- Location:
- /trunk
- Files:
-
- 2 added
- 6 deleted
- 98 edited
-
COPYING (modified) (1 diff)
-
Makefile.in (modified) (4 diffs)
-
configure.ac (modified) (2 diffs)
-
depend.dep (modified) (1 diff)
-
depend.sum (modified) (1 diff)
-
deploy.sh.in (modified) (1 diff)
-
docs/Changelog (modified) (2 diffs)
-
docs/MANUAL-2_0.html.tar (added)
-
docs/MANUAL-2_0.ps (added)
-
docs/MANUAL-2_2.html.tar (deleted)
-
docs/MANUAL-2_2.pdf (deleted)
-
docs/README.UPGRADE (modified) (1 diff)
-
dsys/comBUILD (modified) (1 diff)
-
dsys/comCHECKSRC (modified) (1 diff)
-
dsys/comCLEAN (modified) (1 diff)
-
dsys/comDOWNLOAD (modified) (2 diffs)
-
dsys/comINSTALL (modified) (1 diff)
-
dsys/comUNINSTALL (modified) (1 diff)
-
dsys/funcBUILD (modified) (1 diff)
-
dsys/funcDB (modified) (1 diff)
-
dsys/funcDIALOG (modified) (1 diff)
-
dsys/funcEXE (modified) (1 diff)
-
dsys/funcINSTALL (modified) (1 diff)
-
dsys/funcPRINT (modified) (1 diff)
-
dsys/funcSETUP (modified) (1 diff)
-
dsys/initscript (modified) (1 diff)
-
dsys/postinstall (modified) (1 diff)
-
dsys/preinstall (modified) (1 diff)
-
include/samhain.h (modified) (2 diffs)
-
include/sh_calls.h (modified) (1 diff)
-
include/sh_database.h (modified) (1 diff)
-
include/sh_error.h (modified) (9 diffs)
-
include/sh_extern.h (modified) (4 diffs)
-
include/sh_files.h (modified) (5 diffs)
-
include/sh_forward.h (modified) (6 diffs)
-
include/sh_hash.h (modified) (1 diff)
-
include/sh_ignore.h (modified) (1 diff)
-
include/sh_mail.h (modified) (3 diffs)
-
include/sh_prelink.h (modified) (1 diff)
-
include/sh_prelude.h (modified) (2 diffs)
-
include/sh_tiger.h (modified) (1 diff)
-
include/sh_tools.h (modified) (3 diffs)
-
include/sh_unix.h (modified) (6 diffs)
-
include/sh_utils.h (modified) (2 diffs)
-
man/samhain.8 (modified) (2 diffs)
-
man/samhainrc.5 (modified) (4 diffs)
-
scripts/README (modified) (1 diff)
-
scripts/samhainadmin.pl.in (modified) (2 diffs)
-
scripts/samhainrc_update.sh (modified) (1 diff)
-
src/cutest_sh_unix.c (deleted)
-
src/cutest_sh_utils.c (deleted)
-
src/cutest_slib.c (deleted)
-
src/make-tests.sh (modified) (1 diff)
-
src/samhain.c (modified) (14 diffs)
-
src/samhain_setpwd.c (modified) (7 diffs)
-
src/sh_calls.c (modified) (1 diff)
-
src/sh_database.c (modified) (9 diffs)
-
src/sh_entropy.c (modified) (5 diffs)
-
src/sh_err_console.c (modified) (2 diffs)
-
src/sh_err_log.c (modified) (11 diffs)
-
src/sh_err_syslog.c (modified) (1 diff)
-
src/sh_error.c (modified) (17 diffs)
-
src/sh_extern.c (modified) (28 diffs)
-
src/sh_fifo.c (modified) (3 diffs)
-
src/sh_files.c (modified) (25 diffs)
-
src/sh_forward.c (modified) (25 diffs)
-
src/sh_getopt.c (modified) (7 diffs)
-
src/sh_gpg.c (modified) (3 diffs)
-
src/sh_hash.c (modified) (2 diffs)
-
src/sh_html.c (modified) (3 diffs)
-
src/sh_ignore.c (modified) (3 diffs)
-
src/sh_kern.c (modified) (1 diff)
-
src/sh_mail.c (modified) (20 diffs)
-
src/sh_mem.c (modified) (4 diffs)
-
src/sh_prelink.c (modified) (3 diffs)
-
src/sh_prelude.c (modified) (23 diffs)
-
src/sh_readconf.c (modified) (22 diffs)
-
src/sh_schedule.c (modified) (2 diffs)
-
src/sh_socket.c (modified) (7 diffs)
-
src/sh_srp.c (modified) (3 diffs)
-
src/sh_static.c (modified) (3 diffs)
-
src/sh_suidchk.c (modified) (13 diffs)
-
src/sh_tiger0.c (modified) (8 diffs)
-
src/sh_tools.c (modified) (15 diffs)
-
src/sh_unix.c (modified) (37 diffs)
-
src/sh_userfiles.c (modified) (2 diffs)
-
src/sh_utils.c (modified) (20 diffs)
-
src/sh_utmp.c (modified) (1 diff)
-
src/slib.c (modified) (13 diffs)
-
src/yulectl.c (modified) (5 diffs)
-
test/test.sh (modified) (13 diffs)
-
test/testcompile.sh (modified) (35 diffs)
-
test/testext.sh (modified) (3 diffs)
-
test/testhash.sh (modified) (1 diff)
-
test/testrc_2.in (modified) (1 diff)
-
test/testrun_1.sh (modified) (10 diffs)
-
test/testrun_1a.sh (modified) (1 diff)
-
test/testrun_1b.sh (modified) (3 diffs)
-
test/testrun_1c.sh (deleted)
-
test/testrun_2.sh (modified) (20 diffs)
-
test/testrun_2a.sh (modified) (12 diffs)
-
test/testrun_2b.sh (modified) (7 diffs)
-
test/testrun_2c.sh (modified) (2 diffs)
-
test/testrun_2d.sh (modified) (2 diffs)
-
test/testtimesrv.sh (modified) (4 diffs)
-
yulerc.template (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
-
/trunk/COPYING
r30 r20 131 131 132 132 (vi) Support for the MD5 hash algorithm is provided by code 133 from b usybox which is distributed under theGPL.134 135 /* md5.c - Functions to compute MD5 message digest of files or memory blocks136 * according to the definition of MD5 in RFC 1321 from April 1992.137 * Copyright (C) 1995, 1996 Free Software Foundation, Inc.138 *139 * NOTE: The canonical source of this file is maintained with the GNU C140 * Library. Bugs can be reported to bug-glibc@prep.ai.mit.edu.141 *142 * This program is free software; you can redistribute it and/or modify it143 * under the terms of the GNU General Public License as published by the144 * Free Software Foundation; either version 2, or (at your option) any145 * later version.146 *147 * This program is distributed in the hope that it will be useful,148 * but WITHOUT ANY WARRANTY; without even the implied warranty of149 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the150 * GNU General Public License for more details.151 *152 * You should have received a copy of the GNU General Public License153 * along with this program; if not, write to the Free Software Foundation,154 * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.155 */156 157 /* Written by Ulrich Drepper <drepper@gnu.ai.mit.edu>, 1995. */158 133 from beecrypt which is distributed under the LGPL. 134 135 /* 136 * md5.c 137 * 138 * MD5 hash function, code 139 * 140 * Copyright (c) 2000 Virtual Unlimited B.V. 141 * 142 * Author: Bob Deblier <bob@virtualunlimited.com> 143 * 144 * This library is free software; you can redistribute it and/or 145 * modify it under the terms of the GNU Lesser General Public 146 * License as published by the Free Software Foundation; either 147 * version 2.1 of the License, or (at your option) any later version. 148 * 149 * This library is distributed in the hope that it will be useful, 150 * but WITHOUT ANY WARRANTY; without even the implied warranty of 151 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 152 * Lesser General Public License for more details. 153 * 154 * You should have received a copy of the GNU Lesser General Public 155 * License along with this library; if not, write to the Free Software 156 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 157 * USA 158 */ 159 159 160 160 (vi) Support for the SHA-1 hash algorithm is provided by code -
/trunk/Makefile.in
r30 r20 152 152 testtimesrv.sh \ 153 153 testext.sh testrc_1ext.in test_ext.c.in \ 154 testrun_1.sh testrun_1a.sh testrun_1b.sh testr un_1c.sh testrc_1 \154 testrun_1.sh testrun_1a.sh testrun_1b.sh testrc_1 \ 155 155 testrun_2.sh testrun_2a.sh testrun_2b.sh testrc_2.in \ 156 156 testrun_2c.sh testrun_2d.sh … … 793 793 echo $(top_srcdir)/docs/HOWTO-client+server.html >> debian/docs; \ 794 794 echo $(top_srcdir)/docs/HOWTO-samhain+GnuPG.html >> debian/docs; \ 795 echo $(top_srcdir)/docs/MANUAL-2_ 2.html.tar >> debian/docs; \796 echo $(top_srcdir)/docs/MANUAL-2_ 2.pdf>> debian/docs; \795 echo $(top_srcdir)/docs/MANUAL-2_0.html.tar >> debian/docs; \ 796 echo $(top_srcdir)/docs/MANUAL-2_0.ps >> debian/docs; \ 797 797 echo $(top_srcdir)/docs/README.gcc_bug >> debian/docs; \ 798 798 echo $(top_srcdir)/docs/README.LZO >> debian/docs; \ … … 1090 1090 1091 1091 CUTEST_SOURCES = $(srcsrc)/cutest_sh_tools.c \ 1092 $(srcsrc)/cutest_sh_utils.c \1093 $(srcsrc)/cutest_sh_unix.c \1094 $(srcsrc)/cutest_slib.c \1095 1092 $(srcsrc)/cutest_zAVLTree.c \ 1096 1093 $(srcsrc)/cutest_sh_tiger0.c 1097 1094 1098 CUTEST_OBJECTS = cutest_sh_tools.o \ 1099 cutest_sh_utils.o \ 1100 cutest_sh_unix.o \ 1101 cutest_slib.o \ 1102 cutest_zAVLTree.o \ 1103 cutest_sh_tiger0.o 1095 CUTEST_OBJECTS = cutest_sh_tools.o cutest_zAVLTree.o cutest_sh_tiger0.o 1104 1096 1105 1097 $(CUTEST_OBJECTS): $(CUTEST_SOURCES) … … 1609 1601 sh_err_console.o: $(srcsrc)/sh_err_console.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_utils.h 1610 1602 sh_err_syslog.o: $(srcsrc)/sh_err_syslog.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h 1611 sh_schedule.o: $(srcsrc)/sh_schedule.c Makefile config_xor.h $(srcinc)/s amhain.h $(srcinc)/sh_mem.h $(srcinc)/sh_schedule.h1603 sh_schedule.o: $(srcsrc)/sh_schedule.c Makefile config_xor.h $(srcinc)/sh_mem.h $(srcinc)/sh_schedule.h 1612 1604 bignum.o: $(srcsrc)/bignum.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/bignum.h 1613 1605 mkhdr.o: $(srcsrc)/mkhdr.c Makefile config.h -
/trunk/configure.ac
r30 r20 37 37 dnl start 38 38 dnl 39 AM_INIT_AUTOMAKE(samhain, 2.2.0rc 3)39 AM_INIT_AUTOMAKE(samhain, 2.2.0rc1) 40 40 AC_CANONICAL_HOST 41 41 … … 763 763 ;; 764 764 *) 765 AM_PATH_LIBPRELUDE([0.9. 6],765 AM_PATH_LIBPRELUDE([0.9.0], 766 766 [ 767 767 AC_DEFINE(HAVE_LIBPRELUDE,1,[Have libprelude]) -
/trunk/depend.dep
r30 r20 34 34 sh_err_console.o: $(srcsrc)/sh_err_console.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_utils.h 35 35 sh_err_syslog.o: $(srcsrc)/sh_err_syslog.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h 36 sh_schedule.o: $(srcsrc)/sh_schedule.c Makefile config_xor.h $(srcinc)/s amhain.h $(srcinc)/sh_mem.h $(srcinc)/sh_schedule.h36 sh_schedule.o: $(srcsrc)/sh_schedule.c Makefile config_xor.h $(srcinc)/sh_mem.h $(srcinc)/sh_schedule.h 37 37 bignum.o: $(srcsrc)/bignum.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/bignum.h 38 38 mkhdr.o: $(srcsrc)/mkhdr.c Makefile config.h -
/trunk/depend.sum
r30 r20 1 2018699483 1 3476546078 -
/trunk/deploy.sh.in
r30 r20 1 1 #! /bin/sh 2 3 #4 # Copyright Rainer Wichmann (2005)5 #6 # License Information:7 # This program is free software; you can redistribute it and/or modify8 # it under the terms of the GNU General Public License as published by9 # the Free Software Foundation; either version 2 of the License, or10 # (at your option) any later version.11 #12 # This program is distributed in the hope that it will be useful,13 # but WITHOUT ANY WARRANTY; without even the implied warranty of14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the15 # GNU General Public License for more details.16 #17 # You should have received a copy of the GNU General Public License18 # along with this program; if not, write to the Free Software19 # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.20 #21 2 22 3 #VERSION2.0 -
/trunk/docs/Changelog
r30 r20 1 1 2.2.0: 2 * patch by Jim Simmons for samhainadmin.pl.in3 * fix testsuite portability problems4 * fix md5 endianess problem detected on HP-UX 11i / PA-RISC 87005 * fix potential NULL dereference in sh_utmp_endutent()6 * patch by Neil Gorsuch for suidchk.c (do not scan lustre, afs, mmfs)7 * fix sh_ext_popen (OpenBSD needs non-null argv[0] in execve)8 * fix make_tests.sh portability (echo '"\n"' does not work on OpenBSD)9 * fix bug in sh_utils_obscurename (check isascii)10 * scan h_aliases for FQDN if h_name is not11 * add copyright/license info to test scripts12 * add copyright/license info to deployment system scripts13 * support server-to-server relay14 * new CL option --server-port15 * minor improvements in manual16 * patch by Yoann Vandoorselaere for sh_prelude.c17 * allow --longopt arg as well as --longopt=arg18 * verify checksum of growing log files (up to previous size)19 * rewrite of the test suite20 2 * added a bit of unit testing 3 * improved the windows howto according to suggestions by 4 Jorge Morgado 21 5 * minor optimizations in various places 22 6 * optimized implementation of tiger checksum algorithm … … 31 15 * slib.c: remove fcntl's from sl_read_timeout (caller sets O_NONBLOCK), 32 16 add function sl_read_timeout_prep 33 34 2.1.3 (13-03-2006):35 * fix compile problem in slib.c (reported by Lawrence Bowie)36 * fix bug with combination of one-shot update mode and file check37 schedule (reportedby Dan Track)38 * improved the windows howto according to suggestions by39 Jorge Morgado40 * fix samhain_hide kernel module for new linux kernel versions41 * fix minor problem with dead client detection (problem reported42 by Michal Kustosik)43 17 44 18 2.1.2 (10-01-2006): -
/trunk/docs/README.UPGRADE
r30 r20 1 2 since 2.2.0: server-to-server relay is possible3 4 -- this implies that problems will arise if your server is misconfigured5 to connect to itself (SetExportSeverity is explicitely set6 to a threshold different from 'none', and the logserver is set to7 localhost). The server may deadlock in this case.8 9 10 11 1 since 2.1.0: update and daemon mode can be combined 12 2 -
/trunk/dsys/comBUILD
r30 r20 4 4 # 5 5 ######################################################################### 6 #7 # Copyright Rainer Wichmann (2005)8 #9 # License Information:10 # This program is free software; you can redistribute it and/or modify11 # it under the terms of the GNU General Public License as published by12 # the Free Software Foundation; either version 2 of the License, or13 # (at your option) any later version.14 #15 # This program is distributed in the hope that it will be useful,16 # but WITHOUT ANY WARRANTY; without even the implied warranty of17 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the18 # GNU General Public License for more details.19 #20 # You should have received a copy of the GNU General Public License21 # along with this program; if not, write to the Free Software22 # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.23 #24 6 25 7 commandBUILD() { -
/trunk/dsys/comCHECKSRC
r30 r20 4 4 # 5 5 ######################################################################### 6 #7 # Copyright Rainer Wichmann (2005)8 #9 # License Information:10 # This program is free software; you can redistribute it and/or modify11 # it under the terms of the GNU General Public License as published by12 # the Free Software Foundation; either version 2 of the License, or13 # (at your option) any later version.14 #15 # This program is distributed in the hope that it will be useful,16 # but WITHOUT ANY WARRANTY; without even the implied warranty of17 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the18 # GNU General Public License for more details.19 #20 # You should have received a copy of the GNU General Public License21 # along with this program; if not, write to the Free Software22 # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.23 #24 6 25 7 commandCHECKSRC() { -
/trunk/dsys/comCLEAN
r30 r20 4 4 # 5 5 ######################################################################### 6 #7 # Copyright Rainer Wichmann (2005)8 #9 # License Information:10 # This program is free software; you can redistribute it and/or modify11 # it under the terms of the GNU General Public License as published by12 # the Free Software Foundation; either version 2 of the License, or13 # (at your option) any later version.14 #15 # This program is distributed in the hope that it will be useful,16 # but WITHOUT ANY WARRANTY; without even the implied warranty of17 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the18 # GNU General Public License for more details.19 #20 # You should have received a copy of the GNU General Public License21 # along with this program; if not, write to the Free Software22 # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.23 #24 6 25 7 commandCLEAN() { -
/trunk/dsys/comDOWNLOAD
r30 r20 4 4 # 5 5 ######################################################################### 6 #7 # Copyright Rainer Wichmann (2005)8 #9 # License Information:10 # This program is free software; you can redistribute it and/or modify11 # it under the terms of the GNU General Public License as published by12 # the Free Software Foundation; either version 2 of the License, or13 # (at your option) any later version.14 #15 # This program is distributed in the hope that it will be useful,16 # but WITHOUT ANY WARRANTY; without even the implied warranty of17 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the18 # GNU General Public License for more details.19 #20 # You should have received a copy of the GNU General Public License21 # along with this program; if not, write to the Free Software22 # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.23 #24 6 25 7 commandDOWNLOAD() { … … 129 111 if test -z "$command" 130 112 then 131 printFATAL "No wget, curl, lynx, links, lwp-request, fetch , fgetin your \$PATH, cannot download"113 printFATAL "No wget, curl, lynx, links, lwp-request, fetch in your \$PATH, cannot download" 132 114 fi 133 115 -
/trunk/dsys/comINSTALL
r30 r20 4 4 # 5 5 ######################################################################### 6 #7 # Copyright Rainer Wichmann (2005)8 #9 # License Information:10 # This program is free software; you can redistribute it and/or modify11 # it under the terms of the GNU General Public License as published by12 # the Free Software Foundation; either version 2 of the License, or13 # (at your option) any later version.14 #15 # This program is distributed in the hope that it will be useful,16 # but WITHOUT ANY WARRANTY; without even the implied warranty of17 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the18 # GNU General Public License for more details.19 #20 # You should have received a copy of the GNU General Public License21 # along with this program; if not, write to the Free Software22 # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.23 #24 6 25 7 commandINSTALL() { -
/trunk/dsys/comUNINSTALL
r30 r20 4 4 # 5 5 ######################################################################### 6 #7 # Copyright Rainer Wichmann (2005)8 #9 # License Information:10 # This program is free software; you can redistribute it and/or modify11 # it under the terms of the GNU General Public License as published by12 # the Free Software Foundation; either version 2 of the License, or13 # (at your option) any later version.14 #15 # This program is distributed in the hope that it will be useful,16 # but WITHOUT ANY WARRANTY; without even the implied warranty of17 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the18 # GNU General Public License for more details.19 #20 # You should have received a copy of the GNU General Public License21 # along with this program; if not, write to the Free Software22 # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.23 #24 6 25 7 commandUNINSTALL() { -
/trunk/dsys/funcBUILD
r30 r20 4 4 # 5 5 ######################################################################### 6 #7 # Copyright Rainer Wichmann (2005)8 #9 # License Information:10 # This program is free software; you can redistribute it and/or modify11 # it under the terms of the GNU General Public License as published by12 # the Free Software Foundation; either version 2 of the License, or13 # (at your option) any later version.14 #15 # This program is distributed in the hope that it will be useful,16 # but WITHOUT ANY WARRANTY; without even the implied warranty of17 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the18 # GNU General Public License for more details.19 #20 # You should have received a copy of the GNU General Public License21 # along with this program; if not, write to the Free Software22 # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.23 #24 6 25 7 #------------------------------------------------------------------------ -
/trunk/dsys/funcDB
r30 r20 4 4 # 5 5 ######################################################################### 6 #7 # Copyright Rainer Wichmann (2005)8 #9 # License Information:10 # This program is free software; you can redistribute it and/or modify11 # it under the terms of the GNU General Public License as published by12 # the Free Software Foundation; either version 2 of the License, or13 # (at your option) any later version.14 #15 # This program is distributed in the hope that it will be useful,16 # but WITHOUT ANY WARRANTY; without even the implied warranty of17 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the18 # GNU General Public License for more details.19 #20 # You should have received a copy of the GNU General Public License21 # along with this program; if not, write to the Free Software22 # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.23 #24 6 25 7 DBFTEST=0 -
/trunk/dsys/funcDIALOG
r30 r20 4 4 # 5 5 ######################################################################### 6 #7 # Copyright Rainer Wichmann (2005)8 #9 # License Information:10 # This program is free software; you can redistribute it and/or modify11 # it under the terms of the GNU General Public License as published by12 # the Free Software Foundation; either version 2 of the License, or13 # (at your option) any later version.14 #15 # This program is distributed in the hope that it will be useful,16 # but WITHOUT ANY WARRANTY; without even the implied warranty of17 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the18 # GNU General Public License for more details.19 #20 # You should have received a copy of the GNU General Public License21 # along with this program; if not, write to the Free Software22 # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.23 #24 6 25 7 # print without newline -
/trunk/dsys/funcEXE
r30 r20 4 4 # 5 5 ######################################################################### 6 #7 # Copyright Rainer Wichmann (2005)8 #9 # License Information:10 # This program is free software; you can redistribute it and/or modify11 # it under the terms of the GNU General Public License as published by12 # the Free Software Foundation; either version 2 of the License, or13 # (at your option) any later version.14 #15 # This program is distributed in the hope that it will be useful,16 # but WITHOUT ANY WARRANTY; without even the implied warranty of17 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the18 # GNU General Public License for more details.19 #20 # You should have received a copy of the GNU General Public License21 # along with this program; if not, write to the Free Software22 # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.23 #24 6 25 7 findEXE() { -
/trunk/dsys/funcINSTALL
r30 r20 4 4 # 5 5 ######################################################################### 6 #7 # Copyright Rainer Wichmann (2005)8 #9 # License Information:10 # This program is free software; you can redistribute it and/or modify11 # it under the terms of the GNU General Public License as published by12 # the Free Software Foundation; either version 2 of the License, or13 # (at your option) any later version.14 #15 # This program is distributed in the hope that it will be useful,16 # but WITHOUT ANY WARRANTY; without even the implied warranty of17 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the18 # GNU General Public License for more details.19 #20 # You should have received a copy of the GNU General Public License21 # along with this program; if not, write to the Free Software22 # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.23 #24 6 25 7 getconfopts () { -
/trunk/dsys/funcPRINT
r30 r20 4 4 # 5 5 ######################################################################### 6 #7 # Copyright Rainer Wichmann (2005)8 #9 # License Information:10 # This program is free software; you can redistribute it and/or modify11 # it under the terms of the GNU General Public License as published by12 # the Free Software Foundation; either version 2 of the License, or13 # (at your option) any later version.14 #15 # This program is distributed in the hope that it will be useful,16 # but WITHOUT ANY WARRANTY; without even the implied warranty of17 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the18 # GNU General Public License for more details.19 #20 # You should have received a copy of the GNU General Public License21 # along with this program; if not, write to the Free Software22 # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.23 #24 6 25 7 # Fatal error -
/trunk/dsys/funcSETUP
r30 r20 4 4 # 5 5 ######################################################################### 6 #7 # Copyright Rainer Wichmann (2005)8 #9 # License Information:10 # This program is free software; you can redistribute it and/or modify11 # it under the terms of the GNU General Public License as published by12 # the Free Software Foundation; either version 2 of the License, or13 # (at your option) any later version.14 #15 # This program is distributed in the hope that it will be useful,16 # but WITHOUT ANY WARRANTY; without even the implied warranty of17 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the18 # GNU General Public License for more details.19 #20 # You should have received a copy of the GNU General Public License21 # along with this program; if not, write to the Free Software22 # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.23 #24 6 25 7 # test setup -
/trunk/dsys/initscript
r30 r20 1 1 #! /bin/sh 2 3 #4 # Copyright Rainer Wichmann (2005)5 #6 # License Information:7 # This program is free software; you can redistribute it and/or modify8 # it under the terms of the GNU General Public License as published by9 # the Free Software Foundation; either version 2 of the License, or10 # (at your option) any later version.11 #12 # This program is distributed in the hope that it will be useful,13 # but WITHOUT ANY WARRANTY; without even the implied warranty of14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the15 # GNU General Public License for more details.16 #17 # You should have received a copy of the GNU General Public License18 # along with this program; if not, write to the Free Software19 # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.20 #21 2 22 3 startup=no -
/trunk/dsys/postinstall
r30 r20 1 1 #! /bin/sh 2 3 #4 # Copyright Rainer Wichmann (2005)5 #6 # License Information:7 # This program is free software; you can redistribute it and/or modify8 # it under the terms of the GNU General Public License as published by9 # the Free Software Foundation; either version 2 of the License, or10 # (at your option) any later version.11 #12 # This program is distributed in the hope that it will be useful,13 # but WITHOUT ANY WARRANTY; without even the implied warranty of14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the15 # GNU General Public License for more details.16 #17 # You should have received a copy of the GNU General Public License18 # along with this program; if not, write to the Free Software19 # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.20 #21 2 22 3 name=`./samhain-install.sh --print-config name` -
/trunk/dsys/preinstall
r30 r20 1 1 #! /bin/sh 2 #3 # Copyright Rainer Wichmann (2005)4 #5 # License Information:6 # This program is free software; you can redistribute it and/or modify7 # it under the terms of the GNU General Public License as published by8 # the Free Software Foundation; either version 2 of the License, or9 # (at your option) any later version.10 #11 # This program is distributed in the hope that it will be useful,12 # but WITHOUT ANY WARRANTY; without even the implied warranty of13 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the14 # GNU General Public License for more details.15 #16 # You should have received a copy of the GNU General Public License17 # along with this program; if not, write to the Free Software18 # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.19 #20 2 21 3 name=`./samhain-install.sh --print-config name` -
/trunk/include/samhain.h
r30 r20 138 138 SH_LEVEL_USER0 = 7, 139 139 SH_LEVEL_USER1 = 8, 140 SH_LEVEL_USER2 = 9, 141 SH_LEVEL_USER3 = 10, 142 SH_LEVEL_USER4 = 11, 143 SH_LEVEL_PRELINK = 12 140 SH_LEVEL_PRELINK = 9 144 141 }; 145 142 … … 293 290 /*@null@*/ extern sh_key_t *skey; 294 291 295 /**************************************************296 *297 * macros298 *299 **************************************************/300 301 /* signal-safe log function302 */303 int safe_logger (int signal, int method, char * details);304 void safe_fatal (int signal, int method, char * details, char *f, int l);305 306 #define SH_VALIDATE_EQ(a,b) \307 do { \308 if ((a) != (b)) safe_fatal(0, 0, #a " != " #b, FIL__, __LINE__);\309 } while (0)310 311 #define SH_VALIDATE_NE(a,b) \312 do { \313 if ((a) == (b)) safe_fatal(0, 0, #a " == " #b, FIL__, __LINE__);\314 } while (0)315 292 316 293 #if defined(HAVE_MLOCK) && !defined(HAVE_BROKEN_MLOCK) -
/trunk/include/sh_calls.h
r30 r20 33 33 /* Set aud functions 34 34 */ 35 int sh_aud_set_functions(c onst char * str_s);35 int sh_aud_set_functions(char * str_s); 36 36 37 37 -
/trunk/include/sh_database.h
r30 r20 5 5 int sh_database_insert (char * message); 6 6 7 int sh_database_use_persistent (c onst char * str);7 int sh_database_use_persistent (char * str); 8 8 9 int sh_database_set_database (c onst char * str);10 int sh_database_set_table (c onst char * str);11 int sh_database_set_host (c onst char * str);12 int sh_database_set_user (c onst char * str);13 int sh_database_set_password (c onst char * str);14 int sh_database_add_to_hash (c onst char * str);15 int set_enter_wrapper (c onst char * str);9 int sh_database_set_database (char * str); 10 int sh_database_set_table (char * str); 11 int sh_database_set_host (char * str); 12 int sh_database_set_user (char * str); 13 int sh_database_set_password (char * str); 14 int sh_database_add_to_hash (char * str); 15 int set_enter_wrapper (char * str); 16 16 #endif -
/trunk/include/sh_error.h
