source: trunk/src/sh_readconf.c@ 26

Last change on this file since 26 was 22, checked in by rainer, 19 years ago

Minor code revisions.
File size: 33.5 KB
Line 
1/* SAMHAIN file system integrity testing */
2/* Copyright (C) 1999, 2000 Rainer Wichmann */
3/* */
4/* This program is free software; you can redistribute it */
5/* and/or modify */
6/* it under the terms of the GNU General Public License as */
7/* published by */
8/* the Free Software Foundation; either version 2 of the License, or */
9/* (at your option) any later version. */
10/* */
11/* This program is distributed in the hope that it will be useful, */
12/* but WITHOUT ANY WARRANTY; without even the implied warranty of */
13/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */
14/* GNU General Public License for more details. */
15/* */
16/* You should have received a copy of the GNU General Public License */
17/* along with this program; if not, write to the Free Software */
18/* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */
19
20#include "config_xor.h"
21
22
23#include <stdlib.h>
24#include <stdio.h>
25#include <string.h>
26#include <ctype.h>
27
28
29#include "samhain.h"
30#include "sh_error.h"
31#include "sh_database.h"
32#include "sh_unix.h"
33#include "sh_utils.h"
34#include "sh_files.h"
35#include "sh_mail.h"
36#include "sh_calls.h"
37#include "sh_tiger.h"
38#include "sh_forward.h"
39#include "sh_modules.h"
40#include "sh_gpg.h"
41#include "sh_hash.h"
42#include "sh_ignore.h"
43#include "sh_prelink.h"
44#include "sh_extern.h"
45
46#ifdef WITH_DATABASE
47#include "sh_database.h"
48#endif
49
50#ifdef HAVE_LIBPRELUDE_9
51#include "sh_prelude.h"
52#endif
53
54extern int set_reverse_lookup (const char * c);
55
56#undef FIL__
57#define FIL__ _("sh_readconf.c")
58
59typedef enum {
60 SH_SECTION_NONE,
61 SH_SECTION_LOG,
62 SH_SECTION_MISC,
63 SH_SECTION_ATTRIBUTES,
64 SH_SECTION_READONLY,
65 SH_SECTION_LOGFILES,
66 SH_SECTION_LOGGROW,
67 SH_SECTION_NOIGNORE,
68 SH_SECTION_ALLIGNORE,
69 SH_SECTION_USER0,
70 SH_SECTION_USER1,
71 SH_SECTION_PRELINK,
72#if defined (SH_WITH_MAIL)
73 SH_SECTION_MAIL,
74#endif
75#if defined (SH_WITH_CLIENT)
76 SH_SECTION_CLT,
77#endif
78#ifdef WITH_EXTERNAL
79 SH_SECTION_EXTERNAL,
80#endif
81#ifdef WITH_DATABASE
82 SH_SECTION_DATABASE,
83#endif
84#if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE)
85 SH_SECTION_OTHER,
86#endif
87#ifdef SH_WITH_SERVER
88 SH_SECTION_CLIENTS,
89 SH_SECTION_SRV,
90#endif
91 SH_SECTION_THRESHOLD
92} ShSectionType;
93
94typedef struct str_ListSections {
95 char * name;
96 int type;
97} sh_str_ListSections;
98
99struct str_ListSections tab_ListSections[] = {
100 { N_("[Log]"), SH_SECTION_LOG},
101 { N_("[Misc]"), SH_SECTION_MISC},
102 { N_("[Attributes]"), SH_SECTION_ATTRIBUTES},
103 { N_("[ReadOnly]"), SH_SECTION_READONLY},
104 { N_("[LogFiles]"), SH_SECTION_LOGFILES},
105 { N_("[GrowingLogFiles]"), SH_SECTION_LOGGROW},
106 { N_("[IgnoreAll]"), SH_SECTION_ALLIGNORE},
107 { N_("[IgnoreNone]"), SH_SECTION_NOIGNORE},
108 { N_("[User0]"), SH_SECTION_USER0},
109 { N_("[User1]"), SH_SECTION_USER1},
110 { N_("[Prelink]"), SH_SECTION_PRELINK},
111#ifdef WITH_EXTERNAL
112 { N_("[External]"), SH_SECTION_EXTERNAL},
113#endif
114#ifdef WITH_DATABASE
115 { N_("[Database]"), SH_SECTION_DATABASE},
116#endif
117 { N_("[EventSeverity]"), SH_SECTION_THRESHOLD},
118#ifdef SH_WITH_SERVER
119 { N_("[Clients]"), SH_SECTION_CLIENTS},
120 { N_("[Server]"), SH_SECTION_SRV},
121#endif
122#if defined (SH_WITH_CLIENT)
123 { N_("[Client]"), SH_SECTION_CLT},
124#endif
125#if defined (SH_WITH_MAIL)
126 { N_("[Mail]"), SH_SECTION_MAIL},
127#endif
128 { NULL, SH_SECTION_NONE}
129};
130
131
132static int sh_readconfig_line (char * line);
133
134static ShSectionType read_mode = SH_SECTION_NONE;
135
136static int conf_line = 0;
137
138/* --- Read the configuration file. ---
139 */
140int sh_readconf_read (void)
141{
142#if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE)
143 /* This is for modules.
144 */
145 int modnum;
146#endif
147
148 int i;
149
150 SL_TICKET fd = -1;
151#if defined(SH_STEALTH) && !defined(SH_STEALTH_MICRO)
152 SL_TICKET fdTmp = -1;
153 SL_TICKET open_tmp (void);
154#endif
155 char * tmp;
156 char * lptr;
157
158 char line_in[512+2];
159 char * line;
160 int line_int;
161
162 char myident[3*SH_MINIBUF+3];
163
164 /* This is for nested conditionals.
