source: trunk/src/sh_readconf.c@ 307

Last change on this file since 307 was 290, checked in by katerina, 14 years ago

Fixes for tickets #215, #216, #217, #218, version bumped to 2.7.2
File size: 39.1 KB
RevLine 
[1]1/* SAMHAIN file system integrity testing */
2/* Copyright (C) 1999, 2000 Rainer Wichmann */
3/* */
4/* This program is free software; you can redistribute it */
5/* and/or modify */
6/* it under the terms of the GNU General Public License as */
7/* published by */
8/* the Free Software Foundation; either version 2 of the License, or */
9/* (at your option) any later version. */
10/* */
11/* This program is distributed in the hope that it will be useful, */
12/* but WITHOUT ANY WARRANTY; without even the implied warranty of */
13/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */
14/* GNU General Public License for more details. */
15/* */
16/* You should have received a copy of the GNU General Public License */
17/* along with this program; if not, write to the Free Software */
18/* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */
19
20#include "config_xor.h"
21
22
23#include <stdlib.h>
24#include <stdio.h>
25#include <string.h>
26#include <ctype.h>
27
28
29#include "samhain.h"
[265]30#include "sh_calls.h"
[1]31#include "sh_error.h"
[265]32#include "sh_extern.h"
[1]33#include "sh_files.h"
34#include "sh_forward.h"
35#include "sh_gpg.h"
36#include "sh_hash.h"
37#include "sh_ignore.h"
[265]38#include "sh_database.h"
39#include "sh_mail.h"
40#include "sh_modules.h"
41#include "sh_nmail.h"
[1]42#include "sh_prelink.h"
[181]43#ifdef HAVE_LIBPRELUDE
[1]44#include "sh_prelude.h"
45#endif
[265]46#include "sh_tiger.h"
47#include "sh_tools.h"
48#include "sh_unix.h"
49#include "sh_utils.h"
[1]50
[265]51
[22]52extern int set_reverse_lookup (const char * c);
[1]53
54#undef FIL__
55#define FIL__ _("sh_readconf.c")
56
57typedef enum {
58 SH_SECTION_NONE,
59 SH_SECTION_LOG,
60 SH_SECTION_MISC,
61 SH_SECTION_ATTRIBUTES,
62 SH_SECTION_READONLY,
63 SH_SECTION_LOGFILES,
64 SH_SECTION_LOGGROW,
65 SH_SECTION_NOIGNORE,
66 SH_SECTION_ALLIGNORE,
67 SH_SECTION_USER0,
68 SH_SECTION_USER1,
[27]69 SH_SECTION_USER2,
70 SH_SECTION_USER3,
71 SH_SECTION_USER4,
[1]72 SH_SECTION_PRELINK,
73#if defined (SH_WITH_MAIL)
74 SH_SECTION_MAIL,
75#endif
76#if defined (SH_WITH_CLIENT)
77 SH_SECTION_CLT,
78#endif
79#ifdef WITH_EXTERNAL
80 SH_SECTION_EXTERNAL,
81#endif
82#ifdef WITH_DATABASE
83 SH_SECTION_DATABASE,
84#endif
85#if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE)
86 SH_SECTION_OTHER,
87#endif
88#ifdef SH_WITH_SERVER
89 SH_SECTION_CLIENTS,
90 SH_SECTION_SRV,
91#endif
92 SH_SECTION_THRESHOLD
93} ShSectionType;
94
95typedef struct str_ListSections {
[170]96 const char * name;
[1]97 int type;
98} sh_str_ListSections;
99
100struct str_ListSections tab_ListSections[] = {
101 { N_("[Log]"), SH_SECTION_LOG},
102 { N_("[Misc]"), SH_SECTION_MISC},
103 { N_("[Attributes]"), SH_SECTION_ATTRIBUTES},
104 { N_("[ReadOnly]"), SH_SECTION_READONLY},
105 { N_("[LogFiles]"), SH_SECTION_LOGFILES},
106 { N_("[GrowingLogFiles]"), SH_SECTION_LOGGROW},
107 { N_("[IgnoreAll]"), SH_SECTION_ALLIGNORE},
108 { N_("[IgnoreNone]"), SH_SECTION_NOIGNORE},
109 { N_("[User0]"), SH_SECTION_USER0},
110 { N_("[User1]"), SH_SECTION_USER1},
[27]111 { N_("[User2]"), SH_SECTION_USER2},
112 { N_("[User3]"), SH_SECTION_USER3},
113 { N_("[User4]"), SH_SECTION_USER4},
[1]114 { N_("[Prelink]"), SH_SECTION_PRELINK},
115#ifdef WITH_EXTERNAL
116 { N_("[External]"), SH_SECTION_EXTERNAL},
117#endif
118#ifdef WITH_DATABASE
119 { N_("[Database]"), SH_SECTION_DATABASE},
120#endif
121 { N_("[EventSeverity]"), SH_SECTION_THRESHOLD},
122#ifdef SH_WITH_SERVER
123 { N_("[Clients]"), SH_SECTION_CLIENTS},
124 { N_("[Server]"), SH_SECTION_SRV},
125#endif
126#if defined (SH_WITH_CLIENT)
127 { N_("[Client]"), SH_SECTION_CLT},
128#endif
129#if defined (SH_WITH_MAIL)
130 { N_("[Mail]"), SH_SECTION_MAIL},
131#endif
132 { NULL, SH_SECTION_NONE}
133};
134
[211]135static char * sh_readconf_expand_value (const char * str)
136{
137 char * tmp = (char*)str;
138 char * out;
139
140 while (tmp && isspace((int)*tmp)) ++tmp;
141
142 if (tmp[0] == '$' && tmp[1] == '(')
143 {
144 size_t len = strlen(tmp);
145 while (isspace((int) tmp[len-1])) { tmp[len-1] = '\0'; --len; }
146 if (tmp[len-1] == ')')
147 {
148 tmp[len-1] = '\0';
149 out = sh_ext_popen_str(&tmp[2]);
150 return out;
151 }
152 }
153 return sh_util_strdup(str);
154}
155
[197]156enum {
157 SH_RC_ANY = 0,
158 SH_RC_HOST = 1,
159 SH_RC_SYSTEM = 2,
160 SH_RC_FILE = 3,
161 SH_RC_IFACE = 4,
162 SH_RC_CMD = 5
163};
164
165
166static int sh_readconf_cond_match(char * str, int line)
167{
168 int match = 0;
169 int negate = 1;
170 int cond_type = SH_RC_ANY;
171 char myident[3*SH_MINIBUF+3];
172 struct stat buf;
173
174 char * p = str;
175
176 if (*p == '!') { negate = 0; ++p; }
177 if (*p == '$') {
178 cond_type = SH_RC_SYSTEM; ++p; /* [!]$system */
179 }
180 else { /* *p == '@' */
181
182 ++p; while (isspace((int)*p)) ++p;
183
[272]184 if (0 != strncasecmp(p, _("if "), 3)) {
[197]185 cond_type = SH_RC_HOST; /* [!]$host */
186 }
187
188 else {
189
190 p += 3; while (isspace((int)*p)) ++p; /* skip the 'if\s+' */
191
[272]192 if (0 == strncasecmp(p, _("not "), 4))
[197]193 {
194 p += 4; while (isspace((int)*p)) ++p;
195 negate = 0;
196 }
197 else if (0 == strncmp(p, _("!"), 1))
198 {
199 ++p; while (isspace((int)*p)) ++p;
200 negate = 0;
201 }
202
[272]203 if (0 == strncasecmp(p, _("file_exists "), 12))
[197]204 {
205 p += 12; cond_type = SH_RC_FILE;
206 }
[272]207 else if (0 == strncasecmp(p, _("interface_exists "), 17))
[197]208 {
209 p += 17; cond_type = SH_RC_IFACE;
210 }
[272]211 else if (0 == strncasecmp(p, _("hostname_matches "), 17))
[197]212 {
213 p += 17; cond_type = SH_RC_HOST;
214 }
[272]215 else if (0 == strncasecmp(p, _("system_matches "), 15))
[197]216 {
217 p += 15; cond_type = SH_RC_SYSTEM;
218 }
[272]219 else if (0 == strncasecmp(p, _("command_succeeds "), 17))
[197]220 {
221 p += 17; cond_type = SH_RC_CMD;
222 }
223 else
224 {
225 char errbuf[SH_ERRBUF_SIZE];
226 sl_snprintf(errbuf, sizeof(errbuf),
227 _("Unsupported test at line %d of configuration file"),
228 line);
229 sh_error_handle(SH_ERR_ERR, FIL__, __LINE__, 0, MSG_E_SUBGEN,
230 errbuf,
231 _("sh_readconf_cond_match"));
232 return 0;
233 }
234 }
235 }
236
237 while (isspace((int)*p)) ++p;
238
239 switch (cond_type)
240 {
241 case SH_RC_HOST:
242 if (sl_strncmp (p, sh.host.name, strlen(sh.host.name)) == 0
243#ifdef HAVE_REGEX_H
244 || sh_util_regcmp (p, sh.host.name) == 0
245#endif
246 )
247 match = negate;
248 break;
249 case SH_RC_SYSTEM:
250 /*
251 * The system type, release, and machine.
