Changeset 20

Timestamp:

Feb 13, 2006, 11:54:42 PM (19 years ago)

Author:

rainer

Message:

Enable command-line parsing for prelude, and make prelude regression test safer.

Location:

trunk

Files:

• include/samhain.h (modified) (1 diff)
• include/sh_calls.h (modified) (1 diff)
• include/sh_error.h (modified) (3 diffs)
• include/sh_files.h (modified) (1 diff)
• include/sh_forward.h (modified) (3 diffs)
• include/sh_hash.h (modified) (2 diffs)
• include/sh_mail.h (modified) (1 diff)
• include/sh_tiger.h (modified) (2 diffs)
• include/sh_unix.h (modified) (2 diffs)
• include/sh_utils.h (modified) (3 diffs)
• include/slib.h (modified) (3 diffs)
• src/samhain.c (modified) (2 diffs)
• src/sh_calls.c (modified) (1 diff)
• src/sh_err_log.c (modified) (2 diffs)
• src/sh_error.c (modified) (10 diffs)
• src/sh_files.c (modified) (1 diff)
• src/sh_forward.c (modified) (4 diffs)
• src/sh_getopt.c (modified) (11 diffs)
• src/sh_hash.c (modified) (5 diffs)
• src/sh_mail.c (modified) (1 diff)
• src/sh_prelude.c (modified) (4 diffs)
• src/sh_readconf.c (modified) (8 diffs)
• src/sh_tiger0.c (modified) (4 diffs)
• src/sh_unix.c (modified) (3 diffs)
• src/sh_utils.c (modified) (8 diffs)
• src/slib.c (modified) (13 diffs)
• test/testrun_1b.sh (modified) (2 diffs)

trunk/include/samhain.h

@@ -252 +252 @@
 extern long int eintr__result;
 
+extern int     sh_argc_store;
+extern char ** sh_argv_store;
+
 #include "sh_calls.h"
 

trunk/include/sh_calls.h

@@ -53 +53 @@
                          struct sigaction *oldact);
 
-int      sh_calls_set_bind_addr (char *);
+int      sh_calls_set_bind_addr (const char *);
 long int retry_connect(char * file, int line,
                        int fd, struct sockaddr *serv_addr, int addrlen);

trunk/include/sh_error.h

@@ -91 +91 @@
 
 
-int sh_error_verify (char * s);
-int sh_error_logverify_mod (char * s); /* just list, don't verify */
-int sh_error_logverify (char * s);
+int sh_error_verify (const char * s);
+int sh_error_logverify_mod (const char * s); /* just list, don't verify */
+int sh_error_logverify (const char * s);
 
 void sh_error_dbg_switch(void);
@@ -124 +124 @@
 /* set level for error logging 
  */
-int sh_error_setlog(char * str_s);
+int sh_error_setlog(const char * str_s);
 
 /* set severity levels
@@ -132 +132 @@
 /* set priorities
  */
-int sh_error_set_level(char * str_s, int *facility);
+int sh_error_set_level(const char * str_s, int *facility);
 
 /* set level for TCP export
  */
-int sh_error_setexport(char *  str_s);
+int sh_error_setexport(const char *  str_s);
 
 /* set level for syslog
  */
-int sh_error_set_syslog (char * flag_s);
+int sh_error_set_syslog (const char * flag_s);
 
 /* set level for printing
  */
-int sh_error_setprint(char *  flag_s);
+int sh_error_setprint(const char *  flag_s);
 
 /* set severity for external
  */
-int sh_error_set_external (char * str_s);
+int sh_error_set_external (const char * str_s);
 
 /* set severity for external
  */
-int sh_error_set_database (char * str_s);
+int sh_error_set_database (const char * str_s);
 
 /* set severity for external
  */
-int sh_error_set_prelude (char * str_s);
+int sh_error_set_prelude (const char * str_s);
 
 
 /* set level for mailing
  */
-int sh_error_setseverity (char * flag);
+int sh_error_setseverity (const char * flag);
 
 /* set debug level

trunk/include/sh_files.h

@@ -59 +59 @@
 /* set maximum recursion level
  */
-int sh_files_setrecursion (char * flag_s);
+int sh_files_setrecursion (const char * flag_s);
 
 /* select a directory stack 2=Two, else One (standard)

trunk/include/sh_forward.h

@@ -22 +22 @@
 
 #ifndef SH_STANDALONE
-int sh_forward_set_strip (char * str);
+int sh_forward_set_strip (const char * str);
 
 #endif
@@ -28 +28 @@
 /* generate a random password
  */
-int sh_forward_create_password (char * dummy);
+int sh_forward_create_password (const char * dummy);
 
 /* set time limit
@@ -40 +40 @@
 /* create client entry for given password
  */
-int sh_forward_make_client (char * str);
+int sh_forward_make_client (const char * str);
 