r30 r20 30 30 SH_ERR_T_START = 0, 31 31 32 /* 1- 13= SH_LEVEL_XXX */32 /* 1-9 = SH_LEVEL_XXX */ 33 33 34 34 SH_ERR_T_RO = SH_LEVEL_READONLY, … … 40 40 SH_ERR_T_USER0 = SH_LEVEL_USER0, 41 41 SH_ERR_T_USER1 = SH_LEVEL_USER1, 42 SH_ERR_T_USER2 = SH_LEVEL_USER2,43 SH_ERR_T_USER3 = SH_LEVEL_USER3,44 SH_ERR_T_USER4 = SH_LEVEL_USER4,45 42 SH_ERR_T_PRELINK = SH_LEVEL_PRELINK, 46 43 47 SH_ERR_T_DIR = 1 3,48 SH_ERR_T_FILE = 1 4,49 SH_ERR_T_NAME = 1 5,44 SH_ERR_T_DIR = 10, 45 SH_ERR_T_FILE = 11, 46 SH_ERR_T_NAME = 12, 50 47 51 SH_ERR_T_END = 1 648 SH_ERR_T_END = 13 52 49 }; 53 50 … … 84 81 /* set mask for message class 85 82 */ 86 int sh_error_log_mask (c onst char * c);87 int sh_error_print_mask (c onst char * c);88 int sh_error_mail_mask (c onst char * c);89 int sh_error_export_mask (c onst char * c);90 int sh_error_syslog_mask (c onst char * c);91 int sh_error_external_mask (c onst char * c);92 int sh_error_database_mask (c onst char * c);93 int sh_error_prelude_mask (c onst char * c);83 int sh_error_log_mask (char * c); 84 int sh_error_print_mask (char * c); 85 int sh_error_mail_mask (char * c); 86 int sh_error_export_mask (char * c); 87 int sh_error_syslog_mask (char * c); 88 int sh_error_external_mask (char * c); 89 int sh_error_database_mask (char * c); 90 int sh_error_prelude_mask (char * c); 94 91 95 92 … … 102 99 #ifdef SH_WITH_SERVER 103 100 void sh_error_set_peer(const char * str); 104 int set_flag_sep_log (c onst char * str);101 int set_flag_sep_log (char * str); 105 102 #endif 106 103 … … 111 108 /* convert a string to a numeric priority 112 109 */ 113 int sh_error_convert_level (c onst char * str_s);110 int sh_error_convert_level (char * str_s); 114 111 115 112 /* only to stderr (GOOD/BAD) … … 119 116 /* set syslog facility 120 117 */ 121 int sh_log_set_facility (c onst char * c);118 int sh_log_set_facility (char * c); 122 119 123 120 /* define message header 124 121 */ 125 int sh_error_ehead (/*@null@*/c onst char * s);122 int sh_error_ehead (/*@null@*/char * s); 126 123 127 124 /* set level for error logging … … 131 128 /* set severity levels 132 129 */ 133 int sh_error_set_iv (int iv, c onst char * severity_s);130 int sh_error_set_iv (int iv, char * severity_s); 134 131 135 132 /* set priorities … … 181 178 /* (re)set the console device(s) 182 179 */ 183 int sh_log_set_console (c onst char * address);180 int sh_log_set_console (char * address); 184 181 void reset_count_dev_console(void); 185 182 … … 191 188 /* enable message queue 192 189 */ 193 int enable_msgq(c onst char * foo);190 int enable_msgq(char * foo); 194 191 #endif 195 192 -
/trunk/include/sh_extern.h
r30 r20 43 43 * -- add CL argument, return # of arguments 44 44 */ 45 int sh_ext_tas_add_argv(sh_tas_t * tas, c onst char * val);45 int sh_ext_tas_add_argv(sh_tas_t * tas, char * val); 46 46 /* 47 47 * -- remove last CL argument … … 51 51 * -- add environment variable, return # of variables 52 52 */ 53 int sh_ext_tas_add_envv(sh_tas_t * tas, c onst char * key, constchar * val);53 int sh_ext_tas_add_envv(sh_tas_t * tas, char * key, char * val); 54 54 /* 55 55 * -- set command 56 56 */ 57 void sh_ext_tas_command(sh_tas_t * tas, c onst char * command);57 void sh_ext_tas_command(sh_tas_t * tas, char * command); 58 58 /* 59 59 * -- initialize task structure … … 71 71 * -- start a new external command, and add it to the list 72 72 */ 73 int sh_ext_setcommand(c onst char * cmd);73 int sh_ext_setcommand(char * cmd); 74 74 75 75 /* … … 81 81 * -- set deadtime 82 82 */ 83 int sh_ext_deadtime (c onst char * str);83 int sh_ext_deadtime (char * str); 84 84 85 85 /* 86 86 * -- add keywords to the OR filter 87 87 */ 88 int sh_ext_add_or (c onst char * str);88 int sh_ext_add_or (char * str); 89 89 90 90 /* 91 91 * -- add keywords to the AND filter 92 92 */ 93 int sh_ext_add_and (c onst char * str);93 int sh_ext_add_and (char * str); 94 94 95 95 /* 96 96 * -- add keywords to the NOT filter 97 97 */ 98 int sh_ext_add_not (c onst char * str);98 int sh_ext_add_not (char * str); 99 99 100 100 /* 101 101 * -- add keywords to the CL argument list 102 102 */ 103 int sh_ext_add_argv (c onst char * str);103 int sh_ext_add_argv (char * str); 104 104 105 105 /* 106 106 * -- add a path to the environment 107 107 */ 108 int sh_ext_add_default (c onst char * str);108 int sh_ext_add_default (char * str); 109 109 110 110 /* 111 111 * -- add an environment variable 112 112 */ 113 int sh_ext_add_environ (c onst char * str);113 int sh_ext_add_environ (char * str); 114 114 115 115 /* 116 116 * -- define type 117 117 */ 118 int sh_ext_type (c onst char * str);118 int sh_ext_type (char * str); 119 119 120 120 /* 121 121 * -- define checksum 122 122 */ 123 int sh_ext_checksum (c onst char * str);123 int sh_ext_checksum (char * str); 124 124 125 125 /* 126 126 * -- choose privileges 127 127 */ 128 int sh_ext_priv (c onst char * c);128 int sh_ext_priv (char * c); 129 129 130 130 /* -
/trunk/include/sh_files.h
r30 r20 23 23 /* register exceptions to hardlink check 24 24 */ 25 int sh_files_hle_reg (c onst char * str);25 int sh_files_hle_reg (char * str); 26 26 27 27 /* check the setup … … 35 35 /* activate hardlink check 36 36 */ 37 int sh_files_check_hardlinks (c onst char * opt);37 int sh_files_check_hardlinks (char * opt); 38 38 39 39 /* set recursion depth … … 43 43 /* report only once 44 44 */ 45 int sh_files_reportonce(c onst char * c);45 int sh_files_reportonce(char * c); 46 46 47 47 /* report full details 48 48 */ 49 int sh_files_fulldetail(c onst char * c);49 int sh_files_fulldetail(char * c); 50 50 51 51 /* reset the 'checked' flag … … 67 67 /* push a directory on the stack USER0 68 68 */ 69 int sh_files_pushdir_user0 (c onst char * dirName);69 int sh_files_pushdir_user0 (char * dirName); 70 70 71 71 /* push a directory on the stack USER1 72 72 */ 73 int sh_files_pushdir_user1 (const char * dirName); 74 75 /* push a directory on the stack USER2 76 */ 77 int sh_files_pushdir_user2 (const char * dirName); 78 79 /* push a directory on the stack USER3 80 */ 81 int sh_files_pushdir_user3 (const char * dirName); 82 83 /* push a directory on the stack USER4 84 */ 85 int sh_files_pushdir_user4 (const char * dirName); 73 int sh_files_pushdir_user1 (char * dirName); 86 74 87 75 /* push a directory on the stack PRELINK 88 76 */ 89 int sh_files_pushdir_prelink (c onst char * dirName);77 int sh_files_pushdir_prelink (char * dirName); 90 78 91 79 /* push a directory on the stack ATTR 92 80 */ 93 int sh_files_pushdir_attr (c onst char * dirName);81 int sh_files_pushdir_attr (char * dirName); 94 82 95 83 /* push a directory on the stack READONLY 96 84 */ 97 int sh_files_pushdir_ro (c onst char * dirName);85 int sh_files_pushdir_ro (char * dirName); 98 86 99 87 /* push a directory on the stack LOGFILE 100 88 */ 101 int sh_files_pushdir_log (c onst char * dirName);89 int sh_files_pushdir_log (char * dirName); 102 90 103 91 /* push a directory on the stack GROWING LOGFILE 104 92 */ 105 int sh_files_pushdir_glog (c onst char * dirName);93 int sh_files_pushdir_glog (char * dirName); 106 94 107 95 /* push a directory on the stack IGNORE NONE 108 96 */ 109 int sh_files_pushdir_noig (c onst char * dirName);97 int sh_files_pushdir_noig (char * dirName); 110 98 111 99 /* push a directory on the stack IGNORE ALL 112 100 */ 113 int sh_files_pushdir_allig (c onst char * dirName);101 int sh_files_pushdir_allig (char * dirName); 114 102 115 103 116 104 /* push a file on the stack USER0 117 105 */ 118 int sh_files_pushfile_user0 (c onst char * dirName);106 int sh_files_pushfile_user0 (char * dirName); 119 107 120 108 /* push a file on the stack USER1 121 109 */ 122 int sh_files_pushfile_user1 (const char * dirName); 123 124 /* push a file on the stack USER2 125 */ 126 int sh_files_pushfile_user2 (const char * dirName); 127 128 /* push a file on the stack USER3 129 */ 130 int sh_files_pushfile_user3 (const char * dirName); 131 132 /* push a file on the stack USER4 133 */ 134 int sh_files_pushfile_user4 (const char * dirName); 110 int sh_files_pushfile_user1 (char * dirName); 135 111 136 112 /* push a file on the stack PRELINK 137 113 */ 138 int sh_files_pushfile_prelink (c onst char * dirName);114 int sh_files_pushfile_prelink (char * dirName); 139 115 140 116 /* push a file on the stack ATTR 141 117 */ 142 int sh_files_pushfile_attr (c onst char * dirName);118 int sh_files_pushfile_attr (char * dirName); 143 119 144 120 /* push a file on the stack READONLY 145 121 */ 146 int sh_files_pushfile_ro (c onst char * dirName);122 int sh_files_pushfile_ro (char * dirName); 147 123 148 124 /* push a file on the stack LOGFILE 149 125 */ 150 int sh_files_pushfile_log (c onst char * dirName);126 int sh_files_pushfile_log (char * dirName); 151 127 152 128 /* push a file on the stack GROWING LOGFILE 153 129 */ 154 int sh_files_pushfile_glog (c onst char * dirName);130 int sh_files_pushfile_glog (char * dirName); 155 131 156 132 /* push a file on the stack IGNORE NONE 157 133 */ 158 int sh_files_pushfile_noig (c onst char * dirName);134 int sh_files_pushfile_noig (char * dirName); 159 135 160 136 /* push a file on the stack IGNORE ALL 161 137 */ 162 int sh_files_pushfile_allig (c onst char * dirName);138 int sh_files_pushfile_allig (char * dirName); 163 139 164 140 … … 177 153 /* redefine policies 178 154 */ 179 int sh_files_redef_user0(const char * str); 180 int sh_files_redef_user1(const char * str); 181 int sh_files_redef_user2(const char * str); 182 int sh_files_redef_user3(const char * str); 183 int sh_files_redef_user4(const char * str); 184 int sh_files_redef_prelink(const char * str); 185 int sh_files_redef_readonly(const char * str); 186 int sh_files_redef_loggrow(const char * str); 187 int sh_files_redef_logfiles(const char * str); 188 int sh_files_redef_attributes(const char * str); 189 int sh_files_redef_noignore(const char * str); 190 int sh_files_redef_allignore(const char * str); 155 int sh_files_redef_user0(char * str); 156 int sh_files_redef_user1(char * str); 157 int sh_files_redef_prelink(char * str); 158 int sh_files_redef_readonly(char * str); 159 int sh_files_redef_loggrow(char * str); 160 int sh_files_redef_logfiles(char * str); 161 int sh_files_redef_attributes(char * str); 162 int sh_files_redef_noignore(char * str); 163 int sh_files_redef_allignore(char * str); 191 164 192 165 -
/trunk/include/sh_forward.h
r30 r20 32 32 /* set time limit 33 33 */ 34 int sh_forward_set_time_limit(c onst char * str);34 int sh_forward_set_time_limit(char * str); 35 35 36 36 /* error level for lookup failure 37 37 */ 38 int sh_forward_lookup_level (c onst char * c);38 int sh_forward_lookup_level (char * c); 39 39 40 40 /* create client entry for given password … … 42 42 int sh_forward_make_client (const char * str); 43 43 44 /* set port to which we connect45 */46 int sh_forward_server_port (const char * str);47 48 44 #ifdef SH_WITH_SERVER 49 45 50 46 #ifdef INET_SYSLOG 51 int set_syslog_active(c onst char * c);47 int set_syslog_active(char * c); 52 48 #endif 53 49 … … 59 55 * and set by accept() 60 56 */ 61 int set_socket_peer (c onst char * c);57 int set_socket_peer (char * c); 62 58 63 59 /* whether to use client severity 64 60 */ 65 int sh_forward_use_clt_sev (c onst char * c);61 int sh_forward_use_clt_sev (char * c); 66 62 67 63 /* whether to use client class 68 64 */ 69 int sh_forward_use_clt_class (c onst char * c);65 int sh_forward_use_clt_class (char * c); 70 66 71 67 /* server port 72 68 */ 73 int sh_forward_set_port(c onst char * c);69 int sh_forward_set_port(char * c); 74 70 75 71 /* server interface 76 72 */ 77 int sh_forward_set_interface(c onst char * c);73 int sh_forward_set_interface(char * c); 78 74 79 75 /* a wrapper function … … 83 79 /* register a client 84 80 */ 85 int sh_forward_register_client (c onst char * str);81 int sh_forward_register_client (char * str); 86 82 87 83 /* start server … … 95 91 #endif 96 92 97 #if defined(SH_WITH_CLIENT) || defined(SH_WITH_SERVER)93 #ifdef SH_WITH_CLIENT 98 94 /* talk to server 99 95 */ 100 96 long sh_forward (char * errmsg); 101 97 102 /* set log server103 */104 int sh_forward_setlogserver (const char * address);105 void reset_count_dev_server(void);106 #endif107 108 #ifdef SH_WITH_CLIENT109 98 110 99 /* request file from server. file may be "CONF" or "DATA". … … 112 101 long sh_forward_req_file (char * file); 113 102 103 /* set log server 104 */ 105 int sh_forward_setlogserver (char * address); 106 void reset_count_dev_server(void); 107 114 108 #endif 115 109 -
/trunk/include/sh_hash.h
r30 r20 42 42 /* version string for database 43 43 */ 44 int sh_hash_version_string(c onst char * str);44 int sh_hash_version_string(char * str); 45 45 46 46 /* List database content -
/trunk/include/sh_ignore.h
r30 r20 2 2 #define SH_IGNORE_H 3 3 4 int sh_ignore_add_del (c onst char * addpath);5 int sh_ignore_add_new (c onst char * addpath);4 int sh_ignore_add_del (char * addpath); 5 int sh_ignore_add_new (char * addpath); 6 6 7 7 int sh_ignore_chk_del (const char * chkpath); -
/trunk/include/sh_mail.h
r30 r20 26 26 /* set a relay server 27 27 */ 28 int sh_mail_set_relay (c onst char * str_s);28 int sh_mail_set_relay (char * str_s); 29 29 30 30 /* send to all recpts. in one mail 31 31 */ 32 int sh_mail_setFlag (c onst char * str);32 int sh_mail_setFlag (char * str); 33 33 34 34 /* set the subject string 35 35 */ 36 int set_mail_subject (c onst char * str);36 int set_mail_subject (char * str); 37 37 38 38 /* test mailbox … … 44 44 #define SH_MAX_FAIL 48 45 45 46 int sh_mail_setNum (c onst char * str);46 int sh_mail_setNum (char * str); 47 47 48 int sh_mail_setaddress (c onst char * address);48 int sh_mail_setaddress (char * address); 49 49 void reset_count_dev_mail(void); 50 int sh_mail_setaddress_int (c onst char * address);50 int sh_mail_setaddress_int (char * address); 51 51 52 52 /* call if not urgent … … 60 60 /* set sender of mail 61 61 */ 62 int sh_mail_set_sender (c onst char *str);62 int sh_mail_set_sender (char *str); 63 63 64 int sh_mail_add_or (c onst char * str);65 int sh_mail_add_and (c onst char * str);66 int sh_mail_add_not (c onst char * str);64 int sh_mail_add_or (char * str); 65 int sh_mail_add_and (char * str); 66 int sh_mail_add_not (char * str); 67 67 68 68 #endif -
/trunk/include/sh_prelink.h
r30 r20 14 14 /* configuration 15 15 */ 16 int sh_prelink_set_path (c onst char * str);17 int sh_prelink_set_hash (c onst char * str);16 int sh_prelink_set_path (char * str); 17 int sh_prelink_set_hash (char * str); 18 18 #endif -
/trunk/include/sh_prelude.h
r30 r20 6 6 int sh_prelude_init(); 7 7 8 int sh_prelude_set_profile(c onst char *arg);8 int sh_prelude_set_profile(char *arg); 9 9 10 10 int sh_prelude_alert (int priority, int class, char * message, … … 13 13 /* map severity levels 14 14 */ 15 int sh_prelude_map_info (c onst char * str);16 int sh_prelude_map_low (c onst char * str);17 int sh_prelude_map_medium (c onst char * str);18 int sh_prelude_map_high (c onst char * str);15 int sh_prelude_map_info (char * str); 16 int sh_prelude_map_low (char * str); 17 int sh_prelude_map_medium (char * str); 18 int sh_prelude_map_high (char * str); 19 19 20 20 #endif -
/trunk/include/sh_tiger.h
r30 r20 22 22 /* NEW Thu Oct 18 19:59:08 CEST 2001 23 23 */ 24 int sh_tiger_hashtype (c onst char * c);24 int sh_tiger_hashtype (char * c); 25 25 char * sh_tiger_generic_hash (char * filename, TigerType what, 26 26 UINT64 Length, int timeout); -
/trunk/include/sh_tools.h
r30 r20 53 53 54 54 55 #if defined (SH_WITH_CLIENT) || defined(SH_WITH_SERVER)55 #if defined (SH_WITH_CLIENT) 56 56 57 57 unsigned long write_port (int sockfd, char *buf, unsigned long nbytes, … … 65 65 unsigned long * length, char * u); 66 66 67 /* 68 SL_TICKET open_tmp (void); 69 int close_tmp (SL_TICKET fd); 70 int rewind_tmp (SL_TICKET fd); 71 */ 67 68 SL_TICKET open_tmp (void); 69 int close_tmp (SL_TICKET fd); 70 int rewind_tmp (SL_TICKET fd); 72 71 73 72 void sh_tools_server_cmd(const char * srvcmd); … … 79 78 #endif 80 79 81 #if defined(SH_WITH_CLIENT) || defined(SH_WITH_SERVER) || defined(SH_STEALTH) || defined(WITH_GPG) || defined(WITH_PGP)82 SL_TICKET open_tmp (void);83 int close_tmp (SL_TICKET fd);84 int rewind_tmp (SL_TICKET fd);85 #endif86 80 87 81 #endif -
/trunk/include/sh_unix.h
r30 r20 99 99 extern unsigned long mask_USER0; 100 100 extern unsigned long mask_USER1; 101 extern unsigned long mask_USER2;102 extern unsigned long mask_USER3;103 extern unsigned long mask_USER4;104 101 /* like READONLY, but without MTM,CTM,SIZ,INO, abd with PREL) 105 102 */ … … 144 141 int sh_unix_munlock(void * addr, size_t len); 145 142 int sh_unix_count_mlock(); 146 /* public for unit tests */147 int sh_unix_pagesize();148 unsigned long sh_unix_lookup_page(void * in_addr, size_t len, int * num_pages);149 143 150 144 /* chroot directory … … 154 148 /* whether to use localtime for file timesatams in logs 155 149 */ 156 int sh_unix_uselocaltime (c onst char * c);150 int sh_unix_uselocaltime (char * c); 157 151 158 152 /* set I/O limit 159 153 */ 160 int sh_unix_set_io_limit (c onst char * c);154 int sh_unix_set_io_limit (char * c); 161 155 void sh_unix_io_pause (); 162 156 … … 205 199 /* checksum of own binary 206 200 */ 207 int sh_unix_self_hash (c onst char * c);201 int sh_unix_self_hash (char * c); 208 202 209 203 /* return BAD on failure … … 213 207 /* add a trusted user to the list 214 208 */ 215 int tf_add_trusted_user(c onst char *);209 int tf_add_trusted_user(char *); 216 210 217 211 /* check a file … … 230 224 /* set the timeserver address 231 225 */ 232 int sh_unix_settimeserver (c onst char * address);226 int sh_unix_settimeserver (char * address); 233 227 void reset_count_dev_time(void); 234 228 -
/trunk/include/sh_utils.h
r30 r20 65 65 /* set signature type HASH-TIGER/HMAC-TIGER 66 66 */ 67 int sh_util_sigtype (c onst char * c);67 int sh_util_sigtype (char * c); 68 68 69 69 /* compute a signature … … 83 83 /* don't log output files 84 84 */ 85 int sh_util_hidesetup(c onst char * c);85 int sh_util_hidesetup(char * c); 86 86 87 87 /* exceptions to obscure name check 88 88 */ 89 int sh_util_obscure_ok (c onst char * str);89 int sh_util_obscure_ok (char * str); 90 90 91 91 /* read a hexchar -
/trunk/man/samhain.8
r30 r20 48 48 .SS "MISCELLANEOUS" 49 49 .PP 50 51 .B samhain52 .RI \-\-server\-port= portnumber53 50 54 51 .B samhain … … 303 300 .SS "MISCELLANEOUS OPTIONS" 304 301 .PP 305 306 .B samhain307 .RI \-\-server\-port= portnumber308 309 Choose the port on the server host to which the client will connect.310 302 311 303 .B samhain -
/trunk/man/samhainrc.5
r30 r20 96 96 .TP 97 97 .I "[User1]" 98 .TP99 .I "[User2]"100 .TP101 .I "[User3]"102 .TP103 .I "[User4]"104 98 These are reserved for user-defined policies. 105 99 .TP … … 178 172 .br 179 173 .BI SeverityUser0= val, 180 .br181 .BI SeverityUser1= val,182 .br183 .BI SeverityUser2= val,184 .br185 .BI SeverityUser3= val,186 174 and 187 175 .br 188 .BI SeverityUser 4= val176 .BI SeverityUser1= val 189 177 define the error levels for failures to verify the integrity of 190 178 files/directories of the respective types. I.e. if such a file shows … … 526 514 sets the hostname for the log server. 527 515 .br 528 .BI SetServerPort= portnumber529 sets the port on the server to connect to.530 .br531 516 .BI SetDatabasePath= AUTO|/path 532 517 Path to database (AUTO to tack hostname on compiled-in path). … … 562 547 .BI RedefUser1= +/-XXX,+/-YYY,... 563 548 Add or subtract tests XXX from the User1 policy. 564 .br565 .BI RedefUser2= +/-XXX,+/-YYY,...566 Add or subtract tests XXX from the User2 policy.567 .br568 .BI RedefUser3= +/-XXX,+/-YYY,...569 Add or subtract tests XXX from the User3 policy.570 .br571 .BI RedefUser4= +/-XXX,+/-YYY,...572 Add or subtract tests XXX from the User4 policy.573 549 .TP 574 550 .B Server Only -
/trunk/scripts/README
r30 r20 40 40 This script will do this automatically. Run 'samhainrc_update.sh -h' 41 41 for usage instructions. You may need to change the location of the 42 samhainrc file by editing the line ' cfgfile="/etc/samhainrc"'42 samhainrc file by editing the line 'SAMHAIN_CFG="/etc/samhainrc"' 43 43 at the beginning of the script. 44 44 -
/trunk/scripts/samhainadmin.pl.in
r30 r20 29 29 use Fcntl qw(:DEFAULT :flock); 30 30 31 # Do I/O to the data file in binary mode (so it32 # wouldn't complain about invalid UTF-8 characters).33 use bytes;34 35 31 File::Temp->safe_level( File::Temp::HIGH ); 36 32 … … 519 515 $action = 'f'; 520 516 } 521 elsif (defined ($opts{'create- datafile'})) {517 elsif (defined ($opts{'create-cfgfile'})) { 522 518 $action = 'D'; 523 519 } 524 elsif (defined ($opts{'print- datafile'})) {520 elsif (defined ($opts{'print-cfgfile'})) { 525 521 $action = 'd'; 526 522 } -
/trunk/scripts/samhainrc_update.sh
r30 r20 1 #! /bin/sh 2 3 # ----------------------------------------------------------------------- 4 # The default configuration file 5 # ----------------------------------------------------------------------- 6 7 cfgfile="/etc/samhainrc" 8 9 # ----------------------------------------------------------------------- 10 # Be Bourne compatible 11 # ----------------------------------------------------------------------- 12 13 if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then 14 emulate sh 15 NULLCMD=: 16 elif test -n "${BASH_VERSION+set}" && (set -o posix) >/dev/null 2>&1; then 17 set -o posix 1 #!/bin/bash 2 # ----------------------------------------------------------------------------- 3 # @brief: update the kernel options in the samhain configuration 4 # file, after a new kernel has been compiled 5 # @author: marc heisterkamp <marzheister@web.de> 6 # ----------------------------------------------------------------------------- 7 8 SAMHAIN_CFG="/etc/samhainrc" 9 10 BLUE="[34;01m" 11 CYAN="[36;01m" 12 GREEN="[32;01m" 13 DARK_GREEN="[32m" 14 RED="[31;01m" 15 PURPLE="[35;01m" 16 WHITE="[37;01m" 17 DARK_GRAY="[30;01m" 18 LIGHT_GRAY="[37m" 19 YELLOW="[33;01m" 20 BROWN="[33m" 21 OFF="[0m" 22 23 24 SYSTEM_MAP="" 25 new_cfg='' 26 scriptname="$0" 27 28 # global variables for system adresses (extracted from System.map) 29 SYS_CALL='' 30 SYS_CALL_TABLE='' 31 PROC_ROOT='' 32 PROC_ROOT_IOPS='' 33 PROC_ROOT_LOOKUP='' 34 35 # Make sure the user has root permissions 36 if [ $UID -ne 0 ] ; then 37 echo "You must be root to run this script. Exiting." 38 exit 1 18 39 fi 19 40 20 programname="$0" 21 sysmap= 22 23 # ----------------------------------------------------------------------- 24 # Print help 25 # ----------------------------------------------------------------------- 26 27 showhelp() { 28 echo 29 echo "$programname - update samhain config file after kernel update" 30 echo 31 echo "OPTIONS:" 32 echo 33 echo " -u|--update </path/to/System.map>" 34 echo " Update the configuration file with new" 35 echo " settings as taken from </path/to/System.map>" 36 echo 37 echo " -c|--config-file </path/to/config-file>" 38 echo " Specify the configuration file to update [${cfgfile}]" 39 echo 40 echo " -p|--print-only </path/to/System.map>" 41 echo " Print new settings, don't modify anything" 42 echo 43 echo " -h|--help" 44 echo " Print this help" 45 echo 46 echo " -n|--nocolor" 47 echo " (ignored, legacy support)" 48 echo 49 } 50 51 52 # ----------------------------------------------------------------------- 53 # Death strikes 54 # ----------------------------------------------------------------------- 55 56 die() { 57 echo ${1+"$@"} >&2 58 { (exit 1); exit 1; } 59 } 60 61 # ----------------------------------------------------------------------- 62 # Get new settings from </path/to/System.map> 63 # ----------------------------------------------------------------------- 64 65 system_call= 66 syscall_table= 67 proc_root= 68 proc_root_inode_operations= 69 proc_root_lookup= 70 71 get_new_settings() { 72 73 if [ -z "$sysmap" ]; then 74 die "No System.map specified" 75 fi 76 if [ -f "$sysmap" ]; then 77 if [ -r "$sysmap" ]; then 78 system_call=`egrep '[[:alnum:]]{8}[[:space:]]+[[:alpha:]]{1}[[:space:]]+system_call$' ${sysmap} | awk '{ print $1 }'` 79 syscall_table=`egrep '[[:alnum:]]{8}[[:space:]]+[[:alpha:]]{1}[[:space:]]+sys_call_table$' ${sysmap} | awk '{ print $1 }'` 80 proc_root=`egrep '[[:alnum:]]{8}[[:space:]]+[[:alpha:]]{1}[[:space:]]+proc_root$' ${sysmap} | awk '{ print $1 }'` 81 proc_root_inode_operations=`egrep '[[:alnum:]]{8}[[:space:]]+[[:alpha:]]{1}[[:space:]]+proc_root_inode_operations$' ${sysmap} | awk '{ print $1 }'` 82 proc_root_lookup=`egrep '[[:alnum:]]{8}[[:space:]]+[[:alpha:]]{1}[[:space:]]+proc_root_lookup$' ${sysmap} | awk '{ print $1 }'` 83 else 84 die "System.map ${sysmap} not readable" 85 fi 86 else 87 die "System.map ${sysmap} not found" 88 fi 89 test -z "${system_call}" && die "system_call not found in ${cfgfile}" 90 test -z "${syscall_table}" && die "sys_call_table not found in ${cfgfile}" 91 test -z "${proc_root}" && die "proc_root not found in ${cfgfile}" 92 test -z "${proc_root_inode_operations}" && die "proc_root_inode_operations not found in ${cfgfile}" 93 test -z "${proc_root_lookup}" && die "proc_root_lookup not found in ${cfgfile}" 94 95 } 96 97 # ----------------------------------------------------------------------- 98 # Print new settings 99 # ----------------------------------------------------------------------- 100 101 run_print() { 102 get_new_settings 103 echo 104 echo "KernelSystemCall = 0x${system_call}" 105 echo "KernelSyscallTable = 0x${syscall_table}" 106 echo "KernelProcRoot = 0x${proc_root}" 107 echo "KernelProcRootIops = 0x${proc_root_inode_operations}" 108 echo "KernelProcRootLookup = 0x${proc_root_lookup}" 109 echo 110 } 111 112 # ----------------------------------------------------------------------- 113 # Replace a setting 114 # ----------------------------------------------------------------------- 115 116 # set ignorecase 117 # search pattern 118 # delete current line 119 # insert 120 # single dot == end of insert text 121 # save and exit 122 123 run_replace() { 124 item="$1" 125 address="$2" 126 ex -s "$cfgfile" <<EOF 127 :set ic 128 :/^[[:blank:]]*$1[[:blank:]]*= 129 :d 130 :i 131 $item = $address 132 . 133 :x 134 EOF 135 } 136 137 # ----------------------------------------------------------------------- 138 # Add a setting 139 # ----------------------------------------------------------------------- 140 141 # set ignorecase 142 # search pattern ([Kernel] section) 143 # append (next line) 144 # single dot == end of insert text 145 # save and exit 146 147 run_add() { 148 item="$1" 149 address="$2" 150 ex -s "$cfgfile" <<EOF 151 :set ic 152 :/^[[:space:]]*\[Kernel\] 153 :a 154 $item = $address 155 . 156 :x 157 EOF 158 } 159 160 # ----------------------------------------------------------------------- 161 # Update with new settings 162 # ----------------------------------------------------------------------- 163 164 run_update() { 165 166 get_new_settings 167 168 if [ -z "$cfgfile" ]; then 169 die "No configuration file specified" 170 fi 171 if [ ! -w "$cfgfile" ]; then 172 die "Configuration file ${cfgfile} not writeable" 173 fi 174 egrep '^[[:space:]]*\[Kernel\]' "$cfgfile" >/dev/null 175 if [ $? -ne 0 ]; then 176 die "No [Kernel] section in configuration file $cfgfile" 177 fi 178 179 cat "$cfgfile" | egrep -i 'KernelProcRootLookup' >/dev/null 180 if [ $? -eq 0 ]; then 181 run_replace 'KernelProcRootLookup' "0x${proc_root_lookup}" 182 else 183 run_add 'KernelProcRootLookup' "0x${proc_root_lookup}" 184 fi 185 186 cat "$cfgfile" | egrep -i 'KernelProcRootIops' >/dev/null 187 if [ $? -eq 0 ]; then 188 run_replace 'KernelProcRootIops' "0x${proc_root_inode_operations}" 189 else 190 run_add 'KernelProcRootIops' "0x${proc_root_inode_operations}" 191 fi 192 193 cat "$cfgfile" | egrep -i 'KernelProcRoot[[:space:]]*=' >/dev/null 194 if [ $? -eq 0 ]; then 195 run_replace 'KernelProcRoot' "0x${proc_root}" 196 else 197 run_add 'KernelProcRoot' "0x${proc_root}" 198 fi 199 200 cat "$cfgfile" | egrep -i 'KernelSyscallTable' >/dev/null 201 if [ $? -eq 0 ]; then 202 run_replace 'KernelSyscallTable' "0x${syscall_table}" 203 else 204 run_add 'KernelSyscallTable' "0x${syscall_table}" 205 fi 206 207 cat "$cfgfile" | egrep -i 'KernelSystemCall' >/dev/null 208 if [ $? -eq 0 ]; then 209 run_replace 'KernelSystemCall' "0x${system_call}" 210 else 211 run_add 'KernelSystemCall' "0x${system_call}" 212 fi 213 214 } 215 216 # ----------------------------------------------------------------------- 217 # Parse command line 218 # ----------------------------------------------------------------------- 219 220 sysmap= 221 action= 222 223 for option 224 do 225 226 # If the previous option needs an argument, assign it. 227 # 228 if test -n "$opt_prev"; then 229 eval "$opt_prev=\$option" 230 eval export "$opt_prev" 231 opt_prev= 232 continue 41 42 #------------------------------------------------------------------------------ 43 # usage 44 #------------------------------------------------------------------------------ 45 function print_usage() { 46 47 cat >&2 <<EOHELP 48 49 update the samhainrc configuration file with new kernel system addresses 50 (i.e: after kernel compilation) by extracting these from the new System.map 51 file 52 53 SYNOPSIS 54 $scriptname [ ${GREEN}--help${OFF} ] 55 [ ${GREEN}--nocolor${OFF} ] 56 [ ${GREEN}--print-only${OFF} ] <System.map> 57 [ ${GREEN}--update${OFF} ] <System.map> 58 59 OPTIONS 60 ${GREEN}-h${OFF} ${GREEN}--help${OFF} 61 Show help. 62 63 ${GREEN}--nocolor${OFF} 64 Disable color hilighting for non ANSI-compatible terms. 