252 */
253 sl_snprintf(myident, sizeof(myident), _("%s:%s:%s"),
254 sh.host.system, /* flawfinder: ignore */
255 sh.host.release, sh.host.machine);
256
[279]257 if (sl_strncmp (p, myident, strlen(myident)) == 0
[197]258#ifdef HAVE_REGEX_H
259 || sh_util_regcmp (p, myident) == 0
260#endif
261 )
262 match = negate;
263 break;
264 case SH_RC_FILE:
265 if (0 == retry_lstat(FIL__, __LINE__, p, &buf))
266 match = negate;
267 break;
268 case SH_RC_IFACE:
269 if (sh_tools_iface_is_present(p))
270 match = negate;
271 break;
272 case SH_RC_CMD:
273 if (0 == sh_unix_run_command(p))
274 match = negate;
275 break;
276 default:
277 match = 0;
278 }
279 return match;
280}
281
282static int sh_readconf_is_end (char * str)
283{
284 int retval = 0;
285
286 if (str[0] == '@' || str[0] == '$')
287 {
288 char * p = str;
289 ++p; while (isspace((int)*p)) ++p;
[199]290 if (
[272]291 (0 == strncasecmp (p, _("end"), 3) && (p[3] == '\0' || isspace((int)p[3]))) ||
292 (0 == strncasecmp (p, _("fi"), 2) && (p[2] == '\0' || isspace((int)p[2])))
[199]293 )
[197]294 {
295 return 1;
296 }
297 }
298 return retval;
299}
[1]300
[199]301static int sh_readconf_is_else (char * str)
302{
303 int retval = 0;
304
305 if (str[0] == '@')
306 {
307 char * p = str;
308 ++p; while (isspace((int)*p)) ++p;
[272]309 if ( 0 == strncasecmp (p, _("else"), 4) && (p[4] == '\0' || isspace((int)p[4])) )
[199]310 {
311 return 1;
312 }
313 }
314 return retval;
315}
316
[1]317static int sh_readconfig_line (char * line);
318
319static ShSectionType read_mode = SH_SECTION_NONE;
320
321static int conf_line = 0;
322
323/* --- Read the configuration file. ---
324 */
325int sh_readconf_read (void)
326{
327#if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE)
328 /* This is for modules.
329 */
330 int modnum;
331#endif
332
333 int i;
334
335 SL_TICKET fd = -1;
336#if defined(SH_STEALTH) && !defined(SH_STEALTH_MICRO)
337 SL_TICKET fdTmp = -1;
338 SL_TICKET open_tmp (void);
339#endif
340 char * tmp;
341
[286]342#define SH_LINE_IN 16384
343 char * line_in;
[1]344 char * line;
345
346 /* This is for nested conditionals.
347 */
[197]348 int cond_depth = 0;
349 int cond_excl = 0;
350
[1]351 int local_file = 1;
352 char local_flag = 'R';
353
354#if defined(WITH_GPG) || defined(WITH_PGP)
355 int signed_content = S_FALSE;
356 int true_content = S_FALSE;
357#endif
358#if defined(SH_STEALTH) && !defined(SH_STEALTH_MICRO)
359 int hidden_count = 0;
360#endif
361 uid_t euid;
[133]362 char hashbuf[KEYBUF_SIZE];
[1]363
364 SL_ENTER(_("sh_readconf_read"));
365
366 /* --- Open config file, exit on failure. ---
367 */
368#if defined(SH_WITH_CLIENT)
369 if (0 == sl_strcmp(file_path('C', 'R'), _("REQ_FROM_SERVER")))
370 {
371 sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_D_START);
372
373 fd = sh_forward_req_file(_("CONF"));
374
375 if (!SL_ISERROR(fd))
[286]376 {
377 local_file = 0;
378 }
[1]379 else if (sh.flag.checkSum != SH_CHECK_INIT)
[286]380 {
381 aud_exit (FIL__, __LINE__, EXIT_FAILURE);
382 }
[1]383 else
384 {
385 sh_error_handle ((-1), FIL__, __LINE__, fd, MSG_D_FAIL);
386 local_file = 1;
387 local_flag = 'I';
388 }
389 }
390#endif
391
392 /* Use a local configuration file.
393 */
394 if (local_file == 1)
395 {
396 if (0 != tf_trust_check (file_path('C', local_flag), SL_YESPRIV))
397 {
398 sl_get_euid(&euid);
399 dlog(1, FIL__, __LINE__,
400 _("The configuration file: %s is untrusted, i.e. an\nuntrusted user owns or can write to some directory in the path.\n"),
401 ( (NULL == file_path('C', local_flag))
402 ? _("(null)") : file_path('C', local_flag) ));
403 sh_error_handle ((-1), FIL__, __LINE__, EACCES, MSG_TRUST,
404 (long) euid,
405 ( (NULL == file_path('C', local_flag))
406 ? _("(null)") : file_path('C', local_flag) )
407 );
408 aud_exit (FIL__, __LINE__, EXIT_FAILURE);
409 }
[248]410 if (SL_ISERROR(fd = sl_open_read(FIL__, __LINE__,
411 file_path('C',local_flag),SL_YESPRIV)))
[1]412 {
413 sl_get_euid(&euid);
414 dlog(1, FIL__, __LINE__,
415 _("Could not open the local configuration file for reading because\nof the following error: %s (errnum = %ld)\nIf this is a permission problem, you need to change file permissions\nto make the file readable for the effective UID: %d\n"),
416 sl_get_errmsg(), fd, (int) euid);
417 sh_error_handle ((-1), FIL__, __LINE__, fd, MSG_NOACCESS,
418 (long) euid,
419 ( (NULL == file_path('C', local_flag))
420 ? _("(null)") : file_path('C', local_flag) )
421 );
422 aud_exit (FIL__, __LINE__, EXIT_FAILURE);
423 }
424 }
425
426 /* Compute the checksum of the open file.