 #ifdef SH_WITH_SERVER

trunk/include/sh_hash.h

@@ -38 +38 @@
 /* write database to stdout
  */
-int sh_hash_pushdata_stdout (char * str);
+int sh_hash_pushdata_stdout (const char * str);
 
 /* version string for database
@@ -46 +46 @@
 /* List database content
  */
-int sh_hash_list_db (char * db_file);
+int sh_hash_list_db (const char * db_file);
 
 /* List database content with full detail
  */
-int set_full_detail (char * c);
+int set_full_detail (const char * c);
 
 /* List database content with full detail, comma delimited
  */
-int set_list_delimited (char * c);
+int set_list_delimited (const char * c);
 
 /* Read the database from disk.

trunk/include/sh_mail.h

@@ -38 +38 @@
 /* test mailbox
  */
-int sh_mail_sigverify (char * s);
+int sh_mail_sigverify (const char * s);
 
 /* maximum number of mail attempts

trunk/include/sh_tiger.h

@@ -17 +17 @@
 /* the checksum function
  */
-/*@owned@*/ char * sh_tiger_hash (char * filename, TigerType what, 
+/*@owned@*/ char * sh_tiger_hash (const char * filename, TigerType what, 
                                   UINT64 Length);
 
@@ -37 +37 @@
 /* GnuPG-like format
  */
-/*@owned@*/ char * sh_tiger_hash_gpg (char * filename, TigerType what, 
+/*@owned@*/ char * sh_tiger_hash_gpg (const char * filename, TigerType what, 
                                       UINT64 Length);
 #endif

trunk/include/sh_unix.h

@@ -144 +144 @@
 /* chroot directory
  */
-int sh_unix_set_chroot(char * str);
+int sh_unix_set_chroot(const char * str);
 
 /* whether to use localtime for file timesatams in logs
@@ -233 +233 @@
 /* deamon mode 
  */
-int sh_unix_setdeamon  (char * dummy);
-int sh_unix_setnodeamon(char * dummy);
+int sh_unix_setdeamon  (const char * dummy);
+int sh_unix_setnodeamon(const char * dummy);
 
 /* Test whether file exists

trunk/include/sh_utils.h

@@ -74 +74 @@
 /* eval boolean input
  */
-int sh_util_flagval(char * c, int * fval);
+int sh_util_flagval(const char * c, int * fval);
 
 /* ask if a file should be updated (returns S_TRUE/S_FALSE)
  */
 int sh_util_ask_update(char * path);
-int sh_util_set_interactive(char * str);
+int sh_util_set_interactive(const char * str);
 
 /* don't log output files
@@ -95 +95 @@
 /* change verifier 
  */
-int sh_util_set_newkey (char * str);
+int sh_util_set_newkey (const char * str);
 
 /* server mode 
  */
-int sh_util_setserver (char * dummy);
+int sh_util_setserver (const char * dummy);
 
 /* a simple compressor
@@ -116 +116 @@
 /* set timer for main loop
  */
-int sh_util_setlooptime (char * str);
+int sh_util_setlooptime (const char * str);
 
 /* whether init or check the database
  */
-int  sh_util_setchecksum (char * str);
+int  sh_util_setchecksum (const char * str);
 
 /* compare an in_string against a regular expression regex_str

trunk/include/slib.h

@@ -297 +297 @@
   /* Open for writing.
    */
-  SL_TICKET  sl_open_write       (char * fname, int priviledge_mode);
+  SL_TICKET  sl_open_write       (const char * fname, int priviledge_mode);
 
   /* Open for reading.
    */
-  SL_TICKET  sl_open_read        (char * fname, int priviledge_mode);
+  SL_TICKET  sl_open_read        (const char * fname, int priviledge_mode);
 
   /* Open for reading w/minimum checking.
    */
-  SL_TICKET  sl_open_fastread    (char * fname, int priviledge_mode);
+  SL_TICKET  sl_open_fastread    (const char * fname, int priviledge_mode);
 
   /* Open for read and write.
    */
-  SL_TICKET  sl_open_rdwr        (char * fname, int priviledge_mode);
+  SL_TICKET  sl_open_rdwr        (const char * fname, int priviledge_mode);
 
   /* Open for read and write, fail if file exists.
    */
-  SL_TICKET sl_open_safe_rdwr    (char * fname, int priv);
+  SL_TICKET sl_open_safe_rdwr    (const char * fname, int priv);
 
   /* Open for write, truncate.
    */
-  SL_TICKET  sl_open_write_trunc (char * fname, int priviledge_mode);
+  SL_TICKET  sl_open_write_trunc (const char * fname, int priviledge_mode);
 
   /* Open for read and write, truncate.
    */
-  SL_TICKET  sl_open_rdwr_trunc  (char * fname, int priviledge_mode);
+  SL_TICKET  sl_open_rdwr_trunc  (const char * fname, int priviledge_mode);
 
