source: trunk/src/sh_unix.c@ 222

Last change on this file since 222 was 221, checked in by katerina, 16 years ago

Fix MacOS X problems (ticket #148).

File size: 116.7 KB
RevLine 
[1]1/* SAMHAIN file system integrity testing */
2/* Copyright (C) 1999 Rainer Wichmann */
3/* */
4/* This program is free software; you can redistribute it */
5/* and/or modify */
6/* it under the terms of the GNU General Public License as */
7/* published by */
8/* the Free Software Foundation; either version 2 of the License, or */
9/* (at your option) any later version. */
10/* */
11/* This program is distributed in the hope that it will be useful, */
12/* but WITHOUT ANY WARRANTY; without even the implied warranty of */
13/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */
14/* GNU General Public License for more details. */
15/* */
16/* You should have received a copy of the GNU General Public License */
17/* along with this program; if not, write to the Free Software */
18/* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */
19
20#include "config_xor.h"
21
22
23#include <stdio.h>
24#include <stdlib.h>
25#include <string.h>
26#include <ctype.h>
[98]27#ifdef HAVE_LINUX_FS_H
28#include <linux/fs.h>
29#endif
[1]30
31#ifdef HAVE_MEMORY_H
32#include <memory.h>
33#endif
34
35#ifdef HAVE_UNISTD_H
36#include <errno.h>
37#include <signal.h>
38#include <pwd.h>
39#include <grp.h>
40#include <sys/types.h>
41#include <sys/stat.h>
42#include <sys/resource.h>
43#include <fcntl.h>
44#include <unistd.h>
[169]45/* need to undef these, since the #define's may be picked up from
46 * linux/wait.h, and will clash with a typedef in sys/wait.h
47 */
48#undef P_ALL
49#undef P_PID
50#undef P_PGID
[1]51#include <sys/wait.h>
52
53/*********************
54#ifdef HAVE_SYS_VFS_H
55#include <sys/vfs.h>
56#endif
57**********************/
58#endif
59
60#if TIME_WITH_SYS_TIME
61#include <sys/time.h>
62#include <time.h>
63#else
64#if HAVE_SYS_TIME_H
65#include <sys/time.h>
66#else
67#include <time.h>
68#endif
69#endif
70
71#ifdef HAVE_SYS_SELECT_H
72#include <sys/select.h>
73#endif
74
75#ifndef FD_SET
76#define NFDBITS 32
77#define FD_SET(n, p) ((p)->fds_bits[(n)/NFDBITS] |= (1 << ((n) % NFDBITS)))
78#define FD_CLR(n, p) ((p)->fds_bits[(n)/NFDBITS] &= ~(1 << ((n) % NFDBITS)))
79#define FD_ISSET(n, p) ((p)->fds_bits[(n)/NFDBITS] & (1 << ((n) % NFDBITS)))
80#endif /* !FD_SET */
81#ifndef FD_SETSIZE
82#define FD_SETSIZE 32
83#endif
84#ifndef FD_ZERO
85#define FD_ZERO(p) memset((char *)(p), '\0', sizeof(*(p)))
86#endif
87
88
89#if defined(HAVE_MLOCK) && !defined(HAVE_BROKEN_MLOCK)
90#include <sys/mman.h>
91#endif
92
93#include "samhain.h"
94#include "sh_error.h"
95#include "sh_unix.h"
96#include "sh_utils.h"
97#include "sh_mem.h"
98#include "sh_hash.h"
99#include "sh_tools.h"
100#include "sh_tiger.h"
101#include "sh_prelink.h"
[137]102#include "sh_pthread.h"
[1]103
104/* moved here from far below
105 */
106#include <netdb.h>
107
108#define SH_NEED_PWD_GRP
109#define SH_NEED_GETHOSTBYXXX
110#include "sh_static.h"
111
112#ifndef HAVE_LSTAT
113#define lstat stat
114#endif
115
116#if defined(S_IFLNK) && !defined(S_ISLNK)
117#define S_ISLNK(mode) (((mode) & S_IFMT) == S_IFLNK)
118#else
119#if !defined(S_ISLNK)
120#define S_ISLNK(mode) (0)
121#endif
122#endif
123
124#if defined(S_IFSOCK) && !defined(S_ISSOCK)
125#define S_ISSOCK(mode) (((mode) & S_IFMT) == S_IFSOCK)
126#else
127#if !defined(S_ISSOCK)
128#define S_ISSOCK(mode) (0)
129#endif
130#endif
131
[40]132#if defined(S_IFDOOR) && !defined(S_ISDOOR)
133#define S_ISDOOR(mode) (((mode) & S_IFMT) == S_IFDOOR)
134#else
135#if !defined(S_ISDOOR)
136#define S_ISDOOR(mode) (0)
137#endif
138#endif
139
140#if defined(S_IFPORT) && !defined(S_ISPORT)
141#define S_ISPORT(mode) (((mode) & S_IFMT) == S_IFPORT)
142#else
143#if !defined(S_ISPORT)
144#define S_ISPORT(mode) (0)
145#endif
146#endif
147
[105]148#define SH_KEY_NULL _("000000000000000000000000000000000000000000000000")
[40]149
[1]150#undef FIL__
151#define FIL__ _("sh_unix.c")
152
153unsigned long mask_PRELINK = MASK_PRELINK_;
154unsigned long mask_USER0 = MASK_USER_;
155unsigned long mask_USER1 = MASK_USER_;
[27]156unsigned long mask_USER2 = MASK_USER_;
157unsigned long mask_USER3 = MASK_USER_;
158unsigned long mask_USER4 = MASK_USER_;
[1]159unsigned long mask_ALLIGNORE = MASK_ALLIGNORE_;
160unsigned long mask_ATTRIBUTES = MASK_ATTRIBUTES_;
161unsigned long mask_LOGFILES = MASK_LOGFILES_;
162unsigned long mask_LOGGROW = MASK_LOGGROW_;
163unsigned long mask_READONLY = MASK_READONLY_;
164unsigned long mask_NOIGNORE = MASK_NOIGNORE_;
165
166
167extern char **environ;
168
169int sh_unix_maskreset()
170{
171 mask_PRELINK = MASK_PRELINK_;
172 mask_USER0 = MASK_USER_;
173 mask_USER1 = MASK_USER_;
[27]174 mask_USER2 = MASK_USER_;
175 mask_USER3 = MASK_USER_;
176 mask_USER4 = MASK_USER_;
[1]177 mask_ALLIGNORE = MASK_ALLIGNORE_;
178 mask_ATTRIBUTES = MASK_ATTRIBUTES_;
179 mask_LOGFILES = MASK_LOGFILES_;
180 mask_LOGGROW = MASK_LOGGROW_;
181 mask_READONLY = MASK_READONLY_;
182 mask_NOIGNORE = MASK_NOIGNORE_;
183 return 0;
184}
185
186
187#ifdef SYS_SIGLIST_DECLARED
188/* extern const char * const sys_siglist[]; */
189#else
190char * sh_unix_siglist (int signum)
191{
192 switch (signum)
193 {
194#ifdef SIGHUP
195 case SIGHUP:
196 return _("Hangup");
197#endif
198#ifdef SIGINT
199 case SIGINT:
200 return _("Interrupt");
201#endif
202#ifdef SIGQUIT
203 case SIGQUIT:
204 return _("Quit");
205#endif
206#ifdef SIGILL
207 case SIGILL:
208 return _("Illegal instruction");
209#endif
210#ifdef SIGTRAP
211 case SIGTRAP:
212 return _("Trace/breakpoint trap");
213#endif
214#ifdef SIGABRT
215 case SIGABRT:
216 return _("IOT trap/Abort");
217#endif
218#ifdef SIGBUS
219 case SIGBUS:
220 return _("Bus error");
221#endif
222#ifdef SIGFPE
223 case SIGFPE:
224 return _("Floating point exception");
225#endif
226#ifdef SIGUSR1
227 case SIGUSR1:
228 return _("User defined signal 1");
229#endif
230#ifdef SIGSEGV
231 case SIGSEGV:
232 return _("Segmentation fault");
233#endif
234#ifdef SIGUSR2
235 case SIGUSR2:
236 return _("User defined signal 2");
237#endif
238#ifdef SIGPIPE
239 case SIGPIPE:
240 return _("Broken pipe");
241#endif
242#ifdef SIGALRM
243 case SIGALRM:
244 return _("Alarm clock");
245#endif
246#ifdef SIGTERM
247 case SIGTERM:
248 return _("Terminated");
249#endif
250#ifdef SIGSTKFLT
251 case SIGSTKFLT:
252 return _("Stack fault");
253#endif
254#ifdef SIGCHLD
255 case SIGCHLD:
256 return _("Child exited");
257#endif
258#ifdef SIGCONT
259 case SIGCONT:
260 return _("Continued");
261#endif
262#ifdef SIGSTOP
263 case SIGSTOP:
264 return _("Stopped");
265#endif
266#ifdef SIGTSTP
267 case SIGTSTP:
268 return _("Stop typed at tty");
269#endif
270#ifdef SIGTTIN
271 case SIGTTIN:
272 return _("Stopped (tty input)");
273#endif
274#ifdef SIGTTOU
275 case SIGTTOU:
276 return _("Stopped (tty output)");
277#endif
278#ifdef SIGURG
279 case SIGURG:
280 return _("Urgent condition");
281#endif
282#ifdef SIGXCPU
283 case SIGXCPU:
284 return _("CPU time limit exceeded");
285#endif
286#ifdef SIGXFSZ
287 case SIGXFSZ:
288 return _("File size limit exceeded");
289#endif
290#ifdef SIGVTALRM
291 case SIGVTALRM:
292 return _("Virtual time alarm");
293#endif
294#ifdef SIGPROF
295 case SIGPROF:
296 return _("Profile signal");
297#endif
298#ifdef SIGWINCH
299 case SIGWINCH:
300 return _("Window size changed");
301#endif
302#ifdef SIGIO
303 case SIGIO:
304 return _("Possible I/O");
305#endif
306#ifdef SIGPWR
307 case SIGPWR:
308 return _("Power failure");
309#endif
310#ifdef SIGUNUSED
311 case SIGUNUSED:
312 return _("Unused signal");
313#endif
314 }
315 return _("Unknown");
316}
317#endif
318
319
320/* Log from within a signal handler without using any
321 * functions that are not async signal safe.
322 *
323 * This is the safe_itoa helper function.
324 */
325char * safe_itoa(int i, char * str, int size)
326{
327 unsigned int u;
328 int iisneg = 0;
329 char *p = &str[size-1];
330
331 *p = '\0';
332 if (i < 0) {
333 iisneg = 1;
334 u = ((unsigned int)(-(1+i))) + 1;
335 } else {
336 u = i;
337 }
338 do {
339 --p;
340 *p = '0' + (u % 10);
341 u /= 10;
[22]342 } while (u && (p != str));
343 if ((iisneg == 1) && (p != str)) {
[1]344 --p;
345 *p = '-';
346 }
347 return p;
348}
349
350/* Log from within a signal handler without using any
351 * functions that are not async signal safe.
352 *
353 * This is the safe_logger function.
354 * Arguments: signal (signal number), method (0=logger, 1=stderr), thepid (pid)
355 */
356extern int OnlyStderr;
357
[170]358int safe_logger (int thesignal, int method, char * details)
[1]359{
[34]360 unsigned int i = 0;
[1]361 int status = -1;
362 struct stat buf;
363 pid_t newpid;
364 char str[128];
365 char * p;
[22]366
[1]367 char l0[64], l1[64], l2[64], l3[64];
368 char a0[32], a1[32], a2[32];
369 char e0[128];
370 char msg[128];
[22]371
[1]372 char * locations[] = { NULL, NULL, NULL, NULL, NULL };
373 char * envp[] = { NULL, NULL };
374 char * argp[] = { NULL, NULL, NULL, NULL, NULL };
[22]375
376 pid_t thepid = getpid();
377
[1]378 if ((sh.flag.isdaemon == S_FALSE) || (OnlyStderr == S_TRUE))
379 method = 1;
[22]380
[1]381 /* seems that solaris cc needs this way of initializing ...
382 */
383 locations[0] = l0;
384 locations[1] = l1;
385 locations[2] = l2;
386 locations[3] = l3;
[22]387
[1]388 envp[0] = e0;
[22]389
[1]390 argp[0] = a0;
391 argp[1] = a1;
392 argp[2] = a2;
[22]393
[1]394 sl_strlcpy(msg, _("samhain["), 128);
395 p = safe_itoa((int) thepid, str, 128);
396 if (p && *p)
397 sl_strlcat(msg, p, 128);
[170]398 if (thesignal == 0)
[1]399 {
[22]400 if (details == NULL) {
401 sl_strlcat(msg, _("]: out of memory"), 128);
402 } else {
403 sl_strlcat(msg, _("]: "), 128);
404 sl_strlcat(msg, details, 128);
405 }
[1]406 }
407 else
408 {
409 sl_strlcat(msg, _("]: exit on signal "), 128);
[170]410 p = safe_itoa(thesignal, str, 128);
[1]411 if (p && *p)
412 sl_strlcat(msg, p, 128);
413 }
414
415 if (method == 1) {
416#ifndef STDERR_FILENO
417#define STDERR_FILENO 2
418#endif
[153]419 int retval = 0;
420 do {
421 retval = write(STDERR_FILENO, msg, strlen(msg));
422 } while (retval < 0 && errno == EINTR);
423 do {
424 retval = write(STDERR_FILENO, "\n", 1);
425 } while (retval < 0 && errno == EINTR);
[1]426 return 0;
427 }
[22]428
429 sl_strlcpy (l0, _("/usr/bin/logger"), 64);
430 sl_strlcpy (l1, _("/usr/sbin/logger"), 64);
431 sl_strlcpy (l2, _("/usr/ucb/logger"), 64);
432 sl_strlcpy (l3, _("/bin/logger"), 64);
433
434 sl_strlcpy (a0, _("logger"), 32);
435 sl_strlcpy (a1, _("-p"), 32);
436 sl_strlcpy (a2, _("daemon.alert"), 32);
437
438 sl_strlcpy (e0,
439 _("PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/ucb:/usr/local/bin"),
440 128);
441
[1]442 while (locations[i] != NULL) {
443 status = stat(locations[i], &buf);
444 if (status == 0)
445 break;
446 ++i;
447 }
448
449 if (locations[i] != NULL) {
450 argp[3] = msg;
451 newpid = fork();
452 if (newpid == 0) {
453 execve(locations[i], argp, envp);
454 _exit(1);
455 }
456 else if (newpid > 0) {
457 waitpid(newpid, &status, WUNTRACED);
458 }
459 }
460 return 0;
461}
462
[170]463void safe_fatal (const char * details,
464 const char * file, int line)
[22]465{
466 char msg[128];
467 char str[128];
468 char * p;
[170]469 int thesignal = 0;
[34]470 int method = 0;
471
[22]472 p = safe_itoa((int) line, str, 128);
473 sl_strlcpy(msg, _("FATAL: "), 128);
474 sl_strlcat(msg, file, 128);
475 sl_strlcat(msg, ": ", 128);
476 if (p && (*p)) {
477 sl_strlcat(msg, p , 128);
478 sl_strlcat(msg, ": ", 128);
479 }
480 sl_strlcat(msg, details, 128);
[170]481 (void) safe_logger (thesignal, method, msg);
[205]482 raise(SIGKILL);
[22]483}
[1]484
485extern char sh_sig_msg[64];
486
487volatile int immediate_exit_normal = 0;
488
489#if defined(SA_SIGACTION_WORKS)
490static
491void sh_unix_sigexit (int mysignal, siginfo_t * signal_info, void * signal_add)
492#else
493static
494void sh_unix_sigexit (int mysignal)
495#endif
496{
497
498#if defined(SA_SIGACTION_WORKS)
499 if (signal_info != NULL && signal_info->si_code == SI_USER &&
500 mysignal != SIGTERM && mysignal != SIGINT)
501 {
502 return;
503 }
504
505 /* avoid compiler warning (unused var)
506 */
507 (void) signal_add;
508#endif
509
510 /*
511 * Block re-entry
512 */
513 if (immediate_exit_normal > 0)
514 {
515 ++immediate_exit_normal;
516 if ((skey != NULL) && (immediate_exit_normal == 2))
517 memset (skey, '\0', sizeof(sh_key_t));
518 if (immediate_exit_normal == 2)
519 {
[153]520 int val_return;
521
522 do {
523 val_return = chdir ("/");
524 } while (val_return < 0 && errno == EINTR);
525
[22]526 safe_logger (mysignal, 0, NULL);
[1]527 }
[205]528 raise(SIGKILL);
[1]529 }
530 else
531 {
532 immediate_exit_normal = 1;
533 }
534
535#ifdef SYS_SIGLIST_DECLARED
536 strncpy (sh_sig_msg, sys_siglist[mysignal], 40);
537#else
538 strncpy (sh_sig_msg, sh_unix_siglist(mysignal), 40);
539#endif
540 sh_sig_msg[63] = '\0';
541
542 ++sig_raised;
543 ++sig_urgent;
544 sig_termfast = 1;
545 return;
546}
547
548volatile int immediate_exit_fast = 0;
549
550#if defined(SA_SIGACTION_WORKS)
551static
552void sh_unix_sigexit_fast (int mysignal, siginfo_t * signal_info,
553 void * signal_add)
554#else
555static
556void sh_unix_sigexit_fast (int mysignal)
557#endif
558{
[172]559#if defined(SL_DEBUG) && (defined(USE_SYSTEM_MALLOC) || !defined(USE_MALLOC_LOCK))
[154]560 int retval;
561#endif
562
[1]563#if defined(SA_SIGACTION_WORKS)
564 if (signal_info != NULL && signal_info->si_code == SI_USER)
565 {
566 return;
567 }
568#endif
569
570 /* avoid compiler warning (unused var)
571 */
572#if defined(SA_SIGACTION_WORKS)
573 (void) signal_add;
574#endif
575
576 /* Check whether the heap is ok; otherwise _exit
577 */
[172]578#if !defined(SL_DEBUG) || (!defined(USE_SYSTEM_MALLOC) && defined(USE_MALLOC_LOCK))
[1]579 ++immediate_exit_fast;
580 if (skey != NULL && immediate_exit_fast < 2)
581 memset (skey, '\0', sizeof(sh_key_t));
582 if (immediate_exit_fast < 2)
[22]583 safe_logger (mysignal, 0, NULL);
[205]584 raise(SIGKILL);
[1]585#else
586
587 /* debug code
588 */
589 if (immediate_exit_fast == 1)
590 {
591 ++immediate_exit_fast;
592 if (skey != NULL)
593 memset (skey, '\0', sizeof(sh_key_t));
594#ifdef WITH_MESSAGE_QUEUE
595 close_ipc ();
596#endif
[22]597 safe_logger (mysignal, 0, NULL);
[154]598 do {
599 retval = chdir ("/");
600 } while (retval < 0 && errno == EINTR);
[1]601 raise(SIGFPE);
602 }
603 else if (immediate_exit_fast == 2)
604 {
[154]605 do {
606 retval = chdir ("/");
607 } while (retval < 0 && errno == EINTR);
[1]608 raise(SIGFPE);
609 }
610 else if (immediate_exit_fast != 0)
611 {
[205]612 raise(SIGKILL);
[1]613 }
614
615 ++immediate_exit_fast;
616
617 /* The FPE|BUS|SEGV|ILL signals leave the system in an undefined
618 * state, thus it is best to exit immediately.
619 */
620#ifdef SYS_SIGLIST_DECLARED
621 strncpy (sh_sig_msg, sys_siglist[mysignal], 40);
622#else
623 strncpy (sh_sig_msg, sh_unix_siglist(mysignal), 40);
624#endif
[131]625 sh_sig_msg[63] = '\0';
[1]626
627 sl_stack_print();
628
629 /* Try to push out an error message.
630 */
631 sh_error_handle ((-1), FIL__, __LINE__, mysignal, MSG_EXIT_NORMAL,
632 sh.prg_name, sh_sig_msg);
633
634 if (skey != NULL)
635 memset (skey, '\0', sizeof(sh_key_t));
636#ifdef WITH_MESSAGE_QUEUE
637 close_ipc ();
638#endif
639
[154]640 do {
641 retval = chdir ("/");
642 } while (retval < 0 && errno == EINTR);
643
[1]644 raise(SIGFPE);
645#endif
646}
647
648
649static
650void sh_unix_sigaction (int mysignal)
651{
652 ++sig_raised;
653#ifdef SIGUSR1
654 if (mysignal == SIGUSR1)
655 sig_debug_switch = 1;
656#endif
657#ifdef SIGUSR2
658 if (mysignal == SIGUSR2)
659 {
[19]660 ++sig_suspend_switch;
[1]661 ++sig_urgent;
662 }
663#endif
664#ifdef SIGHUP
665 if (mysignal == SIGHUP)
666 sig_config_read_again = 1;
667#endif
668#ifdef SIGTTOU
669 if (mysignal == SIGTTOU)
670 sig_force_check = 1;
671#endif
672#ifdef SIGABRT
673 if (mysignal == SIGABRT)
674 sig_fresh_trail = 1;
675#endif
676#ifdef SIGQUIT
677 if (mysignal == SIGQUIT)
678 {
[131]679 sig_terminate = 1;
[1]680 ++sig_urgent;
681 }
682#endif
683#ifdef SIGTERM
684 if (mysignal == SIGTERM)
685 {
686 strncpy (sh_sig_msg, _("Terminated"), 40);
687 sig_termfast = 1;
688 ++sig_urgent;
689 }
690#endif
691
692 return;
693}
694
695static
696void sh_unix_siginstall (int goDaemon)
697{
698 struct sigaction act, act_fast, act2, oldact, ignact;
699#if defined (SH_WITH_SERVER)
700 (void) goDaemon;
701#endif
702
703 SL_ENTER(_("sh_unix_siginstall"));
704
705 ignact.sa_handler = SIG_IGN; /* signal action */
706 sigemptyset( &ignact.sa_mask ); /* set an empty mask */
707 ignact.sa_flags = 0; /* init sa_flags */
708
709#if defined(SA_SIGACTION_WORKS)
710 act.sa_sigaction = &sh_unix_sigexit; /* signal action */
711#else
712 act.sa_handler = &sh_unix_sigexit; /* signal action */
713#endif
714
715 sigfillset ( &act.sa_mask ); /* set a full mask */
716
717
718 /* Block all but deadly signals.