427 */
428 sl_strlcpy(sh.conf.hash,
[248]429 sh_tiger_hash(file_path('C',local_flag), fd, TIGER_NOLIM,
430 hashbuf, sizeof(hashbuf)),
[1]431 KEY_LEN+1);
432 sl_rewind (fd);
433
[286]434 line_in = SH_ALLOC(SH_LINE_IN);
435
[1]436#if defined(SH_STEALTH) && !defined(SH_STEALTH_MICRO)
437 /* extract the data and copy to temporary file
438 */
439 fdTmp = open_tmp();
[194]440
441 sh_unix_getline_stealth (0, NULL, 0); /* initialize */
442
[286]443 while ( sh_unix_getline_stealth (fd, line_in, SH_LINE_IN-2) > 0) {
[1]444 hidden_count++;
445 if (line_in[0] == '\n')
446 {
447 sl_write(fdTmp, line_in, 1);
448 }
449 else
450 {
451 sl_write_line(fdTmp, line_in, sl_strlen(line_in));
452 }
453#if defined(WITH_GPG) || defined(WITH_PGP)
454 if (0 == sl_strncmp(line_in, _("-----END PGP SIGNATURE-----"), 25))
455 break;
456#else
457 if (0 == sl_strncmp(line_in, _("[EOF]"), 5))
458 break;
459#endif
[286]460 if (hidden_count > 1048576) /* arbitrary safeguard, 1024*1024 */
[1]461 break;
462 }
463 sl_close(fd);
464 fd = fdTmp;
465 sl_rewind (fd);
466#endif
467
468
469 /* --- Start reading lines. ---
470 */
471 conf_line = 0;
472
[286]473 while ( sh_unix_getline (fd, line_in, SH_LINE_IN-2) > 0) {
[1]474
475 ++conf_line;
476
477 line = &(line_in[0]);
478
479 /* fprintf(stderr, "<%s>\n", line); */
480
481 /* Sun May 27 18:40:05 CEST 2001
482 */
483#if defined(WITH_GPG) || defined(WITH_PGP)
484 if (signed_content == S_FALSE)
485 {
486 if (0 == sl_strcmp(line, _("-----BEGIN PGP SIGNED MESSAGE-----")))
487 signed_content = S_TRUE;
488 else
489 continue;
490 }
491 else if (true_content == S_FALSE)
492 {
493 if (line[0] == '\n')
494 true_content = S_TRUE;
495 else
496 continue;
497 }
498 else if (signed_content == S_TRUE)
499 {
500 if (0 == sl_strcmp(line, _("-----BEGIN PGP SIGNATURE-----")))
501 break;
502 else if (0 == sl_strcmp(line, _("-----BEGIN PGP SIGNED MESSAGE-----")))
503 {
504 sh_error_handle((-1), FIL__, __LINE__, 0, MSG_E_SUBGEN,
505 _("second signed message in file"),
506 _("sh_readconf_read"));
507 dlog(1, FIL__, __LINE__,
508 _("There seems to be more than one signed message in the configuration\nfile. Please make sure there is only one signed message.\n"));
509 sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_EXIT_ABORT1,
510 sh.prg_name);
[286]511 SH_FREE(line_in);
[1]512 aud_exit (FIL__, __LINE__,EXIT_FAILURE);
513 }
514 }
515#endif
516
517 /* Skip leading white space.
518 */
[197]519 while (isspace((int)*line)) ++line;
[1]520
[197]521
[1]522 /* Skip header etc.
523 */
524 if (line[0] == '#' || line[0] == '\0' || line[0] == ';' ||
525 (line[0] == '/' && line[1] == '/'))
526 continue;
527
528 /* Clip off trailing white space.
529 */
530 tmp = line + sl_strlen( line ); --tmp;
531 while( isspace((int) *tmp ) && tmp >= line ) *tmp-- = '\0';
532
533
[197]534 /* --- an @host/@if/$system directive -------------- */
535
536 if (line[0] == '@' || (line[0] == '!' && line[1] == '@') ||
537 line[0] == '$' || (line[0] == '!' && line[1] == '$'))
538 {
539 if (sh_readconf_is_end(line))
540 {
541 if (0 == cond_depth) {
542 sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_EINVALD,
543 _("config file"),
544 (long) conf_line);
545 }
546 else {
547 if (cond_excl == cond_depth)
548 cond_excl = 0;
549 --cond_depth;
550 }
551 }
[199]552 else if (sh_readconf_is_else(line))
553 {
554 if (0 == cond_depth) {
555 sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_EINVALD,
556 _("config file"),
557 (long) conf_line);
558 }
559 else if (cond_excl == cond_depth) {
560 cond_excl = 0;
561 }
562 else if (cond_excl == 0) {
563 cond_excl = cond_depth;
564 }
565 }
[197]566 else
567 {
568 if (sh_readconf_cond_match(line, conf_line)) {
569 ++cond_depth;
570 }
571 else {
572 ++cond_depth;
573 if (cond_excl == 0)
574 cond_excl = cond_depth;
575 }
576 }
577 continue;
578 }
579
580 /****************************************************
581 *
582 * Only carry on if this section is intended for us
583 *
584 ****************************************************/
585
586 if (cond_excl != 0) {
587 continue;
588 }
589
[1]590 /* ------- starts a section ------------ */
591
[197]592 else if (line[0] == '[')
[1]593 {
594 read_mode = SH_SECTION_NONE;
595
[272]596 if (0 == sl_strncasecmp (line, _("[EOF]"), 5)) {
[197]597 goto nopel;
598 }
[1]599
600 i = 0;
601
602 while (tab_ListSections[i].name != 0)
603 {
[272]604 if (sl_strncasecmp (line, _(tab_ListSections[i].name),
605 sl_strlen(tab_ListSections[i].name)) == 0)
[1]606 {
607 read_mode = tab_ListSections[i].type;
608 break;
609 }
610 ++i;
611 }
612
613#if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE)
614 if (read_mode == SH_SECTION_NONE)
615 {
616 for (modnum = 0; modList[modnum].name != NULL; ++modnum)
617 {
[272]618 if (0 == sl_strncasecmp (line, _(modList[modnum].conf_section),
619 sl_strlen(modList[modnum].conf_section)) )
[1]620 read_mode = SH_SECTION_OTHER;
621 }
622 }
623#endif
624 if (read_mode == SH_SECTION_NONE)
625 {
626 sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_EINVALHEAD,
627 (long) conf_line);
628 }
629 }
630
631 /* --- an %schedule directive ------------ */
632
633 else if (line[0] == '%' || (line[0] == '!' && line[1] == '%'))
634 {
635#if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE)
[272]636 if (line[0] == '!' && 0 == sl_strcasecmp(&(line[2]), _("SCHEDULE_TWO")))
[1]637 set_dirList(1);
[272]638 else if (0 == sl_strcasecmp(&(line[1]), _("SCHEDULE_TWO")))
[1]639 set_dirList(2);
640#else
641 ;
642#endif
643 }
644
645 /* ------ no new section -------------- */
646
647
[197]648 else if (read_mode != SH_SECTION_NONE)
[1]649 {
650 if (0 != sh_readconfig_line (line))
651 {
652 sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_EINVALCONF,
653 (long) conf_line);
654 }
655 }
[197]656 } /* while getline() */
[1]657
658 nopel:
659
[197]660 if (0 != cond_depth)
[1]661 sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_EINVALDD,
662 _("config file"),
663 (long) conf_line);
664
665#if defined(WITH_GPG) || defined(WITH_PGP)
666 /* Validate signature of open file.
667 */
668 sl_rewind (fd);
669 if (0 != sh_gpg_check_sign (fd, 0, 1))
[286]670 {
671 SH_FREE(line_in);
672 aud_exit (FIL__, __LINE__, EXIT_FAILURE);
673 }
[1]674#endif
675
676 sl_close (fd);
677
678 sh_error_fixup();
679
680 read_mode = SH_SECTION_NONE; /* reset b/o sighup reload */
681
[286]682 SH_FREE(line_in);
[1]683 SL_RETURN( 0, _("sh_readconf_read"));
684}
685
[22]686int sh_readconf_set_path (char * which, const char * what)
[1]687{
688 int len;
689 SL_ENTER( _("sh_readconf_set_path"));
690
691 if (which == NULL || what == NULL)
692 {
693 TPT((0, FIL__, __LINE__ , _("msg=<Input error>\n")));
694 SL_RETURN( -1, _("sh_readconf_set_path"));
695 }
696
697 if (0 == sl_strcmp(what, _("AUTO")))
698 {
699 len = sl_strlen(which);
700 if ( (len + sl_strlen(sh.host.name) + 2) > SH_PATHBUF)
701 {
702 TPT((0, FIL__, __LINE__ , _("msg=<Path too large: %s:%s>\n"),
703 which, sh.host.name));
704 SL_RETURN( -1, _("sh_readconf_set_path"));
705 }
706 else
707 {
708 which[len] = ':'; which[len+1] = '\0';
709 sl_strlcat(which, sh.host.name, SH_PATHBUF);
710 }
711 }
712 else /* not auto */
713 {
714 if (sl_strlen(what) > (SH_PATHBUF-1))
715 {
716 TPT((0, FIL__, __LINE__ , _("msg=<Path too large: %s>\n"), what));
717 SL_RETURN( -1, _("sh_readconf_set_path"));
718 }
719 else
720 {
721 sl_strlcpy(which, what, SH_PATHBUF);
722 }
723 }
724 SL_RETURN( 0, _("sh_readconf_set_path"));
725}
726
[22]727int sh_readconf_set_database_path (const char * what)
[1]728{
729 return (sh_readconf_set_path(sh.data.path, what));
730}
731
[22]732int sh_readconf_set_logfile_path (const char * what)
[1]733{
734 return (sh_readconf_set_path(sh.srvlog.name, what));
735}
736
[22]737int sh_readconf_set_lockfile_path (const char * what)
[1]738{
739 return( sh_readconf_set_path(sh.srvlog.alt, what));
740}
741
742
743
744
745typedef enum {
746 SET_MAILTIME,
747 SET_FILETIME
748} ShTimerItem;
749
750
[22]751int sh_readconf_setTime (const char * str, ShTimerItem what)
[1]752{
753 unsigned long i = atoi (str);
754
755 SL_ENTER( _("sh_readconf_setTime"));
756
757 if (i < LONG_MAX)
758 {
759 if (what == SET_MAILTIME)
760 {
761 TPT((0, FIL__, __LINE__, _("msg=<Set mail timer to %ld>\n"), i));
762 sh.mailTime.alarm_interval = i;
763 }
764 else if (what == SET_FILETIME)
765 {
766 TPT((0, FIL__, __LINE__, _("msg=<Set filecheck timer to %ld>\n"),i));
767 sh.fileCheck.alarm_interval = i;
768 }
769
770 SL_RETURN( 0, _("sh_readconf_setTime"));
771 }
772 else
773 {
774 sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_EINVALL,
775 _("set timer"), (long) i);
776 SL_RETURN( (-1), _("sh_readconf_setTime"));
777 }
778}
779
[22]780int sh_readconf_setMailtime (const char * c)
[1]781{
782 return sh_readconf_setTime (c, SET_MAILTIME);
783}
784
[22]785int sh_readconf_setFiletime (const char * c)
[1]786{
787 return sh_readconf_setTime (c, SET_FILETIME);
788}
789
[22]790int sh_readconf_set_nice (const char * c)
[1]791{
792 long val;
793
794 SL_ENTER(_("sh_readconf_set_nice"));
795
796 val = strtol (c, (char **)NULL, 10);
797 if (val < -20 || val > 20)
798 {
799 SL_RETURN((-1), _("sh_readconf_set_nice"));
800 }
801
802 val = (val < -19 ? -19 : val);
803 val = (val > 19 ? 19 : val);
804
805 sh.flag.nice = val;
806 SL_RETURN((0), _("sh_readconf_set_nice"));
807}
808
809#ifdef FANCY_LIBCAP
[22]810int sh_readconf_setCaps(const char * c)
[1]811{
812 int i;
813 SL_ENTER(_("sh_readconf_setCaps"));
814
815 i = sh_util_flagval(c, &sl_useCaps);
816 SL_RETURN((i), _("sh_readconf_setCaps"));
817}
818#endif
819
820typedef struct _cfg_options {
[170]821 const char * optname;
[1]822 ShSectionType section;
823 ShSectionType alt_section;
[22]824 int (*func)(const char * opt);
[1]825} cfg_options;
826
827#if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE)
[22]828extern int sh_set_schedule_one(const char * str);
829extern int sh_set_schedule_two(const char * str);
[1]830#endif
831#if defined (SH_WITH_SERVER)
[22]832extern int sh_socket_use (const char * c);
833extern int sh_socket_uid (const char * c);
834extern int sh_socket_password (const char * c);
[1]835#endif
836
837cfg_options ext_table[] = {
838#if defined(WITH_EXTERNAL)
839 { N_("opencommand"), SH_SECTION_EXTERNAL, SH_SECTION_NONE,
840 sh_ext_setcommand },
[164]841 { N_("closecommand"), SH_SECTION_EXTERNAL, SH_SECTION_NONE,
842 sh_ext_close_command },
[1]843 { N_("setcommandline"), SH_SECTION_EXTERNAL, SH_SECTION_NONE,
844 sh_ext_add_argv },
845 { N_("setchecksum"), SH_SECTION_EXTERNAL, SH_SECTION_NONE,
846 sh_ext_checksum },
847 { N_("setdefault"), SH_SECTION_EXTERNAL, SH_SECTION_NONE,
848 sh_ext_add_default },
849 { N_("setenviron"), SH_SECTION_EXTERNAL, SH_SECTION_NONE,
850 sh_ext_add_environ },
851 { N_("setdeadtime"), SH_SECTION_EXTERNAL, SH_SECTION_NONE,
852 sh_ext_deadtime },
853 { N_("settype"), SH_SECTION_EXTERNAL, SH_SECTION_NONE,
854 sh_ext_type },
855 { N_("setcredentials"), SH_SECTION_EXTERNAL, SH_SECTION_NONE,
856 sh_ext_priv },
857 { N_("setfilternot"), SH_SECTION_EXTERNAL, SH_SECTION_NONE,
858 sh_ext_add_not },
859 { N_("setfilterand"), SH_SECTION_EXTERNAL, SH_SECTION_NONE,
860 sh_ext_add_and },
861 { N_("setfilteror"), SH_SECTION_EXTERNAL, SH_SECTION_NONE,
862 sh_ext_add_or },
863 { N_("externalseverity"),SH_SECTION_LOG, SH_SECTION_EXTERNAL,
[22]864 sh_error_set_external },
[1]865 { N_("externalclass"), SH_SECTION_LOG, SH_SECTION_EXTERNAL,
866 sh_error_external_mask },
867#endif
868
869#if defined(WITH_DATABASE)
870 { N_("usepersistent"), SH_SECTION_DATABASE, SH_SECTION_NONE,
871 sh_database_use_persistent },
872 { N_("setdbname"), SH_SECTION_DATABASE, SH_SECTION_NONE,
873 sh_database_set_database },
874 { N_("setdbtable"), SH_SECTION_DATABASE, SH_SECTION_NONE,
875 sh_database_set_table },
876 { N_("setdbhost"), SH_SECTION_DATABASE, SH_SECTION_NONE,
877 sh_database_set_host },
878 { N_("setdbuser"), SH_SECTION_DATABASE, SH_SECTION_NONE,
879 sh_database_set_user },
880 { N_("setdbpassword"), SH_SECTION_DATABASE, SH_SECTION_NONE,
881 sh_database_set_password },
882 { N_("addtodbhash"), SH_SECTION_DATABASE, SH_SECTION_NONE,
883 sh_database_add_to_hash },
884 { N_("databaseseverity"),SH_SECTION_LOG, SH_SECTION_DATABASE,
885 sh_error_set_database },
886 { N_("databaseclass"), SH_SECTION_LOG, SH_SECTION_DATABASE,
887 sh_error_database_mask },
888 { N_("setdbservertstamp"), SH_SECTION_DATABASE, SH_SECTION_NONE,
889 set_enter_wrapper },
890#endif
891
[22]892
[1]893#if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE)
894 { N_("dir"), SH_SECTION_ATTRIBUTES, SH_SECTION_NONE,
895 sh_files_pushdir_attr },
896 { N_("file"), SH_SECTION_ATTRIBUTES, SH_SECTION_NONE,
897 sh_files_pushfile_attr },
898 { N_("dir"), SH_SECTION_READONLY, SH_SECTION_NONE,
899 sh_files_pushdir_ro },
900 { N_("file"), SH_SECTION_READONLY, SH_SECTION_NONE,
901 sh_files_pushfile_ro },
902 { N_("dir"), SH_SECTION_LOGFILES, SH_SECTION_NONE,
903 sh_files_pushdir_log },
904 { N_("file"), SH_SECTION_LOGFILES, SH_SECTION_NONE,
905 sh_files_pushfile_log },
906 { N_("dir"), SH_SECTION_LOGGROW, SH_SECTION_NONE,
907 sh_files_pushdir_glog },
908 { N_("file"), SH_SECTION_LOGGROW, SH_SECTION_NONE,
909 sh_files_pushfile_glog },
910 { N_("dir"), SH_SECTION_NOIGNORE, SH_SECTION_NONE,
911 sh_files_pushdir_noig },
912 { N_("file"), SH_SECTION_NOIGNORE, SH_SECTION_NONE,
913 sh_files_pushfile_noig },
914 { N_("dir"), SH_SECTION_ALLIGNORE, SH_SECTION_NONE,
915 sh_files_pushdir_allig },
916 { N_("file"), SH_SECTION_ALLIGNORE, SH_SECTION_NONE,
917 sh_files_pushfile_allig },
918
919 { N_("dir"), SH_SECTION_USER0, SH_SECTION_NONE,
920 sh_files_pushdir_user0 },
921 { N_("file"), SH_SECTION_USER0, SH_SECTION_NONE,
922 sh_files_pushfile_user0 },
923 { N_("dir"), SH_SECTION_USER1, SH_SECTION_NONE,
924 sh_files_pushdir_user1 },
925 { N_("file"), SH_SECTION_USER1, SH_SECTION_NONE,
926 sh_files_pushfile_user1 },
[27]927 { N_("dir"), SH_SECTION_USER2, SH_SECTION_NONE,
928 sh_files_pushdir_user2 },
929 { N_("file"), SH_SECTION_USER2, SH_SECTION_NONE,
930 sh_files_pushfile_user2 },
931 { N_("dir"), SH_SECTION_USER3, SH_SECTION_NONE,
932 sh_files_pushdir_user3 },
933 { N_("file"), SH_SECTION_USER3, SH_SECTION_NONE,
934 sh_files_pushfile_user3 },
935 { N_("dir"), SH_SECTION_USER4, SH_SECTION_NONE,
936 sh_files_pushdir_user4 },
937 { N_("file"), SH_SECTION_USER4, SH_SECTION_NONE,
938 sh_files_pushfile_user4 },
[1]939 { N_("dir"), SH_SECTION_PRELINK, SH_SECTION_NONE,
940 sh_files_pushdir_prelink },
941 { N_("file"), SH_SECTION_PRELINK, SH_SECTION_NONE,
942 sh_files_pushfile_prelink },
943
944 { N_("ignoreadded"), SH_SECTION_MISC, SH_SECTION_NONE,
945 sh_ignore_add_new },
946 { N_("ignoremissing"), SH_SECTION_MISC, SH_SECTION_NONE,
947 sh_ignore_add_del },
948
949 { N_("filecheckscheduleone"), SH_SECTION_MISC, SH_SECTION_NONE,
950 sh_set_schedule_one },
951 { N_("filecheckscheduletwo"), SH_SECTION_MISC, SH_SECTION_NONE,
952 sh_set_schedule_two },
953
954 { N_("usehardlinkcheck"), SH_SECTION_MISC, SH_SECTION_NONE,
955 sh_files_check_hardlinks },
[254]956 { N_("usersrccheck"), SH_SECTION_MISC, SH_SECTION_NONE,
957 sh_files_use_rsrc },
[1]958 { N_("hardlinkoffset"), SH_SECTION_MISC, SH_SECTION_NONE,
959 sh_files_hle_reg },
[68]960#if defined(USE_XATTR)
961 { N_("useselinuxcheck"), SH_SECTION_MISC, SH_SECTION_NONE,
962 sh_unix_setcheckselinux },
963#endif
964#if defined(USE_ACL)
965 { N_("useaclcheck"), SH_SECTION_MISC, SH_SECTION_NONE,
966 sh_unix_setcheckacl },
967#endif
[205]968 { N_("loosedircheck"), SH_SECTION_MISC, SH_SECTION_NONE,
969 sh_hash_loosedircheck },
[1]970 { N_("addokchars"), SH_SECTION_MISC, SH_SECTION_NONE,
971 sh_util_obscure_ok },