165 */
166 int some_other_host[16] = { 0 };
167 int some_other_system[16] = { 0 };
168 int seen_host = 0;
169 int seen_system = 0;
170 int host_int = 0;
171 int sys_int = 0;
172
173 int invert = 0;
174 int length = sl_strlen(sh.host.name);
175
176 int local_file = 1;
177 char local_flag = 'R';
178
179#if defined(WITH_GPG) || defined(WITH_PGP)
180 int signed_content = S_FALSE;
181 int true_content = S_FALSE;
182#endif
183#if defined(SH_STEALTH) && !defined(SH_STEALTH_MICRO)
184 int hidden_count = 0;
185#endif
186 uid_t euid;
187
188 SL_ENTER(_("sh_readconf_read"));
189
190 /* --- Open config file, exit on failure. ---
191 */
192#if defined(SH_WITH_CLIENT)
193 if (0 == sl_strcmp(file_path('C', 'R'), _("REQ_FROM_SERVER")))
194 {
195 sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_D_START);
196
197 fd = sh_forward_req_file(_("CONF"));
198
199 if (!SL_ISERROR(fd))
200 local_file = 0;
201 else if (sh.flag.checkSum != SH_CHECK_INIT)
202 aud_exit (FIL__, __LINE__, EXIT_FAILURE);
203 else
204 {
205 sh_error_handle ((-1), FIL__, __LINE__, fd, MSG_D_FAIL);
206 local_file = 1;
207 local_flag = 'I';
208 }
209 }
210#endif
211
212 /* Use a local configuration file.
213 */
214 if (local_file == 1)
215 {
216 if (0 != tf_trust_check (file_path('C', local_flag), SL_YESPRIV))
217 {
218 sl_get_euid(&euid);
219 dlog(1, FIL__, __LINE__,
220 _("The configuration file: %s is untrusted, i.e. an\nuntrusted user owns or can write to some directory in the path.\n"),
221 ( (NULL == file_path('C', local_flag))
222 ? _("(null)") : file_path('C', local_flag) ));
223 sh_error_handle ((-1), FIL__, __LINE__, EACCES, MSG_TRUST,
224 (long) euid,
225 ( (NULL == file_path('C', local_flag))
226 ? _("(null)") : file_path('C', local_flag) )
227 );
228 aud_exit (FIL__, __LINE__, EXIT_FAILURE);
229 }
230 if (SL_ISERROR(fd = sl_open_read(file_path('C',local_flag),SL_YESPRIV)))
231 {
232 sl_get_euid(&euid);
233 dlog(1, FIL__, __LINE__,
234 _("Could not open the local configuration file for reading because\nof the following error: %s (errnum = %ld)\nIf this is a permission problem, you need to change file permissions\nto make the file readable for the effective UID: %d\n"),
235 sl_get_errmsg(), fd, (int) euid);
236 sh_error_handle ((-1), FIL__, __LINE__, fd, MSG_NOACCESS,
237 (long) euid,
238 ( (NULL == file_path('C', local_flag))
239 ? _("(null)") : file_path('C', local_flag) )
240 );
241 aud_exit (FIL__, __LINE__, EXIT_FAILURE);
242 }
243 }
244
245 /* Compute the checksum of the open file.
246 */
247 tiger_fd = fd;
248 sl_strlcpy(sh.conf.hash,
249 sh_tiger_hash(file_path('C',local_flag),TIGER_FD, 0),
250 KEY_LEN+1);
251 sl_rewind (fd);
252
253#if defined(SH_STEALTH) && !defined(SH_STEALTH_MICRO)
254 /* extract the data and copy to temporary file
255 */
256 fdTmp = open_tmp();
257 while ( sh_unix_getline_stealth (fd, line_in, 512) > 0) {
258 hidden_count++;
259 if (line_in[0] == '\n')
260 {
261 sl_write(fdTmp, line_in, 1);
262 }
263 else
264 {
265 sl_write_line(fdTmp, line_in, sl_strlen(line_in));
266 }
267#if defined(WITH_GPG) || defined(WITH_PGP)
268 if (0 == sl_strncmp(line_in, _("-----END PGP SIGNATURE-----"), 25))
269 break;
270#else
271 if (0 == sl_strncmp(line_in, _("[EOF]"), 5))
272 break;
273#endif
274 if (hidden_count > 4096) /* arbitrary safeguard */
275 break;
276 }
277 sl_close(fd);
278 fd = fdTmp;
279 sl_rewind (fd);
280#endif
281
282 /* The system type, release, and machine.
283 */
284 sl_snprintf(myident, sizeof(myident), _("%s:%s:%s"),
285 sh.host.system, /* flawfinder: ignore */
286 sh.host.release, sh.host.machine);
287
288
289 /* --- Start reading lines. ---
290 */
291 conf_line = 0;
292
293 while ( sh_unix_getline (fd, line_in, 512) > 0) {
294
295 ++conf_line;
296
297 line = &(line_in[0]);
298
299 /* fprintf(stderr, "<%s>\n", line); */
300
301 /* Sun May 27 18:40:05 CEST 2001
302 */
303#if defined(WITH_GPG) || defined(WITH_PGP)
304 if (signed_content == S_FALSE)
305 {
306 if (0 == sl_strcmp(line, _("-----BEGIN PGP SIGNED MESSAGE-----")))
307 signed_content = S_TRUE;
308 else
309 continue;
310 }
311 else if (true_content == S_FALSE)
312 {
313 if (line[0] == '\n')
314 true_content = S_TRUE;
315 else
316 continue;
317 }
318 else if (signed_content == S_TRUE)
319 {
320 if (0 == sl_strcmp(line, _("-----BEGIN PGP SIGNATURE-----")))
321 break;
322 else if (0 == sl_strcmp(line, _("-----BEGIN PGP SIGNED MESSAGE-----")))
323 {
324 sh_error_handle((-1), FIL__, __LINE__, 0, MSG_E_SUBGEN,
325 _("second signed message in file"),
326 _("sh_readconf_read"));
327 dlog(1, FIL__, __LINE__,
328 _("There seems to be more than one signed message in the configuration\nfile. Please make sure there is only one signed message.\n"));
329 sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_EXIT_ABORT1,
330 sh.prg_name);
331 aud_exit (FIL__, __LINE__,EXIT_FAILURE);
332 }
333 }
334#endif
335
336 /* Skip leading white space.