   /* Close file.
@@ -394 +394 @@
   char * sl_trust_errfile(void);
 
+  /* Overflow tests
+   */
+  int sl_ok_muli (int a, int b);
+  int sl_ok_divi (int a, int b);
+  int sl_ok_addi (int a, int b);
+  int sl_ok_subi (int a, int b);
 
 #ifdef  __cplusplus
@@ -500 +506 @@
 void sl_trace_in   (char * str, char * file, int line);
 void sl_trace_out  (char * str, char * file, int line);
-int  sl_trace_file (char * str);
-int  sl_trace_use  (char * str);
+int  sl_trace_file (const char * str);
+int  sl_trace_use  (const char * str);
 
 

trunk/src/samhain.c

@@ -1262 +1262 @@
 
 #if !defined(SH_STEALTH_NOCL)
+  sh_argc_store = argc;
+  sh_argv_store = argv;
   (void) sh_getopt_get (argc, argv);
 #else
@@ -1283 +1285 @@
             }
           } while (my_argc < 32);
+
+          sh_argc_store = my_argc;
+          sh_argv_store = my_argv;
+
           (void) sh_getopt_get (my_argc, my_argv);
           SH_FREE (command_line);

trunk/src/sh_calls.c

@@ -136 +136 @@
 static int        use_bind_addr = 0;
 
-int sh_calls_set_bind_addr (char * str)
+int sh_calls_set_bind_addr (const char * str)
 {
   static int reject = 0;

trunk/src/sh_err_log.c

@@ -116 +116 @@
 static int just_list = S_FALSE;
 
-int sh_error_logverify_mod (char * s)
+int sh_error_logverify_mod (const char * s)
 {
   just_list = S_TRUE;
@@ -125 +125 @@
 } 
 
-int sh_error_logverify (char * s)
+int sh_error_logverify (const char * s)
 {
   SL_TICKET fd;

trunk/src/sh_error.c

@@ -115 +115 @@
  *********************************************/
 
-int sh_error_verify (char * s)
+int sh_error_verify (const char * s)
 {
   char * foo;
@@ -504 +504 @@
 }
 
-int sh_error_set_level(char * str_in, int * facility)
+int sh_error_set_level(const char * str_in, int * facility)
 {
   register int  i, j, f = BAD;
 
   int  old_facility;
-  char * str_s = str_in;
+  const char * str_s = str_in;
 
   SL_ENTER(_("sh_error_set_level"));
@@ -636 +636 @@
 /* set severity for TCP export
  */
-int sh_error_setexport(char *  str_s)
+int sh_error_setexport(const char *  str_s)
 {
   static int reject = 0;
@@ -653 +653 @@
 extern void dlog_set_active(int flag);
 
-int sh_error_setprint(char *  str_s)
+int sh_error_setprint(const char *  str_s)
 {
   static int reject = 0;
@@ -676 +676 @@
 /* set level for error logging
  */
-int sh_error_setlog(char * str_s)
+int sh_error_setlog(const char * str_s)
 {
   static int reject = 0;
@@ -691 +691 @@
 /* set severity for syslog
  */
-int sh_error_set_syslog (char * str_s)
+int sh_error_set_syslog (const char * str_s)
 {
   static int reject = 0;
@@ -706 +706 @@
 /* set severity for external
  */
-int sh_error_set_external (char * str_s)
+int sh_error_set_external (const char * str_s)
 {
   static int reject = 0;
@@ -722 +722 @@
 /* set severity for database
  */
-int sh_error_set_database (char * str_s)
+int sh_error_set_database (const char * str_s)
 {
   static int reject = 0;
@@ -738 +738 @@
 /* set severity for prelude
  */
-int sh_error_set_prelude (char * str_s)
+int sh_error_set_prelude (const char * str_s)
 {
   static int reject = 0;
@@ -784 +784 @@
 /* set severity for mailing
  */
-int sh_error_setseverity (char * str_s)
+int sh_error_setseverity (const char * str_s)
 {
   static int reject = 0;

trunk/src/sh_files.c

@@ -168 +168 @@
 /* set default recursion level
  */
-int sh_files_setrecursion (char * flag_s)
+int sh_files_setrecursion (const char * flag_s)
 {
   long flag = 0;

trunk/src/sh_forward.c

@@ -202 +202 @@
 static int StripDomain = S_TRUE;
 
-int sh_forward_set_strip (char * str)
+int sh_forward_set_strip (const char * str)
 {
   static int fromcl = 0;
@@ -1720 +1720 @@
 #ifndef USE_SRP_PROTOCOL
 
-int sh_forward_make_client (char * str)
+int sh_forward_make_client (const char * str)
 {
   /* char *          safer; */
@@ -1767 +1767 @@
 #else
 
-int sh_forward_make_client (char * str)
+int sh_forward_make_client (const char * str)
 {
   char * foo_v;
@@ -1822 +1822 @@
 
