sigkey_new, (size_t)(status + KEY_LEN + 2));
944
945	(void) sl_strlcpy (log_msg.signature,
946	sh_tiger_hash (log_msg.msg, TIGER_DATA,
947	(unsigned long)(status + KEY_LEN)),
948	KEY_LEN+1);
949	(void) sl_strlcpy (sigkey_old, sigkey_new, KEY_LEN+1);
950
951	/@-bufferoverflowhigh -usedef@/
952	#ifdef SH_USE_XML
953	if (log_msg.timestamp[0] != '\0')
954	sprintf(log_msg.sig, /* known to fit */
955	#ifdef FIX_XML
956	_("\n<sig>%s%s</sig></log>\n"), /* <sig> FIX XML */
957	#else
958	_("\nsig>%s%s</sig></log>\n"), /* <sig> FIX XML */
959	#endif
960	log_msg.signature, log_msg.timestamp);
961	else
962	sprintf(log_msg.sig, /* known to fit */
963	#ifdef FIX_XML
964	_("\n<sig>%s</sig></log>\n"), /* <sig> FIX XML */
965	#else
966	_("\nsig>%s</sig></log>\n"), /* <sig> FIX XML */
967	#endif
968	log_msg.signature);
969	/@+bufferoverflowhigh +usedef@/
970
971	#ifdef SH_STEALTH
972	/* don't encode the line breaks (0 + last char)
973	*/
974	sh_do_encode (&log_msg.sig[1], (sl_strlen(log_msg.sig)-2) );
975	#endif
976	#else
977	#ifdef SH_STEALTH
978	sh_do_encode (log_msg.signature, KEY_LEN);
979	sh_do_encode (log_msg.timestamp, sl_strlen(log_msg.timestamp));
980	#endif
981	#endif
982
983	#ifdef SH_USE_XML
984	log_msg.msg[status] = '\0';
985	(void) sl_strlcat (log_msg.msg, log_msg.sig,
986	(size_t)(status + 2*KEY_LEN + 32));
987	#ifdef SH_STEALTH
988	if (NULL != sl_strstr(log_msg.msg, N_("EXIT")) &&
989	NULL == sl_strstr(log_msg.msg, N_("remote_host")))
990	{
991	(void) sl_strlcat (log_msg.msg, N_("</trail>"),
992	(size_t)(status + 2*KEY_LEN + 32));
993	#else
994	if (NULL != sl_strstr(log_msg.msg, _("msg=\"EXIT\"")) &&
995	NULL == sl_strstr(log_msg.msg, _("remote_host")))
996	{
997	(void) sl_strlcat (log_msg.msg, _("</trail>"),
998	(size_t)(status + 2*KEY_LEN + 32));
999	#endif
1000
1001	(void) sl_strlcat (log_msg.msg, _("\n"),
1002	(size_t)(status + 2*KEY_LEN + 32));
1003	current->log_start = S_TRUE;
1004	}
1005	#else
1006	log_msg.msg[status] = '\0';
1007	(void) sl_strlcat (log_msg.msg, "\n",
1008	(size_t)(status + KEY_LEN + 2));
1009	(void) sl_strlcat (log_msg.msg, log_msg.signature,
1010	(size_t)(status + KEY_LEN + 2));
1011	if (log_msg.timestamp[0] != '\0')
1012	(void) sl_strlcat (log_msg.msg, log_msg.timestamp,
1013	(size_t)(status + 2*KEY_LEN + 2));
1014	(void) sl_strlcat (log_msg.msg, "\n",
1015	(size_t)(status + 2*KEY_LEN + 3));
1016	#endif
1017
1018	/* --- Write out the record. ---
1019	*/
1020	(void) sl_write (fd, log_msg.msg, (long) strlen(log_msg.msg));
1021	(void) sl_sync (fd);
1022	(void) sl_close (fd);
1023
1024	/* --- Clean up and free record. ---
1025	*/
1026	memset (log_msg.msg, (int)'\0', (size_t)(status + 2*KEY_LEN + 32));
1027	memset (log_msg.signature, (int)'\0', KEY_LEN);
1028	(void) sh_unix_munlock (log_msg.msg,
1029	(size_t)(status + 2*KEY_LEN + 32));
1030	SH_FREE(log_msg.msg);
1031
1032	SL_RETURN (0, _("sh_log_file"));
1033	}
1034

Note: See TracBrowser for help on using the repository browser.

Download in other formats: