source: trunk/src/sh_ignore.c@ 479

Last change on this file since 479 was 438, checked in by katerina, 11 years ago

Fix for ticket #342 (IgnoreAdded et al. matching)

File size: 7.9 KB
Line 
1/* SAMHAIN file system integrity testing */
2/* Copyright (C) 2003 Rainer Wichmann */
3/* */
4/* This program is free software; you can redistribute it */
5/* and/or modify */
6/* it under the terms of the GNU General Public License as */
7/* published by */
8/* the Free Software Foundation; either version 2 of the License, or */
9/* (at your option) any later version. */
10/* */
11/* This program is distributed in the hope that it will be useful, */
12/* but WITHOUT ANY WARRANTY; without even the implied warranty of */
13/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */
14/* GNU General Public License for more details. */
15/* */
16/* You should have received a copy of the GNU General Public License */
17/* along with this program; if not, write to the Free Software */
18/* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */
19
20#include "config_xor.h"
21
22#ifndef NULL
23#if !defined(__cplusplus)
24#define NULL ((void*)0)
25#else
26#define NULL (0)
27#endif
28#endif
29
30#ifdef HAVE_REGEX_H
31#include <sys/types.h>
32#include <regex.h>
33#endif
34
35#include <string.h>
36
37#include "samhain.h"
38#include "sh_mem.h"
39#include "sh_error.h"
40
41#define FIL__ _("sh_ignore.c")
42
43#if defined(SH_WITH_CLIENT) || defined(SH_STANDALONE)
44
45struct sh_ignore_list {
46#ifdef HAVE_REGEX_H
47 regex_t preg;
48#else
49 char * path;
50#endif
51 struct sh_ignore_list * next;
52};
53
54
55static struct sh_ignore_list * sh_del_ign = NULL;
56static struct sh_ignore_list * sh_new_ign = NULL;
57static struct sh_ignore_list * sh_mod_ign = NULL;
58
59static struct sh_ignore_list * sh_ignore_add_int(struct sh_ignore_list * list,
60 const char * addpath)
61{
62 struct sh_ignore_list * new;
63 char * reg_expr;
64 size_t len;
65
66#ifdef HAVE_REGEX_H
67 int status = -1;
68 char * errbuf;
69#else
70 size_t size;
71#endif
72
73 SL_ENTER(_("sh_ignore_add"));
74
75 if ( (addpath == NULL) || (sl_ok_adds(2, strlen(addpath)) == SL_FALSE) )
76 {
77 SL_RETURN(list, _("sh_ignore_add"));
78 }
79
80 new = SH_ALLOC(sizeof(struct sh_ignore_list));
81
82 len = 2 + strlen(addpath);
83 reg_expr = SH_ALLOC(len);
84 sl_strlcpy(reg_expr, "^", len);
85 sl_strlcat(reg_expr, addpath, len);
86
87#ifdef HAVE_REGEX_H
88 status = regcomp(&(new->preg), reg_expr, REG_NOSUB|REG_EXTENDED);
89 if (status != 0)
90 {
91 errbuf = SH_ALLOC(BUFSIZ+2);
92 (void) regerror(status, &(new->preg), errbuf, BUFSIZ);
93 errbuf[BUFSIZ] = '\0';
94 sh_error_handle ((-1), FIL__, __LINE__, status, MSG_E_REGEX,
95 errbuf, reg_expr);
96 SH_FREE(errbuf);
97 SH_FREE(new);
98 SH_FREE(reg_expr);
99 SL_RETURN(list, _("sh_ignore_add"));
100 }
101#else
102 size = sl_strlen(addpath);
103 new->path = SH_ALLOC(size + 1);
104 sl_strlcpy(new->path, addpath, size+1);
105#endif
106
107 SH_FREE(reg_expr);
108 new->next = list;
109
110 SL_RETURN(new, _("sh_ignore_add"));
111}
112
113int sh_ignore_add_del (const char * addpath)
114{
115 if ((addpath == NULL) || (addpath[0] != '/'))
116 {
117 return -1;
118 }
119 sh_del_ign = sh_ignore_add_int (sh_del_ign, addpath);
120 return 0;
121}
122
123int sh_ignore_add_new (const char * addpath)
124{
125 if ((addpath == NULL) || (addpath[0] != '/'))
126 {
127 return -1;
128 }
129 sh_new_ign = sh_ignore_add_int (sh_new_ign, addpath);
130 return 0;
131}
132
133int sh_ignore_add_mod (const char * addpath)
134{
135 if ((addpath == NULL) || (addpath[0] != '/'))
136 {
137 return -1;
138 }
139 sh_mod_ign = sh_ignore_add_int (sh_mod_ign, addpath);
140 return 0;
141}
142
143static int sh_ignore_chk_int (struct sh_ignore_list * list,
144 const char * chkpath)
145{
146 struct sh_ignore_list * new = list;
147
148 SL_ENTER(_("sh_ignore_chk"));
149
150 if (chkpath == NULL)
151 {
152 SL_RETURN(S_FALSE, _("sh_ignore_add"));
153 }
154
155 while (new)
156 {
157#ifdef HAVE_REGEX_H
158 if (0 == regexec(&(new->preg), chkpath, 0, NULL, 0))
159 {