 
-int sh_forward_create_password (char * dummy)
+int sh_forward_create_password (const char * dummy)
 {
   UINT32   val[2]; 

trunk/src/sh_getopt.c

@@ -40 +40 @@
 #endif
 
-extern int      sh_calls_set_bind_addr (char *);
+extern int      sh_calls_set_bind_addr (const char *);
 
 #undef  FIL__
@@ -56 +56 @@
   char * usage;
   int          hasArg;
-  int (*func)(char * opt);
+  int (*func)(const char * opt);
 } opttable_t;
 
 /*@noreturn@*/
-static int sh_getopt_usage (char * dummy);
+static int sh_getopt_usage (const char * dummy);
 #if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) 
-static int sh_getopt_forever (char * dummy);
-#endif
-static int sh_getopt_copyright (char * dummy);
+static int sh_getopt_forever (const char * dummy);
+#endif
+static int sh_getopt_copyright (const char * dummy);
 
 static opttable_t op_table[] = {
@@ -258 +258 @@
     HAS_ARG_NO, 
     sh_getopt_usage },
+#if defined(HAVE_LIBPRELUDE) && defined(HAVE_LIBPRELUDE_9)
+  /* need to skip over these */
+  { N_("prelude"),  
+    '-', 
+    N_("Prelude generic options"),  
+    HAS_ARG_NO, 
+    NULL },
+  { N_("profile"),  
+    '-', 
+    N_("Profile to use for this analyzer"),  
+    HAS_ARG_YES, 
+    NULL },
+  { N_("heartbeat-interval"),  
+    '-', 
+    N_("Number of seconds between two heartbeats"),  
+    HAS_ARG_YES, 
+    NULL },
+  { N_("server-addr"),  
+    '-', 
+    N_("Address where this sensor should report to"),  
+    HAS_ARG_YES, 
+    NULL },
+  { N_("analyzer-name"),  
+    '-', 
+    N_("Name for this analyzer"),  
+    HAS_ARG_YES, 
+    NULL },
+#endif
   /* last entry -- required !! -- */
   { NULL, 
@@ -266 +294 @@
 };
 
-static int sh_getopt_copyright (char * dummy)
+static int sh_getopt_copyright (const char * dummy)
 {
   fprintf (stdout, 
@@ -331 +359 @@
 
 /*@noreturn@*/
-static int sh_getopt_usage (char * dummy)
+static int sh_getopt_usage (const char * dummy)
 {
   int  i;
@@ -413 +441 @@
 
 #if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) 
-static int sh_getopt_forever (char * dummy)
+static int sh_getopt_forever (const char * dummy)
 {
   dummy = (void *) dummy;
@@ -489 +517 @@
                               /* call function with argument */
                               --argc; ++argv;
-                              if (0 != (* op_table[i].func )(argv[1]))
+                              if (NULL != op_table[i].func &&
+                                  0 != (* op_table[i].func )(argv[1]))
                                 fprintf (stderr, 
                                          _("Error processing option -%c"),
@@ -498 +527 @@
                       else 
                         {
-                          if (0 != (* op_table[i].func )(NULL))
+                          if (NULL != op_table[i].func &&
+                              0 != (* op_table[i].func )(NULL))
                             fprintf (stderr, 
                                      _("Error processing option -%c"),
@@ -540 +570 @@
                       if ( (theequal = strchr(argv[1], '=')) == NULL) 
                         { 
-                          fprintf (stderr, _("Error: missing argument\n"));
-                          /* argument required, but no avail */
-                          (void) sh_getopt_usage(_("fail"));
+                          if (argc < 3) 
+                            { 
+                              /* argument required, but no avail 
+                               */
+                              fprintf (stderr, _("Error: missing argument\n"));
+                              (void) sh_getopt_usage(_("fail"));
+                            } 
+                          else 
+                            {
+                              /* call function with argument */
+                              --argc; ++argv;
+                              if (NULL != op_table[i].func &&
+                                  0 != (* op_table[i].func )(argv[1]))
+                                fprintf (stderr, 
+                                         _("Error processing option -%s"),
+                                         op_table[i].longopt);
+                              break;
+                            }
                         } 
                       else 
@@ -550 +595 @@
                               ++theequal;
                               /* call function with argument */
-                              if (0 != (* op_table[i].func )(theequal))
+                              if (NULL != op_table[i].func &&
+                                  0 != (* op_table[i].func )(theequal))
                                 fprintf (stderr, 
                                          _("Error processing option -%s"),
@@ -566 +612 @@
                   else 
                     {
-                      if (0 != (* op_table[i].func )(NULL))
+                      if (NULL != op_table[i].func && 
+                          0 != (* op_table[i].func )(NULL))
                         fprintf (stderr, 
                                  _("Error processing option -%s"),

trunk/src/sh_hash.c

@@ -759 +759 @@
  *
  ******************************************************************/
-int sh_hash_setdataent (SL_TICKET fd, char * line, int size, char * file)
+int sh_hash_setdataent (SL_TICKET fd, char * line, int size, const char * file)
 {
   long i;
@@ -1261 +1261 @@
 static char * sh_db_version_string = NULL;
 