65 66 ${GREEN}-p${OFF} ${GREEN}--print-only${OFF} <System.map> 67 Print the extracted system adresses and do not write them to the 68 samhain configuration file. 69 70 ${GREEN}-u${OFF} ${GREEN}--update${OFF} <System.map> 71 Update the samhainrc configuration file with new kernel system 72 addresses from the given System.map file 73 74 EOHELP 75 exit 0 76 } 77 78 79 #------------------------------------------------------------------------------ 80 # parses the command line options 81 # param in: all parameters given to the script 82 #------------------------------------------------------------------------------ 83 function parse_cmd_line() { 84 85 # parse the command-line 86 while [ -n "$1" ]; do 87 case "$1" in 88 --help|-h) 89 print_usage 90 ;; 91 --nocolor|-n) 92 unset DARK_GREEN GREEN RED BROWN LIGHT_GRAY WHITE OFF 93 ;; 94 --print-only|-p) 95 shift 96 SYSTEM_MAP="$1" 97 get_system_addresses 98 print_system_addresses 99 break 100 ;; 101 --update|-u) 102 shift 103 SYSTEM_MAP="$1" 104 get_system_addresses 105 print_system_addresses 106 replace_system_addresses 107 ;; 108 -*) 109 echo "$scriptname: unknown option $1. Exiting" >&2 110 exit 1 111 ;; 112 esac 113 shift 114 done 115 } 116 117 118 #------------------------------------------------------------------------------ 119 # extract system adresses from given System.map file and save to global 120 # variables 121 #------------------------------------------------------------------------------ 122 function get_system_addresses() { 123 124 if [ -z "$SYSTEM_MAP" ] ; then 125 echo 126 echo "No System.map specified. Exiting" >&2 127 echo 128 exit 1 233 129 fi 234 130 235 case "$option" in 236 -*=*) 237 optarg=`echo "$option" | sed 's/[-_a-zA-Z0-9]*=//'` 238 ;; 239 *) 240 optarg= 241 ;; 242 esac 243 244 case "$option" in 245 246 -h|--help) 247 showhelp 248 exit 0 249 ;; 250 251 -n|--nocolor) 252 ;; 253 254 -c|--config-file) 255 opt_prev=cfgfile 256 ;; 257 258 -c=* | --config-file=*) 259 cfgfile="$optarg" 260 ;; 261 262 -p|--print-only) 263 opt_prev=sysmap 264 action=p 265 ;; 266 267 268 -p=* | --print-only=*) 269 sysmap="$optarg" 270 action=p 271 ;; 272 273 -u|--update) 274 opt_prev=sysmap 275 action=u 276 ;; 277 278 -u=* | --update=*) 279 sysmap="$optarg" 280 action=u 281 ;; 282 283 esac 284 285 done 286 287 if [ x"$action" = xp ]; then 288 run_print 289 exit 0 131 if [ ! -f "$SYSTEM_MAP" ] ; then 132 echo 133 echo "Could not find System.map: $SYSTEM_MAP. Exiting" >&2 134 echo 135 exit 1 136 fi 137 138 # 1. this is the address of system_call (grep system_call System.map) 139 # KernelSystemCall = 0xc0106cf8 140 SYS_CALL="0x`grep system_call $SYSTEM_MAP | cut -d' ' -f1`" 141 142 # 2. this is the address of sys_call_table (grep ' sys_call_table' System.map) 143 # KernelSyscallTable = 0xc01efb98 144 SYS_CALL_TABLE="0x`grep sys_call_table $SYSTEM_MAP | cut -d' ' -f1`" 145 146 # 3. this is the address of proc_root (grep ' proc_root$' System.map) 147 # KernelProcRoot = 0xc01efb98 148 PROC_ROOT="0x`grep ' proc_root$' $SYSTEM_MAP | cut -d' ' -f1`" 149 150 # 4. this is the address of proc_root_inode_operations 151 # (grep proc_root_inode_operations System.map) 152 # KernelProcRootIops = 0xc01efb98 153 PROC_ROOT_IOPS="0x`grep proc_root_inode_operations $SYSTEM_MAP | cut -d' ' -f1`" 154 155 # 5. this is the address of proc_root_lookup 156 # (grep proc_root_lookup System.map) 157 # KernelProcRootLookup = 0xc01efb98 158 PROC_ROOT_LOOKUP="0x`grep proc_root_lookup $SYSTEM_MAP | cut -d' ' -f1`" 159 } 160 161 162 #------------------------------------------------------------------------------ 163 # extract system adresses from given System.map file and save to global 164 # variables 165 #------------------------------------------------------------------------------ 166 function replace_system_addresses() { 167 168 if [ -z "$SAMHAIN_CFG" ] ; then 169 echo "Could not find your samhainrc config file: $SAMHAIN_CFG. Exiting" >&2 170 exit 1 171 fi 172 173 echo 174 echo "Replacing current kernel system addresses in: $SAMHAIN_CFG" 175 176 # 1. replace current 'KernelSystemCall' setting 177 new_cfg=`sed -e "s/^\(KernelSystemCall[[:blank:]]*=\)[[:blank:]]*\(.*\)/\1 ${SYS_CALL}/" $SAMHAIN_CFG` 178 179 # 2. replace current 'KernelSyscallTable' setting 180 new_cfg=`echo "$new_cfg" | sed -e "s/^\(KernelSyscallTable[[:blank:]]*=\)[[:blank:]]*\(.*\)/\1 ${SYS_CALL_TABLE}/"` 181 182 # 3. replace current 'KernelProcRoot' setting 183 new_cfg=`echo "$new_cfg" | sed -e "s/^\(KernelProcRoot[[:blank:]]*=\)[[:blank:]]*\(.*\)/\1 ${PROC_ROOT}/"` 184 185 # 4. replace current 'KernelProcRootIops' setting 186 new_cfg=`echo "$new_cfg" | sed -e "s/^\(KernelProcRootIops[[:blank:]]*=\)[[:blank:]]*\(.*\)/\1 ${PROC_ROOT_IOPS}/"` 187 188 # 5. replace current 'KernelSystemCall' setting 189 new_cfg=`echo "$new_cfg" | sed -e "s/^\(KernelProcRootLookup[[:blank:]]*=\)[[:blank:]]*\(.*\)/\1 ${PROC_ROOT_LOOKUP}/"` 190 191 echo "Backup old samhainrc $SAMHAIN_CFG to $SAMHAIN_CFG.bak" 192 193 # backup old samhainrc config file 194 mv "$SAMHAIN_CFG" "$SAMHAIN_CFG.bak" 195 196 # write new samhainrc config file 197 echo "$new_cfg" > "$SAMHAIN_CFG" 198 199 echo "Successfully updated kernel system addresses." 200 echo 201 } 202 203 204 #------------------------------------------------------------------------------ 205 # print samhain required system adresses 206 #------------------------------------------------------------------------------ 207 function print_system_addresses() { 208 209 echo 210 echo "your kernel system addresses from: `basename $SYSTEM_MAP`" 211 echo 212 echo " KernelSystemCall = $SYS_CALL" 213 echo " KernelSyscallTable = $SYS_CALL_TABLE" 214 echo " KernelProcRoot = $PROC_ROOT" 215 echo " KernelProcRootIops = $PROC_ROOT_IOPS" 216 echo " KernelProcRootLookup = $PROC_ROOT_LOOKUP" 217 echo 218 219 } 220 221 if [ $# -eq 0 ] ; then 222 print_usage 290 223 fi 291 if [ x"$action" = xu ]; then 292 run_update 293 exit 0 294 fi 295 296 showhelp 297 exit 1 224 225 parse_cmd_line $* 226 227 exit 0 -
/trunk/src/make-tests.sh
r30 r20 49 49 CuSuiteDetails(suite, output); 50 50 if (suite->failCount > 0) 51 fprintf(stderr, "%s %c", output->buffer, 0x0A);51 fprintf(stderr, "%s\n", output->buffer); 52 52 else 53 fprintf(stdout, "%s %c", output->buffer, 0x0A);53 fprintf(stdout, "%s\n", output->buffer); 54 54 return suite->failCount; 55 55 } -
/trunk/src/samhain.c
r30 r20 382 382 */ 383 383 (void) sl_strlcpy (sh.host.name, _("localhost"), SH_MINIBUF); 384 sh.host.system[0] = '\0'; /* flawfinder: ignore *//* ff bug */384 sh.host.system[0] = '\0'; 385 385 sh.host.release[0] = '\0'; 386 386 sh.host.machine[0] = '\0'; … … 582 582 skey->mailkey_old[0] = '\0'; 583 583 skey->mailkey_new[0] = '\0'; 584 skey->crypt[0] = '\0'; /* flawfinder: ignore *//* ff bug */584 skey->crypt[0] = '\0'; 585 585 skey->session[0] = '\0'; 586 586 skey->vernam[0] = '\0'; … … 725 725 char exef[128]; 726 726 727 if (!pidlist)728 return NULL;729 730 727 for (i = 0; i < 65535; ++i) pidlist[i] = 0; 731 728 i = 0; 732 729 733 730 if (0 != stat(SH_INSTALL_PATH, &buf)) 734 { 735 free(pidlist); 736 return NULL; 737 } 731 return NULL; 738 732 739 733 ino = (long) buf.st_ino; 740 734 741 735 if (NULL == (dp = opendir("/proc"))) 742 { 743 free(pidlist); 744 return NULL; 745 } 736 return NULL; 746 737 while (NULL != (d = readdir(dp)) && i < 65535) 747 738 { … … 869 860 870 861 871 fullpath = strdup (SH_INSTALL_PATH);862 fullpath = malloc(strlen(SH_INSTALL_PATH)+1); 872 863 if (fullpath == NULL) 873 { perror(_("strdup")); exit (1); } 874 875 argp[0] = strdup (SH_INSTALL_PATH); 864 { perror(_("malloc")); exit (1); } 865 else 866 strcpy(fullpath, SH_INSTALL_PATH); /* known to fit */ 867 868 argp[0] = malloc(strlen(SH_INSTALL_PATH)+1); 876 869 if (argp[0] == NULL) 877 { perror(_("strdup")); exit (1); } 870 { perror(_("malloc")); exit (1); } 871 else 872 strcpy(argp[0], SH_INSTALL_PATH); /* known to fit */ 873 878 874 879 875 for (times = 1; times < 32; ++times) argp[times] = NULL; … … 883 879 for (times = 2; times < res; ++times) 884 880 { 885 argp[times-1] = strdup (argv[times]);881 argp[times-1] = malloc(strlen(argv[times])+1); 886 882 if (argp[times-1] == NULL) 887 { perror(_("strdup")); exit (1); } 883 { perror(_("malloc")); exit (1); } 884 else 885 strcpy(argp[times-1], argv[times]); /* known to fit */ 888 886 } 889 887 … … 905 903 _exit(4); 906 904 } 907 (void) execv(fullpath, argp); /* flawfinder: ignore *//* wtf? */905 (void) execv(fullpath, argp); 908 906 if (errno == EPERM) 909 907 _exit(4); … … 943 941 pidlist = procdirSamhain (); 944 942 if (pid == 0 && NULL == pidlist) /* pid file not found */ 945 { 946 free(fullpath); 947 return (0); 948 } 943 return (0); 949 944 950 945 status = 0; … … 961 956 } 962 957 } 963 free(fullpath);964 958 if (status == 7) 965 959 return 0; … … 998 992 } 999 993 } 1000 free(fullpath); /* silence smatch false positive */ 994 1001 995 exit (1); /* no exit handler installed yet */ 1002 996 /*@notreached@*/ … … 1028 1022 /* Add a new schedule to the linked list of schedules 1029 1023 */ 1030 static sh_schedule_t * sh_set_schedule_int (c onst char * str,1024 static sh_schedule_t * sh_set_schedule_int (char * str, 1031 1025 sh_schedule_t * FileSchedIn, 1032 1026 /*@out@*/ int * status) … … 1058 1052 /* Add a new schedule to the linked list FileSchedOne 1059 1053 */ 1060 int sh_set_schedule_one (c onst char * str)1054 int sh_set_schedule_one (char * str) 1061 1055 { 1062 1056 int status; … … 1067 1061 /* Add a new schedule to the linked list FileSchedTwo 1068 1062 */ 1069 int sh_set_schedule_two (c onst char * str)1063 int sh_set_schedule_two (char * str) 1070 1064 { 1071 1065 int status; … … 1220 1214 /* Save the timezone. 1221 1215 */ 1222 if ( NULL != (tzptr = getenv("TZ"))) /* flawfinder: ignore */1216 if ((tzptr = getenv("TZ")) != NULL) 1223 1217 { 1224 1218 tzlen = strlen(tzptr); 1225 if (tzlen < 1024) 1226 { 1227 sh.timezone = malloc (tzlen + 1); 1228 if (sh.timezone != NULL) 1229 (void) sl_strlcpy (sh.timezone, tzptr, tzlen + 1); 1230 } 1231 else 1232 sh.timezone = NULL; 1219 sh.timezone = malloc (tzlen + 1); 1220 if (sh.timezone != NULL) 1221 (void) sl_strlcpy (sh.timezone, tzptr, tzlen + 1); 1233 1222 } 1234 1223 else … … 1795 1784 /* see whether its time to check files 1796 1785 */ 1797 if (sh.flag.checkSum == SH_CHECK_INIT || 1798 (sh.flag.checkSum == SH_CHECK_CHECK && 1799 (sh.flag.isdaemon == S_FALSE && sh.flag.loop == S_FALSE))) 1786 if (sh.flag.checkSum == SH_CHECK_INIT) 1800 1787 { 1801 1788 flag_check_1 = 1; -
/trunk/src/samhain_setpwd.c
r30 r20 1 1 #include "config_xor.h" 2 3 #ifdef HAVE_BROKEN_INCLUDES 4 #define _ANSI_C_SOURCE 5 #define _POSIX_SOURCE 6 #endif 2 7 3 8 #include <stdio.h> … … 8 13 #include <unistd.h> 9 14 #include <sys/types.h> 10 #include <sys/wait.h>11 15 #include <sys/stat.h> 12 16 #include <fcntl.h> 13 #include <errno.h>14 #include <sys/time.h>15 17 #include <time.h> 16 18 17 #if defined(HAVE_SCHED_H) && defined(HAVE_SCHED_YIELD)18 #include <sched.h>19 #endif20 21 #if defined(HAVE_INT_32)22 typedef unsigned int UINT32;23 #elif defined(HAVE_LONG_32)24 typedef unsigned long UINT32;25 #elif defined(HAVE_SHORT_32)26 typedef unsigned short UINT32;27 #endif28 29 #define TAUS_MAX 4294967295UL30 31 static UINT32 taus_state[3];32 33 static UINT32 taus_get ()34 {35 36 #define TAUSWORTHE(s,a,b,c,d) ((s &c) <<d) ^ (((s <<a) ^s) >>b)37 taus_state[0] = TAUSWORTHE (taus_state[0], 13, 19, 4294967294UL, 12);38 taus_state[1] = TAUSWORTHE (taus_state[1], 2, 25, 4294967288UL, 4);39 taus_state[2] = TAUSWORTHE (taus_state[2], 3, 11, 4294967280UL, 17);40 return (taus_state[0] ^ taus_state[1] ^ taus_state[2]);41 }42 43 static void taus_seed ()44 {45 unsigned char buf[12];46 unsigned char buf2[12];47 unsigned char buf3[12];48 ssize_t count;49 size_t nbytes = sizeof(buf);50 size_t where = 0;51 52 struct timeval t1, t2;53 UINT32 delta, k[3];54 int i, j;55 56 int fd = open ("/dev/urandom", O_RDONLY);57 58 if (fd == -1)59 {60 gettimeofday(&t1, NULL);61 delta = t1.tv_usec;62 memcpy(&buf[0], &delta, 4);63 gettimeofday(&t1, NULL);64 delta = t1.tv_usec;65 memcpy(&buf[4], &delta, 4);66 gettimeofday(&t1, NULL);67 delta = t1.tv_usec;68 memcpy(&buf[8], &delta, 4);69 goto second;70 }71 72 while (nbytes) {73 count = read(fd, &buf[where], nbytes);74 if (count == -1 && errno == EINTR)75 continue;76 where += count;77 nbytes -= count;78 } while (count == -1 && errno == EINTR);79 80 close(fd);81 82 second:83 for (i = 0; i < 12; ++i)84 {85 gettimeofday(&t1, NULL);86 if (0 == fork())87 _exit(EXIT_SUCCESS);88 wait(NULL);89 gettimeofday(&t2, NULL);90 delta = t2.tv_usec - t1.tv_usec;91 buf2[i] = (unsigned char) delta;92 }93 94 for (i = 0; i < 12; ++i)95 {96 gettimeofday(&t1, NULL);97 for (j = 0; j < 32768; ++j)98 {99 if (0 == kill (j,0))100 k[i % 3] ^= j;101 }102 gettimeofday(&t2, NULL);103 delta = t2.tv_usec - t1.tv_usec;104 buf3[i] ^= (unsigned char) delta;105 }106 107 memcpy(&taus_state[0], &buf3[0], 4);108 memcpy(&taus_state[1], &buf3[4], 4);109 memcpy(&taus_state[2], &buf3[8], 4);110 111 taus_state[0] ^= k[0];112 taus_state[1] ^= k[1];113 taus_state[2] ^= k[2];114 115 memcpy(&k[0], &buf2[0], 4);116 memcpy(&k[1], &buf2[4], 4);117 memcpy(&k[2], &buf2[8], 4);118 119 taus_state[0] ^= k[0];120 taus_state[1] ^= k[1];121 taus_state[2] ^= k[2];122 123 memcpy(&k[0], &buf[0], 4);124 memcpy(&k[1], &buf[4], 4);125 memcpy(&k[2], &buf[8], 4);126 127 taus_state[0] ^= k[0];128 taus_state[1] ^= k[1];129 taus_state[2] ^= k[2];130 131 taus_state[0] |= (UINT32) 0x03;132 taus_state[1] |= (UINT32) 0x09;133 taus_state[2] |= (UINT32) 0x17;134 }135 19 136 20 #ifdef SH_STEALTH … … 228 112 229 113 char * newn; 230 size_t nlen;231 114 int oldf; 232 115 int newf; … … 313 196 (void) umask (0); 314 197 315 taus_seed();198 srand(time(NULL) ^ getpid()); 316 199 317 200 bytecount = 0; … … 323 206 oldf = open(argv[1], O_RDONLY); 324 207 325 nlen = strlen(argv[1])+strlen(argv[2])+2; 326 newn = (char *) malloc (nlen); 327 strncpy(newn, argv[1], nlen); newn[nlen-1] = '\0'; 328 strncat(newn, ".", nlen); newn[nlen-1] = '\0'; 329 strncat(newn, argv[2], nlen); newn[nlen-1] = '\0'; 208 newn = (char *) malloc (strlen(argv[1])+strlen(argv[2])+2); 209 strcpy(newn, argv[1]); 210 strcat(newn, "."); 211 strcat(newn, argv[2]); 330 212 newf = open(newn, O_WRONLY|O_CREAT|O_TRUNC, S_IRWXU); 331 213 … … 383 265 (unsigned char) *found_it); 384 266 385 ccd = (unsigned char) (256.0 * (taus_get()/(TAUS_MAX+1.0)));267 ccd = (unsigned char) (256.0 * rand()/(RAND_MAX+1.0)); 386 268 sprintf(&newpwd[i*2], _("%02x"), 387 269 (unsigned char) ccd); … … 458 340 (unsigned char) *found_it); 459 341 460 ccd = (unsigned char) (256.0 * taus_get()/(TAUS_MAX+1.0));342 ccd = (unsigned char) (256.0 * rand()/(RAND_MAX+1.0)); 461 343 sprintf(&newpwd[i*2], _("%02x"), 462 344 (unsigned char) ccd); -
/trunk/src/sh_calls.c
r30 r20 82 82 /* Set aud functions 83 83 */ 84 int sh_aud_set_functions(c onst char * str_s)84 int sh_aud_set_functions(char * str_s) 85 85 { 86 86 int i = 0; -
/trunk/src/sh_database.c
r30 r20 40 40 #include "sh_error.h" 41 41 #include "sh_utils.h" 42 43 extern int safe_logger (int signal, int method, pid_t thepid); 42 44 43 45 #undef FIL__ … … 225 227 typedef unsigned char uint8; 226 228 227 typedef struct md5_ctx 228 { 229 uint32 A; 230 uint32 B; 231 uint32 C; 232 uint32 D; 233 234 uint32 total[2]; 235 uint32 buflen; 236 char buffer[128]; 229 typedef struct 230 { 231 uint32 h[4]; 232 uint32 data[16]; 233 uint8 offset; 234 uint32 nblocks; 235 int count; 237 236 } md5Param; 237 238 238 239 239 … … 253 253 static int sh_persistent_dbconn = S_TRUE; 254 254 255 int sh_database_use_persistent (c onst char * str)255 int sh_database_use_persistent (char * str) 256 256 { 257 257 return sh_util_flagval (str, &sh_persistent_dbconn); 258 258 } 259 259 260 static int insert_value (char * ptr, c onst char * str)260 static int insert_value (char * ptr, char * str) 261 261 { 262 262 if (!ptr || !str) … … 276 276 277 277 278 int sh_database_set_database (c onst char * str)278 int sh_database_set_database (char * str) 279 279 { 280 280 return insert_value (db_name, str); 281 281 } 282 int sh_database_set_table (c onst char * str)282 int sh_database_set_table (char * str) 283 283 { 284 284 return insert_value (db_table, str); 285 285 } 286 int sh_database_set_host (c onst char * str)286 int sh_database_set_host (char * str) 287 287 { 288 288 return insert_value (db_host, str); 289 289 } 290 int sh_database_set_user (c onst char * str)290 int sh_database_set_user (char * str) 291 291 { 292 292 return insert_value (db_user, str); 293 293 } 294 int sh_database_set_password (c onst char * str)294 int sh_database_set_password (char * str) 295 295 { 296 296 return insert_value (db_password, str); … … 568 568 oracle_doconnect: 569 569 570 if (!getenv("ORACLE_HOME")) /* flawfinder: ignore */570 if (!getenv("ORACLE_HOME")) 571 571 { 572 572 sh_error_handle((-1), FIL__, __LINE__, 0, MSG_E_SUBGEN, … … 1194 1194 } 1195 1195 } 1196 1196 #if 0 1197 /* apparently slower, see gyule.7 */ 1198 len = (long) strlen(val); 1199 1200 if ((val[0] != '\0') && (*size > 2)) 1201 { 1202 if (flag == 1) 1203 { 1204 *end = ','; ++end; 1205 *end = '\''; ++end; (*size) -= 2; 1206 *end = '\0'; 1207 1208 if ((long) *size > (len+2)) 1209 { 1210 (void) sl_strlcat(end, val, (size_t) *size); 1211 end += len; (*size) -= len; 1212 *end = '\''; ++end; (*size) -= 1; 1213 } 1214 *end = '\0'; 1215 } 1216 else 1217 { 1218 *end = ','; ++end; (*size) -= 1; 1219 *end = '\0'; 1220 1221 if ((long) *size > (len+1)) 1222 { 1223 (void) sl_strlcat(end, val, (size_t) *size); 1224 end += len; (*size) -= len; 1225 } 1226 *end = '\0'; 1227 } 1228 } 1229 #endif 1197 1230 return end; 1198 1231 } … … 1449 1482 } 1450 1483 1451 int sh_database_add_to_hash (c onst char * str)1484 int sh_database_add_to_hash (char * str) 1452 1485 { 1453 1486 int i; … … 1659 1692 static int enter_wrapper = 1; 1660 1693 1661 int set_enter_wrapper (c onst char * str)1694 int set_enter_wrapper (char * str) 1662 1695 { 1663 1696 return sh_util_flagval(str, &enter_wrapper); 1664 1697 } 1665 1698 1666 /* recursively enter linked list of messages into database, last first 1667 */ 1668 int sh_database_insert_rec (dbins * curr, unsigned int depth) 1669 { 1699 int sh_database_insert (char * message) 1700 { 1701 dbins * db_entry; 1702 dbins * prev; 1703 dbins * curr; 1670 1704 long id = 0; 1671 dbins * prev; 1672 1673 SL_ENTER(_("sh_database_insert_rec")); 1674 1675 if (curr->next) 1676 { 1677 prev = curr->next; 1678 sl_strlcpy(prev->host, curr->host, 64); 1679 id = sh_database_insert_rec (curr->next, (depth + 1)); 1680 } 1681 1682 if (id != 0) /* this is a server wrapper */ 1683 { 1684 if (enter_wrapper != 0) 1685 { 1686 id = sh_database_entry (curr, id); 1687 } 1688 } 1689 else 1690 { 1691 /* 1692 * id = -1 is the client message; log_ref will be NULL 1693 */ 1694 if (depth > 0) /* this is a client message */ 1695 id = sh_database_entry (curr, -1); 1696 else /* this is a generic server message */ 1697 id = sh_database_entry (curr, 0); 1698 } 1699 1700 SH_FREE(curr); 1701 1702 SL_RETURN(id, _("sh_database_insert")); 1703 } 1704 1705 int sh_database_insert (char * message) 1706 { 1707 dbins * db_entry; 1705 #ifdef HOST_SWITCH 1706 char * temp[64]; 1707 #endif 1708 1708 1709 1709 SL_ENTER(_("sh_database_insert")); … … 1716 1716 (void) sh_database_parse (message, db_entry); 1717 1717 1718 /* recursively enter the linked list into the database 1719 */ 1720 (void) sh_database_insert_rec (db_entry, 0); 1718 /* Enter the list into the database. Actually, the list can only have 1719 * two entries at most. 1720 */ 1721 curr = db_entry; 1722 if (curr->next) 1723 { 1724 prev = curr->next; 1725 #ifdef HOST_SWITCH 1726 strncpy(temp, prev->host, 64); 1727 #endif 1728 strncpy(prev->host, curr->host, 64); 1729 #ifdef HOST_SWITCH 1730 strncpy(curr->host, temp, 64); 1731 #endif 1732 id = sh_database_entry (prev, -1); 1733 SH_FREE(prev); 1734 } 1735 1736 if (id != 0) /* this is a server wrapper */ 1737 { 1738 if (enter_wrapper != 0) 1739 (void) sh_database_entry (curr, id); 1740 } 1741 else /* this is a generic server message */ 1742 { 1743 (void) sh_database_entry (curr, 0); 1744 } 1745 SH_FREE(curr); 1721 1746 1722 1747 SL_RETURN(0, _("sh_database_insert")); -
/trunk/src/sh_entropy.c
r30 r20 170 170 memset( &addr, 0, sizeof(addr) ); 171 171 addr.sun_family = AF_UNIX; 172 s l_strlcpy( addr.sun_path, name, sizeof(addr.sun_path) );172 strcpy( addr.sun_path, name ); /* known to fit */ 173 173 addr_len = offsetof( struct sockaddr_un, sun_path ) 174 174 + strlen( addr.sun_path ); … … 478 478 static 479 479 char * com_path[] = { 480 N_("/usr/bin/xpg4/"),481 480 N_("/usr/ucb/"), 482 481 N_("/bin/"), … … 571 570 char * arg[4]; 572 571 char * envp[2]; 573 size_t len;574 572 575 573 SL_ENTER(_("sh_popen")); … … 582 580 if (sh.timezone != NULL) 583 581 { 584 len = sl_strlen(sh.timezone) + 4; 585 envp[0] = malloc (len); /* free() ok */ 582 envp[0] = malloc (sl_strlen(sh.timezone) + 4); /* free() ok */ 586 583 if (envp[0] != NULL) 587 s l_snprintf (envp[0], len, "TZ=%s", sh.timezone);584 sprintf (envp[0], "TZ=%s", sh.timezone); /* known to fit */ 588 585 else 589 586 envp[0] = NULL; … … 781 778 sl_strlcat(combuf, _(source[i].command), 80); 782 779 783 /* flawfinder: ignore */784 780 if ( access (combuf, X_OK) == 0) 785 781 { -
/trunk/src/sh_err_console.c
r30 r20 112 112 /* Enable the message queue 113 113 */ 114 int enable_msgq(c onst char * foo)114 int enable_msgq(char * foo) 115 115 { 116 116 int i; … … 234 234 /* ---- Set the console device. ---- 235 235 */ 236 int sh_log_set_console (c onst char * address)236 int sh_log_set_console (char * address) 237 237 { 238 238 SL_ENTER(_("sh_log_set_console")); -
/trunk/src/sh_err_log.c
r30 r20 604 604 char sigkey_old[KEY_LEN+1]; 605 605 char sigkey_new[KEY_LEN+1]; 606 char crypt o[KEY_LEN+1];606 char crypt[KEY_LEN+1]; 607 607 struct lfstc * next; 608 608 } open_logfile; … … 613 613 614 614 #ifdef SH_WITH_SERVER 615 int set_flag_sep_log (c onst char * str)615 int set_flag_sep_log (char * str) 616 616 { 617 617 return sh_util_flagval(str, &flag_sep_log); … … 642 642 char * sigkey_new; 643 643 char * sigkey_old; 644 char * crypt o;644 char * crypt; 645 645 646 646 SL_ENTER(_("sh_log_file")); … … 734 734 memset(current->sigkey_old, (int)'\0', KEY_LEN+1); 735 735 memset(current->sigkey_new, (int)'\0', KEY_LEN+1); 736 memset(current->crypt o,(int)'\0', KEY_LEN+1);736 memset(current->crypt, (int)'\0', KEY_LEN+1); 737 737 current->next = logfile_list; 738 738 logfile_list = current; … … 841 841 sigkey_old = current->sigkey_old; 842 842 sigkey_new = current->sigkey_new; 843 crypt o = current->crypto;843 crypt = current->crypt; 844 844 } 845 845 else … … 847 847 sigkey_old = skey->sigkey_old; 848 848 sigkey_new = skey->sigkey_new; 849 crypt o = skey->crypt; /* flawfinder: ignore */849 crypt = skey->crypt; 850 850 } 851 851 … … 869 869 /* Copy it to 'crypt' for encryption. 870 870 */ 871 (void) sl_strlcpy(crypt o, sigkey_new, KEY_LEN+1);871 (void) sl_strlcpy(crypt, sigkey_new, KEY_LEN+1); 872 872 873 873 /* Use message and compiled-in key to encrypt. 874 874 */ 875 875 BREAKEXIT(sh_util_encode); 876 sh_util_encode(crypt o, log_msg.msg, 0, 'B');876 sh_util_encode(crypt, log_msg.msg, 0, 'B'); 877 877 878 878 /* Send out the key. … … 900 900 901 901 sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_START_KEY_MAIL, 902 sh.prg_name, crypt o,903 crypt o, log_msg.timestamp);902 sh.prg_name, crypt, 903 crypt, log_msg.timestamp); 904 904 905 905 /* send to other allowed channels … … 913 913 914 914 sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_START_KEY, 915 sh.prg_name, crypt o);915 sh.prg_name, crypt); 916 916 917 917 /* Cleanup. … … 926 926 927 927 928 memset (crypt o, (int) '\0', KEY_LEN);928 memset (crypt, (int) '\0', KEY_LEN); 929 929 sh.flag.log_start = S_FALSE; 930 930 current->log_start = S_FALSE; … … 949 949 (void) sl_strlcpy (sigkey_old, sigkey_new, KEY_LEN+1); 950 950 951 /*@- usedef@*/951 /*@-bufferoverflowhigh -usedef@*/ 952 952 #ifdef SH_USE_XML 953 953 if (log_msg.timestamp[0] != '\0') 954 s l_snprintf(log_msg.sig, sizeof(log_msg.sig),954 sprintf(log_msg.sig, /* known to fit */ 955 955 #ifdef FIX_XML 956 957 #else 958 959 #endif 960 956 _("\n<sig>%s%s</sig></log>\n"), /* <sig> FIX XML */ 957 #else 958 _("\nsig>%s%s</sig></log>\n"), /* <sig> FIX XML */ 959 #endif 960 log_msg.signature, log_msg.timestamp); 961 961 else 962 s l_snprintf(log_msg.sig, sizeof(log_msg.sig),962 sprintf(log_msg.sig, /* known to fit */ 963 963 #ifdef FIX_XML 964 965 #else 966 967 #endif 968 969 /*@+ usedef@*/964 _("\n<sig>%s</sig></log>\n"), /* <sig> FIX XML */ 965 #else 966 _("\nsig>%s</sig></log>\n"), /* <sig> FIX XML */ 967 #endif 968 log_msg.signature); 969 /*@+bufferoverflowhigh +usedef@*/ 970 970 971 971 #ifdef SH_STEALTH -
/trunk/src/sh_err_syslog.c
r30 r20 110 110 /* set syslog facility 111 111 */ 112 int sh_log_set_facility (c onst char * c)112 int sh_log_set_facility (char * c) 113 113 { 114 114 int loop = 0; -
/trunk/src/sh_error.c
r30 r20 102 102 /* convert a string to a numeric priority 103 103 */ 104 int sh_error_convert_level (c onst char * str_s);104 int sh_error_convert_level (char * str_s); 105 105 106 106 static int IsInitialized = BAD; … … 219 219 } 220 220 221 static int sh_error_set_classmask ( const char * str, int * facility_mask)221 static int sh_error_set_classmask (/*@notnull@*/char * c, int * facility_mask) 222 222 { 223 223 char * p; … … 225 225 unsigned int i; 226 226 size_t len; 227 char * c;228 227 229 228 SL_ENTER(_("sh_error_set_classmask")); 230 229 231 if ( str== NULL)230 if (c == NULL) 232 231 SL_RETURN( -1, _("sh_error_set_classmask")); 233 232 … … 235 234 (void) sh_error_init(); 236 235 237 if (str[0] == (char) 34) 238 ++str; 239 len = strlen(str); 240 241 c = SH_ALLOC(len+1); 242 sl_strlcpy(c, str, len+1); 243 236 if (c[0] == (char) 34) 237 ++c; 238 len = strlen(c); 244 239 if (c[len-1] == (char) 34) 245 240 c[len-1] = '\0'; … … 278 273 } while (p); 279 274 280 SH_FREE(c);281 275 SL_RETURN( 0, _("sh_error_set_classmask")); 282 276 } 283 277 284 int sh_error_log_mask (c onst char * c)278 int sh_error_log_mask (char * c) 285 279 { 286 280 return (sh_error_set_classmask(c, &(errFlags.log_class))); 287 281 } 288 int sh_error_mail_mask (c onst char * c)282 int sh_error_mail_mask (char * c) 289 283 { 290 284 return (sh_error_set_classmask(c, &(errFlags.mail_class))); 291 285 } 292 int sh_error_print_mask (c onst char * c)286 int sh_error_print_mask (char * c) 293 287 { 294 288 return (sh_error_set_classmask(c, &(errFlags.print_class))); 295 289 } 296 int sh_error_export_mask (c onst char * c)290 int sh_error_export_mask (char * c) 297 291 { 298 292 return (sh_error_set_classmask(c, &(errFlags.export_class))); 299 293 } 300 int sh_error_syslog_mask (c onst char * c)294 int sh_error_syslog_mask (char * c) 301 295 { 302 296 return (sh_error_set_classmask(c, &(errFlags.syslog_class))); 303 297 } 304 int sh_error_external_mask (c onst char * c)298 int sh_error_external_mask (char * c) 305 299 { 306 300 return (sh_error_set_classmask(c, &(errFlags.external_class))); 307 301 } 308 int sh_error_database_mask (c onst char * c)302 int sh_error_database_mask (char * c) 309 303 { 310 304 return (sh_error_set_classmask(c, &(errFlags.database_class))); 311 305 } 312 int sh_error_prelude_mask (c onst char * c)306 int sh_error_prelude_mask (char * c) 313 307 { 314 308 return (sh_error_set_classmask(c, &(errFlags.prelude_class))); … … 452 446 }; 453 447 454 int sh_error_convert_level (c onst char * str_s)448 int sh_error_convert_level (char * str_s) 455 449 { 456 450 int i; … … 478 472 /* --- Set severity levels. --- 479 473 */ 480 int sh_error_set_iv (int iv, c onst char * str_s)474 int sh_error_set_iv (int iv, char * str_s) 481 475 { 482 476 int level = (-1); … … 639 633 } 640 634 641 #if defined(SH_WITH_CLIENT) || defined(SH_WITH_SERVER)635 #ifdef SH_WITH_CLIENT 642 636 /* set severity for TCP export 643 637 */ … … 843 837 #endif 844 838 845 #if defined(SH_WITH_CLIENT) || defined(SH_WITH_SERVER)839 #ifdef SH_WITH_CLIENT 846 840 char * ex_msg; 847 841 #endif … … 862 856 static int syslog_block = 0; 863 857 static int log_block = 0; 864 #if defined(SH_WITH_CLIENT) || defined(SH_WITH_SERVER)858 #if defined(SH_WITH_CLIENT) 865 859 static int export_block = 0; 866 860 #endif … … 926 920 severity = sev; 927 921 928 /* these are messages from remote sources929 */930 922 if ((severity & SH_ERR_INET) != 0) 931 923 { … … 941 933 ( (errFlags.sysloglevel & severity ) == 0 || 942 934 (errFlags.syslog_class & (1 << class)) == 0 ) && 943 #if defined(SH_WITH_CLIENT) || defined(SH_WITH_CLIENT)935 #ifdef SH_WITH_CLIENT 944 936 ( (errFlags.exportlevel & severity ) == 0 || 945 937 (errFlags.export_class & (1 << class)) == 0 ) && … … 960 952 (errFlags.mail_class & (1 << class)) == 0 ) 961 953 #ifdef SH_WITH_SERVER 962 && (flag_inet == S_FALSE) /* still log messages from remote sources */954 && (flag_inet == S_FALSE) 963 955 #endif 964 956 ) … … 1121 1113 * to log server 1122 1114 ****************************************************/ 1123 #if defined(SH_WITH_CLIENT) || defined(SH_WITH_SERVER)1115 #ifdef SH_WITH_CLIENT 1124 1116 /* Export by TCP. 1125 1117 */ 1126 1127 if ( ((errFlags.exportlevel & severity ) != 0 && 1128 (errFlags.export_class & (1 << class)) != 0 && 1129 (errFlags.exportlevel & SH_ERR_NOT) == 0 && 1130 class != AUD ) 1131 #ifdef SH_WITH_SERVER 1132 || (flag_inet == S_TRUE) /* always log inet to export */ 1133 #endif 1134 /* sh.flag.isserver != GOOD && */ 1135 /* (flag_inet == S_FALSE) */ /* don't log inet to export */ 1136 ) 1118 if ((errFlags.exportlevel & severity ) != 0 && 1119 (errFlags.export_class & (1 << class)) != 0 && 1120 (errFlags.exportlevel & SH_ERR_NOT) == 0 && 1121 class != AUD && 1122 sh.flag.isserver != GOOD && 1123 (flag_inet == S_FALSE) ) /* don't log inet to export */ 1137 1124 { 1138 1125 if (export_block == 0) 1139 1126 { 1140 1127 int retval; 1141 size_t ex_len;1142 1128 1143 1129 /* will truncate to 65280 bytes 1144 1130 */ 1145 1131 export_block = 1; 1146 ex_ len = 64 + sl_strlen(lmsg->msg) + 1;1147 ex_msg = SH_ALLOC (ex_len);1148 1149 sl_snprintf(ex_msg, ex_len, _("%d?%u?%s"),1150 severity, class, lmsg->msg);1132 ex_msg = SH_ALLOC (64 + sl_strlen(lmsg->msg) + 1); 1133 /*@-bufferoverflowhigh@*/ 1134 sprintf(ex_msg, _("%d?%u?%s"), /* known to fit */ 1135 severity, class, lmsg->msg); 1136 /*@-bufferoverflowhigh@*/ 1151 1137 retval = sh_forward (ex_msg); 1152 1138 SH_FREE(ex_msg); … … 1320 1306 /* allocate space for user-defined message header 1321 1307 */ 1322 int sh_error_ehead (/*@null@*/c onst char * str_s)1308 int sh_error_ehead (/*@null@*/char * str_s) 1323 1309 { 1324 1310 size_t size; 1325 c onst char * s;1311 char * s; 1326 1312 1327 1313 SL_ENTER(_("sh_error_ehead")); … … 1338 1324 1339 1325 size = /*@i@*/strlen(s); 1340 if (/*@i@*/s[size-1] == (char) 34) --size; /* truncate */1326 if (/*@i@*/s[size-1] == (char) 34) --size; 1341 1327 1342 1328 if (ehead_format != NULL) … … 1496 1482 len = sl_strlen(lmsg->msg); 1497 1483 /*@i@*/required = sl_vsnprintf(&(lmsg->msg[len]), 1498 1484 (lmsg->msg_len - len), lmsg->format, vl); 1499 1485 if ( (required + len) > (lmsg->msg_len - 4) ) 1500 1486 { -
/trunk/src/sh_extern.c