719 */
720#ifdef SIGILL
721 sigdelset ( &act.sa_mask, SIGILL );
722#endif
723#ifndef SL_DEBUG
724#ifdef SIGFPE
725 sigdelset ( &act.sa_mask, SIGFPE );
726#endif
727#endif
728#ifdef SIGSEGV
729 sigdelset ( &act.sa_mask, SIGSEGV );
730#endif
731#ifdef SIGBUS
732 sigdelset ( &act.sa_mask, SIGBUS );
733#endif
734
735#if defined(SA_SIGACTION_WORKS)
736 act_fast.sa_sigaction = &sh_unix_sigexit_fast; /* signal action */
737#else
738 act_fast.sa_handler = &sh_unix_sigexit_fast; /* signal action */
739#endif
740
741 sigfillset ( &act_fast.sa_mask ); /* set a full mask */
742
743#ifdef SIGILL
744 sigdelset ( &act_fast.sa_mask, SIGILL );
745#endif
746#ifndef SL_DEBUG
747#ifdef SIGFPE
748 sigdelset ( &act_fast.sa_mask, SIGFPE );
749#endif
750#endif
751#ifdef SIGSEGV
752 sigdelset ( &act_fast.sa_mask, SIGSEGV );
753#endif
754#ifdef SIGBUS
755 sigdelset ( &act_fast.sa_mask, SIGBUS );
756#endif
757
758
759 /* Use siginfo to verify origin of signal, if possible.
760 */
761#if defined(SA_SIGACTION_WORKS)
762 act.sa_flags = SA_SIGINFO;
763 act_fast.sa_flags = SA_SIGINFO;
764#else
765 act.sa_flags = 0;
766 act_fast.sa_flags = 0;
767#endif
768
769 /* Do not block the signal from being received in its handler ...
770 * (is this a good or a bad idea ??).
771 */
772#if defined(SA_NOMASK)
773 act_fast.sa_flags |= SA_NOMASK;
774#elif defined(SA_NODEFER)
775 act_fast.sa_flags |= SA_NODEFER;
776#endif
777
778
779 act2.sa_handler = &sh_unix_sigaction; /* signal action */
780 sigemptyset( &act2.sa_mask ); /* set an empty mask */
781 act2.sa_flags = 0; /* init sa_flags */
782
783 /* signals to control the daemon */
784
785#ifdef SIGHUP
786 retry_sigaction(FIL__, __LINE__, SIGHUP, &act2, &oldact);
787#endif
788#ifdef SIGABRT
789 retry_sigaction(FIL__, __LINE__, SIGABRT, &act2, &oldact);
790#endif
791#ifdef SIGUSR1
792 retry_sigaction(FIL__, __LINE__, SIGUSR1, &act2, &oldact);
793#endif
794#ifdef SIGUSR2
795 retry_sigaction(FIL__, __LINE__, SIGUSR2, &act2, &oldact);
796#endif
797#ifdef SIGQUIT
798 retry_sigaction(FIL__, __LINE__, SIGQUIT, &act2, &oldact);
799#endif
800#ifdef SIGTERM
[131]801 retry_sigaction(FIL__, __LINE__, SIGTERM, &act, &oldact);
[1]802#endif
803
804 /* fatal signals that may cause termination */
805
806#ifdef SIGILL
807 retry_sigaction(FIL__, __LINE__, SIGILL, &act_fast, &oldact);
808#endif
809#ifndef SL_DEBUG
810#ifdef SIGFPE
811 retry_sigaction(FIL__, __LINE__, SIGFPE, &act_fast, &oldact);
812#endif
813#endif
814#ifdef SIGSEGV
815 retry_sigaction(FIL__, __LINE__, SIGSEGV, &act_fast, &oldact);
816#endif
817#ifdef SIGBUS
818 retry_sigaction(FIL__, __LINE__, SIGBUS, &act_fast, &oldact);
819#endif
820
821 /* other signals */
822
823#ifdef SIGINT
824 retry_sigaction(FIL__, __LINE__, SIGINT, &act, &oldact);
825#endif
826#ifdef SIGPIPE
[132]827#ifdef HAVE_PTHREAD
828 retry_sigaction(FIL__, __LINE__, SIGPIPE, &ignact, &oldact);
829#else
[1]830 retry_sigaction(FIL__, __LINE__, SIGPIPE, &act, &oldact);
831#endif
[132]832#endif
[1]833#ifdef SIGALRM
834 retry_sigaction(FIL__, __LINE__, SIGALRM, &ignact, &oldact);
835#endif
836#ifdef SIGTSTP
837 retry_sigaction(FIL__, __LINE__, SIGTSTP, &ignact, &oldact);
838#endif
839#ifdef SIGTTIN
840 retry_sigaction(FIL__, __LINE__, SIGTTIN, &ignact, &oldact);
841#endif
842#if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE)
843#ifdef SIGTTOU
844 if (goDaemon == 1)
845 retry_sigaction(FIL__, __LINE__, SIGTTOU, &act2, &oldact);
846 else
847 retry_sigaction(FIL__, __LINE__, SIGTTOU, &ignact, &oldact);
848#endif
849#else
850#ifdef SIGTTOU
851 retry_sigaction(FIL__, __LINE__, SIGTTOU, &ignact, &oldact);
852#endif
853#endif
854
855#ifdef SIGTRAP
856#if !defined(SCREW_IT_UP)
857 retry_sigaction(FIL__, __LINE__, SIGTRAP, &act, &oldact);
858#endif
859#endif
860
861#ifdef SIGPOLL
862 retry_sigaction(FIL__, __LINE__, SIGPOLL, &ignact, &oldact);
863#endif
864#if defined(SIGPROF) && !defined(SH_PROFILE)
865 retry_sigaction(FIL__, __LINE__, SIGPROF, &ignact, &oldact);
866#endif
867#ifdef SIGSYS
868 retry_sigaction(FIL__, __LINE__, SIGSYS, &act, &oldact);
869#endif
870#ifdef SIGURG
871 retry_sigaction(FIL__, __LINE__, SIGURG, &ignact, &oldact);
872#endif
873#if defined(SIGVTALRM) && !defined(SH_PROFILE)
874 retry_sigaction(FIL__, __LINE__, SIGVTALRM, &ignact, &oldact);
875#endif
876#ifdef SIGXCPU
877 retry_sigaction(FIL__, __LINE__, SIGXCPU, &act, &oldact);
878#endif
879#ifdef SIGXFSZ
880 retry_sigaction(FIL__, __LINE__, SIGXFSZ, &act, &oldact);
881#endif
882
883#ifdef SIGEMT
884 retry_sigaction(FIL__, __LINE__, SIGEMT, &ignact, &oldact);
885#endif
886#ifdef SIGSTKFLT
887 retry_sigaction(FIL__, __LINE__, SIGSTKFLT, &act, &oldact);
888#endif
889#ifdef SIGIO
890 retry_sigaction(FIL__, __LINE__, SIGIO, &ignact, &oldact);
891#endif
892#ifdef SIGPWR
893 retry_sigaction(FIL__, __LINE__, SIGPWR, &act, &oldact);
894#endif
895
896#ifdef SIGLOST
897 retry_sigaction(FIL__, __LINE__, SIGLOST, &ignact, &oldact);
898#endif
899#ifdef SIGUNUSED
900 retry_sigaction(FIL__, __LINE__, SIGUNUSED, &ignact, &oldact);
901#endif
902
903 SL_RET0(_("sh_unix_siginstall"));
904}
905
906/* ---------------------------------------------------------------- */
907
908/* checksum the own binary
909 */
[22]910int sh_unix_self_hash (const char * c)
[1]911{
912 char message[512];
[133]913 char hashbuf[KEYBUF_SIZE];
[1]914
915 SL_ENTER(_("sh_unix_self_hash"));
916
917 if (c == NULL)
918 {
919 sh.exec.path[0] = '\0';
920 SL_RETURN((0), _("sh_unix_self_hash"));
921 }
922 sl_strlcpy(sh.exec.path, c, SH_PATHBUF);
923
924 sl_strlcpy(sh.exec.hash,
[160]925 sh_tiger_hash (c, TIGER_FILE, TIGER_NOLIM, hashbuf, sizeof(hashbuf)),
[1]926 KEY_LEN+1);
927 sl_snprintf(message, 512, _("%s has checksum: %s"),
928 sh.exec.path, sh.exec.hash);
929 message[511] = '\0';
930 sh_error_handle(SH_ERR_INFO, FIL__, __LINE__, 0, MSG_E_SUBGEN,
931 message, _("sh_unix_self_hash"));
[93]932 if (0 == sl_strcmp(sh.exec.hash, SH_KEY_NULL ))
[1]933 {
934 dlog(1, FIL__, __LINE__,
935 _("Could not checksum my own executable because of the\nfollowing error: %s: %s\n\nPossible reasons include:\n Wrong path in configure file option SamhainPath=/path/to/executable\n No read permission for the effective UID: %d\n"),
936 sh.exec.path, sl_get_errmsg(), (int) sl_ret_euid());
937 sh_error_handle ((-1), FIL__, __LINE__, EACCES, MSG_NOACCESS,
938 (long) sh.real.uid, c);
939 aud_exit (FIL__, __LINE__, EXIT_FAILURE);
940 }
941 SL_RETURN((0), _("sh_unix_self_hash"));
942}
943
944int sh_unix_self_check ()
945{
946 char newhash[KEY_LEN+1];
947 char message[512];
[133]948 char hashbuf[KEYBUF_SIZE];
[1]949
950 SL_ENTER(_("sh_unix_self_check"));
951 if (sh.exec.path == NULL || sh.exec.path[0] == '\0')
952 SL_RETURN((0), _("sh_unix_self_check"));
953
[133]954 sl_strlcpy(newhash,
[160]955 sh_tiger_hash (sh.exec.path, TIGER_FILE, TIGER_NOLIM, hashbuf, sizeof(hashbuf)),
[133]956 KEY_LEN+1);
[1]957 if (0 == sl_strncmp(sh.exec.hash,
958 newhash,
959 KEY_LEN))
960 SL_RETURN((0), _("sh_unix_self_check"));
961
962
963 dlog(1, FIL__, __LINE__,
964 _("The checksum of the executable: %s has changed since startup (%s -> %s).\n"),
965 sh.exec.path, sh.exec.hash, newhash);
966
967 sl_snprintf(message, 512,
968 _("The checksum of %s has changed since startup (%s -> %s)"),
969 sh.exec.path, sh.exec.hash, newhash);
970 message[511] = '\0';
971
972 sh_error_handle(SH_ERR_INFO, FIL__, __LINE__, 0, MSG_E_SUBGEN,
973 message, _("sh_unix_self_check"));
974 sh_error_handle ((-1), FIL__, __LINE__, EACCES, MSG_E_AUTH,
975 sh.exec.path);
976 SL_RETURN((-1), _("sh_unix_self_check"));
977}
978
979
980/* ---------------------------------------------------------------- */
981
982
983/* added Tue Feb 22 10:36:44 NFT 2000 Rainer Wichmann */
[22]984static int tf_add_trusted_user_int(const char * c)
[1]985{
[137]986 struct passwd * w;
[1]987 int count;
988 uid_t pwid = (uid_t)-1;
989
[131]990#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R)
991 struct passwd pwd;
992 char buffer[SH_PWBUF_SIZE];
993#endif
994
[1]995 SL_ENTER(_("tf_add_trusted_user_int"));
996
997 /* First check for a user name.
998 */
[131]999#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R)
[137]1000 sh_getpwnam_r(c, &pwd, buffer, sizeof(buffer), &w);
[131]1001#else
1002 w = sh_getpwnam(c);
1003#endif
1004
1005 if ((w != NULL) && ((pwid = w->pw_uid) > 0))
[1]1006 goto succe;
1007
1008 /* Failed, so check for a numerical value.
1009 */
1010 pwid = strtol(c, (char **)NULL, 10);
1011 if (pwid > 0 && pwid < 65535)
1012 goto succe;
1013
1014 sh_error_handle ((-1), FIL__, __LINE__, EINVAL, MSG_EINVALS,
1015 _("add trusted user"), c);
1016 SL_RETURN((-1), _("tf_add_trusted_user_int"));
1017
1018 succe:
1019 count = sl_trust_add_user(pwid);
1020 SL_RETURN((count), _("tf_add_trusted_user_int"));
1021}
1022
[22]1023int tf_add_trusted_user(const char * c)
[1]1024{
1025 int i;
1026 char * q;
1027 char * p = sh_util_strdup (c);
[131]1028#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_STRTOK_R)
1029 char * saveptr;
1030#endif
1031
[1]1032 SL_ENTER(_("tf_add_trusted_user"));
1033
[131]1034#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_STRTOK_R)
1035 q = strtok_r(p, ", \t", &saveptr);
1036#else
[1]1037 q = strtok(p, ", \t");
[131]1038#endif
[1]1039 if (!q)
1040 {
1041 SH_FREE(p);
1042 SL_RETURN((-1), _("tf_add_trusted_user"));
1043 }
1044 while (q)
1045 {
1046 i = tf_add_trusted_user_int(q);
1047 if (SL_ISERROR(i))
1048 {
1049 SH_FREE(p);
1050 SL_RETURN((i), _("tf_add_trusted_user"));
1051 }
[131]1052#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_STRTOK_R)
1053 q = strtok_r(NULL, ", \t", &saveptr);
1054#else
[1]1055 q = strtok(NULL, ", \t");
[131]1056#endif
[1]1057 }
1058 SH_FREE(p);
1059 SL_RETURN((0), _("tf_add_trusted_user"));
1060}
1061
[170]1062extern uid_t sl_trust_baduid(void);
1063extern gid_t sl_trust_badgid(void);
[1]1064
1065#if defined(HOST_IS_CYGWIN) || defined(__cygwin__) || defined(__CYGWIN32__) || defined(__CYGWIN__)
[183]1066int tf_trust_check (const char * file, int mode)
[1]1067{
1068 (void) file;
1069 (void) mode;
1070 return 0;
1071}
1072#else
[183]1073int tf_trust_check (const char * file, int mode)
[1]1074{
1075 char * tmp;
1076 char * tmp2;
1077 char * p;
1078 int status;
1079 int level;
1080 uid_t ff_euid;
1081
1082 SL_ENTER(_("tf_trust_check"));
1083
1084 if (mode == SL_YESPRIV)
1085 sl_get_euid(&ff_euid);
1086 else
1087 sl_get_ruid(&ff_euid);
1088
1089#if defined(SH_WITH_SERVER)
1090 if (0 == sl_ret_euid()) /* privileges not dropped yet */
1091 {
[131]1092#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R)
1093 struct passwd pwd;
1094 char buffer[SH_PWBUF_SIZE];
1095 struct passwd * tempres;
1096 sh_getpwnam_r(DEFAULT_IDENT, &pwd, buffer, sizeof(buffer), &tempres);
1097#else
[1]1098 struct passwd * tempres = sh_getpwnam(DEFAULT_IDENT);
[131]1099#endif
[1]1100
1101 if (!tempres)
1102 {
1103 dlog(1, FIL__, __LINE__,
1104 _("User %s does not exist. Please add the user to your system.\n"),
1105 DEFAULT_IDENT);
1106 aud_exit (FIL__, __LINE__, EXIT_FAILURE);
1107 }
1108 ff_euid = tempres->pw_uid;
1109 }
1110#endif
1111
1112 status = sl_trustfile_euid(file, ff_euid);
1113
1114 if ( SL_ENONE != status)
1115 {
1116 if (status == SL_ESTAT)
1117 level = SH_ERR_ALL;
1118 else
1119 level = SH_ERR_ERR;
1120
1121 tmp = sh_util_safe_name (file);
1122 p = sl_trust_errfile();
1123 if (p && *p != '\0')
1124 {
1125 tmp2 = sh_util_safe_name (sl_trust_errfile());
1126 sh_error_handle(level, FIL__, __LINE__, status, MSG_E_TRUST2,
1127 sl_error_string(status), tmp, tmp2);
1128 SH_FREE(tmp2);
1129 }
1130 else
1131 {
1132 sh_error_handle(level, FIL__, __LINE__, status, MSG_E_TRUST1,
1133 sl_error_string(status), tmp);
1134 }
1135 SH_FREE(tmp);
1136
1137 if (status == SL_EBADUID || status == SL_EBADGID ||
1138 status == SL_EBADOTH || status == SL_ETRUNC ||
1139 status == SL_EINTERNAL )
1140 {
1141 switch (status) {
1142 case SL_EINTERNAL:
1143 dlog(1, FIL__, __LINE__,
1144 _("An internal error occured in the trustfile function.\n"));
1145 break;
1146 case SL_ETRUNC:
1147 tmp = sh_util_safe_name (file);
1148 dlog(1, FIL__, __LINE__,
1149 _("A filename truncation occured in the trustfile function.\nProbably the normalized filename for %s\nis too long. This may be due e.g. to deep or circular softlinks.\n"),
1150 tmp);
1151 SH_FREE(tmp);
1152 break;
1153 case SL_EBADOTH:
1154 tmp = sh_util_safe_name (file);
1155 p = sl_trust_errfile();
1156 dlog(1, FIL__, __LINE__,
1157 _("The path element: %s\nin the filename: %s is world writeable.\n"),
1158 p, tmp);
1159 SH_FREE(tmp);
1160 break;
1161 case SL_EBADUID:
1162 tmp = sh_util_safe_name (file);
1163 p = sl_trust_errfile();
1164 dlog(1, FIL__, __LINE__,
1165 _("The owner (UID = %ld) of the path element: %s\nin the filename: %s\nis not in the list of trusted users.\nTo fix the problem, you can:\n - run ./configure again with the option --with-trusted=0,...,UID\n where UID is the UID of the untrusted user, or\n - use the option TrustedUser=UID in the configuration file.\n"),
1166 (UID_CAST)sl_trust_baduid(), p, tmp);
1167 SH_FREE(tmp);
1168 break;
1169 case SL_EBADGID:
1170 tmp = sh_util_safe_name (file);
1171 p = sl_trust_errfile();
1172 dlog(1, FIL__, __LINE__,
1173 _("The path element: %s\nin the filename: %s\nis group writeable (GID = %ld), and at least one of the group\nmembers (UID = %ld) is not in the list of trusted users.\nTo fix the problem, you can:\n - run ./configure again with the option --with-trusted=0,...,UID\n where UID is the UID of the untrusted user, or\n - use the option TrustedUser=UID in the configuration file.\n"),
1174 p, tmp, (UID_CAST)sl_trust_badgid(),
1175 (UID_CAST)sl_trust_baduid());
1176 SH_FREE(tmp);
1177 break;
1178 default:
1179 break;
1180 }
1181
1182 SL_RETURN((-1), _("tf_trust_check"));
1183 }
1184 }
1185
1186 SL_RETURN((0), _("tf_trust_check"));
1187}
1188#endif
1189
1190#ifdef HAVE_INITGROUPS
1191#ifdef HOST_IS_OSF
1192int sh_unix_initgroups ( char * in_user, gid_t in_gid)
1193#else
1194int sh_unix_initgroups (const char * in_user, gid_t in_gid)
1195#endif
1196{
1197 int status = -1;
1198 status = sh_initgroups (in_user, in_gid);
1199 if (status < 0)
1200 {
1201 if (errno == EPERM)
1202 return 0;
1203 if (errno == EINVAL)
1204 return 0;
1205 return -1;
1206 }
1207 return 0;
1208}
1209#else
1210int sh_unix_initgroups (const char * in_user, gid_t in_gid)
1211{
1212 (void) in_user;
1213 (void) in_gid;
1214 return 0;
1215}
1216#endif
1217
1218#ifdef HAVE_INITGROUPS
[132]1219char * sh_unix_getUIDname (int level, uid_t uid, char * out, size_t len);
[1]1220int sh_unix_initgroups2 (uid_t in_pid, gid_t in_gid)
1221{
1222 int status = -1;
[132]1223 char user[SH_MINIBUF];
[1]1224
1225 SL_ENTER(_("sh_unix_initgroups2"));
1226
[132]1227 if (NULL == sh_unix_getUIDname (SH_ERR_ERR, in_pid, user, sizeof(user)))
[1]1228 SL_RETURN((-1), _("sh_unix_initgroups2"));
1229 status = sh_initgroups (user, in_gid);
1230 if (status < 0)
1231 {
1232 if (errno == EPERM)
1233 status = 0;
1234 if (errno == EINVAL)
1235 status = 0;
1236 }
1237 SL_RETURN((status), _("sh_unix_initgroups2"));
1238}
1239#else
1240int sh_unix_initgroups2 (uid_t in_pid, gid_t in_gid)
1241{
1242 (void) in_pid;
1243 (void) in_gid;
1244 return 0;
1245}
1246#endif
1247
[174]1248void sh_unix_closeall (int fd, int except, int inchild)
[1]1249{
1250 int fdx = fd;
1251#ifdef _SC_OPEN_MAX
1252 int fdlimit = sysconf (_SC_OPEN_MAX);
1253#else
1254#ifdef OPEN_MAX
1255 int fdlimit = OPEN_MAX;
1256#else
1257 int fdlimit = _POSIX_OPEN_MAX;
1258#endif
1259#endif
1260
1261 SL_ENTER(_("sh_unix_closeall"));
1262
1263 /* can't happen - so fix it :-(
1264 */
1265 if (fdlimit < 0)
[84]1266 fdlimit = 20; /* POSIX lower limit */
[1]1267
1268 if (fdlimit > 65536)
1269 fdlimit = 65536;
1270
1271 /* Close everything from fd (inclusive) up to fdlimit (exclusive).