-int sh_hash_pushdata_stdout (char * str)
+int sh_hash_pushdata_stdout (const char * str)
 {
   if (!str)
@@ -3127 +3127 @@
 static int ListWithDelimiter = S_FALSE;
 
-int set_full_detail (char * c)
+int set_full_detail (const char * c)
 {
   ListFullDetail = S_TRUE;
@@ -3137 +3137 @@
 }
  
-int set_list_delimited (char * c)
+int set_list_delimited (const char * c)
 {
   ListFullDetail = S_TRUE;
@@ -3259 +3259 @@
 }
 
-int sh_hash_list_db (char * db_file)
+int sh_hash_list_db (const char * db_file)
 {
   sh_file_t * p;

trunk/src/sh_mail.c

@@ -93 +93 @@
 static mail_trail_type * mail_trail = NULL;
 
-int sh_mail_sigverify (char * s)
+int sh_mail_sigverify (const char * s)
 {
   SL_TICKET  fd;

trunk/src/sh_prelude.c

@@ -55 +55 @@
 #include <pwd.h>
 #include <grp.h>
+
+int     sh_argc_store;
+char ** sh_argv_store;
 
 #if defined(HAVE_LIBPRELUDE) && defined(HAVE_LIBPRELUDE_9)
@@ -933 +936 @@
         idmef_analyzer_t *analyzer;
         prelude_client_flags_t flags;
+#ifdef SH_NOFAILOVER
+        prelude_connection_pool_t *pool;
+        prelude_connection_pool_flags_t conn_flags;
+#endif
 
         if (ready_for_init == 0)
@@ -941 +948 @@
 
         prelude_thread_init(NULL);
-        prelude_init(NULL, NULL);
+        prelude_init(&sh_argc_store, sh_argv_store);
 
         ret = prelude_client_new(&client, profile ? profile : _("samhain"));
@@ -968 +975 @@
         prelude_string_set_dup(str, IDMEF_ANALYZER_VERSION);
         
+#ifdef SH_NOFAILOVER
+        pool = prelude_client_get_connection_pool(client);
+        conn_flags = prelude_connection_pool_get_flags(pool);
+
+        conn_flags &= ~PRELUDE_CONNECTION_POOL_FLAGS_FAILOVER;
+        prelude_connection_pool_set_flags(pool, conn_flags);
+#endif
+
         ret = prelude_client_start(client);
         if ( ret < 0 ) {