337 */
338 while (*line)
339 {
340 line_int = *line;
341 if (!isspace(line_int))
342 break;
343 ++line;
344 }
345
346 /* Skip header etc.
347 */
348 if (line[0] == '#' || line[0] == '\0' || line[0] == ';' ||
349 (line[0] == '/' && line[1] == '/'))
350 continue;
351
352 /* Clip off trailing white space.
353 */
354 tmp = line + sl_strlen( line ); --tmp;
355 while( isspace((int) *tmp ) && tmp >= line ) *tmp-- = '\0';
356
357
358 /* ------- starts a section ------------ */
359
360 if (line[0] == '[' &&
361 some_other_host[seen_host] == 0 &&
362 some_other_system[seen_system] == 0)
363 {
364 read_mode = SH_SECTION_NONE;
365
366 if (sl_strncmp (line, _("[EOF]"),
367 5) == 0)
368 {
369 goto nopel;
370 }
371
372 i = 0;
373
374 while (tab_ListSections[i].name != 0)
375 {
376 if (sl_strncmp (line, _(tab_ListSections[i].name),
377 sl_strlen(tab_ListSections[i].name)) == 0)
378 {
379 read_mode = tab_ListSections[i].type;
380 break;
381 }
382 ++i;
383 }
384
385#if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE)
386 if (read_mode == SH_SECTION_NONE)
387 {
388 for (modnum = 0; modList[modnum].name != NULL; ++modnum)
389 {
390 if (0 == sl_strncmp (line, _(modList[modnum].conf_section),
391 sl_strlen(modList[modnum].conf_section)) )
392 read_mode = SH_SECTION_OTHER;
393 }
394 }
395#endif
396 if (read_mode == SH_SECTION_NONE)
397 {
398 sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_EINVALHEAD,
399 (long) conf_line);
400 }
401 }
402
403 /* --- an @host directive -------------- */
404
405 else if (line[0] == '@' || (line[0] == '!' && line[1] == '@'))
406 {
407 if (line[0] == '!')
408 {
409 lptr = &line[2];
410 invert = 1;
411 }
412 else
413 {
414 lptr = &line[1];
415 invert = 0;
416 }
417
418 if (sl_strncmp (lptr, _("end"), 3) == 0)
419 {
420 if (0 == seen_host)
421 sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_EINVALD,
422 _("config file"),
423 (long) conf_line);
424
425 else if (host_int == 0)
426 {
427 /* end of an @host directive
428 */
429 some_other_host[seen_host] = 0;
430 --seen_host;
431 seen_host = (seen_host < 0) ? 0 : seen_host;
432 }
433
434 else
435 {
436 --host_int;
437 host_int = (host_int < 0) ? 0 : host_int;
438 }
439 }
440 else if (some_other_host[seen_host] == 0 &&
441 some_other_system[seen_system] == 0 &&
442 seen_host < 15)
443 {
444 if (sl_strncmp (lptr, sh.host.name, length) == 0
445#ifdef HAVE_REGEX_H
446 || sh_util_regcmp (lptr, sh.host.name) == 0
447#endif
448 )
449 {
450 /* if match and '@', set some_other_host = 0;
451 * if match and '!@', set some_other_host = 1;
452 */
453 ++seen_host;
454 some_other_host[seen_host] = invert;
455 }
456 else
457 {
458 /* if no match and '@', set some_other_host = 1;
459 * if no match and '!@', set some_other_host = 0;
460 */
461 ++seen_host;
462 some_other_host[seen_host] = (invert == 0) ? 1 : 0;
463 }
464 }
465 else
466 ++host_int;
467 }
468
469 /* --- an %schedule directive ------------ */
470
471 else if (line[0] == '%' || (line[0] == '!' && line[1] == '%'))
472 {
473#if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE)
474 if (line[0] == '!' && 0 == sl_strcmp(&(line[2]), _("SCHEDULE_TWO")))
475 set_dirList(1);
476 else if (0 == sl_strcmp(&(line[1]), _("SCHEDULE_TWO")))
477 set_dirList(2);
478#else
479 ;
480#endif
481 }
482
483 /* --- an $system directive -------------- */
484
485 else if (line[0] == '$' || (line[0] == '!' && line[1] == '$'))
486 {
487 if (line[0] == '!')
488 {
489 lptr = &line[2];
490 invert = 1;
491 }
492 else
493 {
494 lptr = &line[1];
495 invert = 0;
496 }
497
498 if (sl_strncmp (lptr, _("end"), 3) == 0)
499 {
500 if (0 == seen_system)
501 sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_EINVALD,
502 _("config file"),
503 (long) conf_line);
504
505 else if (sys_int == 0)
506 {
507 /* end of an $system directive
508 */
509 some_other_system[seen_system] = 0;
510 --seen_system;
511 seen_system = (seen_system < 0) ? 0 : seen_system;
512 }
513 else
514 {
515 --sys_int;
516 sys_int = (sys_int < 0) ? 0 : sys_int;
517 }
518 }
519 else if (some_other_host[seen_host] == 0 &&
520 some_other_system[seen_system] == 0 &&
521 seen_system < 15)
522 {
523 if (sl_strncmp (lptr, myident, sl_strlen(myident)) == 0
524#ifdef HAVE_REGEX_H
525 || sh_util_regcmp (lptr, myident) == 0
526#endif
527 )
528 {
529 ++seen_system;
530 some_other_system[seen_system] = invert;
531 }
532 else
533 {
534 ++seen_system;
535 some_other_system[seen_system] = (invert == 0) ? 1 : 0;
536 }
537 }
538 else
539 ++sys_int;
540 }
541
542 /* ------ no new section -------------- */
543
544
545 else if (some_other_host[seen_host] == 0 &&
546 some_other_system[seen_system] == 0 &&
547 read_mode != SH_SECTION_NONE)
548 {
549 if (0 != sh_readconfig_line (line))
550 {
551 sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_EINVALCONF,
552 (long) conf_line);
553 }
554 }
555
556 }
557
558 nopel:
559
560 if (0 != seen_host || 0 != seen_system)
561 sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_EINVALDD,
562 _("config file"),
563 (long) conf_line);
564
565#if defined(WITH_GPG) || defined(WITH_PGP)
566 /* Validate signature of open file.