r30 r20 115 115 FILE * outf = NULL; 116 116 char * envp[1]; 117 char * argp[ 2];117 char * argp[1]; 118 118 119 119 char * errfile; … … 133 133 * needs a valid *envp[] with envp[0] = NULL; 134 134 * and similarly for argp 135 * OpenBSD finally needs non-null argp[0] ...136 135 */ 137 argp[0] = task->command;138 argp[1] = NULL;139 136 envp[0] = NULL; 137 argp[0] = NULL; 140 138 141 139 /* … … 366 364 367 365 PDBGC(5); 368 sl_snprintf(pname, sizeof(pname), _("/proc/self/fd/%d"), pfd); 369 if (access(pname, R_OK|X_OK) == 0) /* flawfinder: ignore */ 366 sprintf(pname, _("/proc/self/fd/%d"), /* known to fit */ 367 pfd); 368 if (access(pname, R_OK|X_OK) == 0) 370 369 { 371 370 PDBGC(6); … … 403 402 * -- execute path if executable 404 403 */ 405 if (0 == access(task->command, R_OK|X_OK)) /* flawfinder: ignore */404 if (0 == access(task->command, R_OK|X_OK)) 406 405 { 407 406 PDBGC(5); … … 545 544 task->exit_status = WEXITSTATUS(task->exit_status); 546 545 if ((flag_err_debug == SL_TRUE) || (task->exit_status != 0)) 547 s l_snprintf(infomsg, sizeof(infomsg),548 549 546 sprintf(infomsg, /* known to fit */ 547 _("Subprocess exited normally with status %d"), 548 task->exit_status); 550 549 } 551 550 else if (WIFSIGNALED(task->exit_status) != 0) 552 551 { 553 s l_snprintf(infomsg, sizeof(infomsg),554 555 552 sprintf(infomsg, /* known to fit */ 553 _("Subprocess terminated by signal %d"), 554 WTERMSIG(task->exit_status)); 556 555 task->exit_status = EXIT_FAILURE; 557 556 } 558 557 else if (WIFSTOPPED(task->exit_status) != 0) 559 558 { 560 s l_snprintf(infomsg, sizeof(infomsg),561 562 559 sprintf(infomsg, /* known to fit */ 560 _("Subprocess stopped by signal %d, killing"), 561 WSTOPSIG(task->exit_status)); 563 562 task->exit_status = EXIT_FAILURE; 564 563 (void) aud_kill (FIL__, __LINE__, task->pid, 9); … … 568 567 else 569 568 { 570 s l_snprintf(infomsg, sizeof(infomsg),571 569 sprintf(infomsg, /* known to fit */ 570 _("Subprocess exit status unknown")); 572 571 task->exit_status = EXIT_FAILURE; 573 572 } … … 582 581 } 583 582 (void) aud_kill (FIL__, __LINE__, task->pid, 9); 584 s l_snprintf(infomsg, sizeof(infomsg),585 583 sprintf(infomsg, /* known to fit */ 584 _("Subprocess not yet exited, killing")); 586 585 task->exit_status = EXIT_FAILURE; 587 586 (void) waitpid (task->pid, NULL, 0); … … 589 588 else 590 589 { 591 s l_snprintf(infomsg, sizeof(infomsg),592 590 sprintf(infomsg, /* known to fit */ 591 _("Waitpid returned error %d\n"), errno); 593 592 task->exit_status = EXIT_FAILURE; 594 593 } … … 647 646 648 647 649 int sh_ext_tas_add_envv(sh_tas_t * tas, c onst char * key, constchar * val)648 int sh_ext_tas_add_envv(sh_tas_t * tas, char * key, char * val) 650 649 { 651 650 size_t sk = 0, sv = 0; … … 698 697 } 699 698 700 int sh_ext_tas_add_argv(sh_tas_t * tas, c onst char * val)699 int sh_ext_tas_add_argv(sh_tas_t * tas, char * val) 701 700 { 702 701 size_t sv = 0; … … 723 722 } 724 723 725 void sh_ext_tas_command(sh_tas_t * tas, c onst char * command)724 void sh_ext_tas_command(sh_tas_t * tas, char * command) 726 725 { 727 726 size_t len = sl_strlen(command); … … 843 842 844 843 static 845 int sh_ext_add_envv(c onst char * key, constchar * val)844 int sh_ext_add_envv(char * key, char * val) 846 845 { 847 846 SL_ENTER(_("sh_ext_add_envv")); … … 862 861 863 862 static 864 int sh_ext_init(c onst char * command)863 int sh_ext_init(char * command) 865 864 { 866 865 sh_com_t * retval; … … 897 896 898 897 static 899 int sh_ext_uid (c onst char * user, /*@out@*/uid_t * uid, /*@out@*/gid_t * gid)898 int sh_ext_uid (char * user, /*@out@*/uid_t * uid, /*@out@*/gid_t * gid) 900 899 { 901 900 struct passwd * tempres; … … 923 922 924 923 static 925 int sh_ext_add (c onst char * argstring, int * ntok, char * stok[])924 int sh_ext_add (char * argstring, int * ntok, char * stok[]) 926 925 { 927 926 int i = 0; 928 927 size_t s; 929 928 char * p; 930 char * new;931 size_t len;932 929 933 930 SL_ENTER(_("sh_ext_add")); … … 938 935 } 939 936 940 len = strlen(argstring) + 1;941 new = SH_ALLOC(len);942 sl_strlcpy(new, argstring, len);943 944 937 do 945 938 { 946 939 if (i == 0) 947 p = strtok ( new, ", \t");940 p = strtok (argstring, ", \t"); 948 941 else 949 942 p = strtok (NULL, ", \t"); … … 964 957 965 958 *ntok = i; 966 SH_FREE(new);967 959 968 960 SL_RETURN (0, _("sh_ext_add")); … … 979 971 * -- start a new external command, and add it to the list 980 972 */ 981 int sh_ext_setcommand(c onst char * cmd)973 int sh_ext_setcommand(char * cmd) 982 974 { 983 975 int i; … … 1026 1018 * -- add keywords to the OR filter 1027 1019 */ 1028 int sh_ext_add_or (c onst char * str)1020 int sh_ext_add_or (char * str) 1029 1021 { 1030 1022 if (ext_coms == NULL || ext_failed == (-1)) … … 1036 1028 * -- add keywords to the AND filter 1037 1029 */ 1038 int sh_ext_add_and (c onst char * str)1030 int sh_ext_add_and (char * str) 1039 1031 { 1040 1032 if (ext_coms == NULL || ext_failed == (-1)) … … 1046 1038 * -- add keywords to the NOT filter 1047 1039 */ 1048 int sh_ext_add_not (c onst char * str)1040 int sh_ext_add_not (char * str) 1049 1041 { 1050 1042 if (ext_coms == NULL || ext_failed == (-1)) … … 1056 1048 * -- add keywords to the CL argument list 1057 1049 */ 1058 int sh_ext_add_argv (c onst char * str)1050 int sh_ext_add_argv (char * str) 1059 1051 { 1060 1052 if (ext_coms == NULL || ext_failed == (-1)) … … 1066 1058 * -- add a path to the environment 1067 1059 */ 1068 int sh_ext_add_default (const char * dummy) 1069 { 1070 (void) dummy; 1071 char * p = NULL; 1060 int sh_ext_add_default (char * dummy) 1061 { 1062 /* while this assignment looks ridiculous, it is here to avoid 1063 * an 'unused parameter' warning 1064 */ 1065 char * p = (dummy == NULL ? dummy : NULL); 1072 1066 int i; 1073 1067 … … 1090 1084 * -- add an environment variable 1091 1085 */ 1092 int sh_ext_add_environ (c onst char * str)1086 int sh_ext_add_environ (char * str) 1093 1087 { 1094 1088 int i; … … 1101 1095 * -- set deadtime 1102 1096 */ 1103 int sh_ext_deadtime (c onst char * str)1097 int sh_ext_deadtime (char * str) 1104 1098 { 1105 1099 long deadtime = 0; … … 1125 1119 * -- define type 1126 1120 */ 1127 int sh_ext_type (c onst char * str)1121 int sh_ext_type (char * str) 1128 1122 { 1129 1123 SL_ENTER(_("sh_ext_type")); … … 1160 1154 * -- define checksum 1161 1155 */ 1162 int sh_ext_checksum (c onst char * str)1156 int sh_ext_checksum (char * str) 1163 1157 { 1164 1158 SL_ENTER(_("sh_ext_checksum")); … … 1181 1175 * -- choose privileges 1182 1176 */ 1183 int sh_ext_priv (c onst char * c)1177 int sh_ext_priv (char * c) 1184 1178 { 1185 1179 -
/trunk/src/sh_fifo.c
r30 r20 87 87 } 88 88 89 s l_strlcpy (item->data, indat, len+1);89 strcpy (item->data, indat); /* known to fit */ 90 90 item->data[len] = '\0'; 91 91 … … 143 143 } 144 144 145 s l_strlcpy (item->data, indat, len+1);145 strcpy (item->data, indat); /* known to fit */ 146 146 item->data[len] = '\0'; 147 147 … … 195 195 len = sl_strlen(getit->data); 196 196 retval = SH_ALLOC(len+1); 197 sl_strlcpy (retval, getit->data, len+1); 197 strcpy (retval, getit->data); /* known to fit */ 198 retval[len] = '\0'; 198 199 199 200 memset(getit->data, 0, len); -
/trunk/src/sh_files.c
r30 r20 72 72 #define FIL__ _("sh_files.c") 73 73 74 extern int safe_logger (int signal, int method, pid_t thepid); 75 74 76 extern int flag_err_debug; 75 77 extern int flag_err_info; 76 78 77 int sh_files_reportonce(c onst char * c)79 int sh_files_reportonce(char * c) 78 80 { 79 81 int i; … … 84 86 } 85 87 86 int sh_files_fulldetail(c onst char * c)88 int sh_files_fulldetail(char * c) 87 89 { 88 90 int i; … … 154 156 static int sh_files_fullpath (char * testdir, char * d_name, 155 157 char * statpath); 156 static int sh_files_pushdir (int class, c onst char * str_s);157 static int sh_files_pushfile (int class, c onst char * str_s);158 static int sh_files_pushdir (int class, char * str_s); 159 static int sh_files_pushfile (int class, char * str_s); 158 160 static int sh_files_checkdir (int class, int rdepth, char * dirName, 159 161 char * relativeName); … … 444 446 445 447 446 int sh_files_pushfile_prelink (c onst char * str_s)448 int sh_files_pushfile_prelink (char * str_s) 447 449 { 448 450 return (sh_files_pushfile (SH_LEVEL_PRELINK, str_s)); 449 451 } 450 452 451 int sh_files_pushfile_user0 (c onst char * str_s)453 int sh_files_pushfile_user0 (char * str_s) 452 454 { 453 455 return (sh_files_pushfile (SH_LEVEL_USER0, str_s)); 454 456 } 455 457 456 int sh_files_pushfile_user1 (const char * str_s) 458 459 int sh_files_pushfile_user1 (char * str_s) 457 460 { 458 461 return (sh_files_pushfile (SH_LEVEL_USER1, str_s)); 459 462 } 460 463 461 int sh_files_pushfile_user2 (const char * str_s) 462 { 463 return (sh_files_pushfile (SH_LEVEL_USER2, str_s)); 464 } 465 466 int sh_files_pushfile_user3 (const char * str_s) 467 { 468 return (sh_files_pushfile (SH_LEVEL_USER3, str_s)); 469 } 470 471 int sh_files_pushfile_user4 (const char * str_s) 472 { 473 return (sh_files_pushfile (SH_LEVEL_USER4, str_s)); 474 } 475 476 477 int sh_files_pushfile_ro (const char * str_s) 464 465 int sh_files_pushfile_ro (char * str_s) 478 466 { 479 467 return (sh_files_pushfile (SH_LEVEL_READONLY, str_s)); 480 468 } 481 469 482 int sh_files_pushfile_attr (c onst char * str_s)470 int sh_files_pushfile_attr (char * str_s) 483 471 { 484 472 return (sh_files_pushfile (SH_LEVEL_ATTRIBUTES, str_s)); 485 473 } 486 474 487 int sh_files_pushfile_log (c onst char * str_s)475 int sh_files_pushfile_log (char * str_s) 488 476 { 489 477 return (sh_files_pushfile (SH_LEVEL_LOGFILES, str_s)); 490 478 } 491 479 492 int sh_files_pushfile_glog (c onst char * str_s)480 int sh_files_pushfile_glog (char * str_s) 493 481 { 494 482 return (sh_files_pushfile (SH_LEVEL_LOGGROW, str_s)); 495 483 } 496 484 497 int sh_files_pushfile_noig (c onst char * str_s)485 int sh_files_pushfile_noig (char * str_s) 498 486 { 499 487 return (sh_files_pushfile (SH_LEVEL_NOIGNORE, str_s)); 500 488 } 501 489 502 int sh_files_pushfile_allig (c onst char * str_s)490 int sh_files_pushfile_allig (char * str_s) 503 491 { 504 492 return (sh_files_pushfile (SH_LEVEL_ALLIGNORE, str_s)); … … 523 511 /* set mask(class) 524 512 */ 525 static int sh_files_parse_mask (unsigned long * mask, c onst char * str)513 static int sh_files_parse_mask (unsigned long * mask, char * str) 526 514 { 527 515 int l, i = 0, act = 0, k = 0; … … 614 602 } 615 603 616 int sh_files_redef_prelink(c onst char * str)604 int sh_files_redef_prelink(char * str) 617 605 { 618 606 return (sh_files_parse_mask(&mask_PRELINK, str)); 619 607 } 620 int sh_files_redef_user0(c onst char * str)608 int sh_files_redef_user0(char * str) 621 609 { 622 610 return (sh_files_parse_mask(&mask_USER0, str)); 623 611 } 624 int sh_files_redef_user1(c onst char * str)612 int sh_files_redef_user1(char * str) 625 613 { 626 614 return (sh_files_parse_mask(&mask_USER1, str)); 627 615 } 628 int sh_files_redef_user2(const char * str) 629 { 630 return (sh_files_parse_mask(&mask_USER2, str)); 631 } 632 int sh_files_redef_user3(const char * str) 633 { 634 return (sh_files_parse_mask(&mask_USER3, str)); 635 } 636 int sh_files_redef_user4(const char * str) 637 { 638 return (sh_files_parse_mask(&mask_USER4, str)); 639 } 640 int sh_files_redef_readonly(const char * str) 616 int sh_files_redef_readonly(char * str) 641 617 { 642 618 return (sh_files_parse_mask(&mask_READONLY, str)); 643 619 } 644 int sh_files_redef_loggrow(c onst char * str)620 int sh_files_redef_loggrow(char * str) 645 621 { 646 622 return (sh_files_parse_mask(&mask_LOGGROW, str)); 647 623 } 648 int sh_files_redef_logfiles(c onst char * str)624 int sh_files_redef_logfiles(char * str) 649 625 { 650 626 return (sh_files_parse_mask(&mask_LOGFILES, str)); 651 627 } 652 int sh_files_redef_attributes(c onst char * str)628 int sh_files_redef_attributes(char * str) 653 629 { 654 630 return (sh_files_parse_mask(&mask_ATTRIBUTES, str)); 655 631 } 656 int sh_files_redef_noignore(c onst char * str)632 int sh_files_redef_noignore(char * str) 657 633 { 658 634 return (sh_files_parse_mask(&mask_NOIGNORE, str)); 659 635 } 660 int sh_files_redef_allignore(c onst char * str)636 int sh_files_redef_allignore(char * str) 661 637 { 662 638 return (sh_files_parse_mask(&mask_ALLIGNORE, str)); … … 683 659 case SH_LEVEL_USER1: 684 660 return (unsigned long) mask_USER1; 685 case SH_LEVEL_USER2:686 return (unsigned long) mask_USER2;687 case SH_LEVEL_USER3:688 return (unsigned long) mask_USER3;689 case SH_LEVEL_USER4:690 return (unsigned long) mask_USER4;691 661 case SH_LEVEL_PRELINK: 692 662 return (unsigned long) mask_PRELINK; … … 755 725 if (zfileList == NULL) 756 726 { 757 (void) safe_logger (0, 0, NULL);727 (void) safe_logger (0, 0, getpid()); 758 728 aud__exit(FIL__, __LINE__, EXIT_FAILURE); 759 729 } … … 764 734 if (-1 == ret) 765 735 { 766 (void) safe_logger (0, 0, NULL);736 (void) safe_logger (0, 0, getpid()); 767 737 aud__exit(FIL__, __LINE__, EXIT_FAILURE); 768 738 } … … 775 745 776 746 777 static int sh_files_pushfile (int class, const char * str_s) 778 { 747 static int sh_files_pushfile (int class, char * str_s) 748 { 749 char * tmp; 779 750 int len; 780 char * tmp;781 char * p;782 751 #ifdef HAVE_GLOB_H 752 glob_t pglob; 783 753 int globstatus = -1; 784 754 unsigned int gloop; 785 glob_t pglob;786 755 #endif 787 756 … … 839 808 * special case of the root directory. 840 809 */ 841 p = sh_util_strdup (str_s); 842 if (p[len-1] == '/' && len > 1) 810 if (str_s[len-1] == '/' && len > 1) 843 811 { 844 p[len-1] = '\0';812 str_s[len-1] = '\0'; 845 813 --len; 846 814 } … … 849 817 850 818 #ifdef HAVE_GLOB_H 851 if (0 == sh_files_has_metachar( p))852 { 853 sh_files_push_file_int (class, p, len);819 if (0 == sh_files_has_metachar(str_s)) 820 { 821 sh_files_push_file_int (class, str_s, len); 854 822 } 855 823 else 856 824 { 857 825 pglob.gl_offs = 0; 858 globstatus = glob ( p, 0, sh_files_globerr, &pglob);826 globstatus = glob (str_s, 0, sh_files_globerr, &pglob); 859 827 860 828 if (globstatus == 0 && pglob.gl_pathc > 0) … … 866 834 else 867 835 { 868 tmp = sh_util_safe_name ( p);836 tmp = sh_util_safe_name (str_s); 869 837 870 838 if (pglob.gl_pathc == 0 … … 901 869 902 870 #else 903 sh_files_push_file_int (class, p, len); 904 #endif 905 906 SH_FREE(p); 871 sh_files_push_file_int (class, str_s, len); 872 #endif 873 907 874 SL_RETURN((0),_("sh_files_pushfile")); 908 875 } … … 1061 1028 } 1062 1029 1063 int sh_files_pushdir_prelink (c onst char * str_s)1030 int sh_files_pushdir_prelink (char * str_s) 1064 1031 { 1065 1032 return (sh_files_pushdir (SH_LEVEL_PRELINK, str_s)); 1066 1033 } 1067 1034 1068 int sh_files_pushdir_user0 (c onst char * str_s)1035 int sh_files_pushdir_user0 (char * str_s) 1069 1036 { 1070 1037 return (sh_files_pushdir (SH_LEVEL_USER0, str_s)); 1071 1038 } 1072 1039 1073 int sh_files_pushdir_user1 (c onst char * str_s)1040 int sh_files_pushdir_user1 (char * str_s) 1074 1041 { 1075 1042 return (sh_files_pushdir (SH_LEVEL_USER1, str_s)); 1076 1043 } 1077 1044 1078 int sh_files_pushdir_user2 (const char * str_s) 1079 { 1080 return (sh_files_pushdir (SH_LEVEL_USER2, str_s)); 1081 } 1082 1083 int sh_files_pushdir_user3 (const char * str_s) 1084 { 1085 return (sh_files_pushdir (SH_LEVEL_USER3, str_s)); 1086 } 1087 1088 int sh_files_pushdir_user4 (const char * str_s) 1089 { 1090 return (sh_files_pushdir (SH_LEVEL_USER4, str_s)); 1091 } 1092 1093 int sh_files_pushdir_attr (const char * str_s) 1045 int sh_files_pushdir_attr (char * str_s) 1094 1046 { 1095 1047 return (sh_files_pushdir (SH_LEVEL_ATTRIBUTES, str_s)); 1096 1048 } 1097 1049 1098 int sh_files_pushdir_ro (c onst char * str_s)1050 int sh_files_pushdir_ro (char * str_s) 1099 1051 { 1100 1052 return (sh_files_pushdir (SH_LEVEL_READONLY, str_s)); 1101 1053 } 1102 1054 1103 int sh_files_pushdir_log (c onst char * str_s)1055 int sh_files_pushdir_log (char * str_s) 1104 1056 { 1105 1057 return (sh_files_pushdir (SH_LEVEL_LOGFILES, str_s)); 1106 1058 } 1107 1059 1108 int sh_files_pushdir_glog (c onst char * str_s)1060 int sh_files_pushdir_glog (char * str_s) 1109 1061 { 1110 1062 return (sh_files_pushdir (SH_LEVEL_LOGGROW, str_s)); 1111 1063 } 1112 1064 1113 int sh_files_pushdir_noig (c onst char * str_s)1065 int sh_files_pushdir_noig (char * str_s) 1114 1066 { 1115 1067 return (sh_files_pushdir (SH_LEVEL_NOIGNORE, str_s)); 1116 1068 } 1117 1069 1118 int sh_files_pushdir_allig (c onst char * str_s)1070 int sh_files_pushdir_allig (char * str_s) 1119 1071 { 1120 1072 return (sh_files_pushdir (SH_LEVEL_ALLIGNORE, str_s)); … … 1168 1120 if (tree == NULL) 1169 1121 { 1170 (void) safe_logger (0, 0, NULL);1122 (void) safe_logger (0, 0, getpid()); 1171 1123 aud__exit(FIL__, __LINE__, EXIT_FAILURE); 1172 1124 } … … 1181 1133 if (-1 == ret) 1182 1134 { 1183 (void) safe_logger (0, 0, NULL);1135 (void) safe_logger (0, 0, getpid()); 1184 1136 aud__exit(FIL__, __LINE__, EXIT_FAILURE); 1185 1137 } … … 1191 1143 } 1192 1144 1193 static int sh_files_pushdir (int class, c onst char * str_s)1145 static int sh_files_pushdir (int class, char * str_s) 1194 1146 { 1195 1147 char * tmp; … … 1197 1149 int rdepth = 0; 1198 1150 char * tail = NULL; 1199 char * p;1200 1151 1201 1152 #ifdef HAVE_GLOB_H … … 1215 1166 SL_RETURN((-1), _("sh_files_pushdir")); 1216 1167 1217 p = sh_util_strdup (str_s); 1218 1219 if (p[0] != '/') 1220 { 1221 rdepth = strtol(p, &tail, 10); 1222 if (tail == p) 1223 { 1224 SH_FREE(p); 1225 SL_RETURN((-1), _("sh_files_pushdir")); 1226 } 1168 1169 if (str_s[0] != '/') 1170 { 1171 rdepth = strtol(str_s, &tail, 10); 1172 if (tail == str_s) 1173 SL_RETURN((-1), _("sh_files_pushdir")); 1227 1174 } 1228 1175 else 1229 tail = p;1176 tail = str_s; 1230 1177 1231 1178 1232 if (rdepth < (-1) || tail == p|| rdepth > 99)1179 if (rdepth < (-1) || tail == str_s || rdepth > 99) 1233 1180 rdepth = (-2); 1234 1181 … … 1241 1188 tmp); 1242 1189 SH_FREE(tmp); 1243 SH_FREE(p);1244 1190 SL_RETURN((-1), _("sh_files_pushdir")); 1245 1191 } 1246 1192 else if (len < 1) 1247 1193 { 1248 SH_FREE(p);1249 1194 SL_RETURN((-1), _("sh_files_pushdir")); 1250 1195 } … … 1255 1200 tmp); 1256 1201 SH_FREE(tmp); 1257 SH_FREE(p);1258 1202 SL_RETURN((-1), _("sh_files_pushdir")); 1259 1203 } … … 1324 1268 #endif 1325 1269 1326 SH_FREE(p);1327 1270 SL_RETURN((0), _("sh_files_pushdir")); 1328 1271 } … … 1379 1322 /* Simply sets our boolean as to whether this check is active 1380 1323 */ 1381 int sh_files_check_hardlinks (c onst char * opt)1324 int sh_files_check_hardlinks (char * opt) 1382 1325 { 1383 1326 int i; … … 1395 1338 static struct sh_hle_struct * sh_hl_exc = NULL; 1396 1339 1397 int sh_files_hle_reg (c onst char * str)1340 int sh_files_hle_reg (char * str) 1398 1341 { 1399 1342 long offset; -
/trunk/src/sh_forward.c
r30 r20 335 335 #endif 336 336 337 #if defined(SH_WITH_CLIENT) || defined(SH_WITH_SERVER)337 #ifdef SH_WITH_CLIENT 338 338 339 339 static int count_dev_server = 0; … … 345 345 } 346 346 347 int sh_forward_setlogserver (c onst char * address)347 int sh_forward_setlogserver (char * address) 348 348 { 349 349 SL_ENTER(_("sh_forward_setlogserver")); … … 708 708 static long sh_forward_try (char * errmsg); 709 709 710 static unsigned int ServerPort = SH_DEFAULT_PORT;711 712 int sh_forward_server_port (const char * str)713 {714 unsigned long l;715 char * endptr;716 717 SL_ENTER(_("sh_forward_server_port"));718 719 l = strtoul (str, &endptr, 0);720 if (l > 65535 || endptr == str)721 {722 SL_RETURN (-1, _("sh_forward_server_port"));723 }724 ServerPort = (unsigned int) l;725 SL_RETURN (0, _("sh_forward_server_port"));726 }727 710 728 711 long sh_forward (char * errmsg) … … 897 880 898 881 sockfd = connect_port_2 (sh.srvexport.name, sh.srvexport.alt, 899 S erverPort,882 SH_DEFAULT_PORT, 900 883 error_call, &error_num, error_msg, 256); 901 884 … … 1458 1441 flag_err, 1459 1442 MSG_TCP_NOCONF); 1460 } 1461 #ifdef SH_WITH_CLIENT 1462 else { 1443 } else { 1463 1444 sh_socket_server_cmd(buffer); 1464 1445 } 1465 #endif1466 1446 flag_err = 0; 1467 1447 … … 1931 1911 1932 1912 1933 int sh_forward_use_clt_class (c onst char * c)1913 int sh_forward_use_clt_class (char * c) 1934 1914 { 1935 1915 int i; … … 1939 1919 } 1940 1920 1941 int sh_forward_use_clt_sev (c onst char * c)1921 int sh_forward_use_clt_sev (char * c) 1942 1922 { 1943 1923 int i; … … 1970 1950 } 1971 1951 1972 1973 int sh_forward_register_client (const char * str) 1952 extern int safe_logger (int signal, int method, pid_t thepid); 1953 1954 int sh_forward_register_client (char * str) 1974 1955 { 1975 1956 client_t * newclt; 1976 1957 client_t * testclt; 1977 1958 1978 c onst char* ptr;1959 char * ptr; 1979 1960 int sepnum = 0; 1980 1961 int sep[2]; … … 1999 1980 if (all_clients == NULL) 2000 1981 { 2001 (void) safe_logger (0, 0, NULL);1982 (void) safe_logger (0, 0, getpid()); 2002 1983 aud__exit(FIL__, __LINE__, EXIT_FAILURE); 2003 1984 } … … 2031 2012 newclt->status_arr[i] = CLT_INACTIVE; 2032 2013 sl_strlcpy(newclt->timestamp[CLT_INACTIVE], sh_unix_time(0), TIM_MAX); 2033 /* truncate */2034 2014 sl_strlcpy(newclt->hostname, &str[0], sep[0]+1); 2035 /* truncate */2036 2015 sl_strlcpy(newclt->salt, &str[sep[0]+1], sep[1]-sep[0]); 2037 2016 sl_strlcpy(newclt->verifier, &str[sep[1]+1], sl_strlen(str)-sep[1]+1); … … 2407 2386 2408 2387 #if defined(WITH_EXTERNAL) 2409 sl_snprintf(msg, sizeof(msg), _("%s %s %s"), 2410 conn->hostname, conn->timestamp[status], _(clt_stat[status])); 2388 sprintf(msg, _("%s %s %s"), /* known to fit */ 2389 conn->hostname, 2390 conn->timestamp[status], 2391 _(clt_stat[status])); 2411 2392 sh_ext_execute('s', 'r', 'v', msg, 0); 2412 2393 #endif … … 2417 2398 static time_t time_client_limit = 86400; 2418 2399 2419 int sh_forward_set_time_limit (c onst char * c)2400 int sh_forward_set_time_limit (char * c) 2420 2401 { 2421 2402 long val; … … 2467 2448 static int lookup_err = SH_ERR_SEVERE; 2468 2449 2469 int sh_forward_lookup_level (c onst char * c)2450 int sh_forward_lookup_level (char * c) 2470 2451 { 2471 2452 int ci = sh_error_convert_level (c); … … 2622 2603 static int UseSocketPeer = S_FALSE; 2623 2604 2624 int set_socket_peer (c onst char * c)2605 int set_socket_peer (char * c) 2625 2606 { 2626 2607 return sh_util_flagval(c, &UseSocketPeer); … … 2750 2731 char hash[SH_MAXMSGLEN + KEY_LEN + KEY_LEN + 1]; 2751 2732 char * buffer; 2733 long len; 2752 2734 2753 2735 int clt_sev; … … 2755 2737 2756 2738 UINT32 ticks; 2757 size_t len;2758 2739 int i; 2759 2740 char * test; … … 2840 2821 sh_error_handle((-1), FIL__, __LINE__, 0, MSG_TCP_FAUTH, 2841 2822 &(conn->buf[KEY_LEN])); 2842 len = sl_strlen(&(conn->buf[KEY_LEN])) + 1; 2843 /* &(conn->buf[KEY_LEN]) is hostname */ 2844 /* may overlap, thus only memmove is correct */ 2845 memmove(conn->buf, &(conn->buf[KEY_LEN]), len); 2823 strcpy(conn->buf, /* known to fit */ 2824 &(conn->buf[KEY_LEN])); 2846 2825 this_client->session_key[0] = '\0'; 2847 2826 this_client->session_key_timer = (time_t) 1; … … 2856 2835 conn->K = NULL; 2857 2836 } 2858 len= sl_strlen(&(conn->buf[KEY_LEN])) + KEY_LEN + 1;2859 conn->K = SH_ALLOC( len);2837 i = sl_strlen(&(conn->buf[KEY_LEN])) + KEY_LEN + 1; 2838 conn->K = SH_ALLOC(i); 2860 2839 2861 2840 sl_strlcpy (conn->K, … … 2935 2914 conn->A = SH_ALLOC(3*KEY_LEN+1); 2936 2915 sl_strlcpy (conn->A, conn->K, KEY_LEN+1); 2937 sl_strlcat(conn->A, conn->buf, /* truncate*/2916 sl_strlcat(conn->A, conn->buf, /* ignore remainder */ 2938 2917 2*KEY_LEN+1); 2939 2918 sl_strlcat(conn->A, conn->client_entry->session_key, … … 3299 3278 sh_error_handle((-1), FIL__, __LINE__, 0, MSG_TCP_FAUTH, 3300 3279 &(conn->buf[KEY_LEN])); 3301 len = sl_strlen(&(conn->buf[KEY_LEN])) + 1; 3302 /* &(conn->buf[KEY_LEN]) is hostname */ 3303 /* may overlap, thus only memmove is correct */ 3304 memmove(conn->buf, &(conn->buf[KEY_LEN]), len); 3280 strcpy(conn->buf, /* known to fit */ 3281 &(conn->buf[KEY_LEN])); 3305 3282 this_client->session_key[0] = '\0'; 3306 3283 this_client->session_key_timer = (time_t) 1; … … 3316 3293 conn->K = NULL; 3317 3294 } 3318 len= sl_strlen(&(conn->buf[KEY_LEN])) + KEY_LEN + 1;3319 conn->K = SH_ALLOC( len);3295 i = sl_strlen(&(conn->buf[KEY_LEN])) + KEY_LEN + 1; 3296 conn->K = SH_ALLOC(i); 3320 3297 3321 3298 sl_strlcpy (conn->K, … … 4623 4600 static unsigned int server_port = SH_DEFAULT_PORT; 4624 4601 4625 int sh_forward_set_port (c onst char * str)4602 int sh_forward_set_port (char * str) 4626 4603 { 4627 4604 int retval = 0; 4628 4605 unsigned long i; 4629 char * endptr ;4606 char * endptr = str; 4630 4607 4631 4608 SL_ENTER(_("sh_forward_set_port")); … … 4644 4621 static int use_server_interface = 0; 4645 4622 4646 int sh_forward_set_interface (c onst char * str)4623 int sh_forward_set_interface (char * str) 4647 4624 { 4648 4625 if (0 == strcmp(str, _("INADDR_ANY"))) … … 4837 4814 */ 4838 4815 new_act.sa_handler = SIG_IGN; 4839 sigemptyset( &new_act.sa_mask ); /* set an empty mask */4840 new_act.sa_flags = 0; /* init sa_flags */4841 4816 retry_sigaction (FIL__, __LINE__, SIGPIPE, &new_act, &old_act); 4842 4817 … … 5596 5571 } 5597 5572 5598 int set_syslog_active(c onst char * c)5573 int set_syslog_active(char * c) 5599 5574 { 5600 5575 return sh_util_flagval(c, &enable_syslog_socket); -
/trunk/src/sh_getopt.c
r30 r20 80 80 sh_util_set_interactive }, 81 81 #endif 82 #if defined(SH_WITH_SERVER) || defined(SH_WITH_CLIENT)83 { N_("server-port"),84 '-',85 N_("Set the server port to connect to"),86 HAS_ARG_YES,87 sh_forward_server_port },88 #endif89 82 #ifdef SH_WITH_SERVER 90 83 { N_("server"), … … 119 112 HAS_ARG_YES, 120 113 sh_calls_set_bind_addr }, 121 #if defined(SH_WITH_SERVER) || defined(SH_WITH_CLIENT)114 #ifdef SH_WITH_CLIENT 122 115 { N_("set-export-severity"), 123 116 'e', … … 398 391 if (op_table[i].hasArg == HAS_ARG_NO) { 399 392 if (sl_strlen(op_table[i].longopt) < 10) 400 s l_strlcpy(fmt,_("%c%c%c --%-s,\t\t\t %s\n"), sizeof(fmt));393 strcpy(fmt,_("%c%c%c --%-s,\t\t\t %s\n"));/* known to fit */ 401 394 else if (sl_strlen(op_table[i].longopt) < 17) 402 s l_strlcpy(fmt, _("%c%c%c --%-s,\t\t %s\n"), sizeof(fmt));395 strcpy(fmt, _("%c%c%c --%-s,\t\t %s\n")); /* known to fit */ 403 396 else 404 sl_strlcpy(fmt, _("%c%c%c --%-s,\t %s\n"), sizeof(fmt)); 405 /* flawfinder: ignore */ 406 fprintf (stdout, fmt, 397 strcpy(fmt, _("%c%c%c --%-s,\t %s\n")); /* known to fit */ 398 /*@-formatconst@*/ 399 fprintf (stdout, 400 fmt, 407 401 (op_table[i].shortopt == '-') ? ' ' : '-', 408 402 (op_table[i].shortopt == '-') ? ' ' : op_table[i].shortopt, … … 410 404 _(op_table[i].longopt), 411 405 _(op_table[i].usage)); 406 /*@+formatconst@*/ 412 407 } else { 413 408 if (sl_strlen(op_table[i].longopt) < 12) 414 sl_strlcpy(fmt, _("%c%c %s --%-s=<arg>,\t\t %s\n"), sizeof(fmt)); 409 strcpy(fmt, /* known to fit */ 410 _("%c%c %s --%-s=<arg>,\t\t %s\n")); 415 411 else 416 sl_strlcpy(fmt, _("%c%c %s --%-s=<arg>,\t %s\n"), sizeof(fmt)); 417 /* flawfinder: ignore */ 418 fprintf (stdout, fmt, 412 strcpy(fmt, /* known to fit */ 413 _("%c%c %s --%-s=<arg>,\t %s\n")); 414 /*@-formatconst@*/ 415 fprintf (stdout, 416 fmt, 419 417 (op_table[i].shortopt == '-') ? ' ' : '-', 420 418 (op_table[i].shortopt == '-') ? ' ' : op_table[i].shortopt, … … 422 420 _(op_table[i].longopt), 423 421 _(op_table[i].usage)); 422 /*@+formatconst@*/ 424 423 } 425 424 } … … 561 560 for (i = 0; op_table[i].longopt != NULL; ++i) 562 561 { 563 562 564 563 if (sl_strncmp(_(op_table[i].longopt), 565 564 &argv[1][2], … … 569 568 if ( op_table[i].hasArg == HAS_ARG_YES ) 570 569 { 571 theequal = strchr(argv[1], '='); 572 if (theequal == NULL) 570 if ( (theequal = strchr(argv[1], '=')) == NULL) 573 571 { 574 572 if (argc < 3) -
/trunk/src/sh_gpg.c
r30 r20 209 209 FILE * outf = NULL; 210 210 char * envp[2]; 211 size_t len;212 211 char path[256]; 213 212 char cc1[32]; … … 371 370 if (sh.effective.home != NULL) 372 371 { 373 len = sl_strlen(sh.effective.home) + 6; 374 envp[0] = malloc (len); /* free() ok */ 372 envp[0] = malloc (sl_strlen(sh.effective.home) + 6); /* free() ok */ 375 373 if (envp[0] != NULL) 376 sl_snprintf (envp[0], len, "HOME=%s", sh.effective.home); 374 sprintf (envp[0], "HOME=%s", /* known to fit */ 375 sh.effective.home); 377 376 envp[1] = NULL; 378 377 } … … 487 486 488 487 pfd = get_the_fd(checkfd); 489 s l_snprintf(pname, sizeof(pname), _("/proc/self/fd/%d"), pfd);490 if (0 == access(pname, R_OK|X_OK)) /* flawfinder: ignore */ 491 488 sprintf(pname, _("/proc/self/fd/%d"), /* known to fit */ 489 pfd); 490 if (0 == access(pname, R_OK|X_OK)) 492 491 { 493 492 fcntl (pfd, F_SETFD, FD_CLOEXEC); -
/trunk/src/sh_hash.c
r30 r20 297 297 N_("[User0]"), 298 298 N_("[User1]"), 299 N_("[User2]"),300 N_("[User3]"),301 N_("[User4]"),302 299 N_("[Prelink]"), 303 300 NULL … … 1271 1268 } 1272 1269 1273 int sh_hash_version_string(c onst char * str)1270 int sh_hash_version_string(char * str) 1274 1271 { 1275 1272 int i; -
/trunk/src/sh_html.c
r30 r20 296 296 { 297 297 entry_orig = realloc(entry_orig, /* free() ok */ 298 entry_size + line_size + 1);298 entry_size + line_size); 299 299 if (entry_orig) { add_size = line_size; } 300 300 } … … 302 302 { 303 303 entry_orig = malloc(line_size + 1); /* free() ok */ 304 if (entry_orig) { entry_orig[0] = '\0'; add_size = line_size ; }304 if (entry_orig) { entry_orig[0] = '\0'; add_size = line_size + 1; } 305 305 } 306 306 if (!entry_orig) … … 311 311 } 312 312 313 s l_strlcat(&entry_orig[entry_size], line, line_size + 1);313 strcat(&entry_orig[entry_size], line); /* known to fit */ 314 314 entry_size += add_size; 315 SH_VALIDATE_EQ(entry_orig[entry_size], '\0');316 315 } 317 316 sl_close(fd); -
/trunk/src/sh_ignore.c
r30 r20 53 53 54 54 static struct sh_ignore_list * sh_ignore_add_int(struct sh_ignore_list * list, 55 c onst char * addpath)55 char * addpath) 56 56 { 57 57 struct sh_ignore_list * new; … … 96 96 } 97 97 98 int sh_ignore_add_del (c onst char * addpath)98 int sh_ignore_add_del (char * addpath) 99 99 { 100 100 if ((addpath == NULL) || (addpath[0] != '/')) … … 106 106 } 107 107 108 int sh_ignore_add_new (c onst char * addpath)108 int sh_ignore_add_new (char * addpath) 109 109 { 110 110 if ((addpath == NULL) || (addpath[0] != '/')) -
/trunk/src/sh_kern.c
r30 r20 431 431 int (*rename) (int *, int *, 432 432 int *, int *); 433 /* flawfinder: ignore */434 433 int (*readlink) (int *, char *,int); 435 434 int (*follow_link) (int *, int *); -