trunk/src/sh_readconf.c

@@ -731 +731 @@
 #endif
 
+/* Yes, this isn't very elegant ;)
+ */
+#if defined(WITH_EXTERNAL)
+int sh_error_set_external_wrap (char * str) { 
+  return sh_error_set_external ((const char *) str);
+}
+#endif
+#if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE)
+int sh_files_setrecursion_wrap (char * str) { 
+  return sh_files_setrecursion ((const char *) str);
+}
+int sh_util_setchecksum_wrap (char * str) { 
+  return sh_util_setchecksum ((const char *) str);
+}
+#endif
+int sh_util_setlooptime_wrap (char * str) { 
+  return sh_util_setlooptime ((const char *) str);
+}
+#ifdef SH_WITH_MAIL
+int sh_error_setseverity_wrap (char * str) { 
+  return sh_error_setseverity ((const char *) str);
+}
+#endif
+int sh_calls_set_bind_addr_wrap (char * str) { 
+  return sh_calls_set_bind_addr ((const char *) str);
+}
+int sh_unix_setdeamon_wrap (char * str) { 
+  return sh_unix_setdeamon ((const char *) str);
+}
+int sh_error_setprint_wrap (char * str) { 
+  return sh_error_setprint ((const char *) str);
+}
+int sh_error_setlog_wrap (char * str) { 
+  return sh_error_setlog ((const char *) str);
+}
+int sh_error_set_syslog_wrap (char * str) { 
+  return sh_error_set_syslog ((const char *) str);
+}
+#ifdef HAVE_LIBPRELUDE
+int sh_error_set_prelude_wrap (char * str) { 
+  return sh_error_set_prelude ((const char *) str);
+}
+#endif
+#ifdef SH_WITH_CLIENT
+int sh_error_setexport_wrap (char * str) { 
+  return sh_error_setexport ((const char *) str);
+}
+#endif
+#ifdef SH_WITH_SERVER
+int sh_forward_set_strip_wrap (char * str) { 
+  return sh_forward_set_strip ((const char *) str);
+}
+int sh_unix_set_chroot_wrap (char * str) { 
+  return sh_unix_set_chroot ((const char *) str);
+}
+#endif
+#if defined(WITH_DATABASE)
+int sh_error_set_database_wrap (char * str) { 
+  return sh_error_set_database ((const char *) str);
+}
+#endif
+ 
 cfg_options ext_table[] = {
 #if defined(WITH_EXTERNAL)
@@ -756 +818 @@
     sh_ext_add_or },
   { N_("externalseverity"),SH_SECTION_LOG,      SH_SECTION_EXTERNAL,  
-    sh_error_set_external },
+    sh_error_set_external_wrap },
   { N_("externalclass"),   SH_SECTION_LOG,      SH_SECTION_EXTERNAL,  
     sh_error_external_mask },
@@ -840 +902 @@
     sh_util_obscure_ok },
   { N_("setrecursionlevel"),  SH_SECTION_MISC,   SH_SECTION_NONE, 
-    sh_files_setrecursion },
+    sh_files_setrecursion_wrap },
   { N_("checksumtest"),       SH_SECTION_MISC,   SH_SECTION_NONE, 
-    sh_util_setchecksum },
+    sh_util_setchecksum_wrap },
   { N_("reportonlyonce"),     SH_SECTION_MISC,   SH_SECTION_NONE, 
     sh_files_reportonce },
@@ -915 +977 @@
     sh_socket_password },
   { N_("setstripdomain"),      SH_SECTION_SRV,  SH_SECTION_MISC, 
-    sh_forward_set_strip },
+    sh_forward_set_strip_wrap },
   { N_("useseparatelogs"),     SH_SECTION_SRV,  SH_SECTION_MISC, 
     set_flag_sep_log },
   { N_("setchrootdir"),        SH_SECTION_SRV,  SH_SECTION_MISC, 
-    sh_unix_set_chroot },
+    sh_unix_set_chroot_wrap },
   { N_("setclienttimelimit"),  SH_SECTION_SRV,  SH_SECTION_MISC, 
     sh_forward_set_time_limit },
@@ -940 +1002 @@
 #ifdef SH_WITH_CLIENT
   { N_("exportseverity"),      SH_SECTION_LOG,  SH_SECTION_NONE, 
-    sh_error_setexport },
+    sh_error_setexport_wrap },
   { N_("exportclass"),         SH_SECTION_LOG,  SH_SECTION_NONE, 
     sh_error_export_mask },
@@ -949 +1011 @@
     sh_readconf_setFiletime },
   { N_("setlooptime"),     SH_SECTION_MISC,  SH_SECTION_NONE, 
-    sh_util_setlooptime },
+    sh_util_setlooptime_wrap },
 
 #ifdef SH_WITH_MAIL
   { N_("mailseverity"),      SH_SECTION_LOG,   SH_SECTION_NONE, 
-    sh_error_setseverity },
+    sh_error_setseverity_wrap },
   { N_("mailclass"),         SH_SECTION_LOG,   SH_SECTION_NONE, 
     sh_error_mail_mask },
@@ -978 +1040 @@
 #endif
   { N_("setbindaddress"),    SH_SECTION_MISC,  SH_SECTION_NONE,
-    sh_calls_set_bind_addr },
+    sh_calls_set_bind_addr_wrap },
   { N_("daemon"),            SH_SECTION_MISC,  SH_SECTION_NONE, 
-    sh_unix_setdeamon },
+    sh_unix_setdeamon_wrap },
   { N_("samhainpath"),       SH_SECTION_MISC,  SH_SECTION_NONE, 
     sh_unix_self_hash },
@@ -989 +1051 @@
 
   { N_("printseverity"),     SH_SECTION_LOG,   SH_SECTION_NONE, 
-    sh_error_setprint },
+    sh_error_setprint_wrap },
   { N_("printclass"),        SH_SECTION_LOG,   SH_SECTION_NONE, 
     sh_error_print_mask },
 
   { N_("logseverity"),       SH_SECTION_LOG,   SH_SECTION_NONE, 
-    sh_error_setlog },
+    sh_error_setlog_wrap },
   { N_("logclass"),          SH_SECTION_LOG,   SH_SECTION_NONE, 
     sh_error_log_mask },
 
   { N_("syslogseverity"),    SH_SECTION_LOG,   SH_SECTION_NONE, 
-    sh_error_set_syslog },
+    sh_error_set_syslog_wrap },
   { N_("syslogclass"),       SH_SECTION_LOG,   SH_SECTION_NONE, 
     sh_error_syslog_mask },
 #ifdef HAVE_LIBPRELUDE
   { N_("preludeseverity"),   SH_SECTION_LOG,   SH_SECTION_NONE, 
-    sh_error_set_prelude },
+    sh_error_set_prelude_wrap },
   { N_("preludeclass"),      SH_SECTION_LOG,   SH_SECTION_NONE, 
     sh_error_prelude_mask },

trunk/src/sh_tiger0.c

@@ -103 +103 @@
 #if defined(TIGER_64_BIT)
 static
-word64 * sh_tiger_hash_val (char * filename, TigerType what, 
+word64 * sh_tiger_hash_val (const char * filename, TigerType what, 
                             UINT64 Length, int timeout)
 #else
 static
-sh_word32 * sh_tiger_hash_val (char * filename, TigerType what, 
+sh_word32 * sh_tiger_hash_val (const char * filename, TigerType what, 
                                UINT64 Length, int timeout)
 #endif
@@ -1418 +1418 @@
 }
 