160 SL_RETURN(S_TRUE, _("sh_ignore_add"));
161 }
162#else
163 if (0 == sl_strcmp(new->path, chkpath))
164 {
165 SL_RETURN(S_TRUE, _("sh_ignore_add"));
166 }
167#endif
168 new = new->next;
169 }
170
171 SL_RETURN(S_FALSE, _("sh_ignore_add"));
172}
173
174int sh_ignore_chk_new (const char * chkpath)
175{
176 return (sh_ignore_chk_int(sh_new_ign, chkpath));
177}
178
179int sh_ignore_chk_del (const char * chkpath)
180{
181 return (sh_ignore_chk_int(sh_del_ign, chkpath));
182}
183
184int sh_ignore_chk_mod (const char * chkpath)
185{
186 return (sh_ignore_chk_int(sh_mod_ign, chkpath));
187}
188
189int sh_ignore_clean (void)
190{
191 struct sh_ignore_list * new;
192
193 new = sh_new_ign;
194
195 while (new)
196 {
197 sh_new_ign = new->next;
198#ifdef HAVE_REGEX_H
199 regfree (&(new->preg));
200#else
201 SH_FREE(new->path);
202#endif
203 SH_FREE(new);
204 new = sh_new_ign;
205 }
206
207 new = sh_del_ign;
208
209 while (new)
210 {
211 sh_del_ign = new->next;
212#ifdef HAVE_REGEX_H
213 regfree (&(new->preg));
214#else
215 SH_FREE(new->path);
216#endif
217 SH_FREE(new);
218 new = sh_del_ign;
219 }
220
221 new = sh_mod_ign;
222
223 while (new)
224 {
225 sh_mod_ign = new->next;
226#ifdef HAVE_REGEX_H
227 regfree (&(new->preg));
228#else
229 SH_FREE(new->path);
230#endif
231 SH_FREE(new);
232 new = sh_mod_ign;
233 }
234
235 return 0;
236}
237#endif
238
239#ifdef SH_CUTEST
240#include "CuTest.h"
241
242void Test_ignore_ok (CuTest *tc) {
243#if defined(SH_WITH_CLIENT) || defined(SH_STANDALONE)
244
245 int ret;
246
247 CuAssertTrue(tc, NULL == sh_del_ign);
248 CuAssertTrue(tc, NULL == sh_new_ign);
249 CuAssertTrue(tc, NULL == sh_mod_ign);
250
251 ret = sh_ignore_add_del ("/var/log/foo/.*");
252 CuAssertTrue(tc, 0 == ret);
253
254 CuAssertPtrNotNull(tc, sh_del_ign);
255 CuAssertTrue(tc, NULL == sh_new_ign);
256 CuAssertTrue(tc, NULL == sh_mod_ign);
257
258 ret = sh_ignore_chk_del ("/var/log/foo/test");
259 CuAssertTrue(tc, S_TRUE == ret);
260
261 ret = sh_ignore_chk_del ("/var/log/footest");
262 CuAssertTrue(tc, S_FALSE == ret);
263
264 ret = sh_ignore_chk_del ("/my/var/log/footest");
265 CuAssertTrue(tc, S_FALSE == ret);
266
267 ret = sh_ignore_chk_del ("/my/var/log/foo/test");
268 CuAssertTrue(tc, S_FALSE == ret);
269
270 sh_ignore_clean();
271 CuAssertTrue(tc, NULL == sh_del_ign);
272 CuAssertTrue(tc, NULL == sh_new_ign);
273 CuAssertTrue(tc, NULL == sh_mod_ign);
274
275 ret = sh_ignore_add_new ("/var/log/foo/.*");
276 CuAssertTrue(tc, 0 == ret);
277
278 CuAssertPtrNotNull(tc, sh_new_ign);
279 CuAssertTrue(tc, NULL == sh_del_ign);
280 CuAssertTrue(tc, NULL == sh_mod_ign);
281
282 ret = sh_ignore_chk_new ("/var/log/foo/test");
283 CuAssertTrue(tc, S_TRUE == ret);
284
285 ret = sh_ignore_chk_new ("/var/log/footest");
286 CuAssertTrue(tc, S_FALSE == ret);
287
288 ret = sh_ignore_chk_new ("/my/var/log/footest");
289 CuAssertTrue(tc, S_FALSE == ret);
290
291 ret = sh_ignore_chk_new ("/my/var/log/foo/test");
292 CuAssertTrue(tc, S_FALSE == ret);
293
294 sh_ignore_clean();
295 CuAssertTrue(tc, NULL == sh_new_ign);
296 CuAssertTrue(tc, NULL == sh_del_ign);
297 CuAssertTrue(tc, NULL == sh_mod_ign);
298
299 ret = sh_ignore_add_mod ("/var/log/foo/.*");
300 CuAssertTrue(tc, 0 == ret);
301
302 CuAssertPtrNotNull(tc, sh_mod_ign);
303 CuAssertTrue(tc, NULL == sh_del_ign);
304 CuAssertTrue(tc, NULL == sh_new_ign);
305
306 ret = sh_ignore_chk_mod ("/var/log/foo/test");
307 CuAssertTrue(tc, S_TRUE == ret);
308
309 ret = sh_ignore_chk_mod ("/var/log/footest");
310 CuAssertTrue(tc, S_FALSE == ret);
311
312 ret = sh_ignore_chk_mod ("/my/var/log/footest");
313 CuAssertTrue(tc, S_FALSE == ret);
314
315 ret = sh_ignore_chk_mod ("/my/var/log/foo/test");
316 CuAssertTrue(tc, S_FALSE == ret);
317
318 sh_ignore_clean();
319 CuAssertTrue(tc, NULL == sh_new_ign);
320 CuAssertTrue(tc, NULL == sh_del_ign);
321 CuAssertTrue(tc, NULL == sh_mod_ign);
322
323#else
324 (void) tc; /* fix compiler warning */
325#endif
326 return;
327}
328/* #ifdef SH_CUTEST */
329#endif
330
Note: See TracBrowser for help on using the repository browser.