1272 */
1273 while (fd < fdlimit)
1274 {
1275 if (fd == except)
1276 fd++;
1277 else if (slib_do_trace != 0 && fd == slib_trace_fd)
1278 fd++;
1279 else
1280 close(fd++);
1281 }
1282
[174]1283 if (!inchild)
1284 sl_dropall (fdx, except);
1285 else
1286 sl_dropall_dirty (fdx, except);
[1]1287
1288 SL_RET0(_("sh_unix_closeall"));
1289}
1290
1291static void sh_unix_setlimits(void)
1292{
1293 struct rlimit limits;
1294
1295 SL_ENTER(_("sh_unix_setlimits"));
1296
1297 limits.rlim_cur = RLIM_INFINITY;
1298 limits.rlim_max = RLIM_INFINITY;
1299
1300#ifdef RLIMIT_CPU
1301 setrlimit (RLIMIT_CPU, &limits);
1302#endif
1303#ifdef RLIMIT_FSIZE
1304 setrlimit (RLIMIT_FSIZE, &limits);
1305#endif
1306#ifdef RLIMIT_DATA
1307 setrlimit (RLIMIT_DATA, &limits);
1308#endif
1309#ifdef RLIMIT_STACK
1310 setrlimit (RLIMIT_STACK, &limits);
1311#endif
1312#ifdef RLIMIT_RSS
1313 setrlimit (RLIMIT_RSS, &limits);
1314#endif
1315#ifdef RLIMIT_NPROC
1316 setrlimit (RLIMIT_NPROC, &limits);
1317#endif
1318#ifdef RLIMIT_MEMLOCK
1319 setrlimit (RLIMIT_MEMLOCK, &limits);
1320#endif
1321
1322#if !defined(SL_DEBUG)
1323 /* no core dumps
1324 */
1325 limits.rlim_cur = 0;
1326 limits.rlim_max = 0;
1327#ifdef RLIMIT_CORE
1328 setrlimit (RLIMIT_CORE, &limits);
1329#endif
1330#else
1331#ifdef RLIMIT_CORE
1332 setrlimit (RLIMIT_CORE, &limits);
1333#endif
1334#endif
1335
[8]1336 limits.rlim_cur = 1024;
1337 limits.rlim_max = 1024;
[1]1338
[8]1339#if defined(RLIMIT_NOFILE)
1340 setrlimit (RLIMIT_NOFILE, &limits);
1341#elif defined(RLIMIT_OFILE)
1342 setrlimit (RLIMIT_OFILE, &limits);
1343#endif
1344
[1]1345 SL_RET0(_("sh_unix_setlimits"));
1346}
1347
1348static void sh_unix_copyenv(void)
1349{
1350 char ** env0 = environ;
1351 char ** env1;
1352 int envlen = 0;
[22]1353 size_t len;
[1]1354
1355 SL_ENTER(_("sh_unix_copyenv"));
1356
1357 while (env0 != NULL && env0[envlen] != NULL) {
1358 /* printf("%2d: %s\n", envlen, env0[envlen]); */
1359 ++envlen;
1360 }
1361 ++envlen;
1362
1363 /* printf("-> %2d: slots allocated\n", envlen); */
1364 env1 = malloc (sizeof(char *) * envlen); /* only once */
1365 if (env1 == NULL)
1366 {
1367 fprintf(stderr, _("%s: %d: Out of memory\n"), FIL__, __LINE__);
1368 SL_RET0(_("sh_unix_copyenv"));
1369 }
1370 env0 = environ;
1371 envlen = 0;
1372
[22]1373 while (env0 != NULL && env0[envlen] != NULL) {
1374 len = strlen(env0[envlen]) + 1;
1375 env1[envlen] = malloc (len); /* only once */
[1]1376 if (env1[envlen] == NULL)
1377 {
1378 fprintf(stderr, _("%s: %d: Out of memory\n"), FIL__, __LINE__);
1379 SL_RET0(_("sh_unix_copyenv"));
1380 }
[22]1381 sl_strlcpy(env1[envlen], env0[envlen], len);
[1]1382 ++envlen;
1383 }
1384 env1[envlen] = NULL;
1385
1386 environ = env1;
1387 SL_RET0(_("sh_unix_copyenv"));
1388}
1389
1390/* delete all environment variables
1391 */
1392static void sh_unix_zeroenv(void)
1393{
1394 char * c;
1395 char ** env;
1396
1397 SL_ENTER(_("sh_unix_zeroenv"));
1398
1399 sh_unix_copyenv();
1400 env = environ;
1401
1402 while (env != NULL && *env != NULL) {
1403 c = strchr ((*env), '=');
1404#ifdef WITH_MYSQL
1405 /*
1406 * Skip the MYSQL_UNIX_PORT environment variable; MySQL may need it.
1407 */
1408 if (0 == sl_strncmp((*env), _("MYSQL_UNIX_PORT="), 16))
1409 {
1410 ++(env);
1411 continue;
1412 }
[18]1413 if (0 == sl_strncmp((*env), _("MYSQL_TCP_PORT="), 15))
1414 {
1415 ++(env);
1416 continue;
1417 }
1418 if (0 == sl_strncmp((*env), _("MYSQL_HOME="), 11))
1419 {
1420 ++(env);
1421 continue;
1422 }
[1]1423#endif
1424#ifdef WITH_ORACLE
1425 /*
1426 * Skip the ORACLE_HOME environment variable; Oracle may need it.
1427 */
1428 if (0 == sl_strncmp((*env), _("ORACLE_HOME="), 12))
1429 {
1430 ++(env);
1431 continue;
1432 }
1433#endif
1434 /*
1435 * Skip the TZ environment variable.
1436 */
1437 if (0 == sl_strncmp((*env), _("TZ="), 3))
1438 {
1439 ++(env);
1440 continue;
1441 }
1442 ++(env);
1443 if (c != NULL)
1444 {
1445 ++c;
1446 while ((*c) != '\0') {
1447 (*c) = '\0';
1448 ++c;
1449 }
1450 }
1451 }
1452
[205]1453#ifdef HAVE_TZSET
1454 tzset();
1455#endif
1456
[1]1457 SL_RET0(_("sh_unix_zeroenv"));
1458}
1459
1460
1461static void sh_unix_resettimer(void)
1462{
1463 struct itimerval this_timer;
1464
1465 SL_ENTER(_("sh_unix_resettimer"));
1466
1467 this_timer.it_value.tv_sec = 0;
1468 this_timer.it_value.tv_usec = 0;
1469
1470 this_timer.it_interval.tv_sec = 0;
1471 this_timer.it_interval.tv_usec = 0;
1472
1473 setitimer(ITIMER_REAL, &this_timer, NULL);
1474#if !defined(SH_PROFILE)
1475 setitimer(ITIMER_VIRTUAL, &this_timer, NULL);
1476 setitimer(ITIMER_PROF, &this_timer, NULL);
1477#endif
1478
1479 SL_RET0(_("sh_unix_resettimer"));
1480}
1481
1482static void sh_unix_resetsignals(void)
1483{
1484 int sig_num;
1485#ifdef NSIG
1486 int max_sig = NSIG;
1487#else
1488 int max_sig = 255;
1489#endif
1490 int test;
1491 struct sigaction act, oldact;
1492 int status;
1493
1494 sigset_t set_proc;
1495
1496 SL_ENTER(_("sh_unix_resetsignals"));
1497 /*
1498 * Reset the current signal mask (inherited from parent process).
1499 */
1500
1501 sigfillset(&set_proc);
1502
1503 do {
1504 errno = 0;
1505 test = sigprocmask(SIG_UNBLOCK, &set_proc, NULL);
1506 } while (test < 0 && errno == EINTR);
1507
1508 /*
1509 * Reset signal handling.
1510 */
1511
1512 act.sa_handler = SIG_DFL; /* signal action */
1513 sigemptyset( &act.sa_mask ); /* set an empty mask */
1514 act.sa_flags = 0; /* init sa_flags */
1515
1516 for (sig_num = 1; sig_num <= max_sig; ++sig_num)
1517 {
1518#if !defined(SH_PROFILE)
1519 test = retry_sigaction(FIL__, __LINE__, sig_num, &act, &oldact);
1520#else
1521 test = 0;
1522#endif
1523 if ((test == -1) && (errno != EINVAL))
1524 {
[132]1525 char errbuf[SH_ERRBUF_SIZE];
[1]1526 status = errno;
1527 sh_error_handle ((-1), FIL__, __LINE__, status, MSG_W_SIG,
[132]1528 sh_error_message (status, errbuf, sizeof(errbuf)), sig_num);
[1]1529 }
1530 }
1531
1532 SL_RET0(_("sh_unix_resetsignals"));
1533}
1534
1535/* Get the local hostname (FQDN)
1536 */
1537#include <sys/socket.h>
1538
1539/* Required for BSD
1540 */
1541#ifdef HAVE_NETINET_IN_H
1542#include <netinet/in.h>
1543#endif
1544
1545#include <arpa/inet.h>
1546
[29]1547char * sh_unix_h_name (struct hostent * host_entry)
1548{
1549 char ** p;
1550 if (strchr(host_entry->h_name, '.')) {
1551 return host_entry->h_name;
1552 } else {
1553 for (p = host_entry->h_aliases; *p; ++p) {
1554 if (strchr(*p, '.'))
1555 return *p;
1556 }
1557 }
1558 return host_entry->h_name;
1559}
1560
[1]1561/* uname() on FreeBSD is broken, because the 'nodename' buf is too small
1562 * to hold a valid (leftmost) domain label.
1563 */
1564#if defined(HAVE_UNAME) && !defined(HOST_IS_FREEBSD)
1565#include <sys/utsname.h>
1566void sh_unix_localhost()
1567{
1568 struct utsname buf;
1569 struct hostent * he1;
1570 int i;
[170]1571 int ddot;
[1]1572 int len;
1573 char * p;
1574 char hostname[256];
1575
1576
1577 SL_ENTER(_("sh_unix_localhost"));
1578
1579 (void) uname (&buf);
[22]1580 /* flawfinder: ignore */ /* ff bug, ff sees system() */
[1]1581 sl_strlcpy (sh.host.system, buf.sysname, SH_MINIBUF);
1582 sl_strlcpy (sh.host.release, buf.release, SH_MINIBUF);
1583 sl_strlcpy (sh.host.machine, buf.machine, SH_MINIBUF);
1584
1585 /* Workaround for cases where nodename could be
1586 * a truncated FQDN.
1587 */
1588 if (strlen(buf.nodename) == (sizeof(buf.nodename)-1))
1589 {
1590 p = strchr(buf.nodename, '.');
1591 if (NULL != p) {
1592 *p = '\0';
1593 sl_strlcpy(hostname, buf.nodename, 256);
1594 } else {
1595#ifdef HAVE_GETHOSTNAME
1596 if (0 != gethostname(hostname, 256))
1597 {
1598 sh_error_handle(SH_ERR_WARN, FIL__, __LINE__, 0, MSG_E_SUBGEN,
1599 _("nodename returned by uname may be truncated"),
1600 _("sh_unix_localhost"));
1601 sl_strlcpy (hostname, buf.nodename, 256);
1602 }
1603 else
1604 {
1605 hostname[255] = '\0';
1606 }
1607#else
1608 sh_error_handle(SH_ERR_WARN, FIL__, __LINE__, 0, MSG_E_SUBGEN,
1609 _("nodename returned by uname may be truncated"),
1610 _("sh_unix_localhost"));
1611 sl_strlcpy(hostname, buf.nodename, 256);
1612#endif
1613 }
1614 }
1615 else
1616 {
1617 sl_strlcpy(hostname, buf.nodename, 256);
1618 }
1619
[134]1620 SH_MUTEX_LOCK(mutex_resolv);
[1]1621 he1 = sh_gethostbyname(hostname);
1622
[134]1623 if (he1 != NULL)
1624 {
1625 sl_strlcpy (sh.host.name, sh_unix_h_name(he1), SH_PATHBUF);
1626 }
1627 SH_MUTEX_UNLOCK(mutex_resolv);
1628
[1]1629 if (he1 == NULL)
1630 {
1631 dlog(1, FIL__, __LINE__,
1632 _("According to uname, your nodename is %s, but your resolver\nlibrary cannot resolve this nodename to a FQDN. For more information, see the entry about self-resolving under 'Most frequently' in the FAQ that you will find in the docs/ subdirectory.\n"),
1633 hostname);
1634 sl_strlcpy (sh.host.name, hostname, SH_PATHBUF);
1635 }
1636
1637
1638 /* check whether it looks like a FQDN
1639 */
1640 len = sl_strlen(sh.host.name);
[170]1641 ddot = 0;
[1]1642 for (i = 0; i < len; ++i)
1643 if (sh.host.name[i] == '.') ++ddot;
1644
1645 if (ddot == 0 && he1 != NULL)
1646 {
1647 dlog(1, FIL__, __LINE__,
1648 _("According to uname, your nodename is %s, but your resolver\nlibrary cannot resolve this nodename to a FQDN.\nRather, it resolves this to %s.\nFor more information, see the entry about self-resolving under\n'Most frequently' in the FAQ that you will find in the docs/ subdirectory.\n"),
1649 hostname, sh.host.name);
1650 sl_strlcpy (sh.host.name,
1651 inet_ntoa (*(struct in_addr *) he1->h_addr),
1652 SH_PATHBUF);
1653 SL_RET0(_("sh_unix_localhost"));
1654 }
1655
1656 if (is_numeric(sh.host.name))
1657 {
1658 dlog(1, FIL__, __LINE__,
1659 _("According to uname, your nodename is %s, but your resolver\nlibrary cannot resolve this nodename to a FQDN.\nRather, it resolves this to %s.\nFor more information, see the entry about self-resolving under\n'Most frequently' in the FAQ that you will find in the docs/ subdirectory.\n"),
1660 hostname, sh.host.name);
1661 }
1662
1663 SL_RET0(_("sh_unix_localhost"));
1664}
[217]1665
[1]1666#else
[217]1667
1668/*
1669 * --FreeBSD code
1670 */
1671#if defined(HAVE_UNAME)
1672#include <sys/utsname.h>
1673#endif
[1]1674void sh_unix_localhost()
1675{
[217]1676#if defined(HAVE_UNAME)
1677 struct utsname buf;
1678#endif
[1]1679 struct hostent * he1;
1680 int i;
[170]1681 int ddot;
[1]1682 int len;
1683 char hostname[1024];
1684
1685
1686 SL_ENTER(_("sh_unix_localhost"));
1687
[217]1688#if defined(HAVE_UNAME)
1689 (void) uname (&buf);
1690 /* flawfinder: ignore */ /* ff bug, ff sees system() */
1691 sl_strlcpy (sh.host.system, buf.sysname, SH_MINIBUF);
1692 sl_strlcpy (sh.host.release, buf.release, SH_MINIBUF);
1693 sl_strlcpy (sh.host.machine, buf.machine, SH_MINIBUF);
1694#endif
1695
[1]1696 (void) gethostname (hostname, 1024);
1697 hostname[1023] = '\0';
[134]1698
1699 SH_MUTEX_LOCK(mutex_resolv);
[1]1700 he1 = sh_gethostbyname(hostname);
1701
1702 if (he1 != NULL)
1703 {
[29]1704 sl_strlcpy (sh.host.name, sh_unix_h_name(he1), SH_PATHBUF);
[1]1705 }
[134]1706 SH_MUTEX_UNLOCK(mutex_resolv);
1707
1708 if (he1 == NULL)
[1]1709 {
1710 dlog(1, FIL__, __LINE__,
1711 _("According to gethostname, your nodename is %s, but your resolver\nlibrary cannot resolve this nodename to a FQDN.\nFor more information, see the entry about self-resolving under\n'Most frequently' in the FAQ that you will find in the docs/ subdirectory.\n"),
1712 hostname);
1713 sl_strlcpy (sh.host.name, _("localhost"), SH_PATHBUF);
1714 SL_RET0(_("sh_unix_localhost"));
1715 }
1716
1717 /* check whether it looks like a FQDN
1718 */
1719 len = sl_strlen(sh.host.name);
[170]1720 ddot = 0;
[1]1721 for (i = 0; i < len; ++i)
1722 if (sh.host.name[i] == '.') ++ddot;
1723 if (ddot == 0)
1724 {
1725 dlog(1, FIL__, __LINE__,
1726 _("According to uname, your nodename is %s, but your resolver\nlibrary cannot resolve this nodename to a FQDN.\nRather, it resolves this to %s.\nFor more information, see the entry about self-resolving under\n'Most frequently' in the FAQ that you will find in the docs/ subdirectory.\n"),
1727 hostname, sh.host.name);
1728 sl_strlcpy (sh.host.name,
1729 inet_ntoa (*(struct in_addr *) he1->h_addr),
1730 SH_PATHBUF);
1731 SL_RET0(_("sh_unix_localhost"));
1732 }
1733
1734 if (is_numeric(sh.host.name))
1735 {
1736 dlog(1, FIL__, __LINE__,
1737 _("According to uname, your nodename is %s, but your resolver\nlibrary cannot resolve this nodename to a FQDN.\nRather, it resolves this to %s.\nFor more information, see the entry about self-resolving under\n'Most frequently' in the FAQ that you will find in the docs/ subdirectory.\n"),
1738 hostname, sh.host.name);
1739 }
1740
1741 SL_RET0(_("sh_unix_localhost"));
1742}
1743#endif
1744
1745
1746void sh_unix_memlock()
1747{
1748 SL_ENTER(_("sh_unix_memlock"));
1749
1750 /* do this before dropping privileges
1751 */
1752#if defined(HAVE_MLOCK) && !defined(HAVE_BROKEN_MLOCK)
1753 if (skey->mlock_failed == SL_FALSE)
1754 {
[19]1755 if ( (-1) == sh_unix_mlock( FIL__, __LINE__,
1756 (char *) skey, sizeof (sh_key_t)) )
[1]1757 {
[134]1758 SH_MUTEX_LOCK_UNSAFE(mutex_skey);
[1]1759 skey->mlock_failed = SL_TRUE;
[134]1760 SH_MUTEX_UNLOCK_UNSAFE(mutex_skey);
[1]1761 }
1762 }
1763#else
1764 if (skey->mlock_failed == SL_FALSE)
1765 {
[134]1766 SH_MUTEX_LOCK_UNSAFE(mutex_skey);
[1]1767 skey->mlock_failed = SL_TRUE;
[134]1768 SH_MUTEX_UNLOCK_UNSAFE(mutex_skey);
[1]1769 }
1770#endif
1771
1772 SL_RET0(_("sh_unix_memlock"));
1773}
1774
1775#ifdef SH_WITH_SERVER
1776char * chroot_dir = NULL;
1777
[20]1778int sh_unix_set_chroot(const char * str)
[1]1779{
1780 size_t len;
1781 static int block = 0;
1782
1783 if (block == 1)
1784 return 0;
1785
1786 if (str && *str == '/')
1787 {
1788 len = strlen(str) + 1;
1789 chroot_dir = malloc(strlen(str) + 1); /* only once */
1790 if (!chroot_dir)
1791 {
1792 fprintf(stderr, _("%s: %d: Out of memory\n"), FIL__, __LINE__);
1793 return 1;
1794 }
1795 sl_strlcpy(chroot_dir, str, len);
1796 block = 1;
1797 return 0;
1798 }
1799 return 1;
1800}
1801
[170]1802int sh_unix_chroot(void)
[1]1803{
1804 int status;
1805
1806 if (chroot_dir != NULL)
1807 {
1808 status = retry_aud_chdir(FIL__, __LINE__, chroot_dir);
1809 if ( (-1) == status )
1810 {
[132]1811 char errbuf[SH_ERRBUF_SIZE];
[1]1812 status = errno;
1813 sh_error_handle ((-1), FIL__, __LINE__, status, MSG_W_CHDIR,
[132]1814 sh_error_message (status, errbuf, sizeof(errbuf)), chroot_dir);
[1]1815 aud_exit(FIL__, __LINE__, EXIT_FAILURE);
1816 }
[22]1817 /* flawfinder: ignore */
[1]1818 return (chroot(chroot_dir));
1819 }
1820 return 0;
1821}
1822/* #ifdef SH_WITH_SERVER */
1823#else
[170]1824int sh_unix_chroot(void) { return 0; }
[1]1825#endif
1826
1827/* daemon mode
1828 */
1829static int block_setdeamon = 0;
1830
[20]1831int sh_unix_setdeamon(const char * dummy)
[1]1832{
1833 int res = 0;
1834
1835 SL_ENTER(_("sh_unix_setdeamon"));
1836
1837 if (block_setdeamon != 0)
1838 SL_RETURN((0),_("sh_unix_setdeamon"));
1839
1840 if (dummy == NULL)
1841 sh.flag.isdaemon = ON;
1842 else
1843 res = sh_util_flagval (dummy, &sh.flag.isdaemon);
1844
1845 if (sh.flag.opts == S_TRUE)
1846 block_setdeamon = 1;
1847
1848 SL_RETURN(res, _("sh_unix_setdeamon"));
1849}
1850#if defined(HAVE_LIBPRELUDE)
1851#include "sh_prelude.h"
1852#endif
1853
[20]1854int sh_unix_setnodeamon(const char * dummy)
[1]1855{
1856 int res = 0;
[132]1857
[1]1858 SL_ENTER(_("sh_unix_setnodeamon"));
1859
1860 if (block_setdeamon != 0)
1861 SL_RETURN((0),_("sh_unix_setmodeamon"));
1862
1863 if (dummy == NULL)
1864 sh.flag.isdaemon = OFF;
1865 else
1866 res = sh_util_flagval (dummy, &sh.flag.isdaemon);
1867
1868 if (sh.flag.opts == S_TRUE)
1869 block_setdeamon = 1;
1870
1871 SL_RETURN(res, _("sh_unix_setnodeamon"));
1872}
1873
1874int sh_unix_init(int goDaemon)
1875{
1876 int status;
1877 uid_t uid;
1878 pid_t oldpid = getpid();
1879#if defined(SH_WITH_SERVER)
[170]1880 extern int sh_socket_open_int (void);
[1]1881#endif
[132]1882 char errbuf[SH_ERRBUF_SIZE];
[1]1883
1884 SL_ENTER(_("sh_unix_init"));
1885
1886 /* fork twice, exit the parent process
1887 */
1888 if (goDaemon == 1) {
1889
1890 switch (aud_fork(FIL__, __LINE__)) {
1891 case 0: break; /* child process continues */
1892 case -1: SL_RETURN((-1),_("sh_unix_init")); /* error */
1893 default: aud__exit(FIL__, __LINE__, 0); /* parent process exits */
1894 }
1895
1896 /* Child processes do not inherit page locks across a fork.
1897 * Error in next fork would return in this (?) thread of execution.
1898 */
1899 sh_unix_memlock();
1900
1901 setsid(); /* should not fail */
[162]1902 sh.pid = (UINT64) getpid();
[1]1903
1904 switch (aud_fork(FIL__, __LINE__)) {
1905 case 0: break; /* child process continues */
1906 case -1: SL_RETURN((-1),_("sh_unix_init")); /* error */
1907 default: aud__exit(FIL__, __LINE__, 0); /* parent process exits */
1908 }
1909
1910 /* Child processes do not inherit page locks across a fork.