-static char * sh_tiger_hash_internal (char * filename, TigerType what, 
+static char * sh_tiger_hash_internal (const char * filename, TigerType what, 
                                       UINT64 Length, int timeout);
 
-char * sh_tiger_hash (char * filename, TigerType what, 
+char * sh_tiger_hash (const char * filename, TigerType what, 
                       UINT64 Length)
 {
@@ -1444 +1444 @@
  * -------   end new ---------  */
   
-static char * sh_tiger_hash_internal (char * filename, TigerType what, 
+static char * sh_tiger_hash_internal (const char * filename, TigerType what, 
                                       UINT64 Length, int timeout)
 {
@@ -1490 +1490 @@
 }
 
-char * sh_tiger_hash_gpg (char * filename, TigerType what, 
+char * sh_tiger_hash_gpg (const char * filename, TigerType what, 
                           UINT64 Length)
 {

trunk/src/sh_unix.c

@@ -1601 +1601 @@
 char * chroot_dir = NULL;
 
-int sh_unix_set_chroot(char * str)
+int sh_unix_set_chroot(const char * str)
 {
   size_t len;
@@ -1652 +1652 @@
 static int block_setdeamon = 0;
 
-int sh_unix_setdeamon(char * dummy)
+int sh_unix_setdeamon(const char * dummy)
 {
   int    res = 0;
@@ -1675 +1675 @@
 #endif
 
-int sh_unix_setnodeamon(char * dummy)
+int sh_unix_setnodeamon(const char * dummy)
 {
   int    res = 0;

trunk/src/sh_utils.c

@@ -51 +51 @@
 UINT32 ErrFlag[2];
 
-int sh_util_flagval(char * c, int * fval)
+int sh_util_flagval(const char * c, int * fval)
 {
   SL_ENTER(_("sh_util_flagval"));
@@ -101 +101 @@
 static int sh_ask_update = S_FALSE;
 
-int sh_util_set_interactive(char * str)
-{
-  if (str == NULL)
-    sh_ask_update = S_TRUE;
-  else
-    sh_ask_update = S_TRUE;
+int sh_util_set_interactive(const char * str)
+{
+  (void) str;
+
+  sh_ask_update = S_TRUE;
 
   sh_unix_setnodeamon(NULL);
@@ -950 +949 @@
 static void copy_four (unsigned char * dest, UINT32 in);
 
-int sh_util_set_newkey (char * new)
+int sh_util_set_newkey (const char * new_in)
 {
   size_t i, j = 0;
@@ -964 +963 @@
   long ii, k = 0;
   UINT32    * h1;
+  char * new;
 
   if (0 != sl_is_suid())
@@ -973 +973 @@
     }
         
-  if (new == NULL || new[0] == '\0')
+  if (new_in == NULL || new_in[0] == '\0')
     {
       fprintf(stderr, 
@@ -981 +981 @@
       return -1;
     }
+
+  if (NULL == (new = malloc(strlen(new_in) + 1)))
+    goto bail_mem;
+  sl_strncpy(new, new_in, strlen(new_in) + 1);
+
   key = new;
   len = strlen(new);
@@ -1158 +1163 @@
 /* server mode 
  */
-int sh_util_setserver (char * dummy)
+int sh_util_setserver (const char * dummy)
 {
   SL_ENTER(_("sh_util_setserver"));
 
-  if (dummy)
-    sh.flag.isserver = GOOD;
-  else
-    sh.flag.isserver = GOOD;
+  (void) dummy;
+  sh.flag.isserver = GOOD;
   SL_RETURN((0),_("sh_util_setserver"));
 }
 
 
-int sh_util_setlooptime (char * str)
+int sh_util_setlooptime (const char * str)
 {
   int i = atoi (str);
@@ -1187 +1190 @@
 
 #if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE)
-int  sh_util_setchecksum (char * str)
+int  sh_util_setchecksum (const char * str)
 {
   static int reject = 0;

trunk/src/slib.c

@@ -6 +6 @@
 #include <stdarg.h>
 #include <string.h>
-
+#include <limits.h>
 
 #include <unistd.h>
@@ -98 +98 @@
 static FILE * trace_fp     = NULL;
 
-int  sl_trace_use (char * dummy)
+int  sl_trace_use (const char * dummy)
 {
   if (dummy)
@@ -107 +107 @@
 }
 