[77]972 { N_("filenamesareutf8"), SH_SECTION_MISC, SH_SECTION_NONE,
[68]973 sh_util_obscure_utf8 },
[1]974 { N_("setrecursionlevel"), SH_SECTION_MISC, SH_SECTION_NONE,
[22]975 sh_files_setrecursion },
[1]976 { N_("checksumtest"), SH_SECTION_MISC, SH_SECTION_NONE,
[22]977 sh_util_setchecksum },
[1]978 { N_("reportonlyonce"), SH_SECTION_MISC, SH_SECTION_NONE,
979 sh_files_reportonce },
980 { N_("reportfulldetail"), SH_SECTION_MISC, SH_SECTION_NONE,
981 sh_files_fulldetail },
982 { N_("uselocaltime"), SH_SECTION_MISC, SH_SECTION_NONE,
983 sh_unix_uselocaltime },
984
985 { N_("setnicelevel"), SH_SECTION_MISC, SH_SECTION_NONE,
986 sh_readconf_set_nice },
987
988#if defined(FANCY_LIBCAP)
989 { N_("usecaps"), SH_SECTION_MISC, SH_SECTION_NONE,
990 sh_readconf_setCaps },
991#endif
992
[196]993 { N_("setdropcache"), SH_SECTION_MISC, SH_SECTION_NONE,
994 sl_set_drop_cache },
995
[1]996 { N_("setiolimit"), SH_SECTION_MISC, SH_SECTION_NONE,
997 sh_unix_set_io_limit },
998
999 { N_("versionstring"), SH_SECTION_MISC, SH_SECTION_NONE,
1000 sh_hash_version_string },
1001
1002 { N_("digestalgo"), SH_SECTION_MISC, SH_SECTION_NONE,
1003 sh_tiger_hashtype },
1004
1005 { N_("redefreadonly"), SH_SECTION_MISC, SH_SECTION_NONE,
1006 sh_files_redef_readonly },
1007
1008 { N_("redeflogfiles"), SH_SECTION_MISC, SH_SECTION_NONE,
1009 sh_files_redef_logfiles },
1010
1011 { N_("redefgrowinglogfiles"), SH_SECTION_MISC, SH_SECTION_NONE,
1012 sh_files_redef_loggrow },
1013
1014 { N_("redefattributes"), SH_SECTION_MISC, SH_SECTION_NONE,
1015 sh_files_redef_attributes },
1016
1017 { N_("redefignorenone"), SH_SECTION_MISC, SH_SECTION_NONE,
1018 sh_files_redef_noignore },
1019
1020 { N_("redefignoreall"), SH_SECTION_MISC, SH_SECTION_NONE,
1021 sh_files_redef_allignore },
1022
1023 { N_("redefuser0"), SH_SECTION_MISC, SH_SECTION_NONE,
1024 sh_files_redef_user0 },
1025
1026 { N_("redefuser1"), SH_SECTION_MISC, SH_SECTION_NONE,
1027 sh_files_redef_user1 },
1028
[27]1029 { N_("redefuser2"), SH_SECTION_MISC, SH_SECTION_NONE,
1030 sh_files_redef_user2 },
1031
1032 { N_("redefuser3"), SH_SECTION_MISC, SH_SECTION_NONE,
1033 sh_files_redef_user3 },
1034
1035 { N_("redefuser4"), SH_SECTION_MISC, SH_SECTION_NONE,
1036 sh_files_redef_user4 },
1037
[1]1038 { N_("redefprelink"), SH_SECTION_MISC, SH_SECTION_NONE,
1039 sh_files_redef_prelink },
1040
1041
1042 { N_("setprelinkpath"), SH_SECTION_MISC, SH_SECTION_NONE,
1043 sh_prelink_set_path },
1044 { N_("setprelinkchecksum"), SH_SECTION_MISC, SH_SECTION_NONE,
1045 sh_prelink_set_hash },
[22]1046
[1]1047 /* client or standalone
1048 */
1049#endif
1050
1051#ifdef SH_WITH_SERVER
1052#ifdef INET_SYSLOG
1053 { N_("setudpactive"), SH_SECTION_SRV, SH_SECTION_MISC,
1054 set_syslog_active },
1055#endif
1056 { N_("setusesocket"), SH_SECTION_SRV, SH_SECTION_MISC,
1057 sh_socket_use },
1058 { N_("setsocketallowuid"), SH_SECTION_SRV, SH_SECTION_MISC,
1059 sh_socket_uid },
1060 { N_("setsocketpassword"), SH_SECTION_SRV, SH_SECTION_MISC,
1061 sh_socket_password },
1062 { N_("setstripdomain"), SH_SECTION_SRV, SH_SECTION_MISC,
[22]1063 sh_forward_set_strip },
[1]1064 { N_("useseparatelogs"), SH_SECTION_SRV, SH_SECTION_MISC,
1065 set_flag_sep_log },
1066 { N_("setchrootdir"), SH_SECTION_SRV, SH_SECTION_MISC,
[22]1067 sh_unix_set_chroot },
[1]1068 { N_("setclienttimelimit"), SH_SECTION_SRV, SH_SECTION_MISC,
1069 sh_forward_set_time_limit },
[219]1070 { N_("setconnectiontimeout"),SH_SECTION_SRV, SH_SECTION_MISC,
1071 sh_forward_set_timeout },
[1]1072 { N_("useclientseverity"), SH_SECTION_SRV, SH_SECTION_MISC,
1073 sh_forward_use_clt_sev },
1074 { N_("useclientclass"), SH_SECTION_SRV, SH_SECTION_MISC,
1075 sh_forward_use_clt_class },
1076 { N_("severitylookup"), SH_SECTION_SRV, SH_SECTION_MISC,
1077 sh_forward_lookup_level },
1078 { N_("setclientfromaccept"), SH_SECTION_SRV, SH_SECTION_MISC,
1079 set_socket_peer },
1080 { N_("setserverport"), SH_SECTION_SRV, SH_SECTION_MISC,
1081 sh_forward_set_port },
1082 { N_("setserverinterface"), SH_SECTION_SRV, SH_SECTION_MISC,
1083 sh_forward_set_interface },
1084 { N_("client"), SH_SECTION_CLIENTS, SH_SECTION_NONE,
1085 sh_forward_register_client },
1086#endif
1087
[27]1088#if defined(SH_WITH_CLIENT) || defined(SH_WITH_SERVER)
[1]1089 { N_("exportseverity"), SH_SECTION_LOG, SH_SECTION_NONE,
[22]1090 sh_error_setexport },
[1]1091 { N_("exportclass"), SH_SECTION_LOG, SH_SECTION_NONE,
1092 sh_error_export_mask },
[27]1093#if defined(SH_WITH_SERVER)
1094 { N_("setlogserver"), SH_SECTION_SRV, SH_SECTION_MISC,
1095 sh_forward_setlogserver },
1096#else
[1]1097 { N_("setlogserver"), SH_SECTION_CLT, SH_SECTION_MISC,
1098 sh_forward_setlogserver },
[219]1099 { N_("setthrottle"), SH_SECTION_CLT, SH_SECTION_MISC,
1100 sh_forward_set_throttle_delay},
[1]1101#endif
[27]1102#endif