1911 */
1912 sh_unix_memlock();
[162]1913 sh.pid = (UINT64) getpid();
[1]1914
1915 } else {
1916 setsid(); /* should not fail */
1917 }
1918
1919 /* set working directory
1920 */
1921#ifdef SH_PROFILE
1922 status = 0;
1923#else
1924 status = retry_aud_chdir(FIL__, __LINE__, "/");
1925#endif
1926 if ( (-1) == status )
1927 {
1928 status = errno;
1929 sh_error_handle ((-1), FIL__, __LINE__, status, MSG_W_CHDIR,
[132]1930 sh_error_message (status, errbuf, sizeof(errbuf)), "/");
[1]1931 aud_exit(FIL__, __LINE__, EXIT_FAILURE);
1932 }
1933
1934 /* reset timers
1935 */
1936 sh_unix_resettimer();
1937
1938 /* signal handlers
1939 */
1940 sh_unix_resetsignals();
1941#if defined(SCREW_IT_UP)
1942 sh_sigtrap_prepare();
1943#endif
1944 sh_unix_siginstall (goDaemon);
1945
1946 /* set file creation mask
1947 */
1948 (void) umask (0); /* should not fail */
1949
1950 /* set resource limits to maximum, and
1951 * core dump size to zero
1952 */
1953 sh_unix_setlimits();
1954
1955 /* zero out the environment (like PATH='\0')
1956 */
1957 sh_unix_zeroenv();
1958
1959 if (goDaemon == 1)
1960 {
[92]1961 /* Close first tree file descriptors
[84]1962 */
[92]1963 close (0); /* if running as daemon */
1964 close (1); /* if running as daemon */
1965 close (2); /* if running as daemon */
[84]1966
1967 /* Enable full error logging
1968 */
1969 sh_error_only_stderr (S_FALSE);
1970
1971 /* open first three streams to /dev/null
1972 */
1973 status = aud_open(FIL__, __LINE__, SL_NOPRIV, _("/dev/null"), O_RDWR, 0);
1974 if (status < 0)
1975 {
1976 status = errno;
1977 sh_error_handle((-1), FIL__, __LINE__, status, MSG_E_SUBGEN,
[132]1978 sh_error_message(status, errbuf, sizeof(errbuf)), _("open"));
[84]1979 aud_exit(FIL__, __LINE__, EXIT_FAILURE);
1980 }
1981
1982 status = retry_aud_dup(FIL__, __LINE__, 0);
1983 if (status >= 0)
1984 retry_aud_dup(FIL__, __LINE__, 0);
1985
1986 if (status < 0)
1987 {
1988 status = errno;
1989 sh_error_handle((-1), FIL__, __LINE__, status, MSG_E_SUBGEN,
[132]1990 sh_error_message(status, errbuf, sizeof(errbuf)), _("dup"));
[84]1991 aud_exit(FIL__, __LINE__, EXIT_FAILURE);
1992 }
1993
[86]1994 sh_error_enable_unsafe (S_TRUE);
[1]1995#if defined(HAVE_LIBPRELUDE)
1996 sh_prelude_reset ();
1997#endif
1998
1999 /* --- wait until parent has exited ---
2000 */
2001 while (1 == 1)
2002 {
2003 errno = 0;
2004 if (0 > aud_kill (FIL__, __LINE__, oldpid, 0) && errno == ESRCH)
2005 {
2006 break;
2007 }
2008 retry_msleep(0, 1);
2009 }
2010
2011 /* write PID file
2012 */
2013 status = sh_unix_write_pid_file();
2014 if (status < 0)
2015 {
2016 sl_get_euid(&uid);
2017 sh_error_handle ((-1), FIL__, __LINE__, status, MSG_PIDFILE,
2018 (long) uid, sh.srvlog.alt);
2019 aud_exit(FIL__, __LINE__, EXIT_FAILURE);
2020 }
2021#if defined(SH_WITH_SERVER)
2022 sh_socket_open_int ();
2023#endif
2024 }
2025 else
2026 {
[86]2027 sh_error_enable_unsafe (S_TRUE);
[1]2028#if defined(HAVE_LIBPRELUDE)
2029 sh_prelude_reset ();
2030#endif
2031#if defined(SH_WITH_SERVER)
2032 sh_socket_open_int ();
2033#endif
2034 }
2035
2036 /* chroot (this is a no-op if no chroot dir is specified
2037 */
2038 status = sh_unix_chroot();
2039 if (status < 0)
2040 {
2041 status = errno;
2042 sh_error_handle((-1), FIL__, __LINE__, status, MSG_E_SUBGEN,
[132]2043 sh_error_message(status, errbuf, sizeof(errbuf)), _("chroot"));
[1]2044 aud_exit(FIL__, __LINE__, EXIT_FAILURE);
2045 }
2046
2047 /* drop capabilities
2048 */
2049 sl_drop_cap();
2050
2051 SL_RETURN((0),_("sh_unix_init"));
2052}
2053
[197]2054/* --- run a command, securely --- */
2055
2056int sh_unix_run_command (const char * str)
2057{
2058 pid_t pid;
2059 char * arg[4];
2060 char * env[5];
2061 char * path = sh_util_strdup(_("/bin/sh"));
2062
2063 int status = -1;
2064
2065 arg[0] = sh_util_strdup(_("/bin/sh"));
2066 arg[1] = sh_util_strdup(_("-c"));
2067 arg[2] = sh_util_strdup(str);
2068 arg[3] = NULL;
2069
2070 env[0] = sh_util_strdup(_("PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/ucb"));
2071 env[1] = sh_util_strdup(_("SHELL=/bin/sh"));
2072 env[2] = sh_util_strdup(_("IFS= \t\n"));
[199]2073 if (getenv("TZ")) { /* flawfinder: ignore */
2074 char * tz = sh_util_strdup(getenv("TZ")); /* flawfinder: ignore */
2075 size_t tzlen = strlen(tz);
2076 if (SL_TRUE == sl_ok_adds (4, tzlen)) {
2077 env[3] = SH_ALLOC(4+tzlen);
[197]2078 sl_strlcpy(env[3], "TZ=", 4);
[199]2079 sl_strlcat(env[3], tz , 4+tzlen);
[197]2080 } else {
2081 env[3] = NULL;
2082 }
2083 } else {
2084 env[3] = NULL;
2085 }
2086 env[4] = NULL;
2087
2088 pid = fork();
2089
2090 if (pid == (pid_t)(-1))
2091 {
2092 return -1;
2093 }
2094
2095 else if (pid == 0) /* child */
2096 {
2097 memset(skey, 0, sizeof(sh_key_t));
2098 (void) umask(S_IRGRP|S_IWGRP|S_IXGRP|S_IROTH|S_IWOTH|S_IXOTH);
2099 sh_unix_closeall (3, -1, SL_TRUE); /* in child process */
2100 execve(path, arg, env);
2101 _exit(EXIT_FAILURE);
2102 }
2103
2104 else /* parent */
2105 {
2106 int r;
2107
[203]2108 while((r = waitpid(pid, &status, WUNTRACED)) != pid && r != -1) ;
[197]2109
[199]2110#if !defined(USE_UNO)
[197]2111 if (r == -1 || !WIFEXITED(status))
2112 {
2113 status = -1;
2114 }
2115 else
2116 {
2117 status = WEXITSTATUS(status);
2118 }
[199]2119#endif
[197]2120 }
2121
2122 return status;
2123}
2124
[1]2125/********************************************************
2126 *
2127 * TIME
2128 *
2129 ********************************************************/
2130
2131/* Figure out the time offset of the current timezone
2132 * in a portable way.
2133 */
2134char * t_zone(const time_t * xx)
2135{
2136 struct tm aa;
2137 struct tm bb;
2138 struct tm * cc;
2139 int sign = 0;
2140 int diff = 0;
2141 int hh, mm;
2142 static char tz[64];
2143
2144 SL_ENTER(_("t_zone"));
2145
[131]2146#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GMTIME_R)
2147 cc = gmtime_r (xx, &aa);
2148#else
[1]2149 cc = gmtime (xx);
2150 memcpy (&aa, cc, sizeof(struct tm));
[131]2151#endif
2152
2153#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_LOCALTIME_R)
2154 cc = localtime_r (xx, &bb);
2155#else
[1]2156 cc = localtime (xx);
2157 memcpy (&bb, cc, sizeof(struct tm));
[131]2158#endif
[1]2159
2160 /* Check for datum wrap-around.
2161 */
2162 if (aa.tm_year < bb.tm_year)
2163 sign = (-1);
2164 else if (aa.tm_mon < bb.tm_mon)
2165 sign = (-1);
2166 else if (aa.tm_mday < bb.tm_mday)
2167 sign = (-1);
2168 else if (bb.tm_year < aa.tm_year)
2169 sign = ( 1);
2170 else if (bb.tm_mon < aa.tm_mon)
2171 sign = ( 1);
2172 else if (bb.tm_mday < aa.tm_mday)
2173 sign = ( 1);
2174
2175 diff = aa.tm_hour * 60 + aa.tm_min;
2176 diff = (bb.tm_hour * 60 + bb.tm_min) - diff;
2177 diff = diff - (sign * 24 * 60); /* datum wrap-around correction */
2178 hh = diff / 60;
2179 mm = diff - (hh * 60);
2180 sprintf (tz, _("%+03d%02d"), hh, mm); /* known to fit */
2181
2182 SL_RETURN(tz, _("t_zone"));
2183}
2184
2185unsigned long sh_unix_longtime ()
2186{
2187 return ((unsigned long)time(NULL));
2188}
2189
2190#ifdef HAVE_GETTIMEOFDAY
2191unsigned long sh_unix_notime ()
2192{
2193 struct timeval tv;
2194
2195 gettimeofday (&tv, NULL);
2196
2197 return ((unsigned long)(tv.tv_sec + tv.tv_usec * 10835 + getpid() + getppid()));
2198
2199}
2200#endif
2201
2202static int count_dev_time = 0;
2203
2204void reset_count_dev_time(void)
2205{
2206 count_dev_time = 0;
2207 return;
2208}
2209
[22]2210int sh_unix_settimeserver (const char * address)
[1]2211{
2212
2213 SL_ENTER(_("sh_unix_settimeserver"));
2214
2215 if (address != NULL && count_dev_time < 2
2216 && sl_strlen(address) < SH_PATHBUF)
2217 {
2218 if (count_dev_time == 0)
2219 sl_strlcpy (sh.srvtime.name, address, SH_PATHBUF);
2220 else
2221 sl_strlcpy (sh.srvtime.alt, address, SH_PATHBUF);
2222
2223 ++count_dev_time;
2224 SL_RETURN((0), _("sh_unix_settimeserver"));
2225 }
2226 SL_RETURN((-1), _("sh_unix_settimeserver"));
2227}
2228
2229
2230#ifdef HAVE_NTIME
2231#define UNIXEPOCH 2208988800UL /* difference between Unix time and net time
2232 * The UNIX EPOCH starts in 1970.
2233 */
2234#include <sys/socket.h>
2235#include <netinet/in.h>
2236#include <arpa/inet.h>
2237#include <netdb.h>
2238#include <ctype.h>
2239#endif
2240
2241/* Timeserver service. */
2242/* define is missing on HP-UX 10.20 */
2243#ifndef IPPORT_TIMESERVER
2244#define IPPORT_TIMESERVER 37
2245#endif
2246
[132]2247char * sh_unix_time (time_t thetime, char * buffer, size_t len)
[1]2248{
2249
2250 int status;
[132]2251 char AsciiTime[81]; /* local time */
[1]2252 time_t time_now;
2253 struct tm * time_ptr;
[131]2254#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_LOCALTIME_R)
2255 struct tm time_tm;
2256#endif
[1]2257#ifdef SH_USE_XML
2258 static char deftime[] = N_("0000-00-00T00:00:00"); /* default time */
2259#else
2260 static char deftime[] = N_("[0000-00-00T00:00:00]"); /* default time */
2261#endif
2262
2263#ifdef HAVE_NTIME
2264 int fd; /* network file descriptor */
2265 u_char net_time[4]; /* remote time in network format */
2266 static int failerr = 0; /* no net time */
2267 int fail = 0; /* no net time */
2268 int errflag;
2269 char errmsg[256];
2270 char error_call[SH_MINIBUF];
2271 int error_num;
2272#endif
2273
2274 SL_ENTER(_("sh_unix_time"));
2275
2276#ifdef HAVE_NTIME
2277 if (thetime == 0)
2278 {
2279 if (sh.srvtime.name[0] == '\0')
2280 {
2281 fail = 1;
2282 (void) time (&time_now);
2283 }
2284 else /* have a timeserver address */
2285 {
2286 fd = connect_port_2 (sh.srvtime.name, sh.srvtime.alt,
2287 IPPORT_TIMESERVER,
2288 error_call, &error_num, errmsg, sizeof(errmsg));
2289 if (fd >= 0)
2290 {
2291 if (4 != read_port (fd, (char *) net_time, 4, &errflag, 2))
2292 {
2293 fail = 1;
2294 sh_error_handle ((-1), FIL__, __LINE__, errflag,
2295 MSG_E_NLOST,
2296 _("time"), sh.srvtime.name);
2297 }
2298 close(fd);
2299 }
2300 else
2301 {
2302 sh_error_handle ((-1), FIL__, __LINE__, error_num,
2303 MSG_E_NET, errmsg, error_call,
2304 _("time"), sh.srvtime.name);
2305 fail = 1;
2306 }
2307
2308 if (fail == 0)
2309 {
2310 time_now = ntohl(* (long *) net_time) - UNIXEPOCH;
2311 /* fprintf(stderr, "TIME IS %ld\n", time_now); */
2312 if (failerr == 1) {
2313 failerr = 0;
2314 sh_error_handle ((-1), FIL__, __LINE__, 0,
2315 MSG_E_NEST,
2316 _("time"), sh.srvtime.name);
2317 }
2318 }
2319 else
2320 {
2321 (void) time (&time_now);
2322 if (failerr == 0)
2323 {
2324 failerr = 1;
2325 sh_error_handle ((-1), FIL__, __LINE__, errflag,
2326 MSG_SRV_FAIL,
2327 _("time"), sh.srvtime.name);
2328 }
2329 }
2330 }
2331 }
2332 else
2333 {
2334 time_now = thetime;
2335 }
2336
2337 /* #ifdef HAVE_NTIME */
2338#else
2339
2340 if (thetime == 0)
2341 {
2342 (void) time (&time_now);
2343 }
2344 else
2345 {
2346 time_now = thetime;
2347 }
2348
2349 /* #ifdef HAVE_NTIME */
2350#endif
2351
[132]2352 if (time_now == (-1) )
2353 {
2354 sl_strlcpy(buffer, _(deftime), len);
2355 SL_RETURN(buffer, _("sh_unix_time"));
2356 }
[1]2357 else
[131]2358 {
2359#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_LOCALTIME_R)
2360 time_ptr = localtime_r (&time_now, &time_tm);
2361#else
2362 time_ptr = localtime (&time_now);
2363#endif
2364 }
[1]2365 if (time_ptr != NULL)
2366 {
[132]2367 status = strftime (AsciiTime, sizeof(AsciiTime),
[1]2368#ifdef SH_USE_XML
2369 _("%Y-%m-%dT%H:%M:%S%%s"),
2370#else
2371 _("[%Y-%m-%dT%H:%M:%S%%s]"),
2372#endif
2373 time_ptr);
2374
[132]2375 sl_snprintf(buffer, len, AsciiTime, t_zone(&time_now));
[1]2376
[132]2377 if ( (status == 0) || (status == sizeof(AsciiTime)) )
2378 {
2379 sl_strlcpy(buffer, _(deftime), len);
2380 SL_RETURN( buffer, _("sh_unix_time"));
2381 }
[1]2382 else
[132]2383 {
2384 SL_RETURN(buffer, _("sh_unix_time"));
2385 }
[1]2386 }
2387
2388 /* last resort
2389 */
[132]2390 sl_strlcpy(buffer, _(deftime), len);
2391 SL_RETURN( buffer, _("sh_unix_time"));
[1]2392}
2393
2394static int sh_unix_use_localtime = S_FALSE;
2395
2396/* whether to use localtime for file timesatams in logs
2397 */
[22]2398int sh_unix_uselocaltime (const char * c)
[1]2399{
2400 int i;
2401 SL_ENTER(_("sh_unix_uselocaltime"));
2402 i = sh_util_flagval(c, &(sh_unix_use_localtime));
2403
2404 SL_RETURN(i, _("sh_unix_uselocaltime"));
2405}
2406
[132]2407char * sh_unix_gmttime (time_t thetime, char * buffer, size_t len)
[1]2408{
2409
2410 int status;
2411
2412 struct tm * time_ptr;
[131]2413#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS)
2414 struct tm time_tm;
2415#endif
[132]2416 char AsciiTime[81]; /* GMT time */
[1]2417#ifdef SH_USE_XML
2418 static char deftime[] = N_("0000-00-00T00:00:00"); /* default time */
2419#else
2420 static char deftime[] = N_("[0000-00-00T00:00:00]"); /* default time */
2421#endif
2422
2423 SL_ENTER(_("sh_unix_gmttime"));
2424
2425 if (sh_unix_use_localtime == S_FALSE)
[131]2426 {
2427#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GMTIME_R)
2428 time_ptr = gmtime_r (&thetime, &time_tm);
2429#else
2430 time_ptr = gmtime (&thetime);
2431#endif
2432 }
[1]2433 else
[131]2434 {
2435#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_LOCALTIME_R)
2436 time_ptr = localtime_r (&thetime, &time_tm);
2437#else
2438 time_ptr = localtime (&thetime);
2439#endif
2440 }
[1]2441 if (time_ptr != NULL)
2442 {
2443 status = strftime (AsciiTime, 80,
2444#ifdef SH_USE_XML
2445 _("%Y-%m-%dT%H:%M:%S"),
2446#else
2447 _("[%Y-%m-%dT%H:%M:%S]"),
2448#endif
2449 time_ptr);
2450
[132]2451 if ( (status == 0) || (status == 80) )
2452 sl_strlcpy(buffer, _(deftime), len);
[1]2453 else
[132]2454 sl_strlcpy(buffer, AsciiTime, len);
2455 SL_RETURN( buffer, _("sh_unix_gmttime"));
[1]2456 }
2457
2458 /* last resort
2459 */
[132]2460 sl_strlcpy(buffer, _(deftime), len);
2461 SL_RETURN( buffer, _("sh_unix_gmttime"));
[1]2462}
2463
2464
[132]2465char * sh_unix_getUIDdir (int level, uid_t uid, char * out, size_t len)
[1]2466{
2467 struct passwd * tempres;
2468 int status = 0;
[131]2469#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWUID_R)
2470 struct passwd pwd;
2471 char buffer[SH_PWBUF_SIZE];
2472#endif
[132]2473 char errbuf[SH_ERRBUF_SIZE];
[1]2474
2475 SL_ENTER(_("sh_unix_getUIDdir"));
2476
[131]2477#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWUID_R)
2478 sh_getpwuid_r(uid, &pwd, buffer, sizeof(buffer), &tempres);
2479#else
[1]2480 errno = 0;
2481 tempres = sh_getpwuid(uid);
2482 status = errno;
[131]2483#endif
[1]2484
2485 if (tempres == NULL) {
2486 sh_error_handle (level, FIL__, __LINE__, EINVAL, MSG_E_PWNULL,
[132]2487 sh_error_message(status, errbuf, sizeof(errbuf)),
[1]2488 _("getpwuid"), (long) uid, _("completely missing"));
2489 SL_RETURN( NULL, _("sh_unix_getUIDdir"));
2490 }
2491
2492 if (tempres->pw_dir != NULL) {
[132]2493 sl_strlcpy(out, tempres->pw_dir, len);
2494 SL_RETURN( out, _("sh_unix_getUIDdir"));
[1]2495 } else {
2496 sh_error_handle (level, FIL__, __LINE__, EINVAL, MSG_E_PWNULL,
[132]2497 sh_error_message(status, errbuf, sizeof(errbuf)),
[1]2498 _("getpwuid"), (long) uid, _("pw_dir"));
2499 SL_RETURN( NULL, _("sh_unix_getUIDdir"));
2500 }
2501}
2502
[133]2503SH_MUTEX_STATIC(mutex_getUIDname, PTHREAD_MUTEX_INITIALIZER);
[132]2504
2505char * sh_unix_getUIDname (int level, uid_t uid, char * out, size_t len)
[1]2506{
2507 struct passwd * tempres;
[131]2508#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWUID_R)
2509 struct passwd pwd;
2510 char buffer[SH_PWBUF_SIZE];
2511#endif
[1]2512 int status = 0;
2513 static uid_t old_uid;
2514 static char name[32] = { '\0' };
[132]2515 char errbuf[SH_ERRBUF_SIZE];
[1]2516
2517 SL_ENTER(_("sh_unix_getUIDname"));
2518
2519 if ((uid == old_uid) && (name[0] != '\0')) {
[132]2520 out[0] = '\0';
[133]2521 SH_MUTEX_LOCK_UNSAFE(mutex_getUIDname);
[132]2522 if ((uid == old_uid) && (name[0] != '\0')) {
2523 sl_strlcpy(out, name, len);
2524 }
[133]2525 SH_MUTEX_UNLOCK_UNSAFE(mutex_getUIDname);
[132]2526 if (out[0] != '\0')
2527 SL_RETURN( out, _("sh_unix_getUIDname"));
[1]2528 }
2529
[131]2530#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWUID_R)
2531 sh_getpwuid_r(uid, &pwd, buffer, sizeof(buffer), &tempres);
2532#else
[1]2533 errno = 0;
2534 tempres = sh_getpwuid(uid);
2535 status = errno;
[131]2536#endif
[1]2537
2538 if (tempres == NULL) {
2539 sh_error_handle (level, FIL__, __LINE__, EINVAL, MSG_E_PWNULL,
[132]2540 sh_error_message(status, errbuf, sizeof(errbuf)),
[1]2541 _("getpwuid"), (long) uid, _("completely missing"));
2542 SL_RETURN( NULL, _("sh_unix_getUIDname"));
2543 }
2544
2545
2546 if (tempres->pw_name != NULL) {
[133]2547 SH_MUTEX_LOCK_UNSAFE(mutex_getUIDname);
[1]2548 sl_strlcpy(name, tempres->pw_name, sizeof(name));
2549 old_uid = uid;