567 */
568 sl_rewind (fd);
569 sh_error_only_stderr (S_FALSE);
570 if (0 != sh_gpg_check_sign (fd, 0, 1))
571 aud_exit (FIL__, __LINE__, EXIT_FAILURE);
572#endif
573
574 sl_close (fd);
575
576 sh_error_fixup();
577
578 read_mode = SH_SECTION_NONE; /* reset b/o sighup reload */
579
580 SL_RETURN( 0, _("sh_readconf_read"));
581}
582
583int sh_readconf_set_path (char * which, const char * what)
584{
585 int len;
586 SL_ENTER( _("sh_readconf_set_path"));
587
588 if (which == NULL || what == NULL)
589 {
590 TPT((0, FIL__, __LINE__ , _("msg=<Input error>\n")));
591 SL_RETURN( -1, _("sh_readconf_set_path"));
592 }
593
594 if (0 == sl_strcmp(what, _("AUTO")))
595 {
596 len = sl_strlen(which);
597 if ( (len + sl_strlen(sh.host.name) + 2) > SH_PATHBUF)
598 {
599 TPT((0, FIL__, __LINE__ , _("msg=<Path too large: %s:%s>\n"),
600 which, sh.host.name));
601 SL_RETURN( -1, _("sh_readconf_set_path"));
602 }
603 else
604 {
605 which[len] = ':'; which[len+1] = '\0';
606 sl_strlcat(which, sh.host.name, SH_PATHBUF);
607 }
608 }
609 else /* not auto */
610 {
611 if (sl_strlen(what) > (SH_PATHBUF-1))
612 {
613 TPT((0, FIL__, __LINE__ , _("msg=<Path too large: %s>\n"), what));
614 SL_RETURN( -1, _("sh_readconf_set_path"));
615 }
616 else
617 {
618 sl_strlcpy(which, what, SH_PATHBUF);
619 }
620 }
621 SL_RETURN( 0, _("sh_readconf_set_path"));
622}
623
624int sh_readconf_set_database_path (const char * what)
625{
626 return (sh_readconf_set_path(sh.data.path, what));
627}
628
629int sh_readconf_set_logfile_path (const char * what)
630{
631 return (sh_readconf_set_path(sh.srvlog.name, what));
632}
633
634int sh_readconf_set_lockfile_path (const char * what)
635{
636 return( sh_readconf_set_path(sh.srvlog.alt, what));
637}
638
639
640
641
642typedef enum {
643 SET_MAILTIME,
644 SET_FILETIME
645} ShTimerItem;
646
647
648int sh_readconf_setTime (const char * str, ShTimerItem what)
649{
650 unsigned long i = atoi (str);
651
652 SL_ENTER( _("sh_readconf_setTime"));
653
654 if (i < LONG_MAX)
655 {
656 if (what == SET_MAILTIME)
657 {
658 TPT((0, FIL__, __LINE__, _("msg=<Set mail timer to %ld>\n"), i));
659 sh.mailTime.alarm_interval = i;
660 }
661 else if (what == SET_FILETIME)
662 {
663 TPT((0, FIL__, __LINE__, _("msg=<Set filecheck timer to %ld>\n"),i));
664 sh.fileCheck.alarm_interval = i;
665 }
666
667 SL_RETURN( 0, _("sh_readconf_setTime"));
668 }
669 else
670 {
671 sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_EINVALL,
672 _("set timer"), (long) i);
673 SL_RETURN( (-1), _("sh_readconf_setTime"));
674 }
675}
676
677int sh_readconf_setMailtime (const char * c)
678{
679 return sh_readconf_setTime (c, SET_MAILTIME);
680}
681
682int sh_readconf_setFiletime (const char * c)
683{
684 return sh_readconf_setTime (c, SET_FILETIME);
685}
686
687int sh_readconf_set_nice (const char * c)
688{
689 long val;
690
691 SL_ENTER(_("sh_readconf_set_nice"));
692
693 val = strtol (c, (char **)NULL, 10);
694 if (val < -20 || val > 20)
695 {
696 SL_RETURN((-1), _("sh_readconf_set_nice"));
697 }
698
699 val = (val < -19 ? -19 : val);
700 val = (val > 19 ? 19 : val);
701
702 sh.flag.nice = val;
703 SL_RETURN((0), _("sh_readconf_set_nice"));
704}
705
706#ifdef FANCY_LIBCAP
707int sh_readconf_setCaps(const char * c)
708{
709 int i;
710 SL_ENTER(_("sh_readconf_setCaps"));
711
712 i = sh_util_flagval(c, &sl_useCaps);
713 SL_RETURN((i), _("sh_readconf_setCaps"));
714}
715#endif
716
717typedef struct _cfg_options {
718 char * optname;
719 ShSectionType section;
720 ShSectionType alt_section;
721 int (*func)(const char * opt);
722} cfg_options;
723
724#if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE)
725extern int sh_set_schedule_one(const char * str);
726extern int sh_set_schedule_two(const char * str);
727#endif
728#if defined (SH_WITH_SERVER)
729extern int sh_socket_use (const char * c);
730extern int sh_socket_uid (const char * c);
731extern int sh_socket_password (const char * c);
732#endif
733
734cfg_options ext_table[] = {