/trunk/src/sh_mail.c
r30 r20 271 271 272 272 static 273 int sh_filter_filteradd (const char * argstring, 274 sh_filter_type * filter, int ftype) 273 int sh_filter_filteradd (char * argstring, sh_filter_type * filter, int ftype) 275 274 { 276 275 int i = 0; … … 373 372 */ 374 373 static 375 int sh_filter_filter (c onst char * message, sh_filter_type * filter)374 int sh_filter_filter (char * message, sh_filter_type * filter) 376 375 { 377 376 int i; … … 433 432 * -- add keywords to the OR filter 434 433 */ 435 int sh_mail_add_or (c onst char * str)434 int sh_mail_add_or (char * str) 436 435 { 437 436 return (sh_filter_filteradd (str, &(mail_filter), SH_FILT_OR)); … … 441 440 * -- add keywords to the AND filter 442 441 */ 443 int sh_mail_add_and (c onst char * str)442 int sh_mail_add_and (char * str) 444 443 { 445 444 return (sh_filter_filteradd (str, &(mail_filter), SH_FILT_AND)); … … 449 448 * -- add keywords to the NOT filter 450 449 */ 451 int sh_mail_add_not (c onst char * str)450 int sh_mail_add_not (char * str) 452 451 { 453 452 return (sh_filter_filteradd (str, &(mail_filter), SH_FILT_NOT)); … … 474 473 } 475 474 476 int sh_mail_setaddress (c onst char * address)475 int sh_mail_setaddress (char * address) 477 476 { 478 477 char * p; … … 524 523 } 525 524 526 int sh_mail_setaddress_int (c onst char * address)525 int sh_mail_setaddress_int (char * address) 527 526 { 528 527 int i; … … 534 533 } 535 534 536 int sh_mail_setNum (c onst char * str)535 int sh_mail_setNum (char * str) 537 536 { 538 537 int i = atoi (str); … … 550 549 static int all_in_one = S_FALSE; 551 550 552 int sh_mail_setFlag (c onst char * str)551 int sh_mail_setFlag (char * str) 553 552 { 554 553 int i; … … 560 559 static char * mail_subject = NULL; 561 560 562 int set_mail_subject (c onst char * str)561 int set_mail_subject (char * str) 563 562 { 564 563 SL_ENTER(_("set_mail_subject")); … … 1007 1006 /* reveal first signature key 1008 1007 */ 1009 /* flawfinder: ignore */ 1010 (void) sl_strlcpy(skey->crypt, skey->mailkey_new, KEY_LEN+1); 1008 (void) sl_strlcpy(skey->crypt, skey->mailkey_new, KEY_LEN+1); 1011 1009 1012 1010 BREAKEXIT(sh_util_encode); 1013 /* flawfinder: ignore */1014 1011 sh_util_encode(skey->crypt, bufcompress, 0, 'A'); 1015 1012 1016 /* flawfinder: ignore */1017 1013 (void) sl_strlcat (mailMsg, skey->crypt, msgbufsize); 1018 /* flawfinder: ignore */1019 1014 memset (skey->crypt, 0, KEY_LEN); 1020 1015 isfirst = 0; … … 1026 1021 (void) sl_strlcpy (skey->mailkey_old, skey->mailkey_new, KEY_LEN+1); 1027 1022 1028 sl_snprintf(subject, sizeof(subject), _("%06d %010ld::%s\r\n"), 1029 mailcount, (long) id_audit, sh.host.name); 1023 /*@-bufferoverflowhigh@*/ 1024 sprintf(subject, _("%06d %010ld::%s\r\n"), /* known to fit */ 1025 mailcount, (long) id_audit, sh.host.name); 1026 /*@+bufferoverflowhigh@*/ 1030 1027 1031 1028 (void) sl_strlcat (mailMsg, subject, msgbufsize); … … 1225 1222 static char * relay_host = NULL; 1226 1223 1227 int sh_mail_set_relay (c onst char * str_s)1224 int sh_mail_set_relay (char * str_s) 1228 1225 { 1229 1226 size_t i = 0; … … 1254 1251 static char * mail_sender = NULL; 1255 1252 1256 int sh_mail_set_sender (c onst char *str)1253 int sh_mail_set_sender (char *str) 1257 1254 { 1258 1255 if (mail_sender != NULL) … … 1738 1735 if (g != 1) 1739 1736 { 1740 sl_snprintf(errmsg, sizeof(errmsg), 1741 _("Bad response (%d), expected %d"), rcode, code); 1742 1737 /*@-bufferoverflowhigh@*/ 1738 sprintf(errmsg, /* known to fit */ 1739 _("Bad response (%d), expected %d"), rcode, code); 1740 /*@+bufferoverflowhigh@*/ 1743 1741 sh_error_handle((-1), FIL__, __LINE__, 0, MSG_E_NET, 1744 1742 errmsg, _("sh_mail_wait"), … … 1885 1883 int ret, length, status; 1886 1884 mx * result; 1887 size_t len;1888 1885 1889 1886 typedef union … … 2068 2065 */ 2069 2066 result[count].pref = pref; 2070 len = strlen (expanded) + 1; 2071 result[count].address = SH_ALLOC (len); 2072 sl_strlcpy (result[count].address, expanded, len); 2067 result[count].address = SH_ALLOC (strlen (expanded) + 1); 2068 strcpy (result[count].address, expanded); /* known to fit */ 2073 2069 } 2074 2070 while (ret > 0 && comp_dn < eom && count); … … 2105 2101 mx * result; 2106 2102 dnsrep * retval; 2107 char errmsg[128]; 2108 size_t len; 2103 char errmsg[128]; 2109 2104 2110 2105 SL_ENTER(_("return_mx")); … … 2133 2128 _("get_mx")); 2134 2129 #else 2135 /* flawfinder: ignore *//* test code only */2136 2130 strcpy (errmsg, /* known to fit */ 2137 2131 _("No MX record for domain ")); … … 2161 2155 result->pref = 0; 2162 2156 /*@-type@*/ 2163 len = strlen (host->h_name) + 1; 2164 result->address = SH_ALLOC (len); 2165 sl_strlcpy (result->address, host->h_name, len); 2157 result->address = SH_ALLOC (strlen (host->h_name) + 1); 2158 strcpy (result->address, host->h_name); /* known to fit */ 2166 2159 /*@+type@*/ 2167 2160 SL_RETURN (retval, _("return_mx")); -
/trunk/src/sh_mem.c
r30 r20 39 39 #include "sh_mem.h" 40 40 41 extern int safe_logger (int signal, int method, char * details);41 extern int safe_logger (int signal, int method, pid_t thepid); 42 42 43 43 #undef FIL__ … … 228 228 { 229 229 eblock = 1; 230 (void) safe_logger (0, 0, NULL);230 (void) safe_logger (0, 0, getpid()); 231 231 /* 232 232 sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_E_MMEM, … … 320 320 { 321 321 eblock = 1; 322 (void) safe_logger(0, 0, NULL);322 (void) safe_logger(0, 0, getpid()); 323 323 /* 324 324 sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_E_MMEM, … … 456 456 { 457 457 eblock = 1; 458 (void) safe_logger(0, 0, NULL);458 (void) safe_logger(0, 0, getpid()); 459 459 /* 460 460 sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_E_MMEM); -
/trunk/src/sh_prelink.c
r30 r20 38 38 static char * prelink_hash = NULL; 39 39 40 int sh_prelink_set_path (c onst char * str)40 int sh_prelink_set_path (char * str) 41 41 { 42 42 size_t len; … … 55 55 } 56 56 57 int sh_prelink_set_hash (c onst char * str)57 int sh_prelink_set_hash (char * str) 58 58 { 59 59 size_t len; … … 245 245 sl_read_timeout_prep (task.pipeTI); 246 246 247 sl_strlcpy(file_hash, 248 sh_tiger_generic_hash (path, TIGER_FD, 0, alert_timeout), 249 KEY_LEN+1); 247 strcpy(file_hash, /* known to fit */ 248 sh_tiger_generic_hash (path, TIGER_FD, 0, alert_timeout)); 250 249 251 250 /* restore old signal handler -
/trunk/src/sh_prelude.c
r30 r20 133 133 } 134 134 135 static int set_prelude_severity_int (const char * str, int prelude_sev) 136 { 137 char * p; 138 char * dup = strdup (str); 139 140 if (!dup) 141 return -1; 142 143 p = strtok (dup, ", \t"); 135 static int set_prelude_severity_int (char * str, int prelude_sev) 136 { 137 char * p = strtok (str, ", \t"); 138 144 139 if (p) { 145 140 do { … … 160 155 else if (0 == strcmp (p, _("info"))) 161 156 clear_and_set (prelude_sev, SH_ERR_INFO); 162 else { 163 free (dup); 157 else 164 158 return -1; 165 }166 159 p = strtok (NULL, ", \t"); 167 160 } while (p); 168 161 } 169 free(dup);170 162 return 0; 171 163 } 172 164 173 int sh_prelude_map_info (c onst char * str)165 int sh_prelude_map_info (char * str) 174 166 { 175 167 return (set_prelude_severity_int(str,(int)IDMEF_IMPACT_SEVERITY_INFO)); 176 168 } 177 int sh_prelude_map_low (c onst char * str)169 int sh_prelude_map_low (char * str) 178 170 { 179 171 return (set_prelude_severity_int(str,(int)IDMEF_IMPACT_SEVERITY_LOW)); 180 172 } 181 int sh_prelude_map_medium (c onst char * str)173 int sh_prelude_map_medium (char * str) 182 174 { 183 175 return (set_prelude_severity_int(str,(int)IDMEF_IMPACT_SEVERITY_MEDIUM)); 184 176 } 185 int sh_prelude_map_high (c onst char * str)177 int sh_prelude_map_high (char * str) 186 178 { 187 179 return (set_prelude_severity_int(str,(int)IDMEF_IMPACT_SEVERITY_HIGH)); … … 308 300 } 309 301 310 /* flawfinder: ignore *//* is part of name, not access() */311 302 static void get_access_info(idmef_file_access_t *access, char * mode, int pos, int mpos) 312 303 { … … 317 308 do { 318 309 if ( mode[pos] == 'r' ) { 319 /* flawfinder: ignore *//* is part of name, not access() */ 320 ret = idmef_file_access_new_permission(access, &str, IDMEF_LIST_APPEND); 310 ret = idmef_file_access_new_permission(access, &str, -1); 321 311 if ( ret < 0 ) 322 312 return; … … 325 315 } 326 316 else if ( mode[pos] == 'w' ) { 327 /* flawfinder: ignore *//* is part of name, not access() */ 328 ret = idmef_file_access_new_permission(access, &str, IDMEF_LIST_APPEND); 317 ret = idmef_file_access_new_permission(access, &str, -1); 329 318 if ( ret < 0 ) 330 319 return; … … 333 322 } 334 323 else if ( mode[pos] == 'x' || mode[pos] == 's' || mode[pos] == 't') { 335 /* flawfinder: ignore *//* is part of name, not access() */ 336 ret = idmef_file_access_new_permission(access, &str, IDMEF_LIST_APPEND); 324 ret = idmef_file_access_new_permission(access, &str, -1); 337 325 if ( ret < 0 ) 338 326 return; … … 352 340 353 341 if ( got == 0 ) { 354 /* flawfinder: ignore *//* is part of name, not access() */ 355 ret = idmef_file_access_new_permission(access, &str, IDMEF_LIST_APPEND); 342 ret = idmef_file_access_new_permission(access, &str, -1); 356 343 if ( ret < 0 ) 357 344 return; … … 373 360 prelude_string_t *str; 374 361 idmef_checksum_t *checksum; 375 idmef_file_access_t *access; /* flawfinder: ignore */362 idmef_file_access_t *access; 376 363 idmef_user_id_t *userid; 377 364 const char *suffix = (category == IDMEF_FILE_CATEGORY_CURRENT) ? "_new" : "_old"; 378 365 char *mode = NULL; 379 366 380 ret = idmef_target_new_file(target, &file, IDMEF_LIST_APPEND);367 ret = idmef_target_new_file(target, &file, -1); 381 368 if ( ret < 0 ) 382 369 return; … … 442 429 ptr = get_value(msg, _("chksum"), suffix); 443 430 if ( ptr ) { 444 ret = idmef_file_new_checksum(file, &checksum, IDMEF_LIST_APPEND);431 ret = idmef_file_new_checksum(file, &checksum, 0); 445 432 if ( ret < 0 ) 446 433 return; … … 472 459 mode = get_value(msg, _("mode"), suffix); 473 460 if ( mode ) { 474 /* flawfinder: ignore *//* is part of name, not access() */ 475 ret = idmef_file_new_file_access(file, &access, IDMEF_LIST_APPEND); 476 if ( ret < 0 ) 477 return; 478 479 /* flawfinder: ignore *//* is part of name, not access() */ 461 ret = idmef_file_new_file_access(file, &access, -1); 462 if ( ret < 0 ) 463 return; 464 480 465 ret = idmef_file_access_new_user_id(access, &userid); 481 466 if ( ret < 0 ) … … 483 468 idmef_user_id_set_type(userid, IDMEF_USER_ID_TYPE_OTHER_PRIVS); 484 469 485 /* flawfinder: ignore *//* is part of name, not access() */486 470 get_access_info ( access, mode, 7, 9 ); 487 471 } … … 491 475 struct passwd *pw; 492 476 493 /* flawfinder: ignore *//* is part of name, not access() */ 494 ret = idmef_file_new_file_access(file, &access, IDMEF_LIST_APPEND); 495 if ( ret < 0 ) 496 return; 497 498 /* flawfinder: ignore *//* is part of name, not access() */ 477 ret = idmef_file_new_file_access(file, &access, 0); 478 if ( ret < 0 ) 479 return; 480 499 481 ret = idmef_file_access_new_user_id(access, &userid); 500 482 if ( ret < 0 ) … … 515 497 516 498 if ( mode ) { 517 /* flawfinder: ignore *//* is part of name, not access() */518 499 get_access_info ( access, mode, 1, 3 ); 519 500 } … … 524 505 struct group *gr; 525 506 526 /* flawfinder: ignore *//* is part of name, not access() */ 527 ret = idmef_file_new_file_access(file, &access, IDMEF_LIST_APPEND); 528 if ( ret < 0 ) 529 return; 530 531 /* flawfinder: ignore *//* is part of name, not access() */ 507 ret = idmef_file_new_file_access(file, &access, -1); 508 if ( ret < 0 ) 509 return; 510 532 511 ret = idmef_file_access_new_user_id(access, &userid); 533 512 if ( ret < 0 ) … … 548 527 549 528 if ( mode ) { 550 get_access_info ( access, mode, 4, 6 ); /* flawfinder: ignore */529 get_access_info ( access, mode, 4, 6 ); 551 530 } 552 531 } … … 650 629 if ( ptr ) { 651 630 if ( ! source ) { 652 ret = idmef_alert_new_source(alert, &source, IDMEF_LIST_APPEND);631 ret = idmef_alert_new_source(alert, &source, -1); 653 632 if ( ret < 0 ) { 654 633 free(ptr); … … 663 642 } 664 643 665 ret = idmef_node_new_address(node, &address, IDMEF_LIST_APPEND);644 ret = idmef_node_new_address(node, &address, -1); 666 645 if ( ret < 0 ) { 667 646 free(ptr); … … 684 663 else { 685 664 if ( ! source ) { 686 ret = idmef_alert_new_source(alert, &source, IDMEF_LIST_APPEND);665 ret = idmef_alert_new_source(alert, &source, -1); 687 666 if ( ret < 0 ) { 688 667 free(ptr); … … 717 696 idmef_user_set_category(user, IDMEF_USER_CATEGORY_OS_DEVICE); 718 697 719 ret = idmef_user_new_user_id(user, &user_id, IDMEF_LIST_APPEND);698 ret = idmef_user_new_user_id(user, &user_id, -1); 720 699 if ( ret < 0 ) { 721 700 free(ptr); … … 791 770 goto err; 792 771 793 idmef_alert_set_analyzer(alert, idmef_analyzer_ref(prelude_client_get_analyzer(client)), IDMEF_LIST_PREPEND);772 idmef_alert_set_analyzer(alert, idmef_analyzer_ref(prelude_client_get_analyzer(client)), 0); 794 773 795 774 ret = idmef_time_new_from_gettimeofday(&time); … … 807 786 goto err; 808 787 809 ret = idmef_alert_new_target(alert, &target, IDMEF_LIST_APPEND);788 ret = idmef_alert_new_target(alert, &target, -1); 810 789 if ( ret < 0 ) 811 790 goto err; … … 865 844 idmef_confidence_set_rating(confidence, IDMEF_CONFIDENCE_RATING_HIGH); 866 845 867 ret = idmef_alert_new_additional_data(alert, &data, IDMEF_LIST_APPEND);846 ret = idmef_alert_new_additional_data(alert, &data, -1); 868 847 if ( ret < 0 ) 869 848 goto err; … … 911 890 912 891 913 int sh_prelude_set_profile(c onst char *arg)892 int sh_prelude_set_profile(char *arg) 914 893 { 915 894 if ( profile ) { -
/trunk/src/sh_readconf.c
r30 r20 52 52 #endif 53 53 54 extern int set_reverse_lookup (c onst char * c);54 extern int set_reverse_lookup (char * c); 55 55 56 56 #undef FIL__ … … 69 69 SH_SECTION_USER0, 70 70 SH_SECTION_USER1, 71 SH_SECTION_USER2,72 SH_SECTION_USER3,73 SH_SECTION_USER4,74 71 SH_SECTION_PRELINK, 75 72 #if defined (SH_WITH_MAIL) … … 111 108 { N_("[User0]"), SH_SECTION_USER0}, 112 109 { N_("[User1]"), SH_SECTION_USER1}, 113 { N_("[User2]"), SH_SECTION_USER2},114 { N_("[User3]"), SH_SECTION_USER3},115 { N_("[User4]"), SH_SECTION_USER4},116 110 { N_("[Prelink]"), SH_SECTION_PRELINK}, 117 111 #ifdef WITH_EXTERNAL … … 288 282 /* The system type, release, and machine. 289 283 */ 290 sl_snprintf(myident, sizeof(myident), _("%s:%s:%s"), 291 sh.host.system, /* flawfinder: ignore */ 292 sh.host.release, sh.host.machine); 284 sprintf(myident, _("%s:%s:%s"), /* known to fit */ 285 sh.host.system, sh.host.release, sh.host.machine); 293 286 294 287 … … 587 580 } 588 581 589 int sh_readconf_set_path (char * which, c onst char * what)582 int sh_readconf_set_path (char * which, char * what) 590 583 { 591 584 int len; … … 628 621 } 629 622 630 int sh_readconf_set_database_path (c onst char * what)623 int sh_readconf_set_database_path (char * what) 631 624 { 632 625 return (sh_readconf_set_path(sh.data.path, what)); 633 626 } 634 627 635 int sh_readconf_set_logfile_path (c onst char * what)628 int sh_readconf_set_logfile_path (char * what) 636 629 { 637 630 return (sh_readconf_set_path(sh.srvlog.name, what)); 638 631 } 639 632 640 int sh_readconf_set_lockfile_path (c onst char * what)633 int sh_readconf_set_lockfile_path (char * what) 641 634 { 642 635 return( sh_readconf_set_path(sh.srvlog.alt, what)); … … 652 645 653 646 654 int sh_readconf_setTime (c onst char * str, ShTimerItem what)647 int sh_readconf_setTime (char * str, ShTimerItem what) 655 648 { 656 649 unsigned long i = atoi (str); … … 681 674 } 682 675 683 int sh_readconf_setMailtime (c onst char * c)676 int sh_readconf_setMailtime (char * c) 684 677 { 685 678 return sh_readconf_setTime (c, SET_MAILTIME); 686 679 } 687 680 688 int sh_readconf_setFiletime (c onst char * c)681 int sh_readconf_setFiletime (char * c) 689 682 { 690 683 return sh_readconf_setTime (c, SET_FILETIME); 691 684 } 692 685 693 int sh_readconf_set_nice (c onst char * c)686 int sh_readconf_set_nice (char * c) 694 687 { 695 688 long val; … … 711 704 712 705 #ifdef FANCY_LIBCAP 713 int sh_readconf_setCaps(c onst char * c)706 int sh_readconf_setCaps(char * c) 714 707 { 715 708 int i; … … 725 718 ShSectionType section; 726 719 ShSectionType alt_section; 727 int (*func)(c onst char * opt);720 int (*func)(char * opt); 728 721 } cfg_options; 729 722 730 723 #if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) 731 extern int sh_set_schedule_one(c onst char * str);732 extern int sh_set_schedule_two(c onst char * str);724 extern int sh_set_schedule_one(char * str); 725 extern int sh_set_schedule_two(char * str); 733 726 #endif 734 727 #if defined (SH_WITH_SERVER) 735 extern int sh_socket_use (const char * c); 736 extern int sh_socket_uid (const char * c); 737 extern int sh_socket_password (const char * c); 738 #endif 739 728 extern int sh_socket_use (char * c); 729 extern int sh_socket_uid (char * c); 730 extern int sh_socket_password (char * c); 731 #endif 732 733 /* Yes, this isn't very elegant ;) 734 */ 735 #if defined(WITH_EXTERNAL) 736 int sh_error_set_external_wrap (char * str) { 737 return sh_error_set_external ((const char *) str); 738 } 739 #endif 740 #if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) 741 int sh_files_setrecursion_wrap (char * str) { 742 return sh_files_setrecursion ((const char *) str); 743 } 744 int sh_util_setchecksum_wrap (char * str) { 745 return sh_util_setchecksum ((const char *) str); 746 } 747 #endif 748 int sh_util_setlooptime_wrap (char * str) { 749 return sh_util_setlooptime ((const char *) str); 750 } 751 #ifdef SH_WITH_MAIL 752 int sh_error_setseverity_wrap (char * str) { 753 return sh_error_setseverity ((const char *) str); 754 } 755 #endif 756 int sh_calls_set_bind_addr_wrap (char * str) { 757 return sh_calls_set_bind_addr ((const char *) str); 758 } 759 int sh_unix_setdeamon_wrap (char * str) { 760 return sh_unix_setdeamon ((const char *) str); 761 } 762 int sh_error_setprint_wrap (char * str) { 763 return sh_error_setprint ((const char *) str); 764 } 765 int sh_error_setlog_wrap (char * str) { 766 return sh_error_setlog ((const char *) str); 767 } 768 int sh_error_set_syslog_wrap (char * str) { 769 return sh_error_set_syslog ((const char *) str); 770 } 771 #ifdef HAVE_LIBPRELUDE 772 int sh_error_set_prelude_wrap (char * str) { 773 return sh_error_set_prelude ((const char *) str); 774 } 775 #endif 776 #ifdef SH_WITH_CLIENT 777 int sh_error_setexport_wrap (char * str) { 778 return sh_error_setexport ((const char *) str); 779 } 780 #endif 781 #ifdef SH_WITH_SERVER 782 int sh_forward_set_strip_wrap (char * str) { 783 return sh_forward_set_strip ((const char *) str); 784 } 785 int sh_unix_set_chroot_wrap (char * str) { 786 return sh_unix_set_chroot ((const char *) str); 787 } 788 #endif 789 #if defined(WITH_DATABASE) 790 int sh_error_set_database_wrap (char * str) { 791 return sh_error_set_database ((const char *) str); 792 } 793 #endif 794 740 795 cfg_options ext_table[] = { 741 796 #if defined(WITH_EXTERNAL) … … 763 818 sh_ext_add_or }, 764 819 { N_("externalseverity"),SH_SECTION_LOG, SH_SECTION_EXTERNAL, 765 sh_error_set_external },820 sh_error_set_external_wrap }, 766 821 { N_("externalclass"), SH_SECTION_LOG, SH_SECTION_EXTERNAL, 767 822 sh_error_external_mask }, … … 790 845 set_enter_wrapper }, 791 846 #endif 792 793 847 794 848 #if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) … … 826 880 { N_("file"), SH_SECTION_USER1, SH_SECTION_NONE, 827 881 sh_files_pushfile_user1 }, 828 { N_("dir"), SH_SECTION_USER2, SH_SECTION_NONE,829 sh_files_pushdir_user2 },830 { N_("file"), SH_SECTION_USER2, SH_SECTION_NONE,831 sh_files_pushfile_user2 },832 { N_("dir"), SH_SECTION_USER3, SH_SECTION_NONE,833 sh_files_pushdir_user3 },834 { N_("file"), SH_SECTION_USER3, SH_SECTION_NONE,835 sh_files_pushfile_user3 },836 { N_("dir"), SH_SECTION_USER4, SH_SECTION_NONE,837 sh_files_pushdir_user4 },838 { N_("file"), SH_SECTION_USER4, SH_SECTION_NONE,839 sh_files_pushfile_user4 },840 882 { N_("dir"), SH_SECTION_PRELINK, SH_SECTION_NONE, 841 883 sh_files_pushdir_prelink }, … … 860 902 sh_util_obscure_ok }, 861 903 { N_("setrecursionlevel"), SH_SECTION_MISC, SH_SECTION_NONE, 862 sh_files_setrecursion },904 sh_files_setrecursion_wrap }, 863 905 { N_("checksumtest"), SH_SECTION_MISC, SH_SECTION_NONE, 864 sh_util_setchecksum },906 sh_util_setchecksum_wrap }, 865 907 { N_("reportonlyonce"), SH_SECTION_MISC, SH_SECTION_NONE, 866 908 sh_files_reportonce }, … … 911 953 sh_files_redef_user1 }, 912 954 913 { N_("redefuser2"), SH_SECTION_MISC, SH_SECTION_NONE,914 sh_files_redef_user2 },915 916 { N_("redefuser3"), SH_SECTION_MISC, SH_SECTION_NONE,917 sh_files_redef_user3 },918 919 { N_("redefuser4"), SH_SECTION_MISC, SH_SECTION_NONE,920 sh_files_redef_user4 },921 922 955 { N_("redefprelink"), SH_SECTION_MISC, SH_SECTION_NONE, 923 956 sh_files_redef_prelink }, … … 928 961 { N_("setprelinkchecksum"), SH_SECTION_MISC, SH_SECTION_NONE, 929 962 sh_prelink_set_hash }, 930 931 963 /* client or standalone 932 964 */ … … 945 977 sh_socket_password }, 946 978 { N_("setstripdomain"), SH_SECTION_SRV, SH_SECTION_MISC, 947 sh_forward_set_strip },979 sh_forward_set_strip_wrap }, 948 980 { N_("useseparatelogs"), SH_SECTION_SRV, SH_SECTION_MISC, 949 981 set_flag_sep_log }, 950 982 { N_("setchrootdir"), SH_SECTION_SRV, SH_SECTION_MISC, 951 sh_unix_set_chroot },983 sh_unix_set_chroot_wrap }, 952 984 { N_("setclienttimelimit"), SH_SECTION_SRV, SH_SECTION_MISC, 953 985 sh_forward_set_time_limit }, … … 968 1000 #endif 969 1001 970 #if defined(SH_WITH_CLIENT) || defined(SH_WITH_SERVER)1002 #ifdef SH_WITH_CLIENT 971 1003 { N_("exportseverity"), SH_SECTION_LOG, SH_SECTION_NONE, 972 sh_error_setexport },1004 sh_error_setexport_wrap }, 973 1005 { N_("exportclass"), SH_SECTION_LOG, SH_SECTION_NONE, 974 1006 sh_error_export_mask }, 975 #if defined(SH_WITH_SERVER)976 { N_("setlogserver"), SH_SECTION_SRV, SH_SECTION_MISC,977 sh_forward_setlogserver },978 #else979 1007 { N_("setlogserver"), SH_SECTION_CLT, SH_SECTION_MISC, 980 1008 sh_forward_setlogserver }, 981 #endif982 1009 #endif 983 1010 { N_("setfilechecktime"), SH_SECTION_MISC, SH_SECTION_NONE, 984 1011 sh_readconf_setFiletime }, 985 1012 { N_("setlooptime"), SH_SECTION_MISC, SH_SECTION_NONE, 986 sh_util_setlooptime },1013 sh_util_setlooptime_wrap }, 987 1014 988 1015 #ifdef SH_WITH_MAIL 989 1016 { N_("mailseverity"), SH_SECTION_LOG, SH_SECTION_NONE, 990 sh_error_setseverity },1017 sh_error_setseverity_wrap }, 991 1018 { N_("mailclass"), SH_SECTION_LOG, SH_SECTION_NONE, 992 1019 sh_error_mail_mask }, … … 1013 1040 #endif 1014 1041 { N_("setbindaddress"), SH_SECTION_MISC, SH_SECTION_NONE, 1015 sh_calls_set_bind_addr },1042 sh_calls_set_bind_addr_wrap }, 1016 1043 { N_("daemon"), SH_SECTION_MISC, SH_SECTION_NONE, 1017 sh_unix_setdeamon },1044 sh_unix_setdeamon_wrap }, 1018 1045 { N_("samhainpath"), SH_SECTION_MISC, SH_SECTION_NONE, 1019 1046 sh_unix_self_hash }, … … 1024 1051 1025 1052 { N_("printseverity"), SH_SECTION_LOG, SH_SECTION_NONE, 1026 sh_error_setprint },1053 sh_error_setprint_wrap }, 1027 1054 { N_("printclass"), SH_SECTION_LOG, SH_SECTION_NONE, 1028 1055 sh_error_print_mask }, 1029 1056 1030 1057 { N_("logseverity"), SH_SECTION_LOG, SH_SECTION_NONE, 1031 sh_error_setlog },1058 sh_error_setlog_wrap }, 1032 1059 { N_("logclass"), SH_SECTION_LOG, SH_SECTION_NONE, 1033 1060 sh_error_log_mask }, 1034 1061 1035 1062 { N_("syslogseverity"), SH_SECTION_LOG, SH_SECTION_NONE, 1036 sh_error_set_syslog },1063 sh_error_set_syslog_wrap }, 1037 1064 { N_("syslogclass"), SH_SECTION_LOG, SH_SECTION_NONE, 1038 1065 sh_error_syslog_mask }, 1039 1066 #ifdef HAVE_LIBPRELUDE 1040 1067 { N_("preludeseverity"), SH_SECTION_LOG, SH_SECTION_NONE, 1041 sh_error_set_prelude },1068 sh_error_set_prelude_wrap }, 1042 1069 { N_("preludeclass"), SH_SECTION_LOG, SH_SECTION_NONE, 1043 1070 sh_error_prelude_mask }, … … 1120 1147 N_("severityuser0"), 1121 1148 N_("severityuser1"), 1122 N_("severityuser2"),1123 N_("severityuser3"),1124 N_("severityuser4"),1125 1149 N_("severityprelink"), 1126 1150 NULL … … 1139 1163 SH_ERR_T_USER0, 1140 1164 SH_ERR_T_USER1, 1141 SH_ERR_T_USER2,1142 SH_ERR_T_USER3,1143 SH_ERR_T_USER4,1144 1165 SH_ERR_T_PRELINK, 1145 1166 }; -
/trunk/src/sh_schedule.c
r30 r20 53 53 #endif 54 54 55 #include "samhain.h"56 55 #include "sh_mem.h" 57 56 … … 319 318 char * copy; 320 319 int i = 0; 321 size_t len;322 320 323 321 if (!ssched || !isched) 324 322 return -1; 325 323 326 len = strlen(ssched)+1;327 324 #ifdef TESTONLY 328 copy = malloc( len); /* testonly code */329 #else 330 copy = SH_ALLOC( len);331 #endif 332 s l_strlcpy(copy, ssched, len);325 copy = malloc(strlen(ssched)+1); /* testonly code */ 326 #else 327 copy = SH_ALLOC(strlen(ssched)+1); 328 #endif 329 strcpy(copy, ssched); /* known to fit */ 333 330 334 331 p = strtok(copy, " \t"); /* parse crontab-style schedule */ -
/trunk/src/sh_socket.c
r30 r20 244 244 } 245 245 246 int sh_socket_use (c onst char * c)246 int sh_socket_use (char * c) 247 247 { 248 248 return sh_util_flagval(c, &sh_socket_flaguse); … … 289 289 #endif 290 290 291 int sh_socket_uid (c onst char * c)291 int sh_socket_uid (char * c) 292 292 { 293 293 uid_t val = (uid_t) strtol (c, (char **)NULL, 10); … … 301 301 } 302 302 303 int sh_socket_password (c onst char * c)303 int sh_socket_password (char * c) 304 304 { 305 305 #if defined(NEED_PASSWORD_AUTH) … … 378 378 379 379 name.sun_family = AF_FILE; 380 s l_strlcpy (name.sun_path, sh_sockname, sizeof(name.sun_path));380 strcpy (name.sun_path, sh_sockname); 381 381 382 382 size = (offsetof (struct sockaddr_un, sun_path) … … 878 878 879 879 new = SH_ALLOC(sizeof(struct socket_cmd)); 880 s l_strlcpy (new->cmd, in->cmd, sizeof(new->cmd));881 s l_strlcpy (new->clt, in->clt, sizeof(new->clt));882 s l_strlcpy (new->cti, sh_unix_time(0), sizeof(new->cti));880 strcpy (new->cmd, in->cmd); 881 strcpy (new->clt, in->clt); 882 strcpy (new->cti, sh_unix_time(0)); 883 883 new->next = cmdlist; 884 884 cmdlist = new; … … 896 896 if (0 == sl_strcmp(new->clt, client_name)) 897 897 { 898 s l_strlcpy (new->cmd, in->cmd, sizeof(new->cmd));899 s l_strlcpy (new->clt, in->clt, sizeof(new->clt));900 s l_strlcpy (new->cti, sh_unix_time(0), sizeof(new->cti));898 strcpy (new->cmd, in->cmd); 899 strcpy (new->clt, in->clt); 900 strcpy (new->cti, sh_unix_time(0)); 901 901 return; 902 902 } … … 905 905 906 906 new = SH_ALLOC(sizeof(struct socket_cmd)); 907 s l_strlcpy (new->cmd, in->cmd, sizeof(new->cmd));908 s l_strlcpy (new->clt, in->clt, sizeof(new->clt));909 s l_strlcpy (new->cti, sh_unix_time(0), sizeof(new->cti));907 strcpy (new->cmd, in->cmd); 908 strcpy (new->clt, in->clt); 909 strcpy (new->cti, sh_unix_time(0)); 910 910 new->next = runlist; 911 911 runlist = new; -
/trunk/src/sh_srp.c
r30 r20 121 121 } 122 122 siz_str_internal = size; 123 s l_strlcpy (get_str_internal, str, siz_str_internal);123 strcpy (get_str_internal, str); /* known to fit */ 124 124 for (i = 0; i < (size-1); ++i) 125 125 if (get_str_internal[i] >= 'a' && get_str_internal[i] <= 'f' ) … … 384 384 } 385 385 386 #if defined(SH_WITH_CLIENT) || defined(SH_WITH_SERVER)386 #ifdef SH_WITH_CLIENT 387 387 388 388 … … 489 489 490 490 491 #if defined(SH_WITH_CLIENT) || defined(SH_WITH_SERVER)491 #ifdef SH_WITH_CLIENT 492 492 493 493 char * sh_srp_S_c (char * u_str, char * B_str) -
/trunk/src/sh_static.c
r30 r20 59 59 #endif 60 60 61 extern int sl_strlcpy(char * dst, /*@null@*/const char * src, size_t siz);62 extern int sl_strlcat(char * dst, /*@null@*/const char * src, size_t siz);63 61 64 62 … … 886 884 887 885 #ifdef DEBUG 888 /* flawfinder: ignore *//* definition of debug macro */889 886 #define DPRINTF(X,args...) fprintf(stderr, X, ##args) 890 887 #else … … 1197 1194 goto fail; 1198 1195 1199 s l_strlcpy(lookup,name,MAXDNAME);1196 strncpy(lookup,name,MAXDNAME); 1200 1197 BIGLOCK; 1201 1198 if (variant < __searchdomains && strchr(lookup, '.') == NULL) 1202 1199 { 1203 s l_strlcat(lookup,".", MAXDNAME);1204 s l_strlcat(lookup,__searchdomain[variant], MAXDNAME);1200 strncat(lookup,".", MAXDNAME); 1201 strncat(lookup,__searchdomain[variant], MAXDNAME); 1205 1202 } 1206 1203 BIGUNLOCK; -
/trunk/src/sh_suidchk.c