[132]2550 sl_strlcpy(out, name, len);
[133]2551 SH_MUTEX_UNLOCK_UNSAFE(mutex_getUIDname);
[132]2552 SL_RETURN( out, _("sh_unix_getUIDname"));
[1]2553 } else {
2554 sh_error_handle (level, FIL__, __LINE__, EINVAL, MSG_E_PWNULL,
[132]2555 sh_error_message(status, errbuf, sizeof(errbuf)),
[1]2556 _("getpwuid"), (long) uid, _("pw_user"));
2557 SL_RETURN( NULL, _("sh_unix_getUIDname"));
2558 }
2559}
2560
[133]2561SH_MUTEX_STATIC(mutex_getGIDname, PTHREAD_MUTEX_INITIALIZER);
[132]2562
2563char * sh_unix_getGIDname (int level, gid_t gid, char * out, size_t len)
[1]2564{
2565 struct group * tempres;
2566 int status = 0;
2567 static gid_t old_gid;
2568 static char name[32] = { '\0' };
[131]2569#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETGRGID_R)
2570 struct group grp;
2571 char buffer[SH_GRBUF_SIZE];
2572#endif
[132]2573 char errbuf[SH_ERRBUF_SIZE];
[131]2574
[1]2575
2576 SL_ENTER(_("sh_unix_getGIDname"));
2577
2578 if ((gid == old_gid) && (name[0] != '\0')) {
[132]2579 out[0] = '\0';
[133]2580 SH_MUTEX_LOCK_UNSAFE(mutex_getGIDname);
[132]2581 if ((gid == old_gid) && (name[0] != '\0')) {
2582 sl_strlcpy(out, name, len);
2583 }
[133]2584 SH_MUTEX_UNLOCK_UNSAFE(mutex_getGIDname);
[132]2585 if (out[0] != '\0')
2586 SL_RETURN( out, _("sh_unix_getGIDname"));
[1]2587 }
[132]2588
[131]2589#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETGRGID_R)
2590 status = sh_getgrgid_r(gid, &grp, buffer, sizeof(buffer), &tempres);
2591#else
[1]2592 errno = 0;
2593 tempres = sh_getgrgid(gid);
2594 status = errno;
[131]2595#endif
[1]2596
2597 if (tempres == NULL) {
2598 sh_error_handle (level, FIL__, __LINE__, EINVAL, MSG_E_GRNULL,
[132]2599 sh_error_message(status, errbuf, sizeof(errbuf)),
[1]2600 _("getgrgid"), (long) gid, _("completely missing"));
2601
2602 SL_RETURN( NULL, _("sh_unix_getGIDname"));
2603 }
2604
2605 if (tempres->gr_name != NULL) {
[133]2606 SH_MUTEX_LOCK_UNSAFE(mutex_getGIDname);
[1]2607 sl_strlcpy(name, tempres->gr_name, sizeof(name));
2608 old_gid = gid;
[132]2609 sl_strlcpy(out, name, len);
[133]2610 SH_MUTEX_UNLOCK_UNSAFE(mutex_getGIDname);
[132]2611 SL_RETURN( out, _("sh_unix_getGIDname"));
[1]2612 } else {
2613 sh_error_handle (level, FIL__, __LINE__, EINVAL, MSG_E_GRNULL,
[132]2614 sh_error_message(status, errbuf, sizeof(errbuf)),
[1]2615 _("getgrgid"), (long) gid, _("gr_name"));
2616 SL_RETURN( NULL, _("sh_unix_getGIDname"));
2617 }
2618}
2619
2620int sh_unix_getUser ()
2621{
2622 char * p;
2623 uid_t seuid, sruid;
[132]2624 char user[USER_MAX];
2625 char dir[SH_PATHBUF];
[1]2626
2627 SL_ENTER(_("sh_unix_getUser"));
2628
2629 seuid = geteuid();
2630
2631 sh.effective.uid = seuid;
2632
[132]2633 p = sh_unix_getUIDdir (SH_ERR_ERR, seuid, dir, sizeof(dir));
[1]2634
2635 if (p == NULL)
2636 SL_RETURN((-1), _("sh_unix_getUser"));
2637 else
2638 {
2639 if (sl_strlen(p) >= SH_PATHBUF) {
2640 sh_error_handle (SH_ERR_ERR, FIL__, __LINE__, EINVAL, MSG_E_PWLONG,
2641 _("getpwuid"), (long) seuid, _("pw_home"));
2642 SL_RETURN((-1), _("sh_unix_getUser"));
2643 } else {
2644 sl_strlcpy ( sh.effective.home, p, SH_PATHBUF);
2645 }
2646 }
2647
2648 sruid = getuid();
2649
2650 sh.real.uid = sruid;
2651
[132]2652 p = sh_unix_getUIDname (SH_ERR_ERR, sruid, user, sizeof(user));
[1]2653 if (p == NULL)
2654 SL_RETURN((-1), _("sh_unix_getUser"));
2655 else
2656 {
2657 if (sl_strlen(p) >= USER_MAX) {
2658 sh_error_handle (SH_ERR_ERR, FIL__, __LINE__, EINVAL, MSG_E_PWLONG,
2659 _("getpwuid"), (long) sruid, _("pw_user"));
2660 SL_RETURN((-1), _("sh_unix_getUser"));
2661 } else {
2662 sl_strlcpy ( sh.real.user, p, USER_MAX);
2663 }
2664 }
2665
[132]2666 p = sh_unix_getUIDdir (SH_ERR_ERR, sruid, dir, sizeof(dir));
[1]2667
2668 if (p == NULL)
2669 SL_RETURN((-1), _("sh_unix_getUser"));
2670 else
2671 {
2672 if (sl_strlen(p) >= SH_PATHBUF) {
2673 sh_error_handle (SH_ERR_ERR, FIL__, __LINE__, EINVAL, MSG_E_PWLONG,
2674 _("getpwuid"), (long) sruid, _("pw_home"));
2675 SL_RETURN((-1), _("sh_unix_getUser"));
2676 } else {
2677 sl_strlcpy ( sh.real.home, p, SH_PATHBUF);
2678 }
2679 }
2680
2681 SL_RETURN((0), _("sh_unix_getUser"));
2682
2683 /* notreached */
2684}
2685
2686
2687int sh_unix_getline (SL_TICKET fd, char * line, int sizeofline)
2688{
2689 register int count;
2690 register int n = 0;
2691 char c;
2692
2693 SL_ENTER(_("sh_unix_getline"));
2694
2695 if (sizeofline < 2) {
[34]2696 line[0] = '\0';
[1]2697 SL_RETURN((0), _("sh_unix_getline"));
2698 }
2699
[34]2700 --sizeofline;
2701
[1]2702 while (n < sizeofline) {
2703
2704 count = sl_read (fd, &c, 1);
2705
2706 /* end of file
2707 */
2708 if (count < 1) {
2709 line[n] = '\0';
2710 n = -1;
2711 break;
2712 }
2713
2714 if (/* c != '\0' && */ c != '\n') {
2715 line[n] = c;
2716 ++n;
2717 } else if (c == '\n') {
2718 if (n > 0) {
2719 line[n] = '\0';
2720 break;
2721 } else {
2722 line[n] = '\n'; /* get newline only if only char on line */
2723 ++n;
2724 line[n] = '\0';
2725 break;
2726 }
2727 } else {
2728 line[n] = '\0';
2729 break;
2730 }
2731
2732 }
2733
2734
2735 line[sizeofline] = '\0'; /* make sure line is terminated */
2736 SL_RETURN((n), _("sh_unix_getline"));
2737}
2738
2739
2740#if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE)
2741
2742/**************************************************************
2743 *
2744 * --- FILE INFO ---
2745 *
2746 **************************************************************/
2747
[10]2748#if (defined(__linux__) && (defined(HAVE_LINUX_EXT2_FS_H) || defined(HAVE_EXT2FS_EXT2_FS_H))) || defined(HAVE_STAT_FLAGS)
[1]2749
[10]2750#if defined(__linux__)
[1]2751
2752/* --- Determine ext2fs file attributes. ---
2753 */
2754#include <sys/ioctl.h>
2755#if defined(HAVE_EXT2FS_EXT2_FS_H)
2756#include <ext2fs/ext2_fs.h>
2757#else
2758#include <linux/ext2_fs.h>
2759#endif
2760
[10]2761/* __linux__ includes */
2762#endif
2763
[1]2764static
2765int sh_unix_getinfo_attr (char * name,
2766 unsigned long * flags,
2767 char * c_attr,
[10]2768 int fd, struct stat * buf)
[1]2769{
2770
2771/* TAKEN FROM:
2772 *
2773 * lsattr.c - List file attributes on an ext2 file system
2774 *
2775 * Copyright (C) 1993, 1994 Remy Card <card@masi.ibp.fr>
2776 * Laboratoire MASI, Institut Blaise Pascal
2777 * Universite Pierre et Marie Curie (Paris VI)
2778 *
2779 * This file can be redistributed under the terms of the GNU General
2780 * Public License
2781 */
2782
2783#ifdef HAVE_STAT_FLAGS
2784
2785 SL_ENTER(_("sh_unix_getinfo_attr"));
2786
2787 *flags = 0;
2788
[10]2789 /* cast to void to avoid compiler warning about unused parameters */
2790 (void) fd;
2791 (void) name;
[1]2792
[10]2793#ifdef UF_NODUMP
2794 if (buf->st_flags & UF_NODUMP) {
2795 *flags |= UF_NODUMP;
2796 c_attr[0] = 'd';
2797 }
2798#endif
[1]2799#ifdef UF_IMMUTABLE
[10]2800 if (buf->st_flags & UF_IMMUTABLE) {
2801 *flags |= UF_IMMUTABLE;
2802 c_attr[1] = 'i';
2803 }
[1]2804#endif
2805#ifdef UF_APPEND
[10]2806 if (buf->st_flags & UF_APPEND) {
2807 *flags |= UF_APPEND;
2808 c_attr[2] = 'a';
2809 }
[1]2810#endif
[10]2811#ifdef UF_NOUNLINK
2812 if (buf->st_flags & UF_NOUNLINK) {
2813 *flags |= UF_NOUNLINK;
2814 c_attr[3] = 'u';
2815 }
[1]2816#endif
[10]2817#ifdef UF_OPAQUE
2818 if (buf->st_flags & UF_OPAQUE) {
2819 *flags |= UF_OPAQUE;
2820 c_attr[4] = 'o';
2821 }
2822#endif
2823#ifdef SF_ARCHIVED
2824 if (buf->st_flags & SF_ARCHIVED) {
2825 *flags |= SF_ARCHIVED;
2826 c_attr[5] = 'R';
2827 }
2828
2829#endif
2830#ifdef SF_IMMUTABLE
2831 if (buf->st_flags & SF_IMMUTABLE) {
2832 *flags |= SF_IMMUTABLE;
2833 c_attr[6] = 'I';
2834 }
2835#endif
2836#ifdef SF_APPEND
2837 if (buf->st_flags & SF_APPEND) {
2838 *flags |= SF_APPEND;
2839 c_attr[7] = 'A';
2840 }
2841#endif
2842#ifdef SF_NOUNLINK
2843 if (buf->st_flags & SF_NOUNLINK) {
2844 *flags |= SF_NOUNLINK;
2845 c_attr[8] = 'U';
2846 }
2847#endif
[1]2848
[10]2849 /* ! HAVE_STAT_FLAGS */
[1]2850#else
2851
2852#ifdef HAVE_EXT2_IOCTLS
2853 int /* fd, */ r, f;
2854
2855 SL_ENTER(_("sh_unix_getinfo_attr"));
2856
2857 *flags = 0;
[10]2858 (void) buf;
[1]2859
2860 /* open() -> aud_open() R.Wichmann
2861 fd = aud_open (FIL__, __LINE__, SL_YESPRIV, name, O_RDONLY|O_NONBLOCK, 0);
2862 */
2863
2864 if (fd == -1 || name == NULL)
2865 SL_RETURN(-1, _("sh_unix_getinfo_attr"));
2866
2867
2868 r = ioctl (fd, EXT2_IOC_GETFLAGS, &f);
2869 /* close (fd); */
2870
2871 if (r == -1)
2872 SL_RETURN(-1, _("sh_unix_getinfo_attr"));
2873
[10]2874 if (f == 0)
2875 SL_RETURN(0, _("sh_unix_getinfo_attr"));
2876
[1]2877 *flags = f;
2878
2879/* ! HAVE_EXT2_IOCTLS */
2880#else
2881
2882 SL_ENTER(_("sh_unix_getinfo_attr"));
2883
2884 *flags = 0; /* modified by R.Wichmann */
2885
2886/* ! HAVE_EXT2_IOCTLS */
2887#endif
2888/*
2889 * END
2890 *
2891 * lsattr.c - List file attributes on an ext2 file system
2892 */
2893
[10]2894 if (*flags == 0)
2895 goto theend;
2896
[1]2897#ifdef EXT2_SECRM_FL
2898 if ( (*flags & EXT2_SECRM_FL) != 0 ) c_attr[0] = 's';
2899#endif
2900#ifdef EXT2_UNRM_FL
2901 if ( (*flags & EXT2_UNRM_FL) != 0 ) c_attr[1] = 'u';
2902#endif
2903#ifdef EXT2_SYNC_FL
2904 if ( (*flags & EXT2_SYNC_FL) != 0 ) c_attr[2] = 'S';
2905#endif
2906#ifdef EXT2_IMMUTABLE_FL
2907 if ( (*flags & EXT2_IMMUTABLE_FL) != 0) c_attr[3] = 'i';
2908#endif
2909#ifdef EXT2_APPEND_FL
2910 if ( (*flags & EXT2_APPEND_FL) != 0 ) c_attr[4] = 'a';
2911#endif
2912#ifdef EXT2_NODUMP_FL
2913 if ( (*flags & EXT2_NODUMP_FL) != 0 ) c_attr[5] = 'd';
2914#endif
2915#ifdef EXT2_NOATIME_FL
2916 if ( (*flags & EXT2_NOATIME_FL) != 0) c_attr[6] = 'A';
2917#endif
2918#ifdef EXT2_COMPR_FL
2919 if ( (*flags & EXT2_COMPR_FL) != 0 ) c_attr[7] = 'c';
2920#endif
[10]2921
2922#ifdef EXT2_TOPDIR_FL
2923 if ( (*flags & EXT2_TOPDIR_FL) != 0 ) c_attr[8] = 'T';
[1]2924#endif
[10]2925#ifdef EXT2_DIRSYNC_FL
2926 if ( (*flags & EXT2_DIRSYNC_FL) != 0 ) c_attr[9] = 'D';
[1]2927#endif
[10]2928#ifdef EXT2_NOTAIL_FL
2929 if ( (*flags & EXT2_NOTAIL_FL) != 0 ) c_attr[10] = 't';
[1]2930#endif
[10]2931#ifdef EXT2_JOURNAL_DATA_FL
2932 if ( (*flags & EXT2_JOURNAL_DATA_FL) != 0) c_attr[11] = 'j';
[1]2933#endif
2934
[10]2935 theend:
2936 /* ext2 */
2937#endif
2938
[1]2939 c_attr[12] = '\0';
2940
2941 SL_RETURN(0, _("sh_unix_getinfo_attr"));
2942}
2943#else
2944static
2945int sh_unix_getinfo_attr (char * name,
2946 unsigned long * flags,
2947 char * c_attr,
[10]2948 int fd, struct stat * buf)
[1]2949{
2950 return 0;
2951}
2952
[10]2953/* defined(__linux__) || defined(HAVE_STAT_FLAGS) */
[1]2954#endif
2955
2956/* determine file type
2957 */
2958static
2959int sh_unix_getinfo_type (struct stat * buf,
2960 ShFileType * type,
2961 char * c_mode)
2962{
2963 SL_ENTER(_("sh_unix_getinfo_type"));
2964
2965 if ( S_ISREG(buf->st_mode) ) {
2966 (*type) = SH_FILE_REGULAR;
2967 c_mode[0] = '-';
2968 }
2969 else if ( S_ISLNK(buf->st_mode) ) {
2970 (*type) = SH_FILE_SYMLINK;
2971 c_mode[0] = 'l';
2972 }
2973 else if ( S_ISDIR(buf->st_mode) ) {
2974 (*type) = SH_FILE_DIRECTORY;
2975 c_mode[0] = 'd';
2976 }
2977 else if ( S_ISCHR(buf->st_mode) ) {
2978 (*type) = SH_FILE_CDEV;
2979 c_mode[0] = 'c';
2980 }
2981 else if ( S_ISBLK(buf->st_mode) ) {
2982 (*type) = SH_FILE_BDEV;
2983 c_mode[0] = 'b';
2984 }
2985 else if ( S_ISFIFO(buf->st_mode) ) {
2986 (*type) = SH_FILE_FIFO;
2987 c_mode[0] = '|';
2988 }
2989 else if ( S_ISSOCK(buf->st_mode) ) {
2990 (*type) = SH_FILE_SOCKET;
2991 c_mode[0] = 's';
2992 }
[40]2993 else if ( S_ISDOOR(buf->st_mode) ) {
2994 (*type) = SH_FILE_DOOR;
2995 c_mode[0] = 'D';
2996 }
2997 else if ( S_ISPORT(buf->st_mode) ) {
2998 (*type) = SH_FILE_PORT;
2999 c_mode[0] = 'P';
3000 }
[1]3001 else {
3002 (*type) = SH_FILE_UNKNOWN;
3003 c_mode[0] = '?';
3004 }
3005
3006 SL_RETURN(0, _("sh_unix_getinfo_type"));
3007}
3008
3009int sh_unix_get_ftype(char * fullpath)
3010{
[149]3011 char c_mode[CMODE_SIZE];
[1]3012 struct stat buf;
3013 ShFileType type;
3014 int res;
3015
3016 SL_ENTER(_("sh_unix_get_ftype"));
3017
3018 res = retry_lstat(FIL__, __LINE__, fullpath, &buf);
3019
3020 if (res < 0)
3021 SL_RETURN(SH_FILE_UNKNOWN, _("sh_unix_getinfo_type"));
3022
3023 sh_unix_getinfo_type (&buf, &type, c_mode);
3024
3025 SL_RETURN(type, _("sh_unix_get_ftype"));
3026}
3027
3028
3029static
3030int sh_unix_getinfo_mode (struct stat *buf,
3031 unsigned int * mode,
3032 char * c_mode)
3033{
3034
3035 SL_ENTER(_("sh_unix_getinfo_mode"));
3036
3037 (*mode) = buf->st_mode;
3038
3039 /* make 'ls'-like string */
3040
3041 if ( (buf->st_mode & S_IRUSR) != 0 ) c_mode[1] = 'r';
3042 if ( (buf->st_mode & S_IWUSR) != 0 ) c_mode[2] = 'w';
3043 if ( (buf->st_mode & S_IXUSR) != 0 ) {
3044 if ((buf->st_mode & S_ISUID) != 0 ) c_mode[3] = 's';
3045 else c_mode[3] = 'x';
3046 } else {
3047 if ((buf->st_mode & S_ISUID) != 0 ) c_mode[3] = 'S';
3048 }
3049
3050 if ( (buf->st_mode & S_IRGRP) != 0 ) c_mode[4] = 'r';
3051 if ( (buf->st_mode & S_IWGRP) != 0 ) c_mode[5] = 'w';
3052 if ( (buf->st_mode & S_IXGRP) != 0 ) {
3053 if ((buf->st_mode & S_ISGID) != 0 ) c_mode[6] = 's';
3054 else c_mode[6] = 'x';
3055 } else {
3056 if ((buf->st_mode & S_ISGID) != 0 ) c_mode[6] = 'S';
3057 }
3058
3059 if ( (buf->st_mode & S_IROTH) != 0 ) c_mode[7] = 'r';
3060 if ( (buf->st_mode & S_IWOTH) != 0 ) c_mode[8] = 'w';
3061#ifdef S_ISVTX /* not POSIX */
3062 if ( (buf->st_mode & S_IXOTH) != 0 ) {
3063 if ((buf->st_mode & S_ISVTX) != 0 ) c_mode[9] = 't';
3064 else c_mode[9] = 'x';
3065 } else {
3066 if ((buf->st_mode & S_ISVTX) != 0 ) c_mode[9] = 'T';
3067 }
3068#else
3069 if ( (buf->st_mode & S_IXOTH) != 0 ) c_mode[9] = 'x';
3070#endif
3071
3072 SL_RETURN(0, _("sh_unix_getinfo_mode"));
3073}
3074
3075
3076long IO_Limit = 0;
3077
3078void sh_unix_io_pause ()
3079{
3080 long runtime;
3081 float someval;
3082 unsigned long sometime;
3083
3084 if (IO_Limit == 0)
3085 {
3086 return;
3087 }
3088 else
3089 {
3090 runtime = (long) (time(NULL) - sh.statistics.time_start);
3091
3092 if (runtime > 0 && (long)(sh.statistics.bytes_hashed/runtime) > IO_Limit)
3093 {
3094 someval = sh.statistics.bytes_hashed - (IO_Limit * runtime);
3095 someval /= (float) IO_Limit;
3096 if (someval < 1.0)
3097 {
3098 someval *= 1000; /* milliseconds in a second */
3099 sometime = (unsigned long) someval;
3100 retry_msleep(0, sometime);
3101 }
3102 else
3103 {
3104 sometime = (unsigned long) someval;
3105 retry_msleep (sometime, 0);
3106 }
3107 }
3108 }
3109 return;
3110}
3111
[22]3112int sh_unix_set_io_limit (const char * c)
[1]3113{
3114 long val;
3115
3116 SL_ENTER(_("sh_unix_set_io_limit"));
3117
3118 val = strtol (c, (char **)NULL, 10);
3119 if (val < 0)
3120 sh_error_handle ((-1), FIL__, __LINE__, EINVAL, MSG_EINVALS,
3121 _("set I/O limit"), c);
3122
3123 val = (val < 0 ? 0 : val);
3124
3125 IO_Limit = val * 1024;
3126 SL_RETURN( 0, _("sh_unix_set_io_limit"));
3127}
3128
3129/* obtain file info
3130 */
3131extern int flag_err_debug;
3132
3133#include "sh_ignore.h"
3134
[19]3135int sh_unix_checksum_size (char * filename, struct stat * fbuf,
[133]3136 char * fileHash, int alert_timeout, SL_TICKET fd)
[19]3137{
3138 file_type tmpFile;
3139 int status;
3140
3141 SL_ENTER(_("sh_unix_checksum_size"));
3142
[169]3143 tmpFile.link_path = NULL;
3144
[59]3145 if (sh.flag.checkSum != SH_CHECK_INIT)
3146 {
3147 /* lookup file in database */
3148 status = sh_hash_get_it (filename, &tmpFile);
3149 if (status != 0) {
3150 goto out;
3151 }
3152 }
3153 else
3154 {
3155 tmpFile.size = fbuf->st_size;
3156 }
[19]3157
3158 /* if last < current get checksum */
3159 if (tmpFile.size < fbuf->st_size)
3160 {
[133]3161 char hashbuf[KEYBUF_SIZE];
[153]3162 UINT64 local_length = (UINT64) (tmpFile.size < 0 ? 0 : tmpFile.size);
[22]3163 sl_strlcpy(fileHash,
[153]3164 sh_tiger_generic_hash (filename, fd, &(local_length),
[133]3165 alert_timeout, hashbuf, sizeof(hashbuf)),
[59]3166 KEY_LEN+1);
[68]3167
[107]3168 /* return */
[167]3169 if (tmpFile.link_path) SH_FREE(tmpFile.link_path);
[19]3170 SL_RETURN( 0, _("sh_unix_checksum_size"));
3171 }
3172
3173 out:
[167]3174 if (tmpFile.link_path) SH_FREE(tmpFile.link_path);
[93]3175 sl_strlcpy(fileHash, SH_KEY_NULL, KEY_LEN+1);
[19]3176 SL_RETURN( -1, _("sh_unix_checksum_size"));
3177}
3178
[68]3179int sh_unix_check_selinux = S_FALSE;
3180int sh_unix_check_acl = S_FALSE;
3181
3182#ifdef USE_ACL
3183
3184#include <sys/acl.h>
3185static char * sh_unix_getinfo_acl (char * path, int fd, struct stat * buf)
3186{
3187 /* system.posix_acl_access, system.posix_acl_default
3188 */
3189 char * out = NULL;
3190 char * collect = NULL;
3191 char * tmp;
3192 char * out_compact;
3193 ssize_t len;
3194 acl_t result;
3195
3196 SL_ENTER(_("sh_unix_getinfo_acl"));
3197
3198 result = (fd == -1) ?