735#if defined(WITH_EXTERNAL)
736 { N_("opencommand"), SH_SECTION_EXTERNAL, SH_SECTION_NONE,
737 sh_ext_setcommand },
738 { N_("setcommandline"), SH_SECTION_EXTERNAL, SH_SECTION_NONE,
739 sh_ext_add_argv },
740 { N_("setchecksum"), SH_SECTION_EXTERNAL, SH_SECTION_NONE,
741 sh_ext_checksum },
742 { N_("setdefault"), SH_SECTION_EXTERNAL, SH_SECTION_NONE,
743 sh_ext_add_default },
744 { N_("setenviron"), SH_SECTION_EXTERNAL, SH_SECTION_NONE,
745 sh_ext_add_environ },
746 { N_("setdeadtime"), SH_SECTION_EXTERNAL, SH_SECTION_NONE,
747 sh_ext_deadtime },
748 { N_("settype"), SH_SECTION_EXTERNAL, SH_SECTION_NONE,
749 sh_ext_type },
750 { N_("setcredentials"), SH_SECTION_EXTERNAL, SH_SECTION_NONE,
751 sh_ext_priv },
752 { N_("setfilternot"), SH_SECTION_EXTERNAL, SH_SECTION_NONE,
753 sh_ext_add_not },
754 { N_("setfilterand"), SH_SECTION_EXTERNAL, SH_SECTION_NONE,
755 sh_ext_add_and },
756 { N_("setfilteror"), SH_SECTION_EXTERNAL, SH_SECTION_NONE,
757 sh_ext_add_or },
758 { N_("externalseverity"),SH_SECTION_LOG, SH_SECTION_EXTERNAL,
759 sh_error_set_external },
760 { N_("externalclass"), SH_SECTION_LOG, SH_SECTION_EXTERNAL,
761 sh_error_external_mask },
762#endif
763
764#if defined(WITH_DATABASE)
765 { N_("usepersistent"), SH_SECTION_DATABASE, SH_SECTION_NONE,
766 sh_database_use_persistent },
767 { N_("setdbname"), SH_SECTION_DATABASE, SH_SECTION_NONE,
768 sh_database_set_database },
769 { N_("setdbtable"), SH_SECTION_DATABASE, SH_SECTION_NONE,
770 sh_database_set_table },
771 { N_("setdbhost"), SH_SECTION_DATABASE, SH_SECTION_NONE,
772 sh_database_set_host },
773 { N_("setdbuser"), SH_SECTION_DATABASE, SH_SECTION_NONE,
774 sh_database_set_user },
775 { N_("setdbpassword"), SH_SECTION_DATABASE, SH_SECTION_NONE,
776 sh_database_set_password },
777 { N_("addtodbhash"), SH_SECTION_DATABASE, SH_SECTION_NONE,
778 sh_database_add_to_hash },
779 { N_("databaseseverity"),SH_SECTION_LOG, SH_SECTION_DATABASE,
780 sh_error_set_database },
781 { N_("databaseclass"), SH_SECTION_LOG, SH_SECTION_DATABASE,
782 sh_error_database_mask },
783 { N_("setdbservertstamp"), SH_SECTION_DATABASE, SH_SECTION_NONE,
784 set_enter_wrapper },
785#endif
786
787
788#if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE)
789 { N_("dir"), SH_SECTION_ATTRIBUTES, SH_SECTION_NONE,
790 sh_files_pushdir_attr },
791 { N_("file"), SH_SECTION_ATTRIBUTES, SH_SECTION_NONE,
792 sh_files_pushfile_attr },
793 { N_("dir"), SH_SECTION_READONLY, SH_SECTION_NONE,
794 sh_files_pushdir_ro },
795 { N_("file"), SH_SECTION_READONLY, SH_SECTION_NONE,
796 sh_files_pushfile_ro },
797 { N_("dir"), SH_SECTION_LOGFILES, SH_SECTION_NONE,
798 sh_files_pushdir_log },
799 { N_("file"), SH_SECTION_LOGFILES, SH_SECTION_NONE,
800 sh_files_pushfile_log },
801 { N_("dir"), SH_SECTION_LOGGROW, SH_SECTION_NONE,
802 sh_files_pushdir_glog },
803 { N_("file"), SH_SECTION_LOGGROW, SH_SECTION_NONE,
804 sh_files_pushfile_glog },
805 { N_("dir"), SH_SECTION_NOIGNORE, SH_SECTION_NONE,
806 sh_files_pushdir_noig },
807 { N_("file"), SH_SECTION_NOIGNORE, SH_SECTION_NONE,
808 sh_files_pushfile_noig },
809 { N_("dir"), SH_SECTION_ALLIGNORE, SH_SECTION_NONE,
810 sh_files_pushdir_allig },
811 { N_("file"), SH_SECTION_ALLIGNORE, SH_SECTION_NONE,
812 sh_files_pushfile_allig },
813
814 { N_("dir"), SH_SECTION_USER0, SH_SECTION_NONE,
815 sh_files_pushdir_user0 },
816 { N_("file"), SH_SECTION_USER0, SH_SECTION_NONE,
817 sh_files_pushfile_user0 },
818 { N_("dir"), SH_SECTION_USER1, SH_SECTION_NONE,
819 sh_files_pushdir_user1 },
820 { N_("file"), SH_SECTION_USER1, SH_SECTION_NONE,
821 sh_files_pushfile_user1 },
822 { N_("dir"), SH_SECTION_PRELINK, SH_SECTION_NONE,
823 sh_files_pushdir_prelink },
824 { N_("file"), SH_SECTION_PRELINK, SH_SECTION_NONE,
825 sh_files_pushfile_prelink },
826
827 { N_("ignoreadded"), SH_SECTION_MISC, SH_SECTION_NONE,
828 sh_ignore_add_new },
829 { N_("ignoremissing"), SH_SECTION_MISC, SH_SECTION_NONE,
830 sh_ignore_add_del },
831