r30 r20 415 415 long sl_status = SL_ENONE; 416 416 struct stat fileInfo; 417 struct stat fileInfo_F;418 int file_d;419 417 420 418 file_type theFile; 421 419 char fileHash[2*(KEY_LEN + 1)]; 422 423 mode_t umask_old;424 int cperm_status;425 420 426 421 SL_ENTER(_("sh_suidchk_check_internal")); … … 524 519 */ 525 520 fs = filesystem_type (tmpcat, tmpcat, &buf); 526 if (fs != NULL 527 #ifndef SH_SUIDTESTDIR 528 && 529 0 != strncmp (_("afs"), fs, 3) && 521 if (fs != NULL && 522 0 != strncmp (_("nfs"), fs, 3) && 523 0 != strncmp (_("proc"), fs, 4) && 524 0 != strncmp (_("iso9660"), fs, 7) && 525 0 != strncmp (_("vfat"), fs, 4) && 526 0 != strncmp (_("msdos"), fs, 5) && 530 527 0 != strncmp (_("devfs"), fs, 5) && 531 0 != strncmp (_("iso9660"), fs, 7) && 532 0 != strncmp (_("lustre"), fs, 6) && 533 0 != strncmp (_("mmfs"), fs, 4) && 534 0 != strncmp (_("msdos"), fs, 5) && 535 0 != strncmp (_("nfs"), fs, 3) && 536 0 != strncmp (_("nosuid"), fs, 6) && 537 0 != strncmp (_("proc"), fs, 4) && 538 0 != strncmp (_("vfat"), fs, 4) 539 #endif 528 0 != strncmp (_("nosuid"), fs, 6) 540 529 ) 541 530 { … … 677 666 break; 678 667 case SH_Q_CHANGEPERM: 679 cperm_status = 0;680 file_d = -1;681 668 if (retry_lstat(FIL__, __LINE__, tmpcat, &fileInfo) == -1) 682 669 { … … 690 677 tmp ); 691 678 SH_FREE(msg); 692 cperm_status = -1;693 679 } 694 695 if (cperm_status == 0) 680 else 696 681 { 697 682 if (0 != (caperr = sl_get_cap_qdel())) … … 701 686 sh_error_message (caperr), 702 687 _("sl_get_cap_qdel")); 703 cperm_status = -1;704 688 } 705 } 706 707 if (cperm_status == 0) 708 { 709 file_d = aud_open (FIL__, __LINE__, SL_YESPRIV, 710 tmpcat, O_RDONLY, 0); 711 if (-1 == file_d) 712 { 713 status = errno; 714 msg = SH_ALLOC(SH_BUFSIZE); 715 (void) sl_snprintf(msg, SH_BUFSIZE, _("I/O error. errno = %ld"), status); 716 sh_error_handle (ShSuidchkSeverity, 717 FIL__, __LINE__, 718 status, 719 MSG_SUID_QREPORT, msg, 720 tmp ); 721 SH_FREE(msg); 722 cperm_status = -1; 723 } 724 } 725 726 if (cperm_status == 0) 727 { 728 if (retry_fstat(FIL__, __LINE__, file_d, &fileInfo_F) == -1) 729 { 730 status = errno; 731 msg = SH_ALLOC(SH_BUFSIZE); 732 (void) sl_snprintf(msg, SH_BUFSIZE, 733 _("I/O error. errno = %ld"), status); 734 sh_error_handle (ShSuidchkSeverity, 735 FIL__, __LINE__, 736 status, 737 MSG_SUID_QREPORT, msg, 738 tmp ); 739 SH_FREE(msg); 740 cperm_status = -1; 741 } 742 } 743 744 if (cperm_status == 0) 745 { 746 if (fileInfo_F.st_ino != fileInfo.st_ino || 747 fileInfo_F.st_dev != fileInfo.st_dev || 748 fileInfo_F.st_mode != fileInfo.st_mode) 749 { 750 status = errno; 751 msg = SH_ALLOC(SH_BUFSIZE); 752 (void) sl_snprintf(msg, SH_BUFSIZE, 753 _("Race detected. errno = %ld"), status); 754 sh_error_handle (ShSuidchkSeverity, 755 FIL__, __LINE__, 756 status, 757 MSG_SUID_QREPORT, msg, 758 tmp ); 759 SH_FREE(msg); 760 cperm_status = -1; 761 } 762 } 763 764 if ((fileInfo.st_mode & S_ISUID) > 0) 765 fileInfo.st_mode -= S_ISUID; 766 if ((fileInfo.st_mode & S_ISGID) > 0) 767 fileInfo.st_mode -= S_ISGID; 768 769 if (cperm_status == 0) 770 { 771 if (fchmod(file_d, fileInfo.st_mode) == -1) 689 690 if ((fileInfo.st_mode & S_ISUID) > 0) 691 fileInfo.st_mode -= S_ISUID; 692 if ((fileInfo.st_mode & S_ISGID) > 0) 693 fileInfo.st_mode -= S_ISGID; 694 if (chmod(tmpcat, fileInfo.st_mode) == -1) 772 695 { 773 696 status = errno; … … 790 713 tmp ); 791 714 } 792 } 793 794 if (0 != (caperr = sl_drop_cap_qdel())) 795 { 796 sh_error_handle((-1), FIL__, __LINE__, 797 caperr, MSG_E_SUBGEN, 798 sh_error_message (caperr), 799 _("sl_drop_cap_qdel")); 800 } 801 802 if (file_d != -1) 803 { 804 do { 805 status = close (file_d); 806 } while (status == -1 && errno == EINTR); 807 808 if (-1 == status) 715 if (0 != (caperr = sl_drop_cap_qdel())) 809 716 { 810 status = errno; 811 msg = SH_ALLOC(SH_BUFSIZE); 812 (void) sl_snprintf(msg, SH_BUFSIZE, 813 _("I/O error. errno = %ld"), status); 814 sh_error_handle (ShSuidchkSeverity, 815 FIL__, __LINE__, 816 status, 817 MSG_SUID_QREPORT, msg, 818 tmp ); 819 SH_FREE(msg); 820 cperm_status = -1; 717 sh_error_handle((-1), FIL__, __LINE__, 718 caperr, MSG_E_SUBGEN, 719 sh_error_message (caperr), 720 _("sl_drop_cap_qdel")); 821 721 } 822 722 } … … 825 725 dir = SH_ALLOC(PATH_MAX+1); 826 726 (void) sl_strlcpy (dir, DEFAULT_QDIR, PATH_MAX+1); 827 if ( retry_stat (FIL__, __LINE__, dir, &fileInfo) != 0)727 if (access (dir, F_OK) != 0) 828 728 { 829 729 status = errno; 830 730 msg = SH_ALLOC(SH_BUFSIZE); 831 (void) sl_snprintf(msg, SH_BUFSIZE, _("Problem quarantining file. File NOT quarantined. errno = %ld ( stat)"), status);731 (void) sl_snprintf(msg, SH_BUFSIZE, _("Problem quarantining file. File NOT quarantined. errno = %ld (access)"), status); 832 732 sh_error_handle (ShSuidchkSeverity, 833 733 FIL__, __LINE__, … … 915 815 DEFAULT_QDIR, 916 816 basename(theFile.fullpath)); 917 /*918 * avoid chmod by setting umask919 */920 umask_old = umask (0077);921 817 filePtr = fopen (filetmp, "w+"); 922 818 /*@-usedef@*/ … … 932 828 } 933 829 /*@+usedef@*/ 934 umask (umask_old);935 830 936 831 sh_error_handle (ShSuidchkSeverity, … … 939 834 _("Quarantine method applied"), 940 835 tmp ); 836 if (chmod(filetmp, S_IRUSR | S_IWUSR) == -1) 837 { 838 status = errno; 839 msg = SH_ALLOC(SH_BUFSIZE); 840 (void) sl_snprintf(msg, SH_BUFSIZE, _("Problem setting permissions on quarantined file. errno = %ld"), status); 841 sh_error_handle (ShSuidchkSeverity, 842 FIL__,__LINE__, 843 status, MSG_SUID_QREPORT, 844 msg, tmp ); 845 SH_FREE(msg); 846 } 941 847 } 942 848 SH_FREE(filetmp); … … 1070 976 FileLimTotal = 0; 1071 977 1072 #ifdef SH_SUIDTESTDIR1073 status = sh_suidchk_check_internal (SH_SUIDTESTDIR);1074 #else1075 978 status = sh_suidchk_check_internal ("/"); 1076 #endif1077 979 1078 980 sh_error_handle ((-1), FIL__, __LINE__, EINVAL, MSG_SUID_SUMMARY, … … 1267 1169 long val; 1268 1170 int ret = 0; 1269 struct stat buf;1270 1171 1271 1172 SL_ENTER(_("sh_suidchk_set_qmethod")); … … 1289 1190 break; 1290 1191 case SH_Q_MOVE: 1291 if ( retry_stat (FIL__, __LINE__, DEFAULT_QDIR, &buf) != 0)1192 if (access (DEFAULT_QDIR, F_OK) != 0) 1292 1193 { 1293 1194 if (mkdir (DEFAULT_QDIR, 0750) == -1) -
/trunk/src/sh_tiger0.c
r30 r20 404 404 #ifdef USE_MD5 405 405 /*@-type@*/ 406 /* md5.c - Functions to compute MD5 message digest of files or memory blocks 407 * according to the definition of MD5 in RFC 1321 from April 1992. 408 * Copyright (C) 1995, 1996 Free Software Foundation, Inc. 406 /************************************************************************ 409 407 * 410 * NOTE: The canonical source of this file is maintained with the GNU C411 * Library. Bugs can be reported to bug-glibc@prep.ai.mit.edu.408 * md5.h - Declaration of functions and data types used for MD5 sum 409 * computing library functions. 412 410 * 413 * This program is free software; you can redistribute it and/or modify it 414 * under the terms of the GNU General Public License as published by the 415 * Free Software Foundation; either version 2, or (at your option) any 416 * later version. 417 * 418 * This program is distributed in the hope that it will be useful, 419 * but WITHOUT ANY WARRANTY; without even the implied warranty of 420 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 421 * GNU General Public License for more details. 422 * 423 * You should have received a copy of the GNU General Public License 424 * along with this program; if not, write to the Free Software Foundation, 425 * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. 426 */ 427 428 /* Written by Ulrich Drepper <drepper@gnu.ai.mit.edu>, 1995. */ 429 411 ************************************************************************/ 412 413 /* Written Bob Deblier <bob@virtualunlimited.com> */ 430 414 /* Hacked to work with samhain by R. Wichmann */ 431 432 typedef UINT32 md5_uint32; 415 /* Need for 64bit type removed, fix for Mac OS X compiler */ 416 417 typedef sh_word32 uint32; 418 typedef unsigned char uint8; 419 420 421 433 422 434 423 435 424 /* Structure to save state of computation between the single steps. */ 436 typedef struct md5_ctx 437 { 438 md5_uint32 A; 439 md5_uint32 B; 440 md5_uint32 C; 441 md5_uint32 D; 442 443 md5_uint32 total[2]; 444 md5_uint32 buflen; 445 char buffer[128]; 425 typedef struct 426 { 427 uint32 h[4]; 428 uint32 data[16]; 429 uint8 offset; 430 uint32 nblocks; 431 int count; 446 432 } md5Param; 447 433 448 /* 449 * The following three functions are build up the low level used in 450 * the functions `md5_stream' and `md5_buffer'. 451 */ 452 453 /* Initialize structure containing state of computation. 454 (RFC 1321, 3.3: Step 3) */ 455 static void md5_init_ctx (struct md5_ctx *ctx); 456 457 /* Starting with the result of former calls of this function (or the 458 initialization function update the context for the next LEN bytes 459 starting at BUFFER. 460 It is necessary that LEN is a multiple of 64!!! */ 461 static void md5_process_block (const void *buffer, size_t len, 462 struct md5_ctx *ctx); 463 464 /* Starting with the result of former calls of this function (or the 465 initialization function update the context for the next LEN bytes 466 starting at BUFFER. 467 It is NOT required that LEN is a multiple of 64. */ 468 static void md5_process_bytes (const void *buffer, size_t len, 469 struct md5_ctx *ctx); 470 471 /* Process the remaining bytes in the buffer and put result from CTX 472 in first 16 bytes following RESBUF. The result is always in little 473 endian byte order, so that a byte-wise output yields to the wanted 474 ASCII representation of the message digest. 475 476 IMPORTANT: On some systems it is required that RESBUF is correctly 477 aligned for a 32 bits value. */ 478 static void *md5_finish_ctx (struct md5_ctx *ctx, void *resbuf); 479 480 481 /* Put result from CTX in first 16 bytes following RESBUF. The result is 482 always in little endian byte order, so that a byte-wise output yields 483 to the wanted ASCII representation of the message digest. 484 485 IMPORTANT: On some systems it is required that RESBUF is correctly 486 aligned for a 32 bits value. */ 487 static void *md5_read_ctx (const struct md5_ctx *ctx, void *resbuf); 488 489 #if WORDS_BIGENDIAN 490 static md5_uint32 swapu32(md5_uint32 n) 491 { 492 return ( ((n & 0xffU) << 24) | 493 ((n & 0xff00U) << 8) | 494 ((n & 0xff0000U) >> 8) | 495 ((n & 0xff000000U) >> 24) ); 496 } 497 #define SWAP(n) swapu32(n) 498 #else 499 #define SWAP(n) (n) 500 #endif 501 502 /* This array contains the bytes used to pad the buffer to the next 503 64-byte boundary. (RFC 1321, 3.1: Step 1) */ 504 static const unsigned char fillbuf[64] = { 0x80, 0 /* , 0, 0, ... */ }; 505 506 /* Initialize structure containing state of computation. 507 (RFC 1321, 3.3: Step 3) */ 508 static void md5_init_ctx(struct md5_ctx *ctx) 509 { 510 ctx->A = 0x67452301; 511 ctx->B = 0xefcdab89; 512 ctx->C = 0x98badcfe; 513 ctx->D = 0x10325476; 514 515 ctx->total[0] = ctx->total[1] = 0; 516 ctx->buflen = 0; 517 } 518 519 /* Put result from CTX in first 16 bytes following RESBUF. The result 520 must be in little endian byte order. 521 522 IMPORTANT: On some systems it is required that RESBUF is correctly 523 aligned for a 32 bits value. */ 524 static void *md5_read_ctx(const struct md5_ctx *ctx, void *resbuf) 525 { 526 ((md5_uint32 *) resbuf)[0] = SWAP(ctx->A); 527 ((md5_uint32 *) resbuf)[1] = SWAP(ctx->B); 528 ((md5_uint32 *) resbuf)[2] = SWAP(ctx->C); 529 ((md5_uint32 *) resbuf)[3] = SWAP(ctx->D); 530 531 return resbuf; 532 } 533 534 /* Process the remaining bytes in the internal buffer and the usual 535 prolog according to the standard and write the result to RESBUF. 536 537 IMPORTANT: On some systems it is required that RESBUF is correctly 538 aligned for a 32 bits value. */ 539 static void *md5_finish_ctx(struct md5_ctx *ctx, void *resbuf) 540 { 541 /* Take yet unprocessed bytes into account. */ 542 md5_uint32 bytes = ctx->buflen; 543 size_t pad; 544 545 /* Now count remaining bytes. */ 546 ctx->total[0] += bytes; 547 if (ctx->total[0] < bytes) 548 ++ctx->total[1]; 549 550 pad = bytes >= 56 ? 64 + 56 - bytes : 56 - bytes; 551 memcpy(&ctx->buffer[bytes], fillbuf, pad); 552 553 /* Put the 64-bit file length in *bits* at the end of the buffer. */ 554 *(md5_uint32 *) & ctx->buffer[bytes + pad] = SWAP(ctx->total[0] << 3); 555 *(md5_uint32 *) & ctx->buffer[bytes + pad + 4] = 556 SWAP((ctx->total[1] << 3) | (ctx->total[0] >> 29)); 557 558 /* Process last bytes. */ 559 md5_process_block(ctx->buffer, bytes + pad + 8, ctx); 560 561 return md5_read_ctx(ctx, resbuf); 562 } 563 564 /* Compute MD5 message digest for LEN bytes beginning at BUFFER. The 565 result is always in little endian byte order, so that a byte-wise 566 output yields to the wanted ASCII representation of the message 567 digest. */ 568 void *md5_buffer(const char *buffer, size_t len, void *resblock) 569 { 570 struct md5_ctx ctx; 571 572 /* Initialize the computation context. */ 573 md5_init_ctx(&ctx); 574 575 /* Process whole buffer but last len % 64 bytes. */ 576 md5_process_bytes(buffer, len, &ctx); 577 578 /* Put result in desired memory area. */ 579 return md5_finish_ctx(&ctx, resblock); 580 } 581 582 static void md5_process_bytes(const void *buffer, size_t len, struct md5_ctx *ctx) 583 { 584 /* When we already have some bits in our internal buffer concatenate 585 both inputs first. */ 586 if (ctx->buflen != 0) { 587 size_t left_over = ctx->buflen; 588 size_t add = 128 - left_over > len ? len : 128 - left_over; 589 590 memcpy(&ctx->buffer[left_over], buffer, add); 591 ctx->buflen += add; 592 593 if (left_over + add > 64) { 594 md5_process_block(ctx->buffer, (left_over + add) & ~63, ctx); 595 /* The regions in the following copy operation cannot overlap. */ 596 memcpy(ctx->buffer, &ctx->buffer[(left_over + add) & ~63], 597 (left_over + add) & 63); 598 ctx->buflen = (left_over + add) & 63; 599 } 600 601 buffer = (const char *) buffer + add; 602 len -= add; 603 } 604 605 /* Process available complete blocks. */ 606 if (len > 64) { 607 md5_process_block(buffer, len & ~63, ctx); 608 buffer = (const char *) buffer + (len & ~63); 609 len &= 63; 610 } 611 612 /* Move remaining bytes in internal buffer. */ 613 if (len > 0) { 614 memcpy(ctx->buffer, buffer, len); 615 ctx->buflen = len; 616 } 617 } 618 619 /* These are the four functions used in the four steps of the MD5 algorithm 620 and defined in the RFC 1321. The first function is a little bit optimized 621 (as found in Colin Plumbs public domain implementation). */ 622 /* #define FF(b, c, d) ((b & c) | (~b & d)) */ 623 #define FF(b, c, d) (d ^ (b & (c ^ d))) 624 #define FG(b, c, d) FF (d, b, c) 625 #define FH(b, c, d) (b ^ c ^ d) 626 #define FI(b, c, d) (c ^ (b | ~d)) 627 628 /* Process LEN bytes of BUFFER, accumulating context into CTX. 629 It is assumed that LEN % 64 == 0. */ 630 static void md5_process_block(const void *buffer, size_t len, struct md5_ctx *ctx) 631 { 632 md5_uint32 correct_words[16]; 633 const md5_uint32 *words = buffer; 634 size_t nwords = len / sizeof(md5_uint32); 635 const md5_uint32 *endp = words + nwords; 636 md5_uint32 A = ctx->A; 637 md5_uint32 B = ctx->B; 638 md5_uint32 C = ctx->C; 639 md5_uint32 D = ctx->D; 640 641 /* First increment the byte count. RFC 1321 specifies the possible 642 length of the file up to 2^64 bits. Here we only compute the 643 number of bytes. Do a double word increment. */ 644 ctx->total[0] += len; 645 if (ctx->total[0] < len) 646 ++ctx->total[1]; 647 648 /* Process all bytes in the buffer with 64 bytes in each round of 649 the loop. */ 650 while (words < endp) { 651 md5_uint32 *cwp = correct_words; 652 md5_uint32 A_save = A; 653 md5_uint32 B_save = B; 654 md5_uint32 C_save = C; 655 md5_uint32 D_save = D; 656 657 /* First round: using the given function, the context and a constant 658 the next context is computed. Because the algorithms processing 659 unit is a 32-bit word and it is determined to work on words in 660 little endian byte order we perhaps have to change the byte order 661 before the computation. To reduce the work for the next steps 662 we store the swapped words in the array CORRECT_WORDS. */ 663 664 #define OP(a, b, c, d, s, T) \ 665 do \ 666 { \ 667 a += FF (b, c, d) + (*cwp++ = SWAP (*words)) + T; \ 668 ++words; \ 669 CYCLIC (a, s); \ 670 a += b; \ 671 } \ 672 while (0) 673 674 /* It is unfortunate that C does not provide an operator for 675 cyclic rotation. Hope the C compiler is smart enough. */ 676 #define CYCLIC(w, s) (w = (w << s) | (w >> (32 - s))) 677 678 /* Before we start, one word to the strange constants. 679 They are defined in RFC 1321 as 680 681 T[i] = (int) (4294967296.0 * fabs (sin (i))), i=1..64 682 */ 683 684 /* Round 1. */ 685 OP(A, B, C, D, 7, 0xd76aa478); 686 OP(D, A, B, C, 12, 0xe8c7b756); 687 OP(C, D, A, B, 17, 0x242070db); 688 OP(B, C, D, A, 22, 0xc1bdceee); 689 OP(A, B, C, D, 7, 0xf57c0faf); 690 OP(D, A, B, C, 12, 0x4787c62a); 691 OP(C, D, A, B, 17, 0xa8304613); 692 OP(B, C, D, A, 22, 0xfd469501); 693 OP(A, B, C, D, 7, 0x698098d8); 694 OP(D, A, B, C, 12, 0x8b44f7af); 695 OP(C, D, A, B, 17, 0xffff5bb1); 696 OP(B, C, D, A, 22, 0x895cd7be); 697 OP(A, B, C, D, 7, 0x6b901122); 698 OP(D, A, B, C, 12, 0xfd987193); 699 OP(C, D, A, B, 17, 0xa679438e); 700 OP(B, C, D, A, 22, 0x49b40821); 701 /* For the second to fourth round we have the possibly swapped words 702 in CORRECT_WORDS. Redefine the macro to take an additional first 703 argument specifying the function to use. */ 704 #undef OP 705 #define OP(f, a, b, c, d, k, s, T) \ 706 do \ 707 { \ 708 a += f (b, c, d) + correct_words[k] + T; \ 709 CYCLIC (a, s); \ 710 a += b; \ 711 } \ 712 while (0) 713 714 /* Round 2. */ 715 OP(FG, A, B, C, D, 1, 5, 0xf61e2562); 716 OP(FG, D, A, B, C, 6, 9, 0xc040b340); 717 OP(FG, C, D, A, B, 11, 14, 0x265e5a51); 718 OP(FG, B, C, D, A, 0, 20, 0xe9b6c7aa); 719 OP(FG, A, B, C, D, 5, 5, 0xd62f105d); 720 OP(FG, D, A, B, C, 10, 9, 0x02441453); 721 OP(FG, C, D, A, B, 15, 14, 0xd8a1e681); 722 OP(FG, B, C, D, A, 4, 20, 0xe7d3fbc8); 723 OP(FG, A, B, C, D, 9, 5, 0x21e1cde6); 724 OP(FG, D, A, B, C, 14, 9, 0xc33707d6); 725 OP(FG, C, D, A, B, 3, 14, 0xf4d50d87); 726 OP(FG, B, C, D, A, 8, 20, 0x455a14ed); 727 OP(FG, A, B, C, D, 13, 5, 0xa9e3e905); 728 OP(FG, D, A, B, C, 2, 9, 0xfcefa3f8); 729 OP(FG, C, D, A, B, 7, 14, 0x676f02d9); 730 OP(FG, B, C, D, A, 12, 20, 0x8d2a4c8a); 731 732 /* Round 3. */ 733 OP(FH, A, B, C, D, 5, 4, 0xfffa3942); 734 OP(FH, D, A, B, C, 8, 11, 0x8771f681); 735 OP(FH, C, D, A, B, 11, 16, 0x6d9d6122); 736 OP(FH, B, C, D, A, 14, 23, 0xfde5380c); 737 OP(FH, A, B, C, D, 1, 4, 0xa4beea44); 738 OP(FH, D, A, B, C, 4, 11, 0x4bdecfa9); 739 OP(FH, C, D, A, B, 7, 16, 0xf6bb4b60); 740 OP(FH, B, C, D, A, 10, 23, 0xbebfbc70); 741 OP(FH, A, B, C, D, 13, 4, 0x289b7ec6); 742 OP(FH, D, A, B, C, 0, 11, 0xeaa127fa); 743 OP(FH, C, D, A, B, 3, 16, 0xd4ef3085); 744 OP(FH, B, C, D, A, 6, 23, 0x04881d05); 745 OP(FH, A, B, C, D, 9, 4, 0xd9d4d039); 746 OP(FH, D, A, B, C, 12, 11, 0xe6db99e5); 747 OP(FH, C, D, A, B, 15, 16, 0x1fa27cf8); 748 OP(FH, B, C, D, A, 2, 23, 0xc4ac5665); 749 750 /* Round 4. */ 751 OP(FI, A, B, C, D, 0, 6, 0xf4292244); 752 OP(FI, D, A, B, C, 7, 10, 0x432aff97); 753 OP(FI, C, D, A, B, 14, 15, 0xab9423a7); 754 OP(FI, B, C, D, A, 5, 21, 0xfc93a039); 755 OP(FI, A, B, C, D, 12, 6, 0x655b59c3); 756 OP(FI, D, A, B, C, 3, 10, 0x8f0ccc92); 757 OP(FI, C, D, A, B, 10, 15, 0xffeff47d); 758 OP(FI, B, C, D, A, 1, 21, 0x85845dd1); 759 OP(FI, A, B, C, D, 8, 6, 0x6fa87e4f); 760 OP(FI, D, A, B, C, 15, 10, 0xfe2ce6e0); 761 OP(FI, C, D, A, B, 6, 15, 0xa3014314); 762 OP(FI, B, C, D, A, 13, 21, 0x4e0811a1); 763 OP(FI, A, B, C, D, 4, 6, 0xf7537e82); 764 OP(FI, D, A, B, C, 11, 10, 0xbd3af235); 765 OP(FI, C, D, A, B, 2, 15, 0x2ad7d2bb); 766 OP(FI, B, C, D, A, 9, 21, 0xeb86d391); 767 768 /* Add the starting values of the context. */ 769 A += A_save; 770 B += B_save; 771 C += C_save; 772 D += D_save; 773 } 774 775 /* Put checksum in context given as argument. */ 776 ctx->A = A; 777 ctx->B = B; 778 ctx->C = C; 779 ctx->D = D; 780 } 781 782 783 /*---------------------------------------------------------------------------- 784 *--------end of md5.c 785 *----------------------------------------------------------------------------*/ 434 static uint32 md5hinit[4] = { 0x67452301, 0xefcdab89, 0x98badcfe, 0x10325476 }; 786 435 787 436 … … 789 438 { 790 439 unsigned int i; 791 792 md5_init_ctx(p); 440 memcpy(p->h, md5hinit, 16); 793 441 794 442 for (i = 0; i < 16; i += 8) 795 443 { 796 p-> buffer[i] = 0x00;797 p-> buffer[i+1] = 0x00;798 p-> buffer[i+2] = 0x00;799 p-> buffer[i+3] = 0x00;800 p-> buffer[i+4] = 0x00;801 p-> buffer[i+5] = 0x00;802 p-> buffer[i+6] = 0x00;803 p-> buffer[i+7] = 0x00;444 p->data[i] = 0x00; 445 p->data[i+1] = 0x00; 446 p->data[i+2] = 0x00; 447 p->data[i+3] = 0x00; 448 p->data[i+4] = 0x00; 449 p->data[i+5] = 0x00; 450 p->data[i+6] = 0x00; 451 p->data[i+7] = 0x00; 804 452 } 805 453 454 /* memset(p->data, 0x00, 64); */ 455 p->offset = (uint8) 0; 456 p->nblocks = 0; 806 457 return 0; 807 458 } 808 459 460 #if defined(__GNUC__) && defined(__i386__) 461 static inline UINT32 462 ROTL32( UINT32 x, int s) 463 { 464 __asm__("roll %%cl,%0" 465 :"=r" (x) 466 :"0" (x),"c" (s)); 467 return x; 468 } 469 #else 470 #define ROTL32(x, s) (((x) << (s)) | ((x) >> (32 - (s)))) 471 #endif 472 473 474 #define FF(a, b, c, d, w, s, t) \ 475 a += ((b&(c^d))^d) + w + t; \ 476 a = ROTL32(a, s); \ 477 a += b; 478 479 #define GG(a, b, c, d, w, s, t) \ 480 a += ((d&(b^c))^c) + w + t; \ 481 a = ROTL32(a, s); \ 482 a += b; 483 484 #define HH(a, b, c, d, w, s, t) \ 485 a += (b^c^d) + w + t; \ 486 a = ROTL32(a, s); \ 487 a += b; 488 489 #define II(a, b, c, d, w, s, t) \ 490 a += (c^(b|~d)) + w + t; \ 491 a = ROTL32(a, s); \ 492 a += b; 493 494 #if WORDS_BIGENDIAN 495 uint32 swapu32(uint32 n) 496 { 497 return ( ((n & 0xffU) << 24) | 498 ((n & 0xff00U) << 8) | 499 ((n & 0xff0000U) >> 8) | 500 ((n & 0xff000000U) >> 24) ); 501 } 502 #endif 503 504 static 505 void md5Process(md5Param* p) 506 { 507 register uint32 a,b,c,d; 508 register uint32* w; 509 #if WORDS_BIGENDIAN 510 register sh_byte t; 511 #endif 512 513 w = p->data; 514 #if WORDS_BIGENDIAN 515 t = 16; 516 while (t--) 517 { 518 register uint32 temp = swapu32(*w); 519 *(w++) = temp; 520 } 521 w = p->data; 522 #endif 523 524 a = p->h[0]; b = p->h[1]; c = p->h[2]; d = p->h[3]; 525 526 FF(a, b, c, d, (*w++), 7, 0xd76aa478); 527 FF(d, a, b, c, (*w++), 12, 0xe8c7b756); 528 FF(c, d, a, b, (*w++), 17, 0x242070db); 529 FF(b, c, d, a, (*w++), 22, 0xc1bdceee); 530 FF(a, b, c, d, (*w++), 7, 0xf57c0faf); 531 FF(d, a, b, c, (*w++), 12, 0x4787c62a); 532 FF(c, d, a, b, (*w++), 17, 0xa8304613); 533 FF(b, c, d, a, (*w++), 22, 0xfd469501); 534 FF(a, b, c, d, (*w++), 7, 0x698098d8); 535 FF(d, a, b, c, (*w++), 12, 0x8b44f7af); 536 FF(c, d, a, b, (*w++), 17, 0xffff5bb1); 537 FF(b, c, d, a, (*w++), 22, 0x895cd7be); 538 FF(a, b, c, d, (*w++), 7, 0x6b901122); 539 FF(d, a, b, c, (*w++), 12, 0xfd987193); 540 FF(c, d, a, b, (*w++), 17, 0xa679438e); 541 FF(b, c, d, a, (*w++), 22, 0x49b40821); 542 543 w = p->data; 544 545 GG(a, b, c, d, w[ 1], 5, 0xf61e2562); 546 GG(d, a, b, c, w[ 6], 9, 0xc040b340); 547 GG(c, d, a, b, w[11], 14, 0x265e5a51); 548 GG(b, c, d, a, w[ 0], 20, 0xe9b6c7aa); 549 GG(a, b, c, d, w[ 5], 5, 0xd62f105d); 550 GG(d, a, b, c, w[10], 9, 0x02441453); 551 GG(c, d, a, b, w[15], 14, 0xd8a1e681); 552 GG(b, c, d, a, w[ 4], 20, 0xe7d3fbc8); 553 GG(a, b, c, d, w[ 9], 5, 0x21e1cde6); 554 GG(d, a, b, c, w[14], 9, 0xc33707d6); 555 GG(c, d, a, b, w[ 3], 14, 0xf4d50d87); 556 GG(b, c, d, a, w[ 8], 20, 0x455a14ed); 557 GG(a, b, c, d, w[13], 5, 0xa9e3e905); 558 GG(d, a, b, c, w[ 2], 9, 0xfcefa3f8); 559 GG(c, d, a, b, w[ 7], 14, 0x676f02d9); 560 GG(b, c, d, a, w[12], 20, 0x8d2a4c8a); 561 562 HH(a, b, c, d, w[ 5], 4, 0xfffa3942); 563 HH(d, a, b, c, w[ 8], 11, 0x8771f681); 564 HH(c, d, a, b, w[11], 16, 0x6d9d6122); 565 HH(b, c, d, a, w[14], 23, 0xfde5380c); 566 HH(a, b, c, d, w[ 1], 4, 0xa4beea44); 567 HH(d, a, b, c, w[ 4], 11, 0x4bdecfa9); 568 HH(c, d, a, b, w[ 7], 16, 0xf6bb4b60); 569 HH(b, c, d, a, w[10], 23, 0xbebfbc70); 570 HH(a, b, c, d, w[13], 4, 0x289b7ec6); 571 HH(d, a, b, c, w[ 0], 11, 0xeaa127fa); 572 HH(c, d, a, b, w[ 3], 16, 0xd4ef3085); 573 HH(b, c, d, a, w[ 6], 23, 0x04881d05); 574 HH(a, b, c, d, w[ 9], 4, 0xd9d4d039); 575 HH(d, a, b, c, w[12], 11, 0xe6db99e5); 576 HH(c, d, a, b, w[15], 16, 0x1fa27cf8); 577 HH(b, c, d, a, w[ 2], 23, 0xc4ac5665); 578 579 II(a, b, c, d, w[ 0], 6, 0xf4292244); 580 II(d, a, b, c, w[ 7], 10, 0x432aff97); 581 II(c, d, a, b, w[14], 15, 0xab9423a7); 582 II(b, c, d, a, w[ 5], 21, 0xfc93a039); 583 II(a, b, c, d, w[12], 6, 0x655b59c3); 584 II(d, a, b, c, w[ 3], 10, 0x8f0ccc92); 585 II(c, d, a, b, w[10], 15, 0xffeff47d); 586 II(b, c, d, a, w[ 1], 21, 0x85845dd1); 587 II(a, b, c, d, w[ 8], 6, 0x6fa87e4f); 588 II(d, a, b, c, w[15], 10, 0xfe2ce6e0); 589 II(c, d, a, b, w[ 6], 15, 0xa3014314); 590 II(b, c, d, a, w[13], 21, 0x4e0811a1); 591 II(a, b, c, d, w[ 4], 6, 0xf7537e82); 592 II(d, a, b, c, w[11], 10, 0xbd3af235); 593 II(c, d, a, b, w[ 2], 15, 0x2ad7d2bb); 594 II(b, c, d, a, w[ 9], 21, 0xeb86d391); 595 596 p->h[0] += a; 597 p->h[1] += b; 598 p->h[2] += c; 599 p->h[3] += d; 600 } 601 809 602 int md5Update(md5Param* p, const sh_byte* data, int size) 810 603 { 811 md5_process_bytes(data, size, p); 812 return 0; 813 } 814 815 static void md5Finish(md5Param* p, void *resblock) 816 { 817 (void) md5_finish_ctx(p, resblock); 818 } 819 820 int md5Digest(md5Param* p, md5_uint32* data) 821 { 822 md5Finish(p, data); 604 register int proclength; 605 606 while (size > 0) 607 { 608 proclength = (((int)p->offset + size) > 64) ? 609 (64 - (int)p->offset) : size; 610 memcpy(((sh_byte *) p->data) + p->offset, data, (size_t) proclength); 611 size -= proclength; 612 data += proclength; 613 p->offset += proclength; 614 615 if (p->offset == (uint8) 64) 616 { 617 md5Process(p); 618 p->offset = (uint8) 0; 619 p->nblocks++; 620 } 621 } 622 return 0; 623 } 624 625 static void md5Finish(md5Param* p) 626 { 627 uint32 t, msb, lsb; 628 uint8 * pp; 629 register uint8 *ptr; 630 631 msb = 0; 632 t = p->nblocks; 633 if( (lsb = t << 6) < t ) /* multiply by 64 to make a byte count */ 634 msb++; 635 msb += t >> 26; 636 t = lsb; 637 if( (lsb = t + (uint32)p->offset) < t ) /* add the count */ 638 msb++; 639 t = lsb; 640 if( (lsb = t << 3) < t ) /* multiply by 8 to make a bit count */ 641 msb++; 642 msb += t >> 29; 643 644 ptr = ((uint8 *) p->data) + p->offset++; 645 646 647 *(ptr++) = (uint8) 0x80; 648 649 if (p->offset > (uint8)56) 650 { 651 while (p->offset++ < 64) 652 *(ptr++) = 0; 653 654 md5Process(p); 655 p->offset = 0; 656 } 657 658 ptr = ((uint8 *) p->data) + p->offset; 659 while (p->offset++ < 56) 660 *(ptr++) = 0; 661 662 /* append the 64 bit count */ 663 *(ptr++) = lsb ; 664 *(ptr++) = lsb >> 8; 665 *(ptr++) = lsb >> 16; 666 *(ptr++) = lsb >> 24; 667 *(ptr++) = msb ; 668 *(ptr++) = msb >> 8; 669 *(ptr++) = msb >> 16; 670 *(ptr++) = msb >> 24; 671 672 md5Process(p); 673 674 pp = (uint8 *) p->data; 675 #ifdef WORDS_BIGENDIAN 676 #define X(a) do { *pp++ = (*p).a; *pp++ = (*p).a >> 8; \ 677 *pp++ = (*p).a >> 16; *pp++ = (*p).a >> 24; } while(0) 678 #else /* little endian */ 679 /*#define X(a) do { *(uint32*)p = p->##a ; p += 4; } while(0)*/ 680 /* Unixware's cpp doesn't like the above construct so we do it his way: 681 * (reported by Allan Clark) */ 682 #define X(a) do { *(uint32*)pp = (*p).a ; pp += 4; } while(0) 683 #endif 684 X(h[0]); 685 X(h[1]); 686 X(h[2]); 687 X(h[3]); 688 #undef X 689 690 p->offset = 0; 691 } 692 693 int md5Digest(md5Param* p, uint32* data) 694 { 695 md5Finish(p); 696 memcpy(data, p->h, 16); 823 697 (void) md5Reset(p); 824 698 return 0; 825 699 } 826 700 /*@+type@*/ 827 828 701 829 702 /* Compute MD5 message digest for bytes read from STREAM. The … … 835 708 /* Important: BLOCKSIZE must be a multiple of 64. */ 836 709 static const int BLOCKSIZE = 8192; 837 struct md5_ctxctx;710 md5Param ctx; 838 711 char buffer[8264]; /* BLOCKSIZE + 72 AIX compiler chokes */ 839 size_t sum; 840 712 off_t sum = 0; 841 713 SL_TICKET fd; 842 714 char * tmp; … … 925 797 BLOCKSIZE % 64 == 0 926 798 */ 927 md5_process_block(buffer, BLOCKSIZE, &ctx);799 (void) md5Update(&ctx, (sh_byte*) buffer, BLOCKSIZE); 928 800 sh.statistics.bytes_hashed += BLOCKSIZE; 929 801 … … 944 816 if (sum > 0) 945 817 { 946 md5_process_bytes(buffer, sum, &ctx);818 (void) md5Update(&ctx, (sh_byte*) buffer, (int) sum); 947 819 sh.statistics.bytes_hashed += BLOCKSIZE; 948 820 } … … 1520 1392 } 1521 1393 1522 int sh_tiger_hashtype (c onst char * c)1394 int sh_tiger_hashtype (char * c) 1523 1395 { 1524 1396 SL_ENTER( _("sh_tiger_hashtype")); … … 1588 1460 if (res != NULL) 1589 1461 { 1462 /*@-bufferoverflowhigh -formatconst@*/ 1590 1463 #if defined(TIGER_64_BIT) 1591 sl_snprintf(out, 1592 sizeof(out), 1593 MYFORMAT, 1594 (sh_word32)(res[0]>>32), 1595 (sh_word32)(res[0]), 1596 (sh_word32)(res[1]>>32), 1597 (sh_word32)(res[1]), 1598 (sh_word32)(res[2]>>32), 1599 (sh_word32)(res[2]) ); 1464 sprintf(out, /* known to fit */ 1465 MYFORMAT, 1466 (sh_word32)(res[0]>>32), 1467 (sh_word32)(res[0]), 1468 (sh_word32)(res[1]>>32), 1469 (sh_word32)(res[1]), 1470 (sh_word32)(res[2]>>32), 1471 (sh_word32)(res[2]) ); 1600 1472 #else 1601 s l_snprintf(out,1602 sizeof(out),1603 MYFORMAT,1604 (sh_word32)(res[1]),1605 (sh_word32)(res[0]),1606 (sh_word32)(res[3]),1607 (sh_word32)(res[2]),1608 (sh_word32)(res[5]),1609 (sh_word32)(res[4]) ); 1610 #endif 1611 out[ sizeof(out)-1] = '\0';1473 sprintf(out, /* known to fit */ 1474 MYFORMAT, 1475 (sh_word32)(res[1]), 1476 (sh_word32)(res[0]), 1477 (sh_word32)(res[3]), 1478 (sh_word32)(res[2]), 1479 (sh_word32)(res[5]), 1480 (sh_word32)(res[4]) ); 1481 #endif 1482 /*@+bufferoverflowhigh@*/ 1483 out[KEY_LEN] = '\0'; 1612 1484 SL_RETURN( out, _("sh_tiger_hash_internal")); 1613 1485 … … 1635 1507 if (res != NULL) 1636 1508 { 1509 /*@-bufferoverflowhigh -formatconst@*/ 1637 1510 #if defined(TIGER_64_BIT) 1638 sl_snprintf(outhash, 1639 sizeof(outhash), 1640 GPGFORMAT, 1641 (sh_word32)(res[0]>>32), 1642 (sh_word32)(res[0]), 1643 (sh_word32)(res[1]>>32), 1644 (sh_word32)(res[1]), 1645 (sh_word32)(res[2]>>32), 1646 (sh_word32)(res[2]) ); 1511 sprintf(outhash, /* known to fit */ 1512 GPGFORMAT, 1513 (sh_word32)(res[0]>>32), 1514 (sh_word32)(res[0]), 1515 (sh_word32)(res[1]>>32), 1516 (sh_word32)(res[1]), 1517 (sh_word32)(res[2]>>32), 1518 (sh_word32)(res[2]) ); 1647 1519 #else 1648 s l_snprintf(outhash,1649 sizeof(outhash),1650 GPGFORMAT,1651 (sh_word32)(res[1]),1652 (sh_word32)(res[0]),1653 (sh_word32)(res[3]),1654 (sh_word32)(res[2]),1655 (sh_word32)(res[5]),1656 (sh_word32)(res[4]) ); 1657 #endif 1658 outhash[ sizeof(outhash)-1] = '\0';1520 sprintf(outhash, /* known to fit */ 1521 GPGFORMAT, 1522 (sh_word32)(res[1]), 1523 (sh_word32)(res[0]), 1524 (sh_word32)(res[3]), 1525 (sh_word32)(res[2]), 1526 (sh_word32)(res[5]), 1527 (sh_word32)(res[4]) ); 1528 #endif 1529 /*@+bufferoverflowhigh@*/ 1530 outhash[48 + 6] = '\0'; 1659 1531 } 1660 1532 else 1661 1533 { 1662 sl_strlcpy(outhash, 1663 _("00000000 00000000 00000000 00000000 00000000 00000000"), 1664 sizeof(outhash)); 1534 /*@-bufferoverflowhigh@*/ 1535 sprintf(outhash, /* known to fit */ 1536 _("00000000 00000000 00000000 00000000 00000000 00000000")); 1537 /*@+bufferoverflowhigh@*/ 1665 1538 } 1666 1539 -
/trunk/src/sh_tools.c