3199 acl_get_file (path, ACL_TYPE_ACCESS) :
3200 acl_get_fd (fd);
3201
3202 if (result)
3203 {
3204 out = acl_to_text (result, &len);
3205 if (out && (len > 0)) {
3206 out_compact = sh_util_acl_compact (out, len);
3207 acl_free(out);
3208 if (out_compact)
3209 {
3210 collect = sh_util_strconcat (_("acl_access:"), out_compact, NULL);
3211 SH_FREE(out_compact);
3212 }
3213 }
3214 acl_free(result);
3215 }
3216
3217
3218 if ( S_ISDIR(buf->st_mode) )
3219 {
3220 result = acl_get_file (path, ACL_TYPE_DEFAULT);
3221
3222 if (result)
3223 {
3224 out = acl_to_text (result, &len);
3225 if (out && (len > 0)) {
3226 out_compact = sh_util_acl_compact (out, len);
3227 acl_free(out);
3228 if (out_compact) {
3229 if (collect) {
3230 tmp = sh_util_strconcat (_("acl_default:"),
3231 out_compact, ":", collect, NULL);
3232 SH_FREE(collect);
3233 }
3234 else {
3235 tmp = sh_util_strconcat (_("acl_default:"), out_compact, NULL);
3236 }
3237 SH_FREE(out_compact);
3238 collect = tmp;
3239 }
3240 }
3241 acl_free(result);
3242 }
3243 }
3244
3245 SL_RETURN((collect),_("sh_unix_getinfo_acl"));
3246}
3247#endif
3248
3249#ifdef USE_XATTR
3250
3251#include <attr/xattr.h>
3252static char * sh_unix_getinfo_xattr_int (char * path, int fd, char * name)
3253{
3254 char * out = NULL;
3255 char * tmp = NULL;
3256 size_t size = 256;
3257 ssize_t result;
3258
3259 SL_ENTER(_("sh_unix_getinfo_xattr_int"));
3260
3261 out = SH_ALLOC(size);
3262
3263 result = (fd == -1) ?
3264 lgetxattr (path, name, out, size-1) :
3265 fgetxattr (fd, name, out, size-1);
3266
3267 if (result == -1 && errno == ERANGE)
3268 {
3269 SH_FREE(out);
3270 result = (fd == -1) ?
3271 lgetxattr (path, name, NULL, 0) :
3272 fgetxattr (fd, name, NULL, 0);
3273 size = result + 1;
3274 out = SH_ALLOC(size);
3275 result = (fd == -1) ?
3276 lgetxattr (path, name, out, size-1) :
3277 fgetxattr (fd, name, out, size-1);
3278 }
3279
3280 if ((result > 0) && ((size_t)result < size))
3281 {
3282 out[size-1] = '\0';
3283 tmp = out;
3284 }
3285 else
3286 {
3287 SH_FREE(out);
3288 }
3289
3290 SL_RETURN((tmp),_("sh_unix_getinfo_xattr_int"));
3291}
3292
3293
3294static char * sh_unix_getinfo_xattr (char * path, int fd, struct stat * buf)
3295{
3296 /* system.posix_acl_access, system.posix_acl_default, security.selinux
3297 */
3298 char * tmp;
3299 char * out = NULL;
3300 char * collect = NULL;
3301
3302 SL_ENTER(_("sh_unix_getinfo_xattr"));
3303
3304#ifdef USE_ACL
3305 /*
3306 * we need the acl_get_fd/acl_get_file functions, getxattr will only
3307 * yield the raw bytes
3308 */
3309 if (sh_unix_check_acl == S_TRUE)
3310 {
3311 out = sh_unix_getinfo_acl(path, fd, buf);
3312
3313 if (out)
3314 {
3315 collect = out;
3316 }
3317 }
3318#endif
3319
[105]3320 if (sh_unix_check_selinux == S_TRUE)
3321 {
3322 out = sh_unix_getinfo_xattr_int(path, fd, _("security.selinux"));
[68]3323
[105]3324 if (out)
3325 {
3326 if (collect) {
3327 tmp = sh_util_strconcat(_("selinux:"), out, ":", collect, NULL);
3328 SH_FREE(collect);
3329 }
3330 else {
3331 tmp = sh_util_strconcat(_("selinux:"), out, NULL);
3332 }
3333 SH_FREE(out);
3334 collect = tmp;
3335 }
[68]3336 }
3337
3338 SL_RETURN((collect),_("sh_unix_getinfo_xattr"));
3339}
3340#endif
3341
3342#ifdef USE_XATTR
3343int sh_unix_setcheckselinux (const char * c)
3344{
3345 int i;
3346 SL_ENTER(_("sh_unix_setcheckselinux"));
3347 i = sh_util_flagval(c, &(sh_unix_check_selinux));
3348
3349 SL_RETURN(i, _("sh_unix_setcheckselinux"));
3350}
3351#endif
3352
3353#ifdef USE_ACL
3354int sh_unix_setcheckacl (const char * c)
3355{
3356 int i;
3357 SL_ENTER(_("sh_unix_setcheckacl"));
3358 i = sh_util_flagval(c, &(sh_unix_check_acl));
3359
3360 SL_RETURN(i, _("sh_unix_setcheckacl"));
3361}
3362#endif
3363
[169]3364#ifdef HAVE_LIBZ
3365#include <zlib.h>
3366#endif
3367
[1]3368int sh_unix_getinfo (int level, char * filename, file_type * theFile,
3369 char * fileHash, int policy)
3370{
3371 char timestr[81];
3372 long runtim;
3373 struct stat buf;
3374 struct stat lbuf;
3375 struct stat fbuf;
3376 int stat_return;
[192]3377 int stat_errno = 0;
[8]3378
[1]3379 ShFileType type;
3380 unsigned int mode;
3381 char * tmp;
3382 char * tmp2;
[8]3383
[1]3384 char * linknamebuf;
3385 int linksize;
3386
3387 extern int get_the_fd (SL_TICKET ticket);
3388
3389 SL_TICKET rval_open;
[192]3390 int err_open = 0;
3391
[1]3392 int fd;
3393 int fstat_return;
[192]3394 int fstat_errno = 0;
3395
[167]3396 sh_string * content = NULL;
3397
[1]3398 time_t tend;
3399 time_t tstart;
3400
3401
3402 char * path = NULL;
3403
3404 int alert_timeout = 120;
3405
3406 path = theFile->fullpath;
3407
3408 SL_ENTER(_("sh_unix_getinfo"));
3409
3410 /* --- Stat the file, and get checksum. ---
3411 */
3412 tstart = time(NULL);
[8]3413
[1]3414 stat_return = retry_lstat (FIL__, __LINE__,
3415 path /* theFile->fullpath */, &buf);
3416
[192]3417 if (stat_return)
3418 stat_errno = errno;
3419
[8]3420 fd = -1;
3421 fstat_return = -1;
3422 rval_open = -1;
3423
[167]3424 theFile->link_path = NULL;
3425
[1]3426 if (stat_return == 0 && S_ISREG(buf.st_mode))
3427 {
3428 rval_open = sl_open_fastread (path /* theFile->fullpath */, SL_YESPRIV);
[192]3429 if (SL_ISERROR(rval_open))
3430 err_open = errno;
[1]3431
3432 alert_timeout = 120; /* this is per 8K block now ! */
3433
[8]3434 if (path[1] == 'p' && path[5] == '/' && path[2] == 'r' &&
3435 path[3] == 'o' && path[4] == 'c' && path[0] == '/')
[1]3436 {
3437 /* seven is magic */
3438 alert_timeout = 7;
3439 }
[8]3440
3441 fd = get_the_fd(rval_open);
[1]3442 }
3443
3444 tend = time(NULL);
3445
3446 /* An unprivileged user may slow lstat/open to a crawl
3447 * with clever path/symlink setup
3448 */
3449 if ((tend - tstart) > (time_t) /* 60 */ 6)
3450 {
3451 tmp2 = sh_util_safe_name (theFile->fullpath);
3452 sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_FI_TOOLATE,
3453 (long)(tend - tstart), tmp2);
3454 SH_FREE(tmp2);
3455 }
[8]3456
[1]3457 if (fd >= 0)
[192]3458 {
3459 fstat_return = retry_fstat (FIL__, __LINE__, fd, &fbuf);
3460 if (fstat_return)
3461 fstat_errno = errno;
3462 }
[1]3463 else
[192]3464 {
3465 fd = -1;
3466 }
[8]3467
[1]3468
3469 /* --- case 1: lstat failed ---
3470 */
3471 if (stat_return != 0)
3472 {
3473 stat_return = errno;
3474 if (!SL_ISERROR(rval_open))
3475 sl_close(rval_open);
3476 if (sh.flag.checkSum == SH_CHECK_INIT ||
3477 (sh_hash_have_it (theFile->fullpath) >= 0 &&
[114]3478 (!SH_FFLAG_REPORTED_SET(theFile->file_reported))))
[1]3479 {
3480 if (S_FALSE == sh_ignore_chk_del(theFile->fullpath)) {
[132]3481 char errbuf[SH_ERRBUF_SIZE];
[192]3482 uid_t euid;
3483 (void) sl_get_euid(&euid);
[1]3484 tmp2 = sh_util_safe_name (theFile->fullpath);
[192]3485 sh_error_handle (level, FIL__, __LINE__, stat_return, MSG_FI_STAT,
3486 _("lstat"),
3487 sh_error_message (stat_errno, errbuf, sizeof(errbuf)),
3488 (long) euid,
[132]3489 tmp2);
[1]3490 SH_FREE(tmp2);
3491 }
3492 }
3493 SL_RETURN((-1),_("sh_unix_getinfo"));
3494 }
3495
[8]3496 /* --- case 2: not a regular file ---
[1]3497 */
3498 else if (! S_ISREG(buf.st_mode))
3499 {
3500 if (fileHash != NULL)
[93]3501 sl_strlcpy(fileHash, SH_KEY_NULL, KEY_LEN+1);
[1]3502 }
3503
3504 /* --- case 3a: a regular file, fstat ok ---
3505 */
3506 else if (fstat_return == 0 &&
3507 buf.st_mode == fbuf.st_mode &&
3508 buf.st_ino == fbuf.st_ino &&
3509 buf.st_uid == fbuf.st_uid &&
3510 buf.st_gid == fbuf.st_gid &&
3511 buf.st_dev == fbuf.st_dev )
3512 {
3513 if (fileHash != NULL)
3514 {
3515 if ((theFile->check_mask & MODI_CHK) == 0)
3516 {
[93]3517 sl_strlcpy(fileHash, SH_KEY_NULL, KEY_LEN+1);
[1]3518 }
[19]3519 else if ((theFile->check_mask & MODI_PREL) != 0 &&
[1]3520 S_TRUE == sh_prelink_iself(rval_open, fbuf.st_size,
[102]3521 alert_timeout, theFile->fullpath))
[1]3522 {
3523 if (0 != sh_prelink_run (theFile->fullpath,
3524 fileHash, alert_timeout))
[93]3525 sl_strlcpy(fileHash, SH_KEY_NULL, KEY_LEN+1);
[1]3526 }
3527 else
3528 {
[133]3529 char hashbuf[KEYBUF_SIZE];
[151]3530 UINT64 length_nolim = TIGER_NOLIM;
[167]3531
[170]3532 if (MODI_TXT_ENABLED(theFile->check_mask) && fbuf.st_size < (10 * SH_TXT_MAX))
[167]3533 {
3534 sl_init_content (rval_open, fbuf.st_size);
3535 }
3536
[22]3537 sl_strlcpy(fileHash,
3538 sh_tiger_generic_hash (theFile->fullpath,
[151]3539 rval_open, &length_nolim,
[133]3540 alert_timeout,
3541 hashbuf, sizeof(hashbuf)),
[22]3542 KEY_LEN+1);
[167]3543
3544 content = sl_get_content(rval_open);
[169]3545 content = sh_string_copy(content);
[167]3546
[19]3547 if ((theFile->check_mask & MODI_SGROW) != 0)
3548 {
[151]3549 fbuf.st_size = (off_t) length_nolim;
3550 buf.st_size = fbuf.st_size;
[19]3551 sl_rewind(rval_open);
3552 sh_unix_checksum_size (theFile->fullpath, &fbuf,
3553 &fileHash[KEY_LEN + 1],
[133]3554 alert_timeout, rval_open);
[19]3555 }
[1]3556 }
3557 }
3558 }
3559
3560 /* --- case 3b: a regular file, fstat ok, but different ---
3561 */
3562 else if (fstat_return == 0 && S_ISREG(fbuf.st_mode))
3563 {
3564 memcpy (&buf, &fbuf, sizeof( struct stat ));
3565
3566 if (fileHash != NULL)
3567 {
3568 if ((theFile->check_mask & MODI_CHK) == 0)
3569 {
[93]3570 sl_strlcpy(fileHash, SH_KEY_NULL, KEY_LEN+1);
[1]3571 }
3572 else if (policy == SH_LEVEL_PRELINK &&
3573 S_TRUE == sh_prelink_iself(rval_open, fbuf.st_size,
[102]3574 alert_timeout, theFile->fullpath))
[1]3575 {
3576 if (0 != sh_prelink_run (theFile->fullpath,
3577 fileHash, alert_timeout))
[93]3578 sl_strlcpy(fileHash, SH_KEY_NULL, KEY_LEN+1);
[1]3579 }
3580 else
3581 {
[133]3582 char hashbuf[KEYBUF_SIZE];
[151]3583 UINT64 length_nolim = TIGER_NOLIM;
[167]3584
[170]3585 if (MODI_TXT_ENABLED(theFile->check_mask) && fbuf.st_size < (10 * SH_TXT_MAX))
[167]3586 {
3587 sl_init_content (rval_open, fbuf.st_size);
3588 }
3589
[1]3590 sl_strlcpy(fileHash,
[133]3591 sh_tiger_generic_hash (theFile->fullpath, rval_open,
[151]3592 &length_nolim,
[133]3593 alert_timeout,
3594 hashbuf, sizeof(hashbuf)),
[1]3595 KEY_LEN + 1);
[167]3596
3597 content = sl_get_content(rval_open);
[169]3598 content = sh_string_copy(content);
[167]3599
[19]3600 if ((theFile->check_mask & MODI_SGROW) != 0)
3601 {
[151]3602 fbuf.st_size = (off_t) length_nolim;
3603 buf.st_size = fbuf.st_size;
[19]3604 sl_rewind(rval_open);
3605 sh_unix_checksum_size (theFile->fullpath, &fbuf,
3606 &fileHash[KEY_LEN + 1],
[133]3607 alert_timeout, rval_open);
[19]3608 }
[1]3609 }
3610 }
3611 }
3612
3613 /* --- case 4: a regular file, fstat failed ---
3614 */
3615
[192]3616 else /* fstat_return != 0 or !S_ISREG(fbuf.st_mode) or open() failed */
[1]3617 {
[185]3618 uid_t euid;
[192]3619
[1]3620 if (fileHash != NULL)
[93]3621 sl_strlcpy(fileHash, SH_KEY_NULL, KEY_LEN+1);
[1]3622
[65]3623 if ((theFile->check_mask & MODI_CHK) != 0)
3624 {
3625 tmp2 = sh_util_safe_name (theFile->fullpath);
[185]3626
[200]3627
3628 if (fd >= 0 && fstat_return != 0)
[185]3629 {
[192]3630 char errbuf[SH_ERRBUF_SIZE];
[185]3631 (void) sl_get_euid(&euid);
[192]3632
3633 sh_error_handle (level, FIL__, __LINE__, stat_return, MSG_FI_STAT,
3634 _("fstat"),
3635 sh_error_message (fstat_errno, errbuf, sizeof(errbuf)),
3636 (long) euid,
3637 tmp2);
[185]3638 }
[200]3639 else if (fd >= 0 && !S_ISREG(fbuf.st_mode))
[185]3640 {
[192]3641 sh_error_handle (level, FIL__, __LINE__, fstat_errno,
[185]3642 MSG_E_NOTREG, tmp2);
3643 }
3644 else
3645 {
[192]3646 char errbuf[SH_ERRBUF_SIZE];
3647 char errbuf2[SH_ERRBUF_SIZE];
3648 sl_strlcpy(errbuf, sl_error_string(rval_open), sizeof(errbuf));
3649 sh_error_message(err_open, errbuf2, sizeof(errbuf2));
3650 sh_error_handle (level, FIL__, __LINE__, err_open,
3651 MSG_E_READ, errbuf, errbuf2, tmp2);
[185]3652 }
[65]3653 SH_FREE(tmp2);
3654 }
[1]3655 }
3656
3657
3658 /* --- Determine file type. ---
3659 */
[149]3660 memset (theFile->c_mode, '-', CMODE_SIZE-1);
3661 theFile->c_mode[CMODE_SIZE-1] = '\0';
[8]3662
[149]3663 memset (theFile->link_c_mode, '-', CMODE_SIZE-1);
3664 theFile->link_c_mode[CMODE_SIZE-1] = '\0';
[1]3665
3666 sh_unix_getinfo_type (&buf, &type, theFile->c_mode);
3667 theFile->type = type;
3668
[10]3669#if defined(__linux__) || defined(HAVE_STAT_FLAGS)
[1]3670
3671 /* --- Determine file attributes. ---
3672 */
[149]3673 memset (theFile->c_attributes, '-', ATTRBUF_SIZE);
3674 theFile->c_attributes[ATTRBUF_USED] = '\0';
[1]3675 theFile->attributes = 0;
3676
3677 if (theFile->c_mode[0] != 'c' && theFile->c_mode[0] != 'b' &&
3678 theFile->c_mode[0] != 'l' )
3679 sh_unix_getinfo_attr(theFile->fullpath,
[10]3680 &theFile->attributes, theFile->c_attributes,
3681 fd, &buf);
[1]3682#endif
3683
[105]3684#if defined(USE_XATTR) && defined(USE_ACL)
3685 if (sh_unix_check_selinux == S_TRUE || sh_unix_check_acl == S_TRUE)
3686 theFile->attr_string = sh_unix_getinfo_xattr (theFile->fullpath, fd, &buf);
3687#elif defined(USE_XATTR)
[68]3688 if (sh_unix_check_selinux == S_TRUE)
3689 theFile->attr_string = sh_unix_getinfo_xattr (theFile->fullpath, fd, &buf);
3690#elif defined(USE_ACL)
3691 if (sh_unix_check_acl == S_TRUE)
3692 theFile->attr_string = sh_unix_getinfo_acl (theFile->fullpath, fd, &buf);
3693#else
3694 theFile->attr_string = NULL;
3695#endif
3696
[1]3697 if (!SL_ISERROR(rval_open))
3698 sl_close(rval_open);
3699
3700
3701 /* --- I/O limit. ---
3702 */
3703 if (IO_Limit > 0)
3704 {
3705 runtim = (long) (time(NULL) - sh.statistics.time_start);
3706
3707 if (runtim > 0 && (long)(sh.statistics.bytes_hashed/runtim) > IO_Limit)
3708 retry_msleep(1, 0);
3709 }
3710
3711 /* --- Determine permissions. ---
3712 */
3713 sh_unix_getinfo_mode (&buf, &mode, theFile->c_mode);
3714
3715 /* --- Trivia. ---
3716 */
3717 theFile->dev = buf.st_dev;
3718 theFile->ino = buf.st_ino;
3719 theFile->mode = buf.st_mode;
3720 theFile->hardlinks = buf.st_nlink;
3721 theFile->owner = buf.st_uid;
3722 theFile->group = buf.st_gid;
3723 theFile->rdev = buf.st_rdev;
3724 theFile->size = buf.st_size;
3725 theFile->blksize = (unsigned long) buf.st_blksize;
3726 theFile->blocks = (unsigned long) buf.st_blocks;
3727 theFile->atime = buf.st_atime;
3728 theFile->mtime = buf.st_mtime;
3729 theFile->ctime = buf.st_ctime;
3730
3731
3732 /* --- Owner and group. ---
3733 */
3734
[132]3735 if (NULL == sh_unix_getGIDname(SH_ERR_ALL, buf.st_gid, theFile->c_group, GROUP_MAX+1)) {
[1]3736
3737 tmp2 = sh_util_safe_name (theFile->fullpath);
3738
3739 if (policy == SH_LEVEL_ALLIGNORE)
3740 {
3741 sh_error_handle (SH_ERR_ALL, FIL__, __LINE__, ENOENT,
3742 MSG_FI_NOGRP,
3743 (long) buf.st_gid, tmp2);
3744 }
3745 else
3746 {
3747 sh_error_handle (ShDFLevel[SH_ERR_T_NAME], FIL__, __LINE__, ENOENT,
3748 MSG_FI_NOGRP,
3749 (long) buf.st_gid, tmp2);
3750 }
3751 SH_FREE(tmp2);
3752 sl_snprintf(theFile->c_group, GROUP_MAX+1, "%d", (long) buf.st_gid);
3753 }
3754
3755
[137]3756 if (NULL == sh_unix_getUIDname(SH_ERR_ALL, buf.st_uid, theFile->c_owner, USER_MAX+1)) {
[1]3757
3758 tmp2 = sh_util_safe_name (theFile->fullpath);
3759
3760 if (policy == SH_LEVEL_ALLIGNORE)
3761 {
3762 sh_error_handle (SH_ERR_ALL, FIL__, __LINE__, ENOENT,
3763 MSG_FI_NOUSR,
3764 (long) buf.st_uid, tmp2);
3765 }
3766 else
3767 {
3768 sh_error_handle (ShDFLevel[SH_ERR_T_NAME], FIL__, __LINE__, ENOENT,
3769 MSG_FI_NOUSR,
3770 (long) buf.st_uid, tmp2);
3771 }
3772 SH_FREE(tmp2);
3773 sl_snprintf(theFile->c_owner, USER_MAX+1, "%d", (long) buf.st_uid);
3774 }
3775
3776 /* --- Output the file. ---
3777 */
3778 if (flag_err_debug == SL_TRUE)
3779 {
3780 tmp2 = sh_util_safe_name ((filename == NULL) ?