832 { N_("filecheckscheduleone"), SH_SECTION_MISC, SH_SECTION_NONE,
833 sh_set_schedule_one },
834 { N_("filecheckscheduletwo"), SH_SECTION_MISC, SH_SECTION_NONE,
835 sh_set_schedule_two },
836
837 { N_("usehardlinkcheck"), SH_SECTION_MISC, SH_SECTION_NONE,
838 sh_files_check_hardlinks },
839 { N_("hardlinkoffset"), SH_SECTION_MISC, SH_SECTION_NONE,
840 sh_files_hle_reg },
841 { N_("addokchars"), SH_SECTION_MISC, SH_SECTION_NONE,
842 sh_util_obscure_ok },
843 { N_("setrecursionlevel"), SH_SECTION_MISC, SH_SECTION_NONE,
844 sh_files_setrecursion },
845 { N_("checksumtest"), SH_SECTION_MISC, SH_SECTION_NONE,
846 sh_util_setchecksum },
847 { N_("reportonlyonce"), SH_SECTION_MISC, SH_SECTION_NONE,
848 sh_files_reportonce },
849 { N_("reportfulldetail"), SH_SECTION_MISC, SH_SECTION_NONE,
850 sh_files_fulldetail },
851 { N_("uselocaltime"), SH_SECTION_MISC, SH_SECTION_NONE,
852 sh_unix_uselocaltime },
853
854 { N_("setnicelevel"), SH_SECTION_MISC, SH_SECTION_NONE,
855 sh_readconf_set_nice },
856
857#if defined(FANCY_LIBCAP)
858 { N_("usecaps"), SH_SECTION_MISC, SH_SECTION_NONE,
859 sh_readconf_setCaps },
860#endif
861
862 { N_("setiolimit"), SH_SECTION_MISC, SH_SECTION_NONE,
863 sh_unix_set_io_limit },
864
865 { N_("versionstring"), SH_SECTION_MISC, SH_SECTION_NONE,
866 sh_hash_version_string },
867
868 { N_("digestalgo"), SH_SECTION_MISC, SH_SECTION_NONE,
869 sh_tiger_hashtype },
870
871 { N_("redefreadonly"), SH_SECTION_MISC, SH_SECTION_NONE,
872 sh_files_redef_readonly },
873
874 { N_("redeflogfiles"), SH_SECTION_MISC, SH_SECTION_NONE,
875 sh_files_redef_logfiles },
876
877 { N_("redefgrowinglogfiles"), SH_SECTION_MISC, SH_SECTION_NONE,
878 sh_files_redef_loggrow },
879
880 { N_("redefattributes"), SH_SECTION_MISC, SH_SECTION_NONE,
881 sh_files_redef_attributes },
882
883 { N_("redefignorenone"), SH_SECTION_MISC, SH_SECTION_NONE,
884 sh_files_redef_noignore },
885
886 { N_("redefignoreall"), SH_SECTION_MISC, SH_SECTION_NONE,
887 sh_files_redef_allignore },
888
889 { N_("redefuser0"), SH_SECTION_MISC, SH_SECTION_NONE,
890 sh_files_redef_user0 },
891
892 { N_("redefuser1"), SH_SECTION_MISC, SH_SECTION_NONE,
893 sh_files_redef_user1 },
894
895 { N_("redefprelink"), SH_SECTION_MISC, SH_SECTION_NONE,
896 sh_files_redef_prelink },
897
898
899 { N_("setprelinkpath"), SH_SECTION_MISC, SH_SECTION_NONE,
900 sh_prelink_set_path },
901 { N_("setprelinkchecksum"), SH_SECTION_MISC, SH_SECTION_NONE,
902 sh_prelink_set_hash },
903
904 /* client or standalone
905 */
906#endif
907
908#ifdef SH_WITH_SERVER
909#ifdef INET_SYSLOG
910 { N_("setudpactive"), SH_SECTION_SRV, SH_SECTION_MISC,
911 set_syslog_active },
912#endif
913 { N_("setusesocket"), SH_SECTION_SRV, SH_SECTION_MISC,
914 sh_socket_use },
915 { N_("setsocketallowuid"), SH_SECTION_SRV, SH_SECTION_MISC,
916 sh_socket_uid },
917 { N_("setsocketpassword"), SH_SECTION_SRV, SH_SECTION_MISC,
918 sh_socket_password },
919 { N_("setstripdomain"), SH_SECTION_SRV, SH_SECTION_MISC,
920 sh_forward_set_strip },
921 { N_("useseparatelogs"), SH_SECTION_SRV, SH_SECTION_MISC,
922 set_flag_sep_log },
923 { N_("setchrootdir"), SH_SECTION_SRV, SH_SECTION_MISC,
924 sh_unix_set_chroot },
925 { N_("setclienttimelimit"), SH_SECTION_SRV, SH_SECTION_MISC,
926 sh_forward_set_time_limit },
927 { N_("useclientseverity"), SH_SECTION_SRV, SH_SECTION_MISC,
928 sh_forward_use_clt_sev },
929 { N_("useclientclass"), SH_SECTION_SRV, SH_SECTION_MISC,
930 sh_forward_use_clt_class },
931 { N_("severitylookup"), SH_SECTION_SRV, SH_SECTION_MISC,
932 sh_forward_lookup_level },
933 { N_("setclientfromaccept"), SH_SECTION_SRV, SH_SECTION_MISC,
934 set_socket_peer },
935 { N_("setserverport"), SH_SECTION_SRV, SH_SECTION_MISC,
936 sh_forward_set_port },
937 { N_("setserverinterface"), SH_SECTION_SRV, SH_SECTION_MISC,
938 sh_forward_set_interface },
939 { N_("client"), SH_SECTION_CLIENTS, SH_SECTION_NONE,
940 sh_forward_register_client },
941#endif
942
943#ifdef SH_WITH_CLIENT
944 { N_("exportseverity"), SH_SECTION_LOG, SH_SECTION_NONE,