r30 r20 127 127 unsigned char c, d; 128 128 const char * p; 129 char *q; 129 130 char tmp[4]; 130 131 char * outstr; … … 146 147 147 148 p = instr; 149 q = outstr; 148 150 149 151 #if !defined(SH_USE_XML) … … 439 441 int DoReverseLookup = S_TRUE; 440 442 441 int set_reverse_lookup (c onst char * c)443 int set_reverse_lookup (char * c) 442 444 { 443 445 return sh_util_flagval(c, &DoReverseLookup); … … 460 462 461 463 int retval; 462 size_t len;463 464 464 465 sin_cache * check_cache = conn_cache; … … 534 535 else 535 536 { 536 len = sl_strlen(host_entry->h_name) + 1;537 host_name = SH_ALLOC(len);538 if (len > 1)539 sl_strlcpy(host_name, host_entry->h_name, len);537 host_name = SH_ALLOC(sl_strlen(host_entry->h_name) + 1); 538 if (sl_strlen(host_entry->h_name) > 0) 539 strcpy(host_name, /* known to fit */ 540 host_entry->h_name); 540 541 else 541 542 host_name[0] = '\0'; … … 693 694 } 694 695 695 #if defined(HAVE_NTIME) || defined(SH_WITH_CLIENT) || defined(SH_WITH_SERVER)696 #if defined(HAVE_NTIME) || defined(SH_WITH_CLIENT) 696 697 static 697 698 int sh_write_select(int type, int sockfd, … … 713 714 */ 714 715 new_act.sa_handler = SIG_IGN; 715 sigemptyset( &new_act.sa_mask ); /* set an empty mask */716 new_act.sa_flags = 0; /* init sa_flags */717 716 sigaction (SIGPIPE, &new_act, &old_act); 718 717 … … 840 839 #endif 841 840 842 #if defined (SH_WITH_CLIENT) || defined(SH_WITH_SERVER)841 #if defined (SH_WITH_CLIENT) 843 842 unsigned long write_port (int sockfd, char *buf, unsigned long nbytes, 844 843 int * w_error, int timeout) … … 860 859 #endif 861 860 862 #if defined(HAVE_NTIME) || defined(SH_WITH_CLIENT) || defined(SH_WITH_SERVER)861 #if defined(HAVE_NTIME) || defined(SH_WITH_CLIENT) 863 862 864 863 unsigned long read_port (int sockfd, char *buf, unsigned long nbytes, … … 896 895 #endif 897 896 898 #if defined (SH_WITH_CLIENT) || defined(SH_WITH_SERVER)897 #if defined (SH_WITH_CLIENT) 899 898 900 899 int check_request (char * have, char * need) … … 950 949 #endif 951 950 952 #if defined (SH_WITH_CLIENT) || defined (SH_WITH_SERVER)951 #if defined (SH_WITH_CLIENT) 953 952 954 953 void get_header (unsigned char * head, unsigned long * bytes, char * u) … … 1030 1029 * (msg_size = payload_size - key_len = payload_size - 48) 1031 1030 */ 1032 1033 /*1034 * only SH_V2_FULLSIZE is used, and only once1035 */1036 #if 01037 1031 #ifdef SH_WITH_SERVER 1038 1032 #define SH_V2_FULLSIZE 240 … … 1044 1038 #define SH_V2_MESSAGE 960 1045 1039 #endif 1046 #endif1047 #define SH_V2_FULLSIZE 10241048 1040 1049 1041 #ifdef SH_ENCRYPT … … 1388 1380 #endif 1389 1381 1390 #if defined (SH_WITH_CLIENT) || defined(SH_WITH_SERVER)1382 #if defined (SH_WITH_CLIENT) 1391 1383 1392 1384 /* verify the checksum of a buffer; checksum comes first … … 1540 1532 #endif 1541 1533 1542 #if defined(SH_WITH_CLIENT) || defined(SH_ WITH_SERVER) || defined(SH_STEALTH) || defined(WITH_GPG) || defined(WITH_PGP)1534 #if defined(SH_WITH_CLIENT) || defined(SH_STEALTH) || defined(WITH_GPG) || defined(WITH_PGP) 1543 1535 1544 1536 /* --------- secure temporary file ------------ */ -
/trunk/src/sh_unix.c
r30 r20 127 127 unsigned long mask_USER0 = MASK_USER_; 128 128 unsigned long mask_USER1 = MASK_USER_; 129 unsigned long mask_USER2 = MASK_USER_;130 unsigned long mask_USER3 = MASK_USER_;131 unsigned long mask_USER4 = MASK_USER_;132 129 unsigned long mask_ALLIGNORE = MASK_ALLIGNORE_; 133 130 unsigned long mask_ATTRIBUTES = MASK_ATTRIBUTES_; … … 145 142 mask_USER0 = MASK_USER_; 146 143 mask_USER1 = MASK_USER_; 147 mask_USER2 = MASK_USER_;148 mask_USER3 = MASK_USER_;149 mask_USER4 = MASK_USER_;150 144 mask_ALLIGNORE = MASK_ALLIGNORE_; 151 145 mask_ATTRIBUTES = MASK_ATTRIBUTES_; … … 313 307 *p = '0' + (u % 10); 314 308 u /= 10; 315 } while (u && (p != str));316 if ( (iisneg == 1) && (p != str)) {309 } while (u); 310 if (iisneg == 1) { 317 311 --p; 318 312 *p = '-'; … … 329 323 extern int OnlyStderr; 330 324 331 int safe_logger (int signal, int method, char * details)325 int safe_logger (int signal, int method, pid_t thepid) 332 326 { 333 327 int i = 0; … … 337 331 char str[128]; 338 332 char * p; 339 333 340 334 char l0[64], l1[64], l2[64], l3[64]; 341 335 char a0[32], a1[32], a2[32]; 342 336 char e0[128]; 343 337 char msg[128]; 344 338 345 339 char * locations[] = { NULL, NULL, NULL, NULL, NULL }; 346 340 char * envp[] = { NULL, NULL }; 347 341 char * argp[] = { NULL, NULL, NULL, NULL, NULL }; 348 349 pid_t thepid = getpid(); 350 342 351 343 if ((sh.flag.isdaemon == S_FALSE) || (OnlyStderr == S_TRUE)) 352 344 method = 1; 353 345 354 346 /* seems that solaris cc needs this way of initializing ... 355 347 */ … … 358 350 locations[2] = l2; 359 351 locations[3] = l3; 360 352 361 353 envp[0] = e0; 362 354 363 355 argp[0] = a0; 364 356 argp[1] = a1; 365 357 argp[2] = a2; 366 358 359 strcpy (l0, _("/usr/bin/logger")); /* known to fit */ 360 strcpy (l1, _("/usr/sbin/logger")); /* known to fit */ 361 strcpy (l2, _("/usr/ucb/logger")); /* known to fit */ 362 strcpy (l3, _("/bin/logger")); /* known to fit */ 363 364 strcpy (a0, _("logger")); /* known to fit */ 365 strcpy (a1, _("-p")); /* known to fit */ 366 strcpy (a2, _("daemon.alert")); /* known to fit */ 367 368 strcpy (e0, /* known to fit */ 369 _("PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/ucb:/usr/local/bin")); 370 367 371 sl_strlcpy(msg, _("samhain["), 128); 368 372 p = safe_itoa((int) thepid, str, 128); … … 371 375 if (signal == 0) 372 376 { 373 if (details == NULL) { 374 sl_strlcat(msg, _("]: out of memory"), 128); 375 } else { 376 sl_strlcat(msg, _("]: "), 128); 377 sl_strlcat(msg, details, 128); 378 } 377 sl_strlcat(msg, _("]: out of memory"), 128); 379 378 } 380 379 else … … 394 393 return 0; 395 394 } 396 397 sl_strlcpy (l0, _("/usr/bin/logger"), 64);398 sl_strlcpy (l1, _("/usr/sbin/logger"), 64);399 sl_strlcpy (l2, _("/usr/ucb/logger"), 64);400 sl_strlcpy (l3, _("/bin/logger"), 64);401 402 sl_strlcpy (a0, _("logger"), 32);403 sl_strlcpy (a1, _("-p"), 32);404 sl_strlcpy (a2, _("daemon.alert"), 32);405 406 sl_strlcpy (e0,407 _("PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/ucb:/usr/local/bin"),408 128);409 410 395 while (locations[i] != NULL) { 411 396 status = stat(locations[i], &buf); … … 429 414 } 430 415 431 void safe_fatal (int signal, int method, char * details,432 char * file, int line)433 {434 char msg[128];435 char str[128];436 char * p;437 p = safe_itoa((int) line, str, 128);438 sl_strlcpy(msg, _("FATAL: "), 128);439 sl_strlcat(msg, file, 128);440 sl_strlcat(msg, ": ", 128);441 if (p && (*p)) {442 sl_strlcat(msg, p , 128);443 sl_strlcat(msg, ": ", 128);444 }445 sl_strlcat(msg, details, 128);446 safe_logger (signal, method, msg);447 _exit(EXIT_FAILURE);448 }449 416 450 417 extern char sh_sig_msg[64]; … … 484 451 { 485 452 chdir ("/"); 486 safe_logger (mysignal, 0, NULL);453 safe_logger (mysignal, 0, getpid()); 487 454 } 488 455 _exit(mysignal); … … 537 504 memset (skey, '\0', sizeof(sh_key_t)); 538 505 if (immediate_exit_fast < 2) 539 safe_logger (mysignal, 0, NULL);506 safe_logger (mysignal, 0, getpid()); 540 507 _exit(mysignal); 541 508 #else … … 551 518 close_ipc (); 552 519 #endif 553 safe_logger (mysignal, 0, NULL);520 safe_logger (mysignal, 0, getpid()); 554 521 chdir ("/"); 555 522 raise(SIGFPE); … … 852 819 /* checksum the own binary 853 820 */ 854 int sh_unix_self_hash (c onst char * c)821 int sh_unix_self_hash (char * c) 855 822 { 856 823 char message[512]; … … 924 891 925 892 /* added Tue Feb 22 10:36:44 NFT 2000 Rainer Wichmann */ 926 static int tf_add_trusted_user_int(c onst char * c)893 static int tf_add_trusted_user_int(char * c) 927 894 { 928 895 register struct passwd * w; … … 952 919 } 953 920 954 int tf_add_trusted_user(c onst char * c)921 int tf_add_trusted_user(char * c) 955 922 { 956 923 int i; … … 1262 1229 char ** env1; 1263 1230 int envlen = 0; 1264 size_t len;1265 1231 1266 1232 SL_ENTER(_("sh_unix_copyenv")); … … 1282 1248 envlen = 0; 1283 1249 1284 while (env0 != NULL && env0[envlen] != NULL) { 1285 len = strlen(env0[envlen]) + 1; 1286 env1[envlen] = malloc (len); /* only once */ 1250 while (env0 != NULL && env0[envlen] != NULL) { 1251 env1[envlen] = malloc (strlen(env0[envlen]) + 1); /* only once */ 1287 1252 if (env1[envlen] == NULL) 1288 1253 { … … 1290 1255 SL_RET0(_("sh_unix_copyenv")); 1291 1256 } 1292 s l_strlcpy(env1[envlen], env0[envlen], len);1257 strcpy(env1[envlen], env0[envlen]); /* known to fit */ 1293 1258 ++envlen; 1294 1259 } … … 1451 1416 #include <arpa/inet.h> 1452 1417 1453 char * sh_unix_h_name (struct hostent * host_entry)1454 {1455 char ** p;1456 if (strchr(host_entry->h_name, '.')) {1457 return host_entry->h_name;1458 } else {1459 for (p = host_entry->h_aliases; *p; ++p) {1460 if (strchr(*p, '.'))1461 return *p;1462 }1463 }1464 return host_entry->h_name;1465 }1466 1467 1418 /* uname() on FreeBSD is broken, because the 'nodename' buf is too small 1468 1419 * to hold a valid (leftmost) domain label. … … 1484 1435 1485 1436 (void) uname (&buf); 1486 /* flawfinder: ignore */ /* ff bug, ff sees system() */ 1437 1487 1438 sl_strlcpy (sh.host.system, buf.sysname, SH_MINIBUF); 1488 1439 sl_strlcpy (sh.host.release, buf.release, SH_MINIBUF); … … 1535 1486 else 1536 1487 { 1537 sl_strlcpy (sh.host.name, sh_unix_h_name(he1), SH_PATHBUF);1488 sl_strlcpy (sh.host.name, he1->h_name, SH_PATHBUF); 1538 1489 } 1539 1490 … … 1583 1534 if (he1 != NULL) 1584 1535 { 1585 sl_strlcpy (sh.host.name, sh_unix_h_name(he1), SH_PATHBUF);1536 sl_strlcpy (sh.host.name, he1->h_name, SH_PATHBUF); 1586 1537 } 1587 1538 else … … 1688 1639 aud_exit(FIL__, __LINE__, EXIT_FAILURE); 1689 1640 } 1690 /* flawfinder: ignore */1691 1641 return (chroot(chroot_dir)); 1692 1642 } … … 1973 1923 } 1974 1924 1975 int sh_unix_settimeserver (c onst char * address)1925 int sh_unix_settimeserver (char * address) 1976 1926 { 1977 1927 … … 2146 2096 /* whether to use localtime for file timesatams in logs 2147 2097 */ 2148 int sh_unix_uselocaltime (c onst char * c)2098 int sh_unix_uselocaltime (char * c) 2149 2099 { 2150 2100 int i; … … 2782 2732 } 2783 2733 2784 int sh_unix_set_io_limit (c onst char * c)2734 int sh_unix_set_io_limit (char * c) 2785 2735 { 2786 2736 long val; … … 2822 2772 if (tmpFile.size < fbuf->st_size) 2823 2773 { 2824 sl_strlcpy(fileHash, 2825 sh_tiger_generic_hash (filename, TIGER_FD, tmpFile.size, 2826 alert_timeout), 2827 KEY_LEN+1); 2774 strcpy(fileHash, /* known to fit */ 2775 sh_tiger_generic_hash (filename, TIGER_FD, tmpFile.size, 2776 alert_timeout)); 2828 2777 2829 2778 /* return */ … … 2832 2781 2833 2782 out: 2834 sl_strlcpy(fileHash, 2835 _("000000000000000000000000000000000000000000000000"), 2836 KEY_LEN+1); 2783 strcpy(fileHash, /* known to fit */ 2784 _("000000000000000000000000000000000000000000000000")); 2837 2785 SL_RETURN( -1, _("sh_unix_checksum_size")); 2838 2786 } … … 2955 2903 { 2956 2904 if (fileHash != NULL) 2957 sl_strlcpy(fileHash, 2958 _("000000000000000000000000000000000000000000000000"), 2959 KEY_LEN+1); 2905 strcpy(fileHash, /* known to fit */ 2906 _("000000000000000000000000000000000000000000000000")); 2960 2907 } 2961 2908 … … 2973 2920 if ((theFile->check_mask & MODI_CHK) == 0) 2974 2921 { 2975 sl_strlcpy(fileHash, 2976 _("000000000000000000000000000000000000000000000000"), 2977 KEY_LEN+1); 2922 strcpy(fileHash, /* known to fit */ 2923 _("000000000000000000000000000000000000000000000000")); 2978 2924 } 2979 2925 else if ((theFile->check_mask & MODI_PREL) != 0 && … … 2983 2929 if (0 != sh_prelink_run (theFile->fullpath, 2984 2930 fileHash, alert_timeout)) 2985 sl_strlcpy(fileHash, 2986 _("000000000000000000000000000000000000000000000000"), 2987 KEY_LEN+1); 2931 strcpy(fileHash, /* known to fit */ 2932 _("000000000000000000000000000000000000000000000000")); 2988 2933 } 2989 2934 else 2990 2935 { 2991 2936 tiger_fd = rval_open; 2992 sl_strlcpy(fileHash, 2993 sh_tiger_generic_hash (theFile->fullpath, 2994 TIGER_FD, 0, 2995 alert_timeout), 2996 KEY_LEN+1); 2937 strcpy(fileHash, /* known to fit */ 2938 sh_tiger_generic_hash (theFile->fullpath, TIGER_FD, 0, 2939 alert_timeout)); 2997 2940 if ((theFile->check_mask & MODI_SGROW) != 0) 2998 2941 { … … 3017 2960 if ((theFile->check_mask & MODI_CHK) == 0) 3018 2961 { 3019 sl_strlcpy(fileHash, 3020 _("000000000000000000000000000000000000000000000000"), 3021 KEY_LEN+1); 2962 strcpy(fileHash, /* known to fit */ 2963 _("000000000000000000000000000000000000000000000000")); 3022 2964 } 3023 2965 else if (policy == SH_LEVEL_PRELINK && … … 3027 2969 if (0 != sh_prelink_run (theFile->fullpath, 3028 2970 fileHash, alert_timeout)) 3029 sl_strlcpy(fileHash, 3030 _("000000000000000000000000000000000000000000000000"), 3031 KEY_LEN+1); 2971 strcpy(fileHash, /* known to fit */ 2972 _("000000000000000000000000000000000000000000000000")); 3032 2973 } 3033 2974 else … … 3204 3145 linknamebuf = SH_ALLOC(PATH_MAX); 3205 3146 3206 /* flawfinder: ignore */3207 3147 linksize = readlink (theFile->fullpath, linknamebuf, PATH_MAX-1); 3208 3148 … … 3220 3160 SH_FREE(tmp2); 3221 3161 SH_FREE(linknamebuf); 3222 theFile->linkpath[0] = '-';3223 theFile->linkpath[1] = '\0';3224 3162 SL_RETURN((-1),_("sh_unix_getinfo")); 3225 3163 } … … 4044 3982 { 4045 3983 #ifdef WITH_TPT 4046 sl_snprintf(str, sizeof(str), _("file: %s line: %d page: %d"),3984 sl_snprintf(str, 128, _("file: %s line: %d page: %d"), 4047 3985 page_list->file, page_list->line, i+1); 4048 3986 sh_error_handle(SH_ERR_INFO, FIL__, __LINE__, i, MSG_E_SUBGEN, … … 4052 3990 ++i; 4053 3991 } 4054 sl_snprintf(str, sizeof(str), _("%d pages locked"), i);3992 sl_snprintf(str, 128, _("%d pages locked"), i); 4055 3993 sh_error_handle(SH_ERR_INFO, FIL__, __LINE__, i, MSG_E_SUBGEN, 4056 3994 str, _("sh_unix_count_mlock")); -
/trunk/src/sh_userfiles.c
r30 r20 221 221 else if ( strstr(s, "user0") != NULL ) new->level = SH_LEVEL_USER0; 222 222 else if ( strstr(s, "user1") != NULL ) new->level = SH_LEVEL_USER1; 223 else if ( strstr(s, "user2") != NULL ) new->level = SH_LEVEL_USER2;224 else if ( strstr(s, "user3") != NULL ) new->level = SH_LEVEL_USER3;225 else if ( strstr(s, "user4") != NULL ) new->level = SH_LEVEL_USER4;226 223 else if ( strstr(s, "prelink") != NULL ) new->level = SH_LEVEL_PRELINK; 227 224 else /* The default */ new->level = default_level; … … 335 332 (void) sh_files_pushfile_user1(filepath); 336 333 break; 337 case SH_LEVEL_USER2:338 (void) sh_files_pushfile_user2(filepath);339 break;340 case SH_LEVEL_USER3:341 (void) sh_files_pushfile_user3(filepath);342 break;343 case SH_LEVEL_USER4:344 (void) sh_files_pushfile_user4(filepath);345 break;346 334 case SH_LEVEL_PRELINK: 347 335 (void) sh_files_pushfile_prelink(filepath); -
/trunk/src/sh_utils.c
r30 r20 189 189 } 190 190 191 int sh_util_hidesetup(c onst char * c)191 int sh_util_hidesetup(char * c) 192 192 { 193 193 int i; … … 205 205 SL_ENTER(_("sh_util_strdup")); 206 206 207 SH_VALIDATE_NE(str, NULL);208 209 len = sl_strlen(str);210 p = SH_ALLOC (len + 1);211 (void) sl_strlcpy (p, str, len+1);212 207 if (str != NULL) 208 { 209 len = sl_strlen(str); 210 p = SH_ALLOC (len + 1); 211 (void) sl_strlcpy (p, str, len+1); 212 } 213 213 SL_RETURN( p, _("sh_util_strdup")); 214 214 } … … 224 224 ret = *str; 225 225 226 SH_VALIDATE_NE(ret, NULL); 226 if (ret == NULL) { 227 SL_RETURN(ret, _("sh_util_strsep")); 228 } 227 229 228 230 for (c = *str; *c != '\0'; c++) { … … 644 646 static int sigtype = TYPE_HMAC; 645 647 646 int sh_util_sigtype (c onst char * c)648 int sh_util_sigtype (char * c) 647 649 { 648 650 SL_ENTER(_("sh_util_sigtype")); … … 955 957 char * key; 956 958 char * path; 957 char * outpath = NULL;959 char * outpath; 958 960 unsigned char * image = NULL; 959 961 long s = 0; … … 961 963 long ii, k = 0; 962 964 UINT32 * h1; 963 char * new = NULL;965 char * new; 964 966 965 967 if (0 != sl_is_suid()) … … 997 999 fprintf(stderr, 998 1000 _("ERROR: no path to executable given\n Argument must be 'key@path'\n")); 999 free(new);1000 1001 _exit (EXIT_FAILURE); 1001 1002 /*@notreached@*/ … … 1004 1005 else 1005 1006 path = &new[j]; 1006 1007 len = strlen(path) + 1 + 4;1008 1007 /*@-usedef@*/ 1009 if (NULL == (outpath = malloc( len)))1008 if (NULL == (outpath = malloc(strlen(path) + 1 + 4))) 1010 1009 goto bail_mem; 1011 1010 /*@-usedef@*/ 1012 sl_snprintf (outpath, len, _("%s.out"), path); 1011 /*@-bufferoverflowhigh@*/ 1012 sprintf (outpath, _("%s.out"), path); /* known to fit */ 1013 /*@+bufferoverflowhigh@*/ 1013 1014 1014 1015 fp = sl_open_read(path, SL_NOPRIV); … … 1017 1018 fprintf(stderr, 1018 1019 _("ERROR: cannot open %s for read (errnum = %ld)\n"), path, fp); 1019 free(new); free (outpath);1020 1020 _exit (EXIT_FAILURE); 1021 1021 /*@notreached@*/ … … 1028 1028 fprintf(stderr, 1029 1029 _("ERROR: cannot open %s (errnum = %ld)\n"), outpath, fout); 1030 free(new); free (outpath);1031 1030 _exit (EXIT_FAILURE); 1032 1031 /*@notreached@*/ … … 1069 1068 (void) sl_close (fout); 1070 1069 printf(_("new file %s written\n"), outpath); 1071 free(new); free (outpath); free(image);1072 1070 _exit (EXIT_SUCCESS); 1073 1071 /*@notreached@*/ … … 1078 1076 fprintf(stderr, 1079 1077 _("ERROR: old key not found\n")); 1080 free(new); free (outpath); free(image);1081 1078 _exit (EXIT_FAILURE); 1082 1079 /*@notreached@*/ … … 1087 1084 fprintf(stderr, 1088 1085 _("ERROR: out of memory\n")); 1089 if (new) free(new);1090 if (outpath) free (outpath);1091 if (image) free (image);1092 1086 _exit (EXIT_FAILURE); 1093 1087 /*@notreached@*/ … … 1335 1329 static unsigned char sh_obscure_index[256]; 1336 1330 1337 int sh_util_obscure_ok (c onst char * str)1331 int sh_util_obscure_ok (char * str) 1338 1332 { 1339 1333 unsigned long i; 1340 char * endptr = NULL;1341 1342 SL_ENTER(_("sh_util_obscure_ ok"));1334 char * endptr = str; 1335 1336 SL_ENTER(_("sh_util_obscure_ex")); 1343 1337 1344 1338 if (0 == sl_strncmp("all", str, 3)) … … 1348 1342 sh_obscure_index[i] = (unsigned char)1; 1349 1343 } 1350 SL_RETURN(0, _("sh_util_obscure_ ok"));1344 SL_RETURN(0, _("sh_util_obscure_ex")); 1351 1345 } 1352 1346 … … 1355 1349 sh_obscure_index[i] = (unsigned char)0; 1356 1350 } 1357 1358 i = strtoul (str, &endptr, 0);1359 if (i > 255)1360 {1361 SL_RETURN(-1, _("sh_util_obscure_ok"));1362 }1363 sh_obscure_index[i] = (unsigned char)1;1364 if (*endptr == ',')1365 ++endptr;1366 1351 1367 1352 while (*endptr != '\0') … … 1370 1355 if (i > 255) 1371 1356 { 1372 SL_RETURN(-1, _("sh_util_obscure_ ok"));1357 SL_RETURN(-1, _("sh_util_obscure_ex")); 1373 1358 } 1374 1359 sh_obscure_index[i] = (unsigned char)1; … … 1376 1361 ++endptr; 1377 1362 } 1378 SL_RETURN(0, _("sh_util_obscure_ ok"));1363 SL_RETURN(0, _("sh_util_obscure_ex")); 1379 1364 } 1380 1365 1381 1366 int sh_util_obscurename (ShErrLevel level, char * name_orig, int flag) 1382 1367 { 1383 unsigned char * name = (unsigned char *)name_orig;1368 char * name = name_orig; 1384 1369 char * safe; 1385 1370 unsigned int i; … … 1393 1378 while (*name != '\0') 1394 1379 { 1395 if ( (*name) > 0x7F || (*name)== '"' || (*name) == '\t' ||1380 if ( (*name) == '"' || (*name) == '\t' || 1396 1381 (*name) == '\b' || (*name) == '\f' || 1397 1382 (*name) == '\n' || (*name) == '\r' || … … 1577 1562 } else if (!isgraph ((int) *p)) { /* not printable */ 1578 1563 /*@-bufferoverflowhigh -formatconst@*/ 1579 /* flawfinder: ignore */1580 1564 sprintf(oct, format, '\\', /* known to fit */ 1581 1565 (unsigned char) *p); -
/trunk/src/sh_utmp.c
r30 r20 331 331 { 332 332 SL_ENTER(_("sh_utmp_endutent")); 333 if (NULL != sh_utmpfile) 334 (void) fclose(sh_utmpfile); 333 (void) fclose(sh_utmpfile); 335 334 sh_utmpfile = NULL; 336 335 SL_RET0(_("sh_utmp_endutent")); -
/trunk/src/slib.c
r30 r20 231 231 if (flag == 1) 232 232 { 233 s l_snprintf (val, 81, _("\n--------- %10s "), file);233 sprintf (val, _("\n--------- %10s "), file); 234 234 sl_strlcpy (msg, val, 80); 235 s l_snprintf (val, 81, _(" --- %6d ---------\n"), line);235 sprintf (val, _(" --- %6d ---------\n"), line); 236 236 sl_strlcat (msg, val, 80); 237 237 sh_log_console (msg); … … 577 577 578 578 #if !defined(HOST_IS_I86SOLARIS) 579 #if !defined (_GNU_SOURCE) && !defined(__linux__) 580 /* flawfinder: ignore */ 579 #if !defined (_GNU_SOURCE) 581 580 extern int vsnprintf ( char *str, size_t n, 582 581 const char *format, va_list ap ); … … 778 777 779 778 #if defined(HAVE_VSNPRINTF) && !defined(HAVE_BROKEN_VSNPRINTF) 780 len = vsnprintf (str, n, format, vl); /* flawfinder: ignore */779 len = vsnprintf (str, n, format, vl); 781 780 str[n-1] = '\0'; 782 781 #else 783 VA_COPY (vl2, vl); 782 VA_COPY (vl2, vl); /* save the argument list */ 784 783 total = sl_printf_count (format, vl); 785 len = (int) total;784 len = (int) total; 786 785 if (total < n) 787 786 { 788 /* flawfinder: ignore */789 787 vsprintf (str, format, vl2); /* program has checked that it fits */ 790 788 str[n-1] = '\0'; … … 806 804 * ENULL: src || format == NULL 807 805 * ERANGE: n out of range 808 * ETRUNC: truncated (unimplemented)806 * ETRUNC: truncated 809 807 */ 810 808 int sl_snprintf(char *str, size_t n, … … 823 821 va_start (vl, format); 824 822 #if defined(HAVE_VSNPRINTF) && !defined(HAVE_BROKEN_VSNPRINTF) 825 /* flawfinder: ignore */826 823 vsnprintf (str, n, format, vl); 827 824 str[n-1] = '\0'; … … 831 828 if (total < n) 832 829 { 833 /* flawfinder: ignore */834 830 vsprintf (str, format, vl2); /* program has checked that it fits */ 835 831 str[n-1] = '\0'; … … 1572 1568 SL_TICKET sl_make_ticket (int fd, char * filename) 1573 1569 { 1574 size_t len;1575 1570 SL_TICKET ticket; 1576 1571 SL_ENTER(_("sl_make_ticket")); … … 1592 1587 } 1593 1588 1594 len = sl_strlen(filename)+1; 1595 1596 if ( (ofiles[fd]->path = (char *) malloc(len) ) == NULL) 1589 if ( (ofiles[fd]->path = (char *) malloc( strlen(filename)+1) ) == NULL) 1597 1590 { 1598 1591 free(ofiles[fd]); … … 1612 1605 } 1613 1606 1614 s l_strlcpy (ofiles[fd]->path, filename, len);1607 strcpy (ofiles[fd]->path, filename); /* Known to fit */ 1615 1608 ofiles[fd]->ticket = ticket; 1616 1609 ofiles[fd]->fd = fd; … … 1653 1646 int fd; 1654 1647 int sflags; 1655 size_t len;1656 1648 SL_TICKET ticket; 1657 1649 … … 1828 1820 } 1829 1821 1830 len = sl_strlen(filename)+1; 1831 1832 if ( (ofiles[fd]->path = (char *) malloc(len) ) == NULL) 1822 if ( (ofiles[fd]->path = (char *) malloc( strlen(filename)+1) ) == NULL) 1833 1823 { 1834 1824 free(ofiles[fd]); … … 1850 1840 } 1851 1841 1852 s l_strlcpy (ofiles[fd]->path, filename, len);1842 strcpy (ofiles[fd]->path, filename); /* Known to fit */ 1853 1843 ofiles[fd]->ticket = ticket; 1854 1844 ofiles[fd]->fd = fd; … … 1984 1974 { 1985 1975 TPT((0, FIL__, __LINE__, 1986 _("msg=<Error closing file.>, path=<%s>, fd=<%d> , err=<%s>\n"),1987 ofiles[fd]->path, fd , strerror(errno)));1976 _("msg=<Error closing file.>, path=<%s>, fd=<%d>\n"), 1977 ofiles[fd]->path, fd)); 1988 1978 } 1989 1979 -
/trunk/src/yulectl.c
r30 r20 300 300 if (0 != good) 301 301 { 302 fprintf (stderr, _("ERROR: Bounced message != original message (possible reason: superfluous password).\n"));302 fprintf (stderr, _("ERROR: Bounced message != original message.\n")); 303 303 return -1; 304 304 } … … 321 321 printf(_(" transfer to the client <client_hostname> when\n")); 322 322 printf(_(" this client connects to deliver a message.\n\n")); 323 printf(_(" If password is required, it is read from\n"));324 printf(_(" $HOME/.yulectl_cred or taken from the environment\n"));325 printf(_(" variable YULECTL_PASSWORD (not recommended).\n\n"));326 323 327 324 printf(_("Commands: RELOAD <reload configuration>\n")); … … 340 337 FILE * fp; 341 338 struct passwd * pwent; 342 char * pw; 343 344 pw = getenv(_("YULECTL_PASSWORD")); 345 if (pw && strlen(pw) < 15) 346 { 347 strcpy(password, pw); 348 strcpy(message2, password); 349 goto do_msg; 350 } 339 351 340 352 341 pwent = getpwuid(geteuid()); … … 399 388 exit(EXIT_FAILURE); 400 389 } 401 if (strlen(message2) > 1 4)390 if (strlen(message2) > 15) 402 391 { 403 392 fprintf (stderr, … … 411 400 } 412 401 strcpy(password, message2); 402 strcat(message2, "@"); 413 403 fclose(fp); 414 do_msg:415 strcat(message2, "@");416 404 417 405 strncat(message2, message, SH_MAXMSG - strlen(message2) -1); -
/trunk/test/test.sh
r30 r20 1 1 #! /bin/sh 2 3 #4 # Copyright Rainer Wichmann (2006)5 #6 # License Information:7 # This program is free software; you can redistribute it and/or modify8 # it under the terms of the GNU General Public License as published by9 # the Free Software Foundation; either version 2 of the License, or10 # (at your option) any later version.11 #12 # This program is distributed in the hope that it will be useful,13 # but WITHOUT ANY WARRANTY; without even the implied warranty of14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the15 # GNU General Public License for more details.16 #17 # You should have received a copy of the GNU General Public License18 # along with this program; if not, write to the Free Software19 # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.20 #21 22 # -----------------------------------------------------------------------23 # Be Bourne compatible24 # -----------------------------------------------------------------------25 26 if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then27 emulate sh28 NULLCMD=:29 elif test -n "${BASH_VERSION+set}" && (set -o posix) >/dev/null 2>&1; then30 set -o posix31 fi32 33 # -----------------------------------------------------------------------34 # Make sure we support functions (from the autoconf manual)35 # -----------------------------------------------------------------------36 37 TSHELL="${TSHELL-/bin/sh}"38 if test x"$1" = "x--re-executed"39 then40 shift41 elif "$TSHELL" -c 'foo () { (exit 0); exit 0; }; foo' >/dev/null 2>&142 then43 :44 else45 for cmd in sh bash ash bsh ksh zsh sh5; do46 X="$PATH:/bin:/usr/bin:/usr/afsws/bin:/usr/ucb:/usr/xpg4/bin";47 OLD_IFS=${IFS}48 IFS=':'; export IFS49 for dir in $X; do50 shell="$dir/$cmd"51 if (test -f "$shell" || test -f "$shell.exe")52 then53 if "$shell" -c 'foo () { (exit 0); exit 0; }; foo' >/dev/null 2>&154 then55 TSHELL="$shell"; export TSHELL56 IFS=${OLD_IFS}; export IFS57 exec "$shell" "$0" --re-executed ${1+"$@"}58 fi59 fi60 done61 IFS=${OLD_IFS}; export IFS62 done63 echo "-----------------------------------------------------------------"64 echo "ERROR: Unable to locate a shell interpreter with function support" >&265 echo "-----------------------------------------------------------------"66 { (exit 1); exit 1; }67 fi68 69 # -----------------------------------------------------------------------70 # Make sure we support 'let' (from the autoconf manual)71 # -----------------------------------------------------------------------72 73 TSHELL="${TSHELL-/bin/sh}"74 if test x"$1" = "x--re-run"75 then76 shift77 elif "$TSHELL" -c 'a=5; let "a = a + 5"' >/dev/null 2>&178 then79 :80 else81 for cmd in sh bash ash bsh ksh zsh sh5; do82 X="$PATH:/bin:/usr/bin:/usr/afsws/bin:/usr/ucb:/usr/xpg4/bin";83 OLD_IFS=${IFS}84 IFS=':'; export IFS85 for dir in $X; do86 shell="$dir/$cmd"87 if (test -f "$shell" || test -f "$shell.exe")88 then89 if "$shell" -c 'foo () { (exit 0); exit 0; }; foo' >/dev/null 2>&190 then91 if "$shell" -c 'a=5; let "a = a + 5"' >/dev/null 2>&192 then93 TSHELL="$shell"; export TSHELL94 IFS=${OLD_IFS}; export IFS95 exec "$shell" "$0" --re-run ${1+"$@"}96 fi97 fi98 fi99 done100 IFS=${OLD_IFS}; export IFS101 done102 echo "-----------------------------------------------------------------"103 echo "ERROR: Unable to locate a shell interpreter with support for 'let'" >&2104 echo "-----------------------------------------------------------------"105 { (exit 1); exit 1; }106 fi107 108 109 umask 0022110 2 111 3 isok=`test -t 1 2>&1 | wc -c` … … 148 40 echo " ${S}test.sh 6${E} -- Controlling the daemon" 149 41 echo " ${S}test.sh 7${E} -- GnuPG signed files / prelude log" 150 echo " ${S}test.sh 8${E} -- Suidcheck"151 42 152 43 echo " ${S}test.sh 10${E} -- Test c/s init/check (testrc_2.in)" … … 155 46 echo " ${S}test.sh 13${E} -- Test full c/s w/mysql (testrc_2.in)" 156 47 echo " ${S}test.sh 14${E} -- Test full c/s w/postgres (testrc_2.in)" 157 echo " ${S}test.sh all${E} -- All tests" 158 } 159 scripts () { 48 echo " ${S}test.sh all${E} -- All except 12+" 49 160 50 echo 161 echo "Scripts used by tests :"51 echo "Scripts used by tests (located in ${SCRIPTDIR}):" 162 52 echo " (1) testcompile.sh (2) testhash.sh (3) testrun_1.sh (4) testrun_1a.sh" 163 echo " (5) testext.sh (6) testtimesrv.sh (7) testrun_1b.sh (8) testrun_1c.sh" 164 echo " (10) testrun_2.sh (11) testrun_2a.sh (12) testrun_2b.sh (13) testrun_2c.sh" 165 echo " (14) testrun_2d.sh" 53 echo " (5) testext.sh (6) testtimesrv.sh (7) testrun_1b.sh (10) testrun_2.sh" 54 echo " (11) testrun_2a.sh (12) testrun_2b.sh (13) testrun_2c.sh (14) testrun_2d.sh" 166 55 } 167 56 … … 175 64 cleanup=on 176 65 doall= 177 usevalgrind=178 66 179 67 while [ $# -gt 0 ] … … 181 69 case "$1" in 182 70 -h|--help) usage; exit 0;; 183 --scripts) usage; scripts; exit 0;;184 71 -v|--verbose) verbose=on; quiet= ;; 185 72 -q|--quiet) quiet=on; verbose= ;; … … 187 74 --no-cleanup) cleanup= ;; 188 75 --really-all) doall=on;; 189 --valgrind) usevalgrind=on;;190 76 --srcdir=*) TOP_SRCDIR=`echo $1 | sed s,--srcdir=,,`; export TOP_SRCDIR;; 191 77 --color=*) … … 274 160 275 161 PW_DIR=`pwd`; export PW_DIR 276 277 #278 # group/world writeable will cause problems279 #280 chmod go-w .281 162 # 282 163 # … … 401 282 rm -f testrc_1.dyn 402 283 rm -f testrc_2 403 rm -f testrc_22404 284 rm -f ./.samhain_file 405 285 rm -f ./.samhain_log* 406 rm -f ./.samhain_lock* 407 test -d testrun_testdata && chmod -R 0700 testrun_testdata 408 test -d .quarantine && rm -rf .quarantine 409 rm -rf testrun_testdata 286 rm -f ./.samhain_lock 287 test -d testrun_data && chmod -R 0700 testrun_data 288 rm -rf testrun_data 410 289 rm -f test_log_db 411 290 rm -f test_log_prelude 412 rm -f test_log_valgrind*413 rm -f test_log_yulectl414 rm -f yule.html415 rm -f yule.html2416 291 } 417 292 … … 455 330 tmp="localhost" 456 331 fi 457 # 458 # first one is hostname, others are aliases 459 # 460 tmp2=`cat /etc/hosts | egrep "^ *[0123456789].* $tmp" | awk '{ print $2 }'` 461 if [ -z "$tmp2" ]; then 462 echo "$tmp" 463 else 464 echo "$tmp2" 465 fi 332 echo "$tmp" 466 333 } 467 334 … … 474 341 hostname="127.0.0.1" 475 342 fi 476 477 # Seems that 'valgrind' causes random hangs :-(478 #479 if [ -z "$usevalgrind" ]; then480 VALGRIND=481 else482 VALGRIND=`find_path valgrind`;483 fi484 [ -z "$VALGRIND" ] || {485 VALGRIND="$VALGRIND --quiet --tool=memcheck --suppressions=.test.supp";486 export VALGRIND;487 [ -z "$verbose" ] || log_msg_ok "using valgrind"488 cat > ".test.supp" <<End-of-data489 #490 # there are unitialized bytes in the struct...491 #492 {493 pushdata_01494 Memcheck:Param495 write(buf)496 obj:/lib/ld-*.so497 fun:sh_hash_pushdata498 fun:sh_files_filecheck499 fun:sh_dirs_chk500 }501 {502 pushdata_02503 Memcheck:Param504 write(buf)505 obj:/lib/ld-*.so506 fun:sh_hash_pushdata507 fun:sh_files_filecheck508 fun:sh_files_checkdir509 }510 {511 pushdata_03512 Memcheck:Param513 write(buf)514 obj:/lib/ld-*.so515 fun:sh_hash_pushdata516 fun:sh_hash_writeout517 fun:main518 }519 520 End-of-data521 }522 343 523 344 if test x$1 = x1; then … … 564 385 exit $? 565 386 fi 566 if test x$1 = x8; then567 . ${SCRIPTDIR}/testrun_1.sh568 . ${SCRIPTDIR}/testrun_1c.sh569 testrun1c570 print_summary571 exit $?572 fi573 387 if test x$1 = x10; then 574 388 . ${SCRIPTDIR}/testrun_2.sh … … 620 434 . ${SCRIPTDIR}/testrun_1b.sh 621 435 let "TEST_MAX = TEST_MAX + MAXTEST" >/dev/null 622 . ${SCRIPTDIR}/testrun_1c.sh623 let "TEST_MAX = TEST_MAX + MAXTEST" >/dev/null624 436 . ${SCRIPTDIR}/testrun_2.sh 625 437 let "TEST_MAX = TEST_MAX + MAXTEST" >/dev/null … … 659 471 MAXTEST=${TEST_MAX}; export MAXTEST 660 472 testrun1b 661 #662 . ${SCRIPTDIR}/testrun_1.sh663 . ${SCRIPTDIR}/testrun_1c.sh664 MAXTEST=${TEST_MAX}; export MAXTEST665 testrun1c666 473 # 667 474 . ${SCRIPTDIR}/testrun_2.sh -