3781 theFile->fullpath : filename);
[137]3782 (void) sh_unix_time(theFile->mtime, timestr, sizeof(timestr));
[1]3783 sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_FI_LIST,
3784 theFile->c_mode,
3785 theFile->hardlinks,
3786 theFile->c_owner,
3787 theFile->c_group,
3788 (unsigned long) theFile->size,
3789 timestr,
3790 tmp2);
3791 SH_FREE(tmp2);
3792 }
3793
3794 /* --- Check for links. ---
3795 */
3796 if (theFile->c_mode[0] == 'l')
3797 {
3798 linknamebuf = SH_ALLOC(PATH_MAX);
3799
[22]3800 /* flawfinder: ignore */
[1]3801 linksize = readlink (theFile->fullpath, linknamebuf, PATH_MAX-1);
3802
3803 if (linksize < (PATH_MAX-1) && linksize >= 0)
3804 linknamebuf[linksize] = '\0';
3805 else
3806 linknamebuf[PATH_MAX-1] = '\0';
3807
3808 if (linksize < 0)
3809 {
[132]3810 char errbuf[SH_ERRBUF_SIZE];
[1]3811 linksize = errno;
3812 tmp2 = sh_util_safe_name (theFile->fullpath);
3813 sh_error_handle (level, FIL__, __LINE__, linksize, MSG_FI_RDLNK,
[132]3814 sh_error_message (linksize, errbuf, sizeof(errbuf)), tmp2);
[1]3815 SH_FREE(tmp2);
3816 SH_FREE(linknamebuf);
[167]3817 theFile->link_path = sh_util_strdup("-");
[1]3818 SL_RETURN((-1),_("sh_unix_getinfo"));
3819 }
[138]3820
[167]3821 if (linknamebuf[0] == '/')
3822 {
3823 theFile->link_path = sh_util_strdup (linknamebuf);
3824 }
3825 else
3826 {
3827 tmp = sh_util_dirname(theFile->fullpath);
3828 if (tmp) {
3829 theFile->link_path = SH_ALLOC(PATH_MAX);
3830 sl_strlcpy (theFile->link_path, tmp, PATH_MAX);
3831 SH_FREE(tmp);
3832 } else {
3833 theFile->link_path = SH_ALLOC(PATH_MAX);
3834 theFile->link_path[0] = '\0';
3835 }
3836 /*
3837 * Only attach '/' if not root directory. Handle "//", which
3838 * according to POSIX is implementation-defined, and may be
3839 * different from "/" (however, three or more '/' will collapse
3840 * to one).
3841 */
3842 tmp = theFile->link_path; while (*tmp == '/') ++tmp;
3843 if (*tmp != '\0')
3844 {
3845 sl_strlcat (theFile->link_path, "/", PATH_MAX);
3846 }
3847 sl_strlcat (theFile->link_path, linknamebuf, PATH_MAX);
3848 }
3849
3850 /* stat the link
3851 */
3852 stat_return = retry_lstat (FIL__, __LINE__, theFile->link_path, &lbuf);
3853
3854 /* check for error
3855 */
3856 if (stat_return != 0)
3857 {
3858 stat_return = errno;
3859 tmp = sh_util_safe_name (theFile->fullpath);
3860 tmp2 = sh_util_safe_name (theFile->link_path);
3861 if (stat_return != ENOENT)
3862 {
[192]3863 uid_t euid;
[167]3864 char errbuf[SH_ERRBUF_SIZE];
[192]3865
3866 (void) sl_get_euid(&euid);
[167]3867 sh_error_handle (level, FIL__, __LINE__, stat_return,
[192]3868 MSG_FI_STAT,
3869 _("lstat"),
[167]3870 sh_error_message (stat_return,errbuf, sizeof(errbuf)),
[192]3871 (long) euid,
[167]3872 tmp2);
3873 }
3874 else
3875 {
3876 /* a dangling link -- everybody seems to have plenty of them
3877 */
3878 sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_FI_DLNK,
3879 tmp, tmp2);
3880 }
3881 theFile->linkisok = BAD;
[93]3882 SH_FREE(tmp);
[167]3883 SH_FREE(tmp2);
3884 SH_FREE(linknamebuf);
3885 /*
3886 * changed Tue Feb 10 16:16:13 CET 2004:
3887 * add dangling symlinks into database
3888 * SL_RETURN((-1),_("sh_unix_getinfo"));
3889 */
3890 theFile->linkmode = 0;
3891 SL_RETURN((0),_("sh_unix_getinfo"));
[93]3892 }
[1]3893
[167]3894 theFile->linkisok = GOOD;
3895
3896
3897 /* --- Determine file type. ---
3898 */
3899 sh_unix_getinfo_type (&lbuf, &type, theFile->link_c_mode);
3900 theFile->type = type;
3901
3902 /* --- Determine permissions. ---
3903 */
3904 sh_unix_getinfo_mode (&lbuf, &mode, theFile->link_c_mode);
3905 theFile->linkmode = lbuf.st_mode;
3906
3907 /* --- Output the link. ---
3908 */
3909 if (theFile->linkisok == GOOD)
3910 {
3911 tmp2 = sh_util_safe_name (linknamebuf);
3912 sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_FI_LLNK,
3913 theFile->link_c_mode, tmp2);
3914 SH_FREE(tmp2);
3915 }
3916 SH_FREE(linknamebuf);
3917 }
3918 else /* not a link */
3919 {
3920 if (content)
3921 {
[169]3922#ifdef HAVE_LIBZ
[171]3923 unsigned long clen;
3924 unsigned char * compressed;
3925#ifdef HAVE_COMPRESSBOUND
3926 clen = compressBound(sh_string_len(content));
3927#else
3928 if (sh_string_len(content) > 10*SH_TXT_MAX)
3929 clen = SH_TXT_MAX;
3930 else
3931 clen = 13 + (int)(1.0001*sh_string_len(content));
3932#endif
3933 compressed = SH_ALLOC(clen);
[169]3934 if (Z_OK == compress(compressed, &clen,
3935 (unsigned char *) sh_string_str(content),
3936 sh_string_len(content)))
3937 {
3938 if (clen < SH_TXT_MAX)
3939 {
3940 sh_util_base64_enc_alloc (&(theFile->link_path),
3941 (char *) compressed, clen);
3942 }
3943 else
3944 {
3945 char tmsg[128];
3946 char * tpath = sh_util_safe_name (theFile->fullpath);
3947 sl_snprintf(tmsg, sizeof(tmsg),
3948 _("compressed file too large (%lu bytes)"),
3949 clen);
3950 sh_error_handle (SH_ERR_WARN, FIL__, __LINE__, -1,
3951 MSG_E_SUBGPATH, tmsg,
3952 _("sh_unix_getinfo"), tpath);
3953 SH_FREE(tpath);
3954 }
3955 }
3956 SH_FREE(compressed);
3957#endif
3958 sh_string_destroy(&content);
[167]3959 }
3960 }
[1]3961 SL_RETURN((0),_("sh_unix_getinfo"));
3962}
3963
3964/* #if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) */
3965#endif
3966
[169]3967int sh_unix_unlock(char * lockfile, char * flag)
3968{
3969 int error = 0;
3970
3971 SL_ENTER(_("sh_unix_unlock"));
[1]3972
[169]3973 if (sh.flag.isdaemon == S_FALSE && flag == NULL)
3974 SL_RETURN((0),_("sh_unix_unlock"));
3975
3976 /* --- Logfile is not locked to us. ---
3977 */
3978 if (sh.flag.islocked == BAD && flag != NULL)
3979 SL_RETURN((-1),_("sh_unix_unlock"));
3980
3981 /* --- Check whether the directory is secure. ---
3982 */
3983 if (0 != tf_trust_check (lockfile, SL_YESPRIV))
3984 SL_RETURN((-1),_("sh_unix_unlock"));
3985
3986 /* --- Delete the lock file. ---
3987 */
3988 error = retry_aud_unlink (FIL__, __LINE__, lockfile);
3989
3990 if (error == 0)
3991 {
3992 if (flag != NULL)
3993 sh.flag.islocked = BAD; /* not locked anymore */
3994 }
3995 else if (flag != NULL)
3996 {
3997 char errbuf[SH_ERRBUF_SIZE];
3998 error = errno;
3999 sh_error_handle ((-1), FIL__, __LINE__, error, MSG_E_UNLNK,
4000 sh_error_message(error, errbuf, sizeof(errbuf)),
4001 lockfile);
4002 SL_RETURN((-1),_("sh_unix_unlock"));
4003 }
4004 SL_RETURN((0),_("sh_unix_unlock"));
4005}
4006
4007int sh_unix_lock (char * lockfile, char * flag)
4008{
4009 int filed;
4010 int errnum;
4011 char myPid[64];
4012 SL_TICKET fd;
4013 extern int get_the_fd (SL_TICKET ticket);
4014
4015 SL_ENTER(_("sh_unix_lock"));
4016
4017 sprintf (myPid, "%ld\n", (long) sh.pid); /* known to fit */
4018
4019 fd = sl_open_safe_rdwr (lockfile, SL_YESPRIV); /* fails if file exists */
4020
4021 if (!SL_ISERROR(fd))
4022 {
4023 errnum = sl_write (fd, myPid, sl_strlen(myPid));
4024 filed = get_the_fd(fd);
4025 fchmod (filed, S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH);
4026 sl_close (fd);
4027
4028 if (!SL_ISERROR(errnum))
4029 {
4030 if (flag != NULL)
4031 sh.flag.islocked = GOOD;
4032 SL_RETURN((0),_("sh_unix_lock"));
4033 }
4034 }
4035
4036 TPT((0, FIL__, __LINE__, _("msg=<open pid file failed>\n")));
4037 if (flag != NULL)
4038 sh.flag.islocked = BAD;
4039 SL_RETURN((-1),_("sh_unix_lock"));
4040
4041 /* notreached */
4042}
4043
4044
[1]4045/* check whether file is locked
4046 */
4047int sh_unix_test_and_lock (char * filename, char * lockfile)
4048{
4049 static struct stat buf;
4050 int status = 0;
4051
4052
4053 SL_TICKET fd;
4054 char line_in[128];
4055
4056 SL_ENTER(_("sh_unix_test_and_lock"));
4057
4058 status = retry_lstat (FIL__, __LINE__, lockfile, &buf);
4059
4060 /* --- No lock file found, try to lock. ---
4061 */
4062
4063 if (status < 0 && errno == ENOENT)
4064 {
4065 if (0 == sh_unix_lock (lockfile, filename))
4066 {
4067 if (filename != NULL)
4068 sh.flag.islocked = GOOD;
4069 SL_RETURN((0),_("sh_unix_test_and_lock"));
4070 }
[76]4071 else
4072 {
4073 sh_error_handle ((-1), FIL__, __LINE__, status,
4074 MSG_E_SUBGEN,
4075 (filename == NULL) ? _("Cannot create PID file") : _("Cannot create lock file"),
4076 _("sh_unix_test_and_lock"));
4077 SL_RETURN((-1),_("sh_unix_test_and_lock"));
4078 }
[1]4079 }
4080 else if (status == 0 && buf.st_size == 0)
4081 {
4082 if (filename != NULL)
4083 sh.flag.islocked = GOOD;
4084 sh_unix_unlock (lockfile, filename);
4085 if (filename != NULL)
4086 sh.flag.islocked = BAD;
4087 if (0 == sh_unix_lock (lockfile, filename))
4088 {
4089 if (filename != NULL)
4090 sh.flag.islocked = GOOD;
4091 SL_RETURN((0),_("sh_unix_test_and_lock"));
4092 }
4093 else
4094 {
[76]4095 sh_error_handle ((-1), FIL__, __LINE__, status,
4096 MSG_E_SUBGEN,
4097 (filename == NULL) ? _("Cannot create PID file") : _("Cannot create lock file"),
4098 _("sh_unix_test_and_lock"));
[1]4099 SL_RETURN((-1),_("sh_unix_test_and_lock"));
4100 }
4101 }
4102
4103 /* --- Check on lock. ---
4104 */
4105
4106 if (status >= 0)
4107 {
4108 fd = sl_open_read (lockfile, SL_YESPRIV);
4109 if (SL_ISERROR(fd))
4110 sh_error_handle ((-1), FIL__, __LINE__, fd,
4111 MSG_E_SUBGEN,
4112 (filename == NULL) ? _("Cannot open PID file for read") : _("Cannot open lock file for read"),
4113 _("sh_unix_test_and_lock"));
4114 }
4115 else
4116 fd = -1;
4117
4118 if (!SL_ISERROR(fd))
4119 {
4120 /* read the PID in the lock file
4121 */
[76]4122 status = sl_read (fd, line_in, sizeof(line_in));
4123 line_in[sizeof(line_in)-1] = '\0';
[1]4124
4125 /* convert to numeric
4126 */
4127 if (status > 0)
4128 {
4129 errno = 0;
4130 status = strtol(line_in, (char **)NULL, 10);
4131 if (errno == ERANGE || status <= 0)
4132 {
4133 sh_error_handle ((-1), FIL__, __LINE__, status,
4134 MSG_E_SUBGEN,
4135 (filename == NULL) ? _("Bad PID in PID file") : _("Bad PID in lock file"),
4136 _("sh_unix_test_and_lock"));
4137
4138 status = -1;
4139 }
4140 }
4141 else
4142 {
4143 sh_error_handle ((-1), FIL__, __LINE__, status,
4144 MSG_E_SUBGEN,
4145 (filename == NULL) ? _("Cannot read PID file") : _("Cannot read lock file"),
4146 _("sh_unix_test_and_lock"));
4147 }
4148 sl_close(fd);
4149
[162]4150 if (status > 0 && (unsigned int) status == sh.pid)
[1]4151 {
4152 if (filename != NULL)
4153 sh.flag.islocked = GOOD;
4154 SL_RETURN((0),_("sh_unix_test_and_lock"));
4155 }
4156
4157
4158 /* --- Check whether the process exists. ---
4159 */
4160 if (status > 0)
4161 {
4162 errno = 0;
4163 status = aud_kill (FIL__, __LINE__, status, 0);
4164
4165 /* Does not exist, so remove the stale lock
4166 * and create a new one.
4167 */
4168 if (status < 0 && errno == ESRCH)
4169 {
4170 if (filename != NULL)
4171 sh.flag.islocked = GOOD;
4172 if (0 != sh_unix_unlock(lockfile, filename) && (filename !=NULL))
4173 sh.flag.islocked = BAD;
4174 else
4175 {
4176 if (0 == sh_unix_lock (lockfile, filename))
4177 {
4178 if (filename != NULL)
4179 sh.flag.islocked = GOOD;
4180 SL_RETURN((0),_("sh_unix_test_and_lock"));
4181 }
4182 else
4183 {
4184 sh_error_handle ((-1), FIL__, __LINE__, status,
4185 MSG_E_SUBGEN,
4186 (filename == NULL) ? _("Cannot create PID file") : _("Cannot create lock file"),
4187 _("sh_unix_test_and_lock"));
4188 }
4189 if (filename != NULL)
4190 sh.flag.islocked = BAD;
4191 }
4192 }
4193 else
4194 {
4195 sh_error_handle ((-1), FIL__, __LINE__, status,
4196 MSG_E_SUBGEN,
4197 (filename == NULL) ? _("Cannot remove stale PID file, PID may be a running process") : _("Cannot remove stale lock file, PID may be a running process"),
4198 _("sh_unix_test_and_lock"));
4199 if (filename != NULL)
4200 sh.flag.islocked = BAD;
4201 }
4202 }
4203 }
4204 SL_RETURN((-1),_("sh_unix_testlock"));
4205}
4206
4207/* write the PID file
4208 */
4209int sh_unix_write_pid_file()
4210{
4211 return sh_unix_test_and_lock(NULL, sh.srvlog.alt);
4212}
4213
4214/* write lock for filename
4215 */
4216int sh_unix_write_lock_file(char * filename)
4217{
[34]4218 size_t len;
4219 int res;
[1]4220 char * lockfile;
4221
4222 if (filename == NULL)
4223 return (-1);
4224
[34]4225 len = sl_strlen(filename);
4226 if (sl_ok_adds(len, 6))
4227 len += 6;
4228 lockfile = SH_ALLOC(len);
4229 sl_strlcpy(lockfile, filename, len);
4230 sl_strlcat(lockfile, _(".lock"), len);
4231 res = sh_unix_test_and_lock(filename, lockfile);
[1]4232 SH_FREE(lockfile);
[34]4233 return res;
[1]4234}
4235
4236/* rm lock for filename
4237 */
4238int sh_unix_rm_lock_file(char * filename)
4239{
[34]4240 size_t len;
4241 int res;
[1]4242 char * lockfile;
4243
4244 if (filename == NULL)
4245 return (-1);
4246
[34]4247 len = sl_strlen(filename);
4248 if (sl_ok_adds(len, 6))
4249 len += 6;
4250 lockfile = SH_ALLOC(len);
4251 sl_strlcpy(lockfile, filename, len);
4252 sl_strlcat(lockfile, _(".lock"), len);
4253
4254 res = sh_unix_unlock(lockfile, filename);
[1]4255 SH_FREE(lockfile);
[34]4256 return res;
[1]4257}
4258
4259/* rm lock for filename
4260 */
4261int sh_unix_rm_pid_file()
4262{
4263 return sh_unix_unlock(sh.srvlog.alt, NULL);
4264}
4265
4266/* Test whether file exists
4267 */
[78]4268int sh_unix_file_exists(char * path)
[1]4269{
4270 struct stat buf;
4271
[78]4272 SL_ENTER(_("sh_unix_file_exists"));
[1]4273
[221]4274 if (0 == retry_lstat(FIL__, __LINE__, path, &buf))
4275 SL_RETURN( S_TRUE, _("sh_unix_file_exists"));
[1]4276 else
[221]4277 SL_RETURN( S_FALSE, _("sh_unix_file_exists"));
[1]4278}
4279
4280
[78]4281/* Test whether file exists, is a character device, and allows read
4282 * access.
[1]4283 */
[78]4284int sh_unix_device_readable(int fd)
[1]4285{
4286 struct stat buf;
4287
[78]4288 SL_ENTER(_("sh_unix_device_readable"));
[1]4289
4290 if (retry_fstat(FIL__, __LINE__, fd, &buf) == -1)
[78]4291 SL_RETURN( (-1), _("sh_unix_device_readable"));
4292 else if ( S_ISCHR(buf.st_mode) && 0 != (S_IROTH & buf.st_mode) )
4293 SL_RETURN( (0), _("sh_unix_device_readable"));
[1]4294 else
[78]4295 SL_RETURN( (-1), _("sh_unix_device_readable"));
[1]4296}
4297
4298static char preq[16];
4299
4300/* return true if database is remote
4301 */
4302int file_is_remote ()
4303{
4304 static int init = 0;
[42]4305 struct stat buf;
[1]4306
4307 SL_ENTER(_("file_is_remote"));
4308
4309 if (init == 0)
4310 {
4311 sl_strlcpy(preq, _("REQ_FROM_SERVER"), 16);
4312 ++init;
4313 }
4314 if (0 == sl_strncmp (sh.data.path, preq, 15))
4315 {
[42]4316 if (sh.data.path[15] != '\0') /* should be start of path */
4317 {
4318 if (0 == stat(&(sh.data.path[15]), &buf))
4319 {
4320 SL_RETURN( S_FALSE, _("file_is_remote"));
4321 }
4322 }
[1]4323 SL_RETURN( S_TRUE, _("file_is_remote"));
4324 }
4325 SL_RETURN( S_FALSE, _("file_is_remote"));
4326}
4327
4328/* Return the path to the configuration/database file.