945 sh_error_setexport },
946 { N_("exportclass"), SH_SECTION_LOG, SH_SECTION_NONE,
947 sh_error_export_mask },
948 { N_("setlogserver"), SH_SECTION_CLT, SH_SECTION_MISC,
949 sh_forward_setlogserver },
950#endif
951 { N_("setfilechecktime"), SH_SECTION_MISC, SH_SECTION_NONE,
952 sh_readconf_setFiletime },
953 { N_("setlooptime"), SH_SECTION_MISC, SH_SECTION_NONE,
954 sh_util_setlooptime },
955
956#ifdef SH_WITH_MAIL
957 { N_("mailseverity"), SH_SECTION_LOG, SH_SECTION_NONE,
958 sh_error_setseverity },
959 { N_("mailclass"), SH_SECTION_LOG, SH_SECTION_NONE,
960 sh_error_mail_mask },
961 { N_("setmailtime"), SH_SECTION_MAIL, SH_SECTION_MISC,
962 sh_readconf_setMailtime },
963 { N_("setmailnum"), SH_SECTION_MAIL, SH_SECTION_MISC,
964 sh_mail_setNum },
965 { N_("setmailaddress"), SH_SECTION_MAIL, SH_SECTION_MISC,
966 sh_mail_setaddress },
967 { N_("setmailrelay"), SH_SECTION_MAIL, SH_SECTION_MISC,
968 sh_mail_set_relay },
969 { N_("mailsingle"), SH_SECTION_MAIL, SH_SECTION_MISC,
970 sh_mail_setFlag },
971 { N_("mailsubject"), SH_SECTION_MAIL, SH_SECTION_MISC,
972 set_mail_subject },
973 { N_("setmailsender"), SH_SECTION_MAIL, SH_SECTION_MISC,
974 sh_mail_set_sender },
975 { N_("setmailfilternot"), SH_SECTION_MAIL, SH_SECTION_MISC,
976 sh_mail_add_not },
977 { N_("setmailfilterand"), SH_SECTION_MAIL, SH_SECTION_MISC,
978 sh_mail_add_and },
979 { N_("setmailfilteror"), SH_SECTION_MAIL, SH_SECTION_MISC,
980 sh_mail_add_or },
981#endif
982 { N_("setbindaddress"), SH_SECTION_MISC, SH_SECTION_NONE,
983 sh_calls_set_bind_addr },
984 { N_("daemon"), SH_SECTION_MISC, SH_SECTION_NONE,
985 sh_unix_setdeamon },
986 { N_("samhainpath"), SH_SECTION_MISC, SH_SECTION_NONE,
987 sh_unix_self_hash },
988 { N_("trusteduser"), SH_SECTION_MISC, SH_SECTION_NONE,
989 tf_add_trusted_user },
990 { N_("settimeserver"), SH_SECTION_MISC, SH_SECTION_NONE,
991 sh_unix_settimeserver },
992
993 { N_("printseverity"), SH_SECTION_LOG, SH_SECTION_NONE,
994 sh_error_setprint },
995 { N_("printclass"), SH_SECTION_LOG, SH_SECTION_NONE,
996 sh_error_print_mask },
997
998 { N_("logseverity"), SH_SECTION_LOG, SH_SECTION_NONE,
999 sh_error_setlog },
1000 { N_("logclass"), SH_SECTION_LOG, SH_SECTION_NONE,
1001 sh_error_log_mask },
1002
1003 { N_("syslogseverity"), SH_SECTION_LOG, SH_SECTION_NONE,
1004 sh_error_set_syslog },
1005 { N_("syslogclass"), SH_SECTION_LOG, SH_SECTION_NONE,
1006 sh_error_syslog_mask },
1007#ifdef HAVE_LIBPRELUDE
1008 { N_("preludeseverity"), SH_SECTION_LOG, SH_SECTION_NONE,
1009 sh_error_set_prelude },
1010 { N_("preludeclass"), SH_SECTION_LOG, SH_SECTION_NONE,
1011 sh_error_prelude_mask },
1012#ifdef HAVE_LIBPRELUDE_9
1013 { N_("preludeprofile"), SH_SECTION_MISC, SH_SECTION_NONE,
1014 sh_prelude_set_profile },
1015 { N_("preludemaptoinfo"), SH_SECTION_MISC, SH_SECTION_NONE,
1016 sh_prelude_map_info },
1017 { N_("preludemaptolow"), SH_SECTION_MISC, SH_SECTION_NONE,
1018 sh_prelude_map_low },
1019 { N_("preludemaptomedium"), SH_SECTION_MISC, SH_SECTION_NONE,
1020 sh_prelude_map_medium },
1021 { N_("preludemaptohigh"), SH_SECTION_MISC, SH_SECTION_NONE,
1022 sh_prelude_map_high },
1023#endif
1024#endif
1025
1026 { N_("logcalls"), SH_SECTION_LOG, SH_SECTION_NONE,
1027 sh_aud_set_functions },
1028
1029 { N_("messageheader"), SH_SECTION_MISC, SH_SECTION_NONE,
1030 sh_error_ehead },
1031
1032 { N_("setconsole"), SH_SECTION_MISC, SH_SECTION_NONE,
1033 sh_log_set_console },
1034
1035#ifdef WITH_MESSAGE_QUEUE
1036 { N_("messagequeueactive"),SH_SECTION_MISC, SH_SECTION_NONE,
1037 enable_msgq },
1038#endif
1039
1040 { N_("setreverselookup"), SH_SECTION_MISC, SH_SECTION_NONE,
1041 set_reverse_lookup },
1042
1043 { N_("setdatabasepath"), SH_SECTION_MISC, SH_SECTION_NONE,
1044 sh_readconf_set_database_path },
1045
1046 { N_("setlogfilepath"), SH_SECTION_MISC, SH_SECTION_NONE,
1047 sh_readconf_set_logfile_path },
1048
1049 { N_("setlockfilepath"), SH_SECTION_MISC, SH_SECTION_NONE,