/trunk/test/testcompile.sh
r30 r20 1 1 #! /bin/sh 2 2 3 # 4 # Copyright Rainer Wichmann (2006) 5 # 6 # License Information: 7 # This program is free software; you can redistribute it and/or modify 8 # it under the terms of the GNU General Public License as published by 9 # the Free Software Foundation; either version 2 of the License, or 10 # (at your option) any later version. 11 # 12 # This program is distributed in the hope that it will be useful, 13 # but WITHOUT ANY WARRANTY; without even the implied warranty of 14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 # GNU General Public License for more details. 16 # 17 # You should have received a copy of the GNU General Public License 18 # along with this program; if not, write to the Free Software 19 # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 20 # 21 22 MAXTEST=57; export MAXTEST 23 24 run_flawfinder () 25 { 26 flawfinder --minlevel=3 --quiet src/s*.c | \ 27 egrep '^No hits found.' >/dev/null 2>&1 28 if [ $? -eq 0 ]; then 29 [ -z "$quiet" ] && log_ok $2 ${MAXTEST} "$TEST"; 30 else 31 flawfinder --minlevel=3 --quiet src/s*.c >test_log 2>&1 32 [ -z "$quiet" ] && log_fail $2 ${MAXTEST} "$TEST"; 33 return 1 34 fi 35 } 36 37 run_smatch () 38 { 39 export CDIR=`pwd`; 40 41 if [ -z "$doall" ]; then 42 [ -z "$quiet" ] && log_skip $2 ${MAXTEST} "$TEST (smatch)"; 43 return 0 44 fi 45 46 if [ "x$3" = "xdebug" ]; then memcheck=debug; else memcheck=simple; fi 47 if [ -f ../sm_scripts/smatch.pm ]; then 48 ( 49 cd ../sm_scripts; 50 51 for i in ${CDIR}/*.c.sm ; do 52 # echo $i; 53 cat $i | ./unreached_code.pl; 54 cat $i | ./ampersand_missing.sh; 55 cat $i | ./uninitialized.pl; 56 cat $i | ./eqeq.pl; 57 cat $i | ./for_bounds.pl; 58 cat $i | ./unchecked_returns.pl; 59 cat $i | ./unreached_code.pl; 60 cat $i | ./uninitialized.pl; 61 # from http://people.redhat.com/mstefani/wine/smatch/ 62 if [ -f ./while_for_check.pl ]; then 63 cat $i | ./while_for_check.pl; 64 fi 65 # --> end wine <-- 66 # samhain specific 67 if [ $memcheck = xsimple ]; then 68 if [ -f ./samhain_unfree.pl ]; then 69 cat $i | ./samhain_unfree.pl | \ 70 egrep -v 'x_cutest_.*Test_' | \ 71 egrep -v 'x_sh_unix.c .... .... sh_unix_copyenv'; 72 fi 73 fi 74 if [ $memcheck = xdebug ]; then 75 if [ -f ./samhain_unfree_debug.pl ]; then 76 cat $i | ./samhain_unfree_debug.pl | \ 77 egrep -v 'x_cutest_.*Test_' | \ 78 egrep -v 'x_sh_unix.c .... .... sh_unix_copyenv'; 79 fi 80 fi 81 # --> end samhain specific <-- 82 #cat $i | ./unfree.pl | \ 83 # egrep -v 'x_cutest_.*Test_' | \ 84 # grep -v 'x_sh_unix.c .... .... sh_unix_copyenv'; 85 touch list_null_funcs_uniq; 86 cat $i | ./deference_check.pl; 87 rm -f list_null_funcs_uniq; 88 rm -f $i 89 done 90 ) >test_log_smatch 2>&1 91 if [ -f test_log_smatch ]; then 92 lines=`cat test_log_smatch | wc -l` 93 if [ $lines -ne 0 ]; then 94 cat test_log_smatch 95 rm -f test_log_smatch 96 [ -z "$quiet" ] && log_fail $2 ${MAXTEST} "$TEST (smatch)"; 97 return 1 98 fi 99 fi 100 [ -z "$quiet" ] && log_ok $2 ${MAXTEST} "$TEST (smatch)"; 101 return 0 102 fi 103 [ -z "$quiet" ] && log_skip $2 ${MAXTEST} "$TEST (smatch)"; 104 return 0 105 } 3 MAXTEST=28; export MAXTEST 106 4 107 5 testmake () … … 110 8 if test x$1 = x0; then 111 9 [ -z "$verbose" ] || log_msg_ok "configure... $TEST"; 112 $MAKE ${SMATCH}cutest > /dev/null 2>> test_log10 $MAKE cutest > /dev/null 2>> test_log 113 11 if test x$? = x0; then 114 12 [ -z "$verbose" ] || log_msg_ok "make cutest... $TEST"; … … 136 34 log_start "COMPILE" 137 35 138 if [ -f /usr/local/gcc-smatch/bin/gcc ]; then139 SAVE_CC="${CC}"140 SMATCH="DBGDEF=--smatch"; export SMATCH141 CC="/usr/local/gcc-smatch/bin/gcc"; export CC142 fi143 144 36 num=0 145 37 numfail=0 146 38 147 39 # 148 # test flawfinder149 #150 TEST="${S}check w/flawfinder${E}"151 #152 #153 let "num = num + 1" >/dev/null154 FLAWFINDER=`find_path flawfinder`155 #156 if [ -z "$FLAWFINDER" ]; then157 log_skip $num $MAXTEST 'check w/flawfinder (not in PATH)'158 else159 run_flawfinder 0 $num || let "numfail = numfail + 1" >/dev/null160 fi161 #162 163 #164 40 # test standalone compilation 165 41 # 166 TEST="${S}standalone w/suidcheck${E}"42 TEST="${S}standalone agent w/suidcheck${E}" 167 43 # 168 44 if test -r "Makefile"; then … … 174 50 let "num = num + 1" >/dev/null 175 51 testmake $? $num || let "numfail = numfail + 1" >/dev/null 176 let "num = num + 1" >/dev/null177 run_smatch $? $num || let "numfail = numfail + 1" >/dev/null178 52 179 53 # 180 54 # test standalone compilation 181 55 # 182 TEST="${S}standalone w/mounts-checkw/userfiles${E}"56 TEST="${S}standalone agent w/mounts-check and w/userfiles${E}" 183 57 # 184 58 if test -r "Makefile"; then … … 190 64 let "num = num + 1" >/dev/null 191 65 testmake $? $num || let "numfail = numfail + 1" >/dev/null 192 let "num = num + 1" >/dev/null193 run_smatch $? $num || let "numfail = numfail + 1" >/dev/null194 66 195 67 … … 197 69 # test standalone compilation 198 70 # 199 TEST="${S}standalone w/timeserver and w/msgqueue${E}"71 TEST="${S}standalone agent w/timeserver and w/message-queue${E}" 200 72 # 201 73 if test -r "Makefile"; then … … 207 79 let "num = num + 1" >/dev/null 208 80 testmake $? $num || let "numfail = numfail + 1" >/dev/null 209 let "num = num + 1" >/dev/null210 run_smatch $? $num || let "numfail = numfail + 1" >/dev/null211 81 212 82 # 213 83 # test standalone compilation with --with-nocl=PW 214 84 # 215 TEST="${S}standalone w/nocl${E}"85 TEST="${S}standalone agent w/nocl${E}" 216 86 # 217 87 if test -r "Makefile"; then … … 223 93 let "num = num + 1" >/dev/null 224 94 testmake $? $num || let "numfail = numfail + 1" >/dev/null 225 let "num = num + 1" >/dev/null226 run_smatch $? $num || let "numfail = numfail + 1" >/dev/null227 95 228 96 # 229 97 # test standalone compilation w/ debug 230 98 # 231 TEST="${S}standalone w/debug${E}"99 TEST="${S}standalone agent w/debug${E}" 232 100 # 233 101 if test -r "Makefile"; then … … 239 107 let "num = num + 1" >/dev/null 240 108 testmake $? $num || let "numfail = numfail + 1" >/dev/null 241 let "num = num + 1" >/dev/null242 run_smatch $? $num debug || let "numfail = numfail + 1" >/dev/null243 109 244 110 # 245 111 # test standalone compilation w/ gpg 246 112 # 247 TEST="${S}standalone w/gpg${E}"113 TEST="${S}standalone agent w/gpg${E}" 248 114 # 249 115 GPG=`find_path gpg` … … 252 118 if [ -z "$GPG" ]; then 253 119 log_skip $num $MAXTEST 'gpg not in PATH' 254 let "num = num + 1" >/dev/null255 120 else 256 121 if test -r "Makefile"; then … … 261 126 # 262 127 testmake $? $num || let "numfail = numfail + 1" >/dev/null 263 let "num = num + 1" >/dev/null264 run_smatch $? $num || let "numfail = numfail + 1" >/dev/null265 128 fi 266 129 … … 268 131 # test standalone compilation w/stealth 269 132 # 270 TEST="${S}standalone w/stealth${E}"133 TEST="${S}standalone agent w/stealth${E}" 271 134 # 272 135 if test -r "Makefile"; then … … 278 141 let "num = num + 1" >/dev/null 279 142 testmake $? $num || let "numfail = numfail + 1" >/dev/null 280 let "num = num + 1" >/dev/null281 run_smatch $? $num || let "numfail = numfail + 1" >/dev/null282 143 283 144 # 284 145 # test standalone compilation w/logwatch 285 146 # 286 TEST="${S}standalone w/login-watch${E}"147 TEST="${S}standalone agent w/login-watch${E}" 287 148 # 288 149 if test -r "Makefile"; then … … 294 155 let "num = num + 1" >/dev/null 295 156 testmake $? $num || let "numfail = numfail + 1" >/dev/null 296 let "num = num + 1" >/dev/null297 run_smatch $? $num || let "numfail = numfail + 1" >/dev/null298 157 299 158 # 300 159 # test standalone compilation w/mysql 301 160 # 302 TEST="${S}standalone w/mysql${E}"161 TEST="${S}standalone agent w/mysql${E}" 303 162 # 304 163 if test -r "Makefile"; then … … 310 169 let "num = num + 1" >/dev/null 311 170 testmake $? $num "skip" || let "numfail = numfail + 1" >/dev/null 312 let "num = num + 1" >/dev/null313 run_smatch $? $num || let "numfail = numfail + 1" >/dev/null314 171 315 172 # 316 173 # test standalone compilation w/postgresql 317 174 # 318 TEST="${S}standalone w/postgresql${E}"175 TEST="${S}standalone agent w/postgresql${E}" 319 176 # 320 177 if test -r "Makefile"; then … … 326 183 let "num = num + 1" >/dev/null 327 184 testmake $? $num "skip" || let "numfail = numfail + 1" >/dev/null 328 let "num = num + 1" >/dev/null329 run_smatch $? $num || let "numfail = numfail + 1" >/dev/null330 185 331 186 # 332 187 # test standalone compilation 333 188 # 334 TEST="${S}standalone w/o mail${E}"189 TEST="${S}standalone agent w/o mail${E}" 335 190 # 336 191 if test -r "Makefile"; then … … 342 197 let "num = num + 1" >/dev/null 343 198 testmake $? $num || let "numfail = numfail + 1" >/dev/null 344 let "num = num + 1" >/dev/null345 run_smatch $? $num || let "numfail = numfail + 1" >/dev/null346 199 347 200 # 348 201 # test standalone compilation 349 202 # 350 TEST="${S}standalone w/o external${E}"203 TEST="${S}standalone agent w/o external scripts${E}" 351 204 # 352 205 if test -r "Makefile"; then … … 358 211 let "num = num + 1" >/dev/null 359 212 testmake $? $num || let "numfail = numfail + 1" >/dev/null 360 let "num = num + 1" >/dev/null361 run_smatch $? $num || let "numfail = numfail + 1" >/dev/null362 213 363 214 # echo; echo "${S}__ TEST CLIENT/SERVER __${E}"; echo; … … 376 227 let "num = num + 1" >/dev/null 377 228 testmake $? $num || let "numfail = numfail + 1" >/dev/null 378 let "num = num + 1" >/dev/null379 run_smatch $? $num || let "numfail = numfail + 1" >/dev/null380 229 381 230 if test -r "Makefile"; then … … 387 236 let "num = num + 1" >/dev/null 388 237 testmake $? $num || let "numfail = numfail + 1" >/dev/null 389 let "num = num + 1" >/dev/null390 run_smatch $? $num || let "numfail = numfail + 1" >/dev/null391 238 392 239 # … … 400 247 if [ -z "$GPG" ]; then 401 248 log_skip $num $MAXTEST 'gpg not in PATH' 402 let "num = num + 3" >/dev/null 249 let "num = num + 1" >/dev/null 250 log_skip $num $MAXTEST 'gpg not in PATH' 403 251 else 404 252 if test -r "Makefile"; then … … 409 257 # 410 258 testmake $? $num || let "numfail = numfail + 1" >/dev/null 411 let "num = num + 1" >/dev/null412 run_smatch $? $num || let "numfail = numfail + 1" >/dev/null413 259 # 414 260 if test -r "Makefile"; then … … 420 266 let "num = num + 1" >/dev/null 421 267 testmake $? $num || let "numfail = numfail + 1" >/dev/null 422 let "num = num + 1" >/dev/null423 run_smatch $? $num || let "numfail = numfail + 1" >/dev/null424 268 fi 425 269 … … 438 282 let "num = num + 1" >/dev/null 439 283 testmake $? $num || let "numfail = numfail + 1" >/dev/null 440 let "num = num + 1" >/dev/null441 run_smatch $? $num || let "numfail = numfail + 1" >/dev/null442 284 # 443 285 if test -r "Makefile"; then … … 449 291 let "num = num + 1" >/dev/null 450 292 testmake $? $num || let "numfail = numfail + 1" >/dev/null 451 let "num = num + 1" >/dev/null452 run_smatch $? $num || let "numfail = numfail + 1" >/dev/null453 293 454 294 # … … 465 305 let "num = num + 1" >/dev/null 466 306 testmake $? $num || let "numfail = numfail + 1" >/dev/null 467 let "num = num + 1" >/dev/null468 run_smatch $? $num debug || let "numfail = numfail + 1" >/dev/null469 307 # 470 308 if test -r "Makefile"; then … … 476 314 let "num = num + 1" >/dev/null 477 315 testmake $? $num || let "numfail = numfail + 1" >/dev/null 478 let "num = num + 1" >/dev/null479 run_smatch $? $num debug || let "numfail = numfail + 1" >/dev/null480 316 481 317 # … … 492 328 let "num = num + 1" >/dev/null 493 329 testmake $? $num || let "numfail = numfail + 1" >/dev/null 494 let "num = num + 1" >/dev/null495 run_smatch $? $num || let "numfail = numfail + 1" >/dev/null496 330 # 497 331 if test -r "Makefile"; then … … 503 337 let "num = num + 1" >/dev/null 504 338 testmake $? $num || let "numfail = numfail + 1" >/dev/null 505 let "num = num + 1" >/dev/null506 run_smatch $? $num || let "numfail = numfail + 1" >/dev/null507 339 508 340 # … … 519 351 let "num = num + 1" >/dev/null 520 352 testmake $? $num || let "numfail = numfail + 1" >/dev/null 521 let "num = num + 1" >/dev/null522 run_smatch $? $num || let "numfail = numfail + 1" >/dev/null523 353 # 524 354 if test -r "Makefile"; then … … 530 360 let "num = num + 1" >/dev/null 531 361 testmake $? $num || let "numfail = numfail + 1" >/dev/null 532 let "num = num + 1" >/dev/null533 run_smatch $? $num || let "numfail = numfail + 1" >/dev/null534 362 535 363 # … … 546 374 let "num = num + 1" >/dev/null 547 375 testmake $? $num || let "numfail = numfail + 1" >/dev/null 548 let "num = num + 1" >/dev/null549 run_smatch $? $num debug || let "numfail = numfail + 1" >/dev/null550 376 # 551 377 if test -r "Makefile"; then … … 557 383 let "num = num + 1" >/dev/null 558 384 testmake $? $num || let "numfail = numfail + 1" >/dev/null 559 let "num = num + 1" >/dev/null560 run_smatch $? $num debug || let "numfail = numfail + 1" >/dev/null561 385 562 386 # 563 387 # test client/server compilation 564 388 # 565 TEST="${S}client/server application w/o external ${E}"389 TEST="${S}client/server application w/o external scripts${E}" 566 390 # 567 391 if test -r "Makefile"; then … … 573 397 let "num = num + 1" >/dev/null 574 398 testmake $? $num || let "numfail = numfail + 1" >/dev/null 575 let "num = num + 1" >/dev/null576 run_smatch $? $num || let "numfail = numfail + 1" >/dev/null577 399 # 578 400 if test -r "Makefile"; then … … 584 406 let "num = num + 1" >/dev/null 585 407 testmake $? $num || let "numfail = numfail + 1" >/dev/null 586 let "num = num + 1" >/dev/null587 run_smatch $? $num || let "numfail = numfail + 1" >/dev/null588 589 [ -z "${SMATCH}" ] || { CC="${SAVE_CC}"; export CC; }590 408 591 409 log_end "COMPILE" -
/trunk/test/testext.sh
r30 r20 1 1 #! /bin/sh 2 3 #4 # Copyright Rainer Wichmann (2006)5 #6 # License Information:7 # This program is free software; you can redistribute it and/or modify8 # it under the terms of the GNU General Public License as published by9 # the Free Software Foundation; either version 2 of the License, or10 # (at your option) any later version.11 #12 # This program is distributed in the hope that it will be useful,13 # but WITHOUT ANY WARRANTY; without even the implied warranty of14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the15 # GNU General Public License for more details.16 #17 # You should have received a copy of the GNU General Public License18 # along with this program; if not, write to the Free Software19 # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.20 #21 2 22 3 MAXTEST=1; export MAXTEST … … 58 39 if test x$? = x0; then 59 40 [ -z "$verbose" ] || log_msg_ok "configure..."; 60 $MAKE > /dev/null 2>>test_log41 $MAKE > /dev/null 61 42 if test x$? = x0; then 62 43 [ -z "$verbose" ] || log_msg_ok "make..."; … … 98 79 rm -f $PW_DIR/pdbg.child 99 80 rm -f $PW_DIR/pdbg.main 100 ./samhain -p none 81 ./samhain -p none 101 82 102 83 # The shell is too fast ... -
/trunk/test/testhash.sh
r30 r20 1 1 #! /bin/sh 2 3 #4 # Copyright Rainer Wichmann (2006)5 #6 # License Information:7 # This program is free software; you can redistribute it and/or modify8 # it under the terms of the GNU General Public License as published by9 # the Free Software Foundation; either version 2 of the License, or10 # (at your option) any later version.11 #12 # This program is distributed in the hope that it will be useful,13 # but WITHOUT ANY WARRANTY; without even the implied warranty of14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the15 # GNU General Public License for more details.16 #17 # You should have received a copy of the GNU General Public License18 # along with this program; if not, write to the Free Software19 # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.20 #21 2 22 3 RCFILE="$PW_DIR/testrc_1.dyn"; export RCFILE -
/trunk/test/testrc_2.in
r30 r20 130 130 131 131 SetUseSocket = yes 132 SetSocketAllowUid=0133 SetSocketPassword=samhain134 132 135 133 SetClientFromAccept = yes -
/trunk/test/testrun_1.sh
r30 r20 1 1 #! /bin/sh 2 3 #4 # Copyright Rainer Wichmann (2006)5 #6 # License Information:7 # This program is free software; you can redistribute it and/or modify8 # it under the terms of the GNU General Public License as published by9 # the Free Software Foundation; either version 2 of the License, or10 # (at your option) any later version.11 #12 # This program is distributed in the hope that it will be useful,13 # but WITHOUT ANY WARRANTY; without even the implied warranty of14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the15 # GNU General Public License for more details.16 #17 # You should have received a copy of the GNU General Public License18 # along with this program; if not, write to the Free Software19 # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.20 #21 2 22 3 RCFILE="$PW_DIR/testrc_1.dyn"; export RCFILE … … 41 22 testrun1_setup=0 42 23 43 MAXTEST=1 1; export MAXTEST24 MAXTEST=10; export MAXTEST 44 25 45 26 test_dirs () { … … 65 46 fi 66 47 done 67 }68 69 #70 # combine file check schedule with one-shot mode71 #72 TESTPOLICY_11="73 [ReadOnly]74 dir=99${BASE}75 "76 77 mod_testdata_11 () {78 sleep 179 echo "foobar" >"${BASE}/c/x"; # bad80 chmod 0555 "${BASE}/a/y"; # bad81 ORIGINAL='SetFilecheckTime=60'82 REPLACEMENT='FileCheckScheduleOne = 6 12 * * *'83 ex $RCFILE <<EOF84 %s/${ORIGINAL}/${REPLACEMENT}/g85 wq86 EOF87 }88 89 chk_testdata_11 () {90 # CDIRS="a b c a/a a/b a/c a/a/a a/a/b a/a/c a/a/a/a a/a/a/b a/a/a/c";91 tmp=`grep CRIT $LOGFILE | wc -l`92 if [ $tmp -ne 2 ]; then93 [ -z "$verbose" ] || log_msg_fail "policy count";94 return 195 fi96 egrep "CRIT.*POLICY \[ReadOnly\] C-------TS.*${BASE}/c/x" $LOGFILE >/dev/null 2>&197 if [ $? -ne 0 ]; then98 [ -z "$verbose" ] || log_msg_fail "${BASE}/c/x";99 return 1100 fi101 egrep "CRIT.*POLICY \[ReadOnly\] -----M--T-.*${BASE}/a/y" $LOGFILE >/dev/null 2>&1102 if [ $? -ne 0 ]; then103 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/y";104 return 1105 fi106 CDIRS="a a/a a/b a/c c b a/a/a a/a/b a/a/c a/a/a/a a/a/a/b a/a/a/c";107 NDIRS="";108 test_dirs;109 return $?110 48 } 111 49 … … 811 749 run_init () 812 750 { 813 rm -f test_log_valgrind 814 815 ${VALGRIND} ./samhain -t init -p none 2>>test_log_valgrind 751 ./samhain -t init -p none 816 752 817 753 if test x$? = x0; then … … 825 761 run_check () 826 762 { 827 ${VALGRIND} ./samhain -t check -p none -l debug 2>>test_log_valgrind763 ./samhain -t check -p none -l debug 828 764 829 765 if test x$? = x0; then … … 842 778 run_update () 843 779 { 844 ${VALGRIND} ./samhain -t update -p none -l debug 2>>test_log_valgrind780 ./samhain -t update -p none -l debug 845 781 846 782 if test x$? = x0; then … … 856 792 rm -rf $LOGFILE 857 793 858 ${VALGRIND} ./samhain -t check -p none -l debug 2>>test_log_valgrind794 ./samhain -t check -p none -l debug 859 795 860 796 if test x$? = x0; then … … 865 801 return 1 866 802 fi 867 # 868 # wtmp may not be readable 869 # 870 tmp=`./samhain -j -L $LOGFILE | grep ERR | grep -v wtmp | wc -l` 803 tmp=`./samhain -j -L $LOGFILE | grep ERR | wc -l` 871 804 if [ $tmp -ne 0 ]; then 872 [ -z "$verbose" ] || log_msg_fail "errors during check"; 873 return 1 874 fi 875 # 876 [ -z "$VALGRIND" ] || { 877 tmp=`cat test_log_valgrind 2>/dev/null | wc -l`; 878 if [ $tmp -ne 0 ]; then 879 [ -z "$verbose" ] || log_msg_fail "valgrind reports errors"; 880 cat test_log_valgrind 881 return 1; 882 fi; 883 } 805 [ -z "$verbose" ] || log_msg_fail "update not successful(?)"; 806 return 1 807 fi 884 808 # 885 809 [ -z "$verbose" ] || log_msg_ok "check(2)..."; … … 892 816 prep_testdata () 893 817 { 894 if test -d "$BASE"; then 895 if [ -d "${BASE}" ]; then 896 chmod -R 0700 "${BASE}" || { 897 [ -z "$quiet" ] && log_msg_fail "chmod -R 0700 ${BASE}"; 898 return 1; 899 } 900 fi 901 fi 818 chmod -R 0700 "${BASE}" || { 819 [ -z "$quiet" ] && log_msg_fail "chmod -R 0700 ${BASE}"; 820 return 1; 821 } 902 822 903 823 rm -rf "${BASE}" || { … … 952 872 if test x$? = x0; then 953 873 [ -z "$verbose" ] || log_msg_ok "configure..."; 954 $MAKE > /dev/null 2>>test_log874 $MAKE > /dev/null 955 875 if test x$? = x0; then 956 876 [ -z "$verbose" ] || log_msg_ok "make..."; -
/trunk/test/testrun_1a.sh
r30 r20 1 1 #! /bin/sh 2 3 #4 # Copyright Rainer Wichmann (2006)5 #6 # License Information:7 # This program is free software; you can redistribute it and/or modify8 # it under the terms of the GNU General Public License as published by9 # the Free Software Foundation; either version 2 of the License, or10 # (at your option) any later version.11 #12 # This program is distributed in the hope that it will be useful,13 # but WITHOUT ANY WARRANTY; without even the implied warranty of14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the15 # GNU General Public License for more details.16 #17 # You should have received a copy of the GNU General Public License18 # along with this program; if not, write to the Free Software19 # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.20 #21 2 22 3 BUILDOPTS="--quiet $TRUST --enable-debug --enable-xml-log --enable-micro-stealth=137 --enable-login-watch --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$RCFILE --with-log-file=$LOGFILE --with-pid-file=$PW_DIR/.samhain_lock --with-data-file=$PW_DIR/.samhain_file" -
/trunk/test/testrun_1b.sh
r30 r20 1 1 #! /bin/sh 2 2 3 #4 # Copyright Rainer Wichmann (2006)5 #6 # License Information:7 # This program is free software; you can redistribute it and/or modify8 # it under the terms of the GNU General Public License as published by9 # the Free Software Foundation; either version 2 of the License, or10 # (at your option) any later version.11 #12 # This program is distributed in the hope that it will be useful,13 # but WITHOUT ANY WARRANTY; without even the implied warranty of14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the15 # GNU General Public License for more details.16 #17 # You should have received a copy of the GNU General Public License18 # along with this program; if not, write to the Free Software19 # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.20 #21 3 22 4 MAXTEST=2; export MAXTEST … … 33 15 # 34 16 if test -r "Makefile"; then 35 $MAKE distclean >/dev/null >&117 $MAKE distclean >/dev/null 36 18 fi 37 19 # … … 42 24 if test x$? = x0; then 43 25 [ -z "$verbose" ] || log_msg_ok "configure..."; 44 $MAKE > /dev/null 2>&126 $MAKE > /dev/null 45 27 if test x$? = x0; then 46 28 [ -z "$verbose" ] || log_msg_ok "make..."; -
/trunk/test/testrun_2.sh
r30 r20 1 1 #! /bin/sh 2 3 #4 # Copyright Rainer Wichmann (2006)5 #6 # License Information:7 # This program is free software; you can redistribute it and/or modify8 # it under the terms of the GNU General Public License as published by9 # the Free Software Foundation; either version 2 of the License, or10 # (at your option) any later version.11 #12 # This program is distributed in the hope that it will be useful,13 # but WITHOUT ANY WARRANTY; without even the implied warranty of14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the15 # GNU General Public License for more details.16 #17 # You should have received a copy of the GNU General Public License18 # along with this program; if not, write to the Free Software19 # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.20 #21 2 22 3 LOGFILE="$PW_DIR/.samhain_log"; export LOGFILE 23 4 RCFILE="$PW_DIR/testrc_2"; export RCFILE 24 HTML="$PW_DIR/yule.html"; export HTML25 5 26 6 … … 32 12 echo; 33 13 } 34 35 rm -f test_log_valgrind 36 37 ${VALGRIND} ./yule.2 -l info -p none >/dev/null 2>>test_log_valgrind & 38 PROC_Y2=$! 39 sleep 5 40 41 [ -z "$verbose" ] || { 42 echo; 43 echo "${S}Start Server #2${E}: ./yule.2 -l info -p none &"; 44 echo; 45 } 46 47 ${VALGRIND} ./yule -l info -p none -e info --bind-address=127.0.0.1 \ 48 --server-port=49778 >/dev/null 2>>test_log_valgrind & 14 ./yule -l info -p none >/dev/null 2>&1 & 49 15 PROC_Y=$! 50 16 sleep 5 … … 56 22 } 57 23 58 ${VALGRIND} ./samhain.new -t check -p none -l none -e info --bind-address=127.0.0.1 >/dev/null 2>>test_log_valgrind24 ./samhain.new -t check -p none -l none -e info --bind-address=127.0.0.1 >/dev/null 2>&1 59 25 if test x$? = x0; then 60 26 [ -z "$verbose" ] || log_msg_ok "samhain.new -t check"; … … 62 28 [ -z "$quiet" ] && log_msg_fail "samhain.new -t check"; 63 29 kill $PROC_Y 64 kill $PROC_Y265 30 return 1 66 31 fi 67 32 68 33 kill $PROC_Y 69 kill $PROC_Y2 70 sleep 5 71 72 # cp ${LOGFILE} triple_test 73 # cp ${LOGFILE}2 triple_test_2 74 75 egrep "START(>|\").*Yule(>|\")" ${LOGFILE}2 >/dev/null 2>&1 76 if [ $? -ne 0 ]; then 77 [ -z "$verbose" ] || log_msg_fail "Server #2 start"; 78 return 1 79 fi 80 egrep "remote_host.*Checking.*/bin" ${LOGFILE}2 >/dev/null 2>&1 81 if [ $? -ne 0 ]; then 82 [ -z "$verbose" ] || log_msg_fail "Client file check (relayed)"; 83 return 1 84 fi 85 egrep "remote_host.*EXIT.*Samhain" ${LOGFILE}2 >/dev/null 2>&1 86 if [ $? -ne 0 ]; then 87 [ -z "$verbose" ] || log_msg_fail "Client exit (relayed)"; 88 return 1 89 fi 90 egrep "EXIT.*Yule.*SIGTERM" ${LOGFILE}2 >/dev/null 2>&1 91 if [ $? -ne 0 ]; then 92 [ -z "$verbose" ] || log_msg_fail "Server #2 exit"; 93 return 1 94 fi 95 34 sleep 5 96 35 97 36 egrep "START(>|\").*Yule(>|\")" $LOGFILE >/dev/null 2>&1 … … 120 59 return 1 121 60 fi 122 123 [ -z "$VALGRIND" ] || { 124 tmp=`cat test_log_valgrind 2>/dev/null | wc -l`; 125 if [ $tmp -ne 0 ]; then 126 [ -z "$verbose" ] || log_msg_fail "valgrind reports errors"; 127 cat test_log_valgrind 128 return 1; 129 fi; 130 } 61 131 62 132 63 return 0 … … 138 69 REPLACEMENT="UseSeparateLogs=yes" 139 70 ex $RCFILE <<EOF 140 %s/$ORIGINAL/$REPLACEMENT/g141 wq71 :%s/$ORIGINAL/$REPLACEMENT/g 72 :wq 142 73 EOF 143 74 # :%s is the "ex" substitution command. … … 150 81 151 82 rm -f $LOGFILE 152 rm -f test_log_valgrind 153 154 ${VALGRIND} ./yule -l info -p none >/dev/null 2>>test_log_valgrind & 83 84 ./yule -l info -p none >/dev/null 2>&1 & 155 85 PROC_Y=$! 156 86 sleep 5 … … 162 92 } 163 93 164 ${VALGRIND} ./samhain.new -t check -p none -l none -e info --bind-address=127.0.0.1 >/dev/null 2>>test_log_valgrind94 ./samhain.new -t check -p none -l none -e info --bind-address=127.0.0.1 >/dev/null 2>&1 165 95 if test x$? = x0; then 166 96 [ -z "$verbose" ] || log_msg_ok "samhain.new -t check"; … … 182 112 CLIENTLOG="${LOGFILE}.${remhost}" 183 113 else 184 tail -n 1 ${SCRIPTDIR}/test.sh >/dev/null 2>&1 185 if [ $? -eq 0 ]; then 186 CLIENTLOG=`ls -1 ${LOGFILE}.* 2>/dev/null | tail -n 1` 187 else 188 CLIENTLOG=`ls -1 ${LOGFILE}.* 2>/dev/null | tail -1` 189 fi 114 CLIENTLOG=`ls -1 ${LOGFILE}.* | tail -n 1` 190 115 fi 191 116 … … 215 140 return 1 216 141 fi 217 218 [ -z "$VALGRIND" ] || {219 tmp=`cat test_log_valgrind 2>/dev/null | wc -l`;220 if [ $tmp -ne 0 ]; then221 [ -z "$verbose" ] || log_msg_fail "valgrind reports errors";222 cat test_log_valgrind223 return 1;224 fi;225 }226 142 227 143 rm -f ${LOGFILE}.${remhost} … … 240 156 REPLACEMENT_4="SetClientTimeLimit=20" 241 157 ex $RCFILE <<EOF 242 %s/${ORIGINAL_1}/${REPLACEMENT_1}/g243 %s/${ORIGINAL_2}/${REPLACEMENT_2}/g244 %s/${ORIGINAL_3}/${REPLACEMENT_3}/g245 %s/${ORIGINAL_4}/${REPLACEMENT_4}/g246 wq158 :%s/${ORIGINAL_1}/${REPLACEMENT_1}/g 159 :%s/${ORIGINAL_2}/${REPLACEMENT_2}/g 160 :%s/${ORIGINAL_3}/${REPLACEMENT_3}/g 161 :%s/${ORIGINAL_4}/${REPLACEMENT_4}/g 162 :wq 247 163 EOF 248 164 # :%s is the "ex" substitution command. … … 255 171 256 172 rm -f $LOGFILE 257 rm -f test_log_valgrind 258 259 ${VALGRIND} ./yule -p none -e none >/dev/null 2>>test_log_valgrind & 173 174 ./yule -p none >/dev/null 2>&1 & 260 175 PROC_Y=$! 261 176 sleep 5 … … 267 182 } 268 183 269 ${VALGRIND} ./samhain.new -t check -p none -l none --forever --bind-address=127.0.0.1 >/dev/null 2>>test_log_valgrind&184 ./samhain.new -t check -p none -l none --forever --bind-address=127.0.0.1 >/dev/null 2>&1 & 270 185 if test x$? = x0; then 271 186 PROC_S=$! … … 316 231 return 1 317 232 fi 318 319 [ -z "$VALGRIND" ] || {320 tmp=`cat test_log_valgrind 2>/dev/null | wc -l`;321 if [ $tmp -ne 0 ]; then322 [ -z "$verbose" ] || log_msg_fail "valgrind reports errors";323 cat test_log_valgrind324 return 1;325 fi;326 }327 233 328 rm -f ${LOGFILE} 234 rm -f ${LOGFILE}.${remhost} 329 235 return 0 330 236 } 331 332 do_test_4 () {333 334 # don't know what is supported on the test platform, so335 # prepare for both (password and socket credential)336 337 # 'id -u' is posix338 me=`id -u`339 340 ORIGINAL_1="SetSocketAllowUid=0"341 REPLACEMENT_1="SetSocketAllowUid=$me"342 ex $RCFILE <<EOF343 %s/${ORIGINAL_1}/${REPLACEMENT_1}/g344 wq345 EOF346 347 [ -z "$verbose" ] || {348 echo;349 echo "${S}Start Server${E}: ./yule -l info -p none &";350 echo;351 }352 353 rm -f $LOGFILE354 rm -f test_log_valgrind355 356 ${VALGRIND} ./yule -l info -p none -e none \357 >/dev/null 2>>test_log_valgrind &358 PROC_Y=$!359 sleep 5360 361 [ -z "$verbose" ] || {362 echo;363 echo "${S}Start Client${E}: ./samhain.new -l none -p none -e info -t check";364 echo;365 }366 367 $MAKE yulectl >/dev/null368 if [ $? -ne 0 ]; then369 [ -z "$verbose" ] || log_msg_fail "make