4329 */
4330char * file_path(char what, char flag)
4331{
4332 static int init = 0;
4333
4334 SL_ENTER(_("file_path"));
4335
4336 if (init == 0)
4337 {
4338 sl_strlcpy(preq, _("REQ_FROM_SERVER"), 16);
4339 ++init;
4340 }
4341
4342 switch (what)
4343 {
4344
4345 case 'C':
4346 if (0 == sl_strncmp (sh.conf.path, preq, 15))
4347 {
4348#if defined(SH_WITH_SERVER)
4349 if (sh.flag.isserver == S_TRUE && sl_strlen(sh.conf.path) == 15)
4350 SL_RETURN( NULL, _("file_path"));
4351 if (sh.flag.isserver == S_TRUE)
4352 SL_RETURN( &(sh.conf.path[15]), _("file_path"));
4353#endif
4354 if (flag == 'R')
4355 SL_RETURN( preq, _("file_path"));
4356 if (flag == 'I')
4357 {
4358 if (sl_strlen(sh.conf.path) == 15)
4359 SL_RETURN( NULL, _("file_path"));
4360 else
4361 SL_RETURN( &(sh.conf.path[15]), _("file_path"));
4362 }
4363 SL_RETURN ( preq, _("file_path"));
4364 }
4365 else
4366 SL_RETURN( sh.conf.path, _("file_path"));
4367 /* break; *//* unreachable */
4368
4369 case 'D':
4370 if (0 == sl_strncmp (sh.data.path, preq, 15))
4371 {
4372 if (flag == 'R')
4373 SL_RETURN( preq, _("file_path"));
4374 if (flag == 'W' && sl_strlen(sh.data.path) == 15)
4375 SL_RETURN (NULL, _("file_path"));
4376 if (flag == 'W')
4377 SL_RETURN( &(sh.data.path[15]), _("file_path"));
4378 }
4379 else
4380 SL_RETURN( sh.data.path, _("file_path"));
4381 break;
4382
4383 default:
4384 SL_RETURN( NULL, _("file_path"));
4385 }
4386
4387 return NULL; /* notreached */
4388}
4389/************************************************/
4390/**** Mlock Utilities ****/
4391/************************************************/
4392
4393#include <limits.h>
4394
4395int sh_unix_pagesize()
4396{
4397 int pagesize = 4096;
4398#if defined(_SC_PAGESIZE)
4399 pagesize = sysconf(_SC_PAGESIZE);
4400#elif defined(_SC_PAGE_SIZE)
4401 pagesize = sysconf(_SC_PAGE_SIZE);
4402#elif defined(HAVE_GETPAGESIZE)
4403 pagesize = getpagesize();
4404#elif defined(PAGESIZE)
4405 pagesize = PAGESIZE;
4406#endif
4407
4408 return ((pagesize > 0) ? pagesize : 4096);
4409}
4410
4411typedef struct sh_page_lt {
4412 unsigned long page_start;
4413 int page_refcount;
[19]4414 char file[64];
4415 int line;
[1]4416 struct sh_page_lt * next;
4417} sh_page_l;
4418
4419sh_page_l * sh_page_locked = NULL;
4420volatile int page_locking = 0;
4421
4422unsigned long sh_unix_lookup_page (void * in_addr, size_t len, int * num_pages)
4423{
4424 int pagesize = sh_unix_pagesize();
4425 unsigned long addr = (unsigned long) in_addr;
4426
4427 unsigned long pagebase;
4428 unsigned long pagediff;
4429 unsigned long pagenum = addr / pagesize;
4430
4431 SL_ENTER(_("sh_unix_lookup_page"));
4432#if 0
4433 fprintf(stderr, "mlock: --> base %ld, pagenum: %ld\n",
4434 addr, pagenum);
4435#endif
4436
4437 /* address of first page
4438 */
4439 pagebase = pagenum * pagesize;
4440
4441 /* number of pages
4442 */
4443 pagediff = (addr + len) - pagebase;
4444 pagenum = pagediff / pagesize;
4445 if (pagenum * pagesize < pagediff)
4446 ++pagenum;
4447
4448#if 0
4449 fprintf(stderr, "mlock: --> pagebase %ld, pagediff %ld, (addr + len) %ld\n",
4450 pagebase, pagediff, (addr + len));
4451#endif
4452
4453 *num_pages = pagenum;
4454 SL_RETURN((pagebase), _("sh_unix_lookup_page"));
4455}
4456
4457
4458#if defined(HAVE_MLOCK) && !defined(HAVE_BROKEN_MLOCK)
[134]4459
4460SH_MUTEX_STATIC(mutex_mlock,PTHREAD_MUTEX_INITIALIZER);
4461
[170]4462int sh_unix_mlock (const char * file, int line, void * in_addr, size_t len)
[1]4463{
4464 int num_pages;
4465 int status = 0;
4466 int pagesize;
4467 sh_page_l * page_list = sh_page_locked;
4468 unsigned long addr;
4469#ifdef TEST_MLOCK
4470 int i = 0;
4471#endif
4472
4473 SL_ENTER(_("sh_unix_mlock"));
4474
[134]4475 /* There's no cancellation point here, except if tracing is on
4476 */
4477 SH_MUTEX_LOCK_UNSAFE(mutex_mlock);
4478
[1]4479 if (0 != page_locking)
4480 {
[143]4481 status = -1;
4482 goto exit_mlock;
[1]4483 }
[134]4484
[1]4485 page_locking = 1;
4486
4487 pagesize = sh_unix_pagesize();
4488 addr = sh_unix_lookup_page (in_addr, len, &num_pages);
4489
4490#ifdef TEST_MLOCK
4491 fprintf(stderr, "mlock: addr %ld, base %ld, pages: %d, length %d\n",
4492 (unsigned long) in_addr, addr, num_pages, len);
4493#endif
4494
4495 /* increase refcount of locked pages
4496 * addr is first page; num_pages is #(consecutive pages) to lock
4497 */
[134]4498
[1]4499 while ((page_list != NULL) && (num_pages > 0))
4500 {
4501#ifdef TEST_MLOCK
4502 fprintf(stderr, "mlock: check page %d: %ld [%d]\n",
4503 i, page_list->page_start, page_list->page_refcount);
4504#endif
4505 if (page_list->page_start == addr)
4506 {
4507 page_list->page_refcount += 1;
4508 num_pages -= 1;
4509 addr += pagesize;
4510#ifdef TEST_MLOCK
4511 fprintf(stderr, "mlock: found page %d: %ld [%d], next page %ld\n",
4512 i, page_list->page_start, page_list->page_refcount, addr);
4513#endif
4514 }
4515#ifdef TEST_MLOCK
4516 ++i;
4517#endif
4518 page_list = page_list->next;
4519 }
4520
4521 /* mlock some more pages, if needed
4522 */
4523 while (num_pages > 0)
4524 {
4525#ifdef TEST_MLOCK
4526 fprintf(stderr, "mlock: lock page %d: mlock %ld [num_pages %d]\n",
4527 i, addr, num_pages);
4528 ++i;
4529#endif
4530 page_list = SH_ALLOC(sizeof(sh_page_l));
4531 page_list->page_start = addr;
4532 page_list->page_refcount = 1;
[19]4533 sl_strlcpy(page_list->file, file, 64);
4534 page_list->line = line;
[1]4535 status = mlock( (void *) addr, pagesize);
4536 if (status != 0)
4537 {
4538#ifdef TEST_MLOCK
[132]4539 char errbuf[SH_ERRBUF_SIZE];
4540 fprintf(stderr, "mlock: error: %s\n",
4541 sh_error_message(errno, errbuf, sizeof(errbuf)));
[1]4542#endif
4543 SH_FREE(page_list);
4544 page_locking = 0;
[143]4545 goto exit_mlock;
[1]4546 }
4547 page_list->next = sh_page_locked;
4548 sh_page_locked = page_list;
4549 num_pages -= 1;
4550 addr += pagesize;
4551 }
[134]4552 page_locking = 0;
[143]4553
4554 exit_mlock:
[134]4555 SH_MUTEX_UNLOCK_UNSAFE(mutex_mlock);
[1]4556
4557 SL_RETURN((status), _("sh_unix_mlock"));
4558}
4559#else
[175]4560int sh_unix_mlock (const char * file, int line, void * in_addr, size_t len)
[1]4561{
[49]4562 (void) file; (void) line;
[1]4563 (void) in_addr; (void) len;
4564 return -1;
4565}
4566#endif
4567
4568#if defined(HAVE_MLOCK) && !defined(HAVE_BROKEN_MLOCK)
4569int sh_unix_munlock (void * in_addr, size_t len)
4570{
4571 int num_pages;
4572 int unlocked = 0;
4573 int status = 0;
4574 int pagesize;
4575 sh_page_l * page_list = sh_page_locked;
4576 sh_page_l * page_last;
4577 unsigned long addr;
4578
4579 int test_count;
4580 int test_status;
4581 int test_pages;
4582
4583#ifdef TEST_MLOCK
4584 int i = 0;
4585#endif
4586
4587 SL_ENTER(_("sh_unix_munlock"));
4588
[134]4589 /* There's no cancellation point here, except if tracing is on
4590 */
4591 SH_MUTEX_LOCK_UNSAFE(mutex_mlock);
4592
[1]4593 if (0 != page_locking)
4594 {
[143]4595 status = -1;
4596 goto exit_munlock;
[1]4597 }
4598 page_locking = 1;
4599
4600 pagesize = sh_unix_pagesize();
4601 addr = sh_unix_lookup_page (in_addr, len, &num_pages);
4602
4603#ifdef TEST_MLOCK
4604 fprintf(stderr, "munlock: in_addr %ld, addr %ld, pages: %d, length %d\n",
4605 (unsigned long) in_addr, addr, num_pages, len);
4606#endif
4607
4608 test_pages = num_pages;
4609
4610 /* reduce refcount of locked pages
4611 * addr is first page; num_pages is #(consecutive pages) to lock
4612 */
4613 while ((page_list != NULL) && (num_pages > 0))
4614 {
4615#ifdef TEST_MLOCK
4616 fprintf(stderr, "munlock: page %d: %ld [%d]\n",
4617 i, page_list->page_start, page_list->page_refcount);
4618#endif
4619
4620 test_status = 0;
4621 for (test_count = 0; test_count < test_pages; ++test_count)
4622 {
4623 if (page_list->page_start == (addr + (test_count * pagesize)))
4624 {
4625 test_status = 1;
4626 break;
4627 }
4628 }
4629
4630 if (test_status == 1)
4631 {
4632 page_list->page_refcount -= 1;
4633 if (page_list->page_refcount == 0)
4634 {
4635 status = munlock ( (void *) addr, pagesize);
4636 ++unlocked;
4637 }
4638 num_pages -= 1;
4639#ifdef TEST_MLOCK
4640 fprintf(stderr,
4641 "munlock: page %d: %ld [refcount %d], refcount reduced\n",
4642 i, page_list->page_start, page_list->page_refcount);
4643#endif
4644 }
4645#ifdef TEST_MLOCK
4646 ++i;
4647#endif
4648 page_list = page_list->next;
4649 }
4650
4651#ifdef TEST_MLOCK
4652 i = 0;
4653#endif
4654
4655 if (unlocked > 0)
4656 {
4657 page_list = sh_page_locked;
4658 page_last = sh_page_locked;
4659
4660 while ((page_list != NULL) && (unlocked > 0))
4661 {
4662 if (page_list->page_refcount == 0)
4663 {
4664#ifdef TEST_MLOCK
4665 fprintf(stderr, "munlock: remove page %d: %ld [refcount %d]\n",
4666 i, page_list->page_start, page_list->page_refcount);
4667#endif
4668 if (page_last != page_list)
4669 {
4670 page_last->next = page_list->next;
4671 SH_FREE(page_list);
4672 page_list = page_last->next;
4673 }
4674 else
4675 {
4676 page_last = page_list->next;
4677 if (page_list == sh_page_locked)
4678 sh_page_locked = page_list->next;
4679 SH_FREE(page_list);
4680 page_list = page_last;
4681 }
4682 --unlocked;
4683 }
4684 else
4685 {
4686#ifdef TEST_MLOCK
4687 fprintf(stderr, "munlock: skip page %d: %ld [refcount %d]\n",
4688 i, page_list->page_start, page_list->page_refcount);
4689#endif
4690
4691 page_last = page_list;
4692 page_list = page_list->next;
4693 }
4694#ifdef TEST_MLOCK
4695 ++i;
4696#endif
4697 }
4698 }
4699
4700 page_locking = 0;
[143]4701
4702 exit_munlock:
[134]4703 SH_MUTEX_UNLOCK_UNSAFE(mutex_mlock);
[1]4704 SL_RETURN((status), _("sh_unix_munlock"));
4705}
4706#else
4707int sh_unix_munlock (void * in_addr, size_t len)
4708{
4709 (void) in_addr; (void) len;
4710 return -1;
4711}
4712#endif
4713
4714int sh_unix_count_mlock()
4715{
4716 int i = 0;
4717 char str[128];
4718 sh_page_l * page_list = sh_page_locked;
4719
4720 SL_ENTER(_("sh_unix_count_mlock"));
4721 while (page_list != NULL)
4722 {
[19]4723#ifdef WITH_TPT
[25]4724 sl_snprintf(str, sizeof(str), _("file: %s line: %d page: %d"),
[19]4725 page_list->file, page_list->line, i+1);
4726 sh_error_handle(SH_ERR_INFO, FIL__, __LINE__, i, MSG_E_SUBGEN,
4727 str, _("sh_unix_count_mlock"));
4728#endif
[1]4729 page_list = page_list->next;
4730 ++i;
4731 }
[25]4732 sl_snprintf(str, sizeof(str), _("%d pages locked"), i);
[1]4733 sh_error_handle(SH_ERR_INFO, FIL__, __LINE__, i, MSG_E_SUBGEN,
4734 str, _("sh_unix_count_mlock"));
4735 SL_RETURN((i), _("sh_unix_count_mlock"));
4736}
4737
4738/************************************************/
4739/************************************************/
4740/**** Stealth Utilities ****/
4741/************************************************/
4742/************************************************/
4743#ifdef SH_STEALTH
4744
4745void sh_unix_xor_code (char * str, int len)
4746{
4747 register int i;
4748
4749 for (i = 0; i < len; ++i) str[i] ^= (char) XOR_CODE;
4750 return;
4751}
4752
4753#if !defined(SH_STEALTH_MICRO)
4754
4755
[89]4756int hideout_hex_block(SL_TICKET fd, unsigned char * str, int len,
4757 unsigned long * bytes_read);
[1]4758unsigned long first_hex_block(SL_TICKET fd, unsigned long * max);
4759
4760/*
4761 * --- Get hidden data from a block of hex data. ---
4762 */
4763int sh_unix_getline_stealth (SL_TICKET fd, char * str, int len)
4764{
[89]4765 int add_off = 0, llen;
4766 static unsigned long off_data = 0;
4767 static unsigned long max_data = 0;
4768 static unsigned long bytes_read = 0;
[52]4769 static int stealth_init = BAD;
[1]4770
4771 SL_ENTER(_("sh_unix_getline_stealth"));
4772
[194]4773 if (str == NULL)
4774 {
4775 off_data = 0;
4776 max_data = 0;
4777 bytes_read = 0;
4778 stealth_init = BAD;
4779 SL_RETURN(0, _("sh_unix_getline_stealth"));
4780 }
[34]4781
[1]4782 /* --- Initialize. ---
4783 */
4784 if (stealth_init == BAD)
4785 {
4786 off_data = first_hex_block(fd, &max_data);
4787 if (off_data == 0)
4788 {
4789 dlog(1, FIL__, __LINE__,
4790 _("The stealth config file does not contain any steganographically\nhidden data. This file must be an image file in _uncompressed_\npostscript format.\nTo hide data in it, use:\n samhain_stealth -s postscript_file orig_config_file\n mv postscript_file /path/to/config/file\n"));
4791 sh_error_handle ((-1), FIL__, __LINE__, EIO, MSG_P_NODATA,
4792 _("Stealth config file."));
4793 aud_exit (FIL__, __LINE__, EXIT_FAILURE);
4794 }
4795 stealth_init = GOOD;
[52]4796 max_data += off_data;
[1]4797 }
4798
4799 /* --- Seek to proper position. ---
4800 */
[89]4801 if (bytes_read >= max_data || add_off < 0)
[52]4802 {
4803 dlog(1, FIL__, __LINE__,
4804 _("The capacity of the container image file for the stealth config file seems to be too small. Your config file is likely truncated.\n"));
4805 sh_error_handle ((-1), FIL__, __LINE__, EIO, MSG_P_NODATA,
4806 _("Stealth config file."));
4807 aud_exit (FIL__, __LINE__, EXIT_FAILURE);
4808 }
[1]4809 sl_seek(fd, off_data);
4810
4811 /* --- Read one line. ---
4812 */
[89]4813 add_off = hideout_hex_block(fd, (unsigned char *) str, len, &bytes_read);
[1]4814 off_data += add_off;
4815
4816 llen = sl_strlen(str);
4817 SL_RETURN(llen, _("sh_unix_getline_stealth"));
4818}
4819
[89]4820int hideout_hex_block(SL_TICKET fd, unsigned char * str, int len,
4821 unsigned long * bytes_read)
[1]4822{
4823
4824 register int i, j, k;
4825 unsigned char c, e;
4826 register int num;
4827 unsigned char mask[9] = { 0x80, 0x40, 0x20, 0x10, 0x08, 0x04, 0x02, 0x01 };
4828 unsigned long here = 0;
4829 unsigned long retval = 0;
[89]4830 unsigned long bread = 0;
[1]4831
4832 SL_ENTER(_("hideout_hex_block"));
4833
[34]4834 ASSERT_RET((len > 1), _("len > 1"), (0));
4835
4836 --len;
4837
[1]4838 i = 0;
4839 while (i < len)
4840 {
4841 for (j = 0; j < 8; ++j)
4842 {
4843
4844 /* --- Get a low byte, modify, read back. ---
4845 */
4846 for (k = 0; k < 2; ++k)
4847 {
4848 /* -- Skip whitespace. ---
4849 */
4850 c = ' ';
4851 do {
4852 do {
4853 num = sl_read (fd, &c, 1);
4854 } while (num == 0 && errno == EINTR);
[89]4855 if (num > 0)
4856 ++here;
4857 else if (num == 0)
[34]4858 SL_RETURN((0), _("hideout_hex_block"));
[89]4859 else
4860 SL_RETURN((-1), _("hideout_hex_block"));
[1]4861 } while (c == '\n' || c == '\t' || c == '\r' ||
4862 c == ' ');
4863 }
4864
4865
4866 /* --- e is the value of the low byte. ---
4867 */
4868 e = (unsigned char) sh_util_hexchar( c );
4869 if ((e & mask[7]) != 0) /* bit is set */
4870 str[i] |= mask[j];
4871 else /* bit is not set */
4872 str[i] &= ~mask[j];
4873
[89]4874 bread += 1;
[1]4875 }
4876 if (str[i] == '\n') break;
4877 ++i;
4878 }
4879
4880 if (i != 0)
4881 str[i] = '\0';
4882 else
[34]4883 str[i+1] = '\0'; /* keep newline and terminate */
[1]4884 retval += here;
[89]4885 *bytes_read += (bread/8);
[1]4886
4887 SL_RETURN(retval, _("hideout_hex_block"));
4888}
4889
4890/* --- Get offset of first data block. ---
4891 */
4892unsigned long first_hex_block(SL_TICKET fd, unsigned long * max)
4893{
[34]4894 unsigned int i;
4895 long num = 1;
4896 unsigned long lnum;
[1]4897 char c;
4898 int nothex = 0;
4899 unsigned long retval = 0;
[34]4900 unsigned int this_line = 0;
[1]4901 char theline[SH_BUFSIZE];
4902
4903 SL_ENTER(_("first_hex_block"));
4904
4905 *max = 0;
4906
4907 while (1)
4908 {
4909 theline[0] = '\0';
4910 this_line = 0;
4911 c = '\0';
[34]4912 while (c != '\n' && num > 0 && this_line < (sizeof(theline)-1))
[1]4913 {
4914 do {
4915 num = sl_read (fd, &c, 1);
4916 } while (num == 0 && errno == EINTR);
4917 if (num > 0)
4918 theline[this_line] = c;
4919 else
4920 SL_RETURN((0), _("first_hex_block"));
[34]4921 ++this_line;
[1]4922 }
4923 theline[this_line] = '\0';
4924
4925 /* not only 'newline' */
4926 if (this_line > 60)
4927 {
4928 nothex = 0;
4929 i = 0;
4930 while (nothex == 0 && i < (this_line-1))
4931 {
4932 if (! isxdigit((int)theline[i])) nothex = 1;
4933 ++i;
4934 }
4935 if (nothex == 1) retval += this_line;
4936 }
4937 else
4938 {
4939 nothex = 1;
4940 retval += this_line;
4941 }
4942
4943 if (nothex == 0)
4944 {
4945 *max = 0;
4946 do {
4947 do {
4948 num = sl_read (fd, theline, SH_BUFSIZE);
4949 } while (num == 0 && errno == EINTR);
[34]4950 if (num > 0)
4951 {
4952 lnum = (unsigned long) num;
4953 for (i = 0; i < lnum; ++i)
4954 {
4955 c = theline[i];
4956 if (c == '\n' || c == '\t' || c == '\r' || c == ' ')
4957 ;
4958 else if (!isxdigit((int)c))
4959 break;
4960 else
4961 *max += 1;
4962 }
[1]4963 }
4964 } while (num > 0);
4965
4966 *max /= 16;
4967 SL_RETURN((retval), _("first_hex_block"));
4968 }
4969
4970 }
4971 /* SL_RETURN((0), _("first_hex_block")); *//* unreachable */
4972}
4973
4974 /* if !defined(SH_STEALTH_MICRO) */
4975#endif
4976
4977 /* ifdef SH_STEALTH */
4978#endif
4979
4980/*
4981 * anti-debugger code
4982 */
4983#if defined(SCREW_IT_UP)
4984volatile int sh_not_traced = 0;
4985
4986#ifdef HAVE_GETTIMEOFDAY
4987struct timeval save_tv;
4988#endif
4989
4990void sh_sigtrap_handler (int signum)
4991{
4992#ifdef HAVE_GETTIMEOFDAY
4993 struct timeval tv;
4994 long difftv;
4995
4996 gettimeofday(&tv, NULL);
4997 difftv = (tv.tv_sec - save_tv.tv_sec) * 1000000 +
4998 (tv.tv_usec - save_tv.tv_usec);
4999 if (difftv > 500000)
[205]5000 raise(SIGKILL);
[1]5001#endif
5002 sh_not_traced += signum;
5003 return;
5004}
5005#endif
Note: See TracBrowser for help on using the repository browser.