1050 sh_readconf_set_lockfile_path },
1051
1052 { N_("hidesetup"), SH_SECTION_MISC, SH_SECTION_NONE,
1053 sh_util_hidesetup },
1054
1055 { N_("syslogfacility"), SH_SECTION_LOG, SH_SECTION_MISC,
1056 sh_log_set_facility },
1057
1058 { N_("mactype"), SH_SECTION_MISC, SH_SECTION_NONE,
1059 sh_util_sigtype },
1060
1061 { NULL, 0, 0, NULL}
1062};
1063
1064
1065
1066
1067static int sh_readconfig_line (char * line)
1068{
1069 char * c;
1070 char * tmp;
1071 int i;
1072 int good_opt = -1;
1073
1074#if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE)
1075 int modnum, modkey;
1076#endif
1077
1078 static char *ident[] = {
1079 N_("severityreadonly"),
1080 N_("severitylogfiles"),
1081 N_("severitygrowinglogs"),
1082 N_("severityignorenone"),
1083 N_("severityignoreall"),
1084 N_("severityattributes"),
1085 N_("severitydirs"),
1086 N_("severityfiles"),
1087 N_("severitynames"),
1088 N_("severityuser0"),
1089 N_("severityuser1"),
1090 N_("severityprelink"),
1091 NULL
1092 };
1093
1094 static int identnum[] = {
1095 SH_ERR_T_RO,
1096 SH_ERR_T_LOGS,
1097 SH_ERR_T_GLOG,
1098 SH_ERR_T_NOIG,
1099 SH_ERR_T_ALLIG,
1100 SH_ERR_T_ATTR,
1101 SH_ERR_T_DIR,
1102 SH_ERR_T_FILE,
1103 SH_ERR_T_NAME,
1104 SH_ERR_T_USER0,
1105 SH_ERR_T_USER1,
1106 SH_ERR_T_PRELINK,
1107 };
1108
1109 SL_ENTER(_("sh_readconf_line"));
1110
1111 /* interpret line */
1112
1113 c = strchr(line, '=');
1114 if (c == NULL || (*c) == '\0')
1115 {
1116 if (line != NULL)
1117 {
1118 TPT(( 0, FIL__, __LINE__, _("msg=<ConfigFile: not key=value: %s>\n"),
1119 line));
1120 }
1121 SL_RETURN(good_opt, _("sh_readconf_line"));
1122 }
1123 else
1124 ++c;
1125
1126 /* skip leading whitespace
1127 */
1128 while ((*c) == ' ' || (*c) == '\t')
1129 ++c;
1130
1131 if ((*c) == '\0') /* no value */
1132 {
1133 if (line != NULL)
1134 {
1135 TPT(( 0, FIL__, __LINE__, _("msg=<ConfigFile: not key=value: %s>\n"),
1136 line));
1137 }
1138 SL_RETURN(good_opt, _("sh_readconf_line"));
1139 }
1140
1141 /* convert to lowercase */
1142
1143 tmp = line;
1144 while (*tmp != '=')
1145 {
1146 *tmp = tolower( (int) *tmp);
1147 ++tmp;
1148 }
1149
1150 if (!sl_is_suid())
1151 {
1152 TPT(( 0, FIL__, __LINE__, _("msg=<ConfigFile: %s>\n"), line));
1153 }
1154
1155
1156#if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE)
1157 if (read_mode == SH_SECTION_OTHER)
1158 {
1159 for (modnum = 0; modList[modnum].name != NULL; ++modnum)
1160 {
1161 for (modkey = 0; modList[modnum].conf_table[modkey].the_opt != NULL;
1162 ++modkey)
1163 {
1164 if (sl_strncmp (line,
1165 _(modList[modnum].conf_table[modkey].the_opt),
1166 sl_strlen(modList[modnum].conf_table[modkey].the_opt) ) == 0)
1167 {
1168 good_opt = 0;
1169 if (0 != modList[modnum].conf_table[modkey].func(c))
1170 sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_EINVALS,
1171 _(modList[modnum].conf_table[modkey].the_opt), c);
1172 if (!sl_is_suid())
1173 {
1174 TPT(( 0, FIL__, __LINE__,
1175 _("msg=<line = %s, option = %s>\n"), line,
1176 _(modList[modnum].conf_table[modkey].the_opt)));
1177 }
1178 goto outburst;
1179 }
1180 }
1181 }
1182 }
1183 outburst:
1184#endif
1185
1186
1187 if (read_mode == SH_SECTION_THRESHOLD)
1188 {
1189 i = 0;
1190 while (ident[i] != NULL) {
1191 if (sl_strncmp (line, _(ident[i]), sl_strlen(ident[i])-1) == 0)
1192 {
1193 good_opt = 0;
1194 sh_error_set_iv (identnum[i], c);
1195 break;
1196 }
1197 ++i;
1198 }
1199 }
1200 else
1201 {
1202 i = 0;
1203 while (ext_table[i].optname != NULL)
1204 {
1205 if ((ext_table[i].section == read_mode ||
1206 ext_table[i].alt_section == read_mode) &&
1207 sl_strncmp (line, _(ext_table[i].optname),
1208 sl_strlen(ext_table[i].optname)) == 0)
1209 {
1210 good_opt = 0;
1211 if (0 != ext_table[i].func (c))
1212 sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_EINVALS,
1213 _(ext_table[i].optname), c);
1214 break;
1215 }
1216 ++i;
1217 }
1218 }
1219
1220 SL_RETURN(good_opt, _("sh_readconf_line"));
1221}
1222
1223
Note: See TracBrowser for help on using the repository browser.