-int  sl_trace_file (char * str)
+int  sl_trace_file (const char * str)
 {
   if (!str)
@@ -1638 +1638 @@
 
 static
-int sl_open_file (char *filename, int mode, int priv)
+int sl_open_file (const char *filename, int mode, int priv)
 {
   struct stat   lbuf;
@@ -1848 +1848 @@
 
 static
-int check_fname_priv (char * fname, int priv)
+int check_fname_priv (const char * fname, int priv)
 {
   SL_ENTER(_("check_fname_priv"));
@@ -1858 +1858 @@
 }
   
-SL_TICKET sl_open_write (char * fname, int priv)
+SL_TICKET sl_open_write (const char * fname, int priv)
 {
   long status;
@@ -1870 +1870 @@
 }
 
-SL_TICKET sl_open_read (char * fname, int priv)
+SL_TICKET sl_open_read (const char * fname, int priv)
 {
   long status;
@@ -1887 +1887 @@
 }
 
-SL_TICKET sl_open_fastread (char * fname, int priv)
+SL_TICKET sl_open_fastread (const char * fname, int priv)
 {
   long status;
@@ -1899 +1899 @@
 }
 
-SL_TICKET sl_open_rdwr (char * fname, int priv)
+SL_TICKET sl_open_rdwr (const char * fname, int priv)
 {
   long status;
@@ -1911 +1911 @@
 }
 
-SL_TICKET sl_open_safe_rdwr (char * fname, int priv)
+SL_TICKET sl_open_safe_rdwr (const char * fname, int priv)
 {
   long status;
@@ -1923 +1923 @@
 }
 
-SL_TICKET sl_open_write_trunc (char * fname, int priv)
+SL_TICKET sl_open_write_trunc (const char * fname, int priv)
 {
   long status;
@@ -1935 +1935 @@
 }
 
-SL_TICKET sl_open_rdwr_trunc (char * fname, int priv)
+SL_TICKET sl_open_rdwr_trunc (const char * fname, int priv)
 {
   long status;
@@ -2490 +2490 @@
 }
 
-
+/* ---------------------------------------------------------------- 
+ *
+ *    Overflow tests
+ *
+ * ---------------------------------------------------------------- */
+
+int sl_ok_muli (int a, int b) /* a*b */
+{
+  if (a >= (INT_MIN / b) && a <= (INT_MAX / b))
+    return SL_TRUE; /* no overflow */
+  return SL_FALSE;
+}
+
+int sl_ok_divi (int a, int b) /* a/b */
+{
+  (void) a;
+  if (b != 0)
+    return SL_TRUE; /* no overflow */
+  return SL_FALSE;
+}
+
+int sl_ok_addi (int a, int b) /* a+b */
+{
+  if (a >= 0 && b >= 0)
+    {
+      if (a <= (INT_MAX - b))
+        return SL_TRUE; /* no overflow */
+      else
+        return SL_FALSE;
+    }
+  else if (a < 0 && b < 0)
+    {
+      if (a >= (INT_MIN - b))
+        return SL_TRUE; /* no overflow */
+      else
+        return SL_FALSE;
+    }
+  return SL_TRUE;
+}
+
+int sl_ok_subi (int a, int b) /* a-b */
+{
+  if (a >= 0 && b < 0)
+    {
+      if (a <= (INT_MAX + b))
+        return SL_TRUE; /* no overflow */
+      else
+        return SL_FALSE;
+    }
+  else if (a < 0 && b >= 0)
+    {
+      if (a >= (INT_MIN + b))
+        return SL_TRUE; /* no overflow */
+      else
+        return SL_FALSE;
+    }
+  return SL_TRUE;
+}

trunk/test/testrun_1b.sh

@@ -102 +102 @@
     rm -f $PW_DIR/test_log_prelude
 
-    ( "$PM" --textmod -l $PW_DIR/test_log_prelude >/dev/null 2>&1 )&
+    "$PM" --textmod -l $PW_DIR/test_log_prelude --listen 127.0.0.1:5500 >/dev/null 2>&1 &
     PID=$!
 
-    ./samhain -t check -p none -l info --set-prelude-severity=info >/dev/null
+    sleep 5
+
+    ./samhain -t check -p none -l info --set-prelude-severity=info --prelude --server-addr 127.0.0.1:5500 >/dev/null
     
     if test x$? = x0; then
@@ -166 +168 @@
             else
                 BUILDOPTS="--quiet $TRUST --enable-debug --with-prelude --with-gpg=${GPG} --with-checksum=no --enable-micro-stealth=137 --enable-login-watch --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$RCFILE  --with-log-file=$PW_DIR/.samhain_log --with-pid-file=$PW_DIR/.samhain_lock --with-data-file=$PW_DIR/.samhain_file"
-                testrun1b_internal "${BUILDOPTS}"
+                testrun1b_internal "${BUILDOPTS} CFLAGS=-DSH_NOFAILOVER=1"
                 do_test_1b_2
                 if [ $? -eq 0 ]; then