[1]1103 { N_("setfilechecktime"), SH_SECTION_MISC, SH_SECTION_NONE,
1104 sh_readconf_setFiletime },
1105 { N_("setlooptime"), SH_SECTION_MISC, SH_SECTION_NONE,
[22]1106 sh_util_setlooptime },
[1]1107
1108#ifdef SH_WITH_MAIL
1109 { N_("mailseverity"), SH_SECTION_LOG, SH_SECTION_NONE,
[22]1110 sh_error_setseverity },
[1]1111 { N_("mailclass"), SH_SECTION_LOG, SH_SECTION_NONE,
1112 sh_error_mail_mask },
1113 { N_("setmailtime"), SH_SECTION_MAIL, SH_SECTION_MISC,
1114 sh_readconf_setMailtime },
1115 { N_("setmailnum"), SH_SECTION_MAIL, SH_SECTION_MISC,
1116 sh_mail_setNum },
1117 { N_("setmailrelay"), SH_SECTION_MAIL, SH_SECTION_MISC,
1118 sh_mail_set_relay },
[216]1119 { N_("setmailport"), SH_SECTION_MAIL, SH_SECTION_MISC,
1120 sh_mail_set_port },
[1]1121 { N_("mailsingle"), SH_SECTION_MAIL, SH_SECTION_MISC,
1122 sh_mail_setFlag },
1123 { N_("mailsubject"), SH_SECTION_MAIL, SH_SECTION_MISC,
1124 set_mail_subject },
1125 { N_("setmailsender"), SH_SECTION_MAIL, SH_SECTION_MISC,
1126 sh_mail_set_sender },
[215]1127 { N_("setmailalias"), SH_SECTION_MAIL, SH_SECTION_MISC,
1128 sh_nmail_add_alias },
[214]1129 { N_("setmailaddress"), SH_SECTION_MAIL, SH_SECTION_MISC,
1130 sh_nmail_add_recipient },
1131 { N_("closeaddress"), SH_SECTION_MAIL, SH_SECTION_MISC,
1132 sh_nmail_close_recipient },
1133 { N_("setaddrseverity"), SH_SECTION_MAIL, SH_SECTION_MISC,
1134 sh_nmail_set_severity },
[1]1135 { N_("setmailfilternot"), SH_SECTION_MAIL, SH_SECTION_MISC,
[214]1136 sh_nmail_add_not },
[1]1137 { N_("setmailfilterand"), SH_SECTION_MAIL, SH_SECTION_MISC,
[214]1138 sh_nmail_add_and },
[1]1139 { N_("setmailfilteror"), SH_SECTION_MAIL, SH_SECTION_MISC,
[214]1140 sh_nmail_add_or },
[1]1141#endif
1142 { N_("setbindaddress"), SH_SECTION_MISC, SH_SECTION_NONE,
[22]1143 sh_calls_set_bind_addr },
[1]1144 { N_("daemon"), SH_SECTION_MISC, SH_SECTION_NONE,
[22]1145 sh_unix_setdeamon },
[1]1146 { N_("samhainpath"), SH_SECTION_MISC, SH_SECTION_NONE,
1147 sh_unix_self_hash },
1148 { N_("trusteduser"), SH_SECTION_MISC, SH_SECTION_NONE,
1149 tf_add_trusted_user },
1150 { N_("settimeserver"), SH_SECTION_MISC, SH_SECTION_NONE,
1151 sh_unix_settimeserver },
1152
1153 { N_("printseverity"), SH_SECTION_LOG, SH_SECTION_NONE,
[22]1154 sh_error_setprint },
[1]1155 { N_("printclass"), SH_SECTION_LOG, SH_SECTION_NONE,
1156 sh_error_print_mask },
1157
1158 { N_("logseverity"), SH_SECTION_LOG, SH_SECTION_NONE,
[22]1159 sh_error_setlog },
[1]1160 { N_("logclass"), SH_SECTION_LOG, SH_SECTION_NONE,
1161 sh_error_log_mask },
1162
1163 { N_("syslogseverity"), SH_SECTION_LOG, SH_SECTION_NONE,
[22]1164 sh_error_set_syslog },
[1]1165 { N_("syslogclass"), SH_SECTION_LOG, SH_SECTION_NONE,
1166 sh_error_syslog_mask },
1167#ifdef HAVE_LIBPRELUDE
1168 { N_("preludeseverity"), SH_SECTION_LOG, SH_SECTION_NONE,
[22]1169 sh_error_set_prelude },
[1]1170 { N_("preludeclass"), SH_SECTION_LOG, SH_SECTION_NONE,
1171 sh_error_prelude_mask },
1172 { N_("preludeprofile"), SH_SECTION_MISC, SH_SECTION_NONE,
1173 sh_prelude_set_profile },
1174 { N_("preludemaptoinfo"), SH_SECTION_MISC, SH_SECTION_NONE,
1175 sh_prelude_map_info },
1176 { N_("preludemaptolow"), SH_SECTION_MISC, SH_SECTION_NONE,
1177 sh_prelude_map_low },
1178 { N_("preludemaptomedium"), SH_SECTION_MISC, SH_SECTION_NONE,
1179 sh_prelude_map_medium },
1180 { N_("preludemaptohigh"), SH_SECTION_MISC, SH_SECTION_NONE,
1181 sh_prelude_map_high },
1182#endif
1183
1184 { N_("logcalls"), SH_SECTION_LOG, SH_SECTION_NONE,
1185 sh_aud_set_functions },
1186
1187 { N_("messageheader"), SH_SECTION_MISC, SH_SECTION_NONE,
1188 sh_error_ehead },
1189
1190 { N_("setconsole"), SH_SECTION_MISC, SH_SECTION_NONE,
1191 sh_log_set_console },
1192
1193#ifdef WITH_MESSAGE_QUEUE
1194 { N_("messagequeueactive"),SH_SECTION_MISC, SH_SECTION_NONE,
1195 enable_msgq },
1196#endif
1197
1198 { N_("setreverselookup"), SH_SECTION_MISC, SH_SECTION_NONE,
1199 set_reverse_lookup },
1200
1201 { N_("setdatabasepath"), SH_SECTION_MISC, SH_SECTION_NONE,
1202 sh_readconf_set_database_path },
1203
1204 { N_("setlogfilepath"), SH_SECTION_MISC, SH_SECTION_NONE,
1205 sh_readconf_set_logfile_path },
1206
1207 { N_("setlockfilepath"), SH_SECTION_MISC, SH_SECTION_NONE,
1208 sh_readconf_set_lockfile_path },
1209
1210 { N_("hidesetup"), SH_SECTION_MISC, SH_SECTION_NONE,
1211 sh_util_hidesetup },
1212
1213 { N_("syslogfacility"), SH_SECTION_LOG, SH_SECTION_MISC,
1214 sh_log_set_facility },
1215
[279]1216 { N_("syslogmapstampto"), SH_SECTION_LOG, SH_SECTION_MISC,
1217 sh_log_set_stamp_priority },
1218
[1]1219 { N_("mactype"), SH_SECTION_MISC, SH_SECTION_NONE,
1220 sh_util_sigtype },
1221
1222 { NULL, 0, 0, NULL}
1223};
1224
1225
1226
1227
1228static int sh_readconfig_line (char * line)
[164]1229{
1230 char * key;
[170]1231 const char * value;
[1]1232 char * tmp;
1233 int i;
1234 int good_opt = -1;
1235
1236#if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE)
1237 int modnum, modkey;
1238#endif
1239
[170]1240 static const char *dummy = N_("dummy");
[164]1241
[170]1242 static const char *closing[] = {
[164]1243 N_("closecommand"),
[214]1244 N_("closeaddress"),
[186]1245 N_("logmonendgroup"),
1246 N_("logmonendhost"),
[164]1247 NULL
1248 };
1249
[170]1250 static const char *ident[] = {
[1]1251 N_("severityreadonly"),
1252 N_("severitylogfiles"),
1253 N_("severitygrowinglogs"),
1254 N_("severityignorenone"),
1255 N_("severityignoreall"),
1256 N_("severityattributes"),
1257 N_("severitydirs"),
1258 N_("severityfiles"),
1259 N_("severitynames"),
1260 N_("severityuser0"),
1261 N_("severityuser1"),
[27]1262 N_("severityuser2"),
1263 N_("severityuser3"),
1264 N_("severityuser4"),
[1]1265 N_("severityprelink"),
1266 NULL
1267 };
1268
1269 static int identnum[] = {
1270 SH_ERR_T_RO,
1271 SH_ERR_T_LOGS,
1272 SH_ERR_T_GLOG,
1273 SH_ERR_T_NOIG,
1274 SH_ERR_T_ALLIG,
1275 SH_ERR_T_ATTR,
1276 SH_ERR_T_DIR,
1277 SH_ERR_T_FILE,
1278 SH_ERR_T_NAME,
1279 SH_ERR_T_USER0,
1280 SH_ERR_T_USER1,
[27]1281 SH_ERR_T_USER2,
1282 SH_ERR_T_USER3,
1283 SH_ERR_T_USER4,
[1]1284 SH_ERR_T_PRELINK,
1285 };
1286
1287 SL_ENTER(_("sh_readconf_line"));
1288
[164]1289 /* convert to lowercase */
1290
1291 tmp = line;
1292 while (*tmp != '=' && *tmp != '\0')
1293 {
1294 *tmp = tolower( (int) *tmp);
1295 ++tmp;
1296 }
1297
1298 key = line;
1299
[1]1300 /* interpret line */
1301
[164]1302 value = strchr(line, '=');
1303
1304 if (value == NULL || (*value) == '\0')
[1]1305 {
[164]1306 if (key != NULL)
[1]1307 {
[164]1308 i = 0;
1309 while (closing[i] != NULL)
1310 {
1311 if (sl_strncmp(key,_(closing[i]),sl_strlen(closing[i])-1) == 0)
1312 {
1313 value = dummy;
1314 goto ok_novalue;
1315 }
1316 ++i;
1317 }
1318
[1]1319 TPT(( 0, FIL__, __LINE__, _("msg=<ConfigFile: not key=value: %s>\n"),
1320 line));
1321 }
1322 SL_RETURN(good_opt, _("sh_readconf_line"));
1323 }
1324 else
[164]1325 ++value;
[1]1326
1327 /* skip leading whitespace
1328 */
[164]1329 while ((*value) == ' ' || (*value) == '\t')
1330 ++value;
[1]1331
[164]1332 if ((*value) == '\0') /* no value */
[1]1333 {
[164]1334 if (key != NULL)
[1]1335 {
1336 TPT(( 0, FIL__, __LINE__, _("msg=<ConfigFile: not key=value: %s>\n"),
1337 line));
1338 }
1339 SL_RETURN(good_opt, _("sh_readconf_line"));
1340 }
1341
[164]1342 ok_novalue:
[1]1343
1344 if (!sl_is_suid())
1345 {
1346 TPT(( 0, FIL__, __LINE__, _("msg=<ConfigFile: %s>\n"), line));
1347 }
1348
[211]1349 /* Expand shell expressions. This return allocated memory which we must free.
1350 */
1351 value = sh_readconf_expand_value(value);
[1]1352
[211]1353 if (!value || (*value) == '\0')
1354 {
1355 TPT(( 0, FIL__, __LINE__, _("msg=<ConfigFile: empty after shell expansion: %s>\n"),
1356 line));
1357 SL_RETURN(good_opt, _("sh_readconf_line"));
1358 }
1359
[1]1360#if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE)
1361 if (read_mode == SH_SECTION_OTHER)
1362 {
1363 for (modnum = 0; modList[modnum].name != NULL; ++modnum)
1364 {
1365 for (modkey = 0; modList[modnum].conf_table[modkey].the_opt != NULL;
1366 ++modkey)
1367 {
[164]1368 if (sl_strncmp (key,
[1]1369 _(modList[modnum].conf_table[modkey].the_opt),
1370 sl_strlen(modList[modnum].conf_table[modkey].the_opt) ) == 0)
1371 {
1372 good_opt = 0;
[164]1373 if (0 != modList[modnum].conf_table[modkey].func(value))
[1]1374 sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_EINVALS,
[164]1375 _(modList[modnum].conf_table[modkey].the_opt), value);
[1]1376 if (!sl_is_suid())
1377 {
1378 TPT(( 0, FIL__, __LINE__,
1379 _("msg=<line = %s, option = %s>\n"), line,
1380 _(modList[modnum].conf_table[modkey].the_opt)));
1381 }
1382 goto outburst;
1383 }
1384 }
1385 }
1386 }
1387 outburst:
1388#endif
1389
1390
1391 if (read_mode == SH_SECTION_THRESHOLD)
1392 {
1393 i = 0;
1394 while (ident[i] != NULL) {
[290]1395 if (sl_strncmp (key, _(ident[i]), sl_strlen(ident[i])) == 0)
[1]1396 {
1397 good_opt = 0;
[164]1398 sh_error_set_iv (identnum[i], value);
[1]1399 break;
1400 }
1401 ++i;
1402 }
1403 }
1404 else
1405 {
1406 i = 0;
1407 while (ext_table[i].optname != NULL)
1408 {
1409 if ((ext_table[i].section == read_mode ||
1410 ext_table[i].alt_section == read_mode) &&
[164]1411 sl_strncmp (key, _(ext_table[i].optname),
[1]1412 sl_strlen(ext_table[i].optname)) == 0)
1413 {
1414 good_opt = 0;
[164]1415 if (0 != ext_table[i].func (value))
[1]1416 sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_EINVALS,
[164]1417 _(ext_table[i].optname), value);
[1]1418 break;
1419 }
1420 ++i;
1421 }
1422 }
1423
[211]1424 SH_FREE((char*)value);
1425
[1]1426 SL_RETURN(good_opt, _("sh_readconf_line"));
1427}
1428
1429
Note: See TracBrowser for help on using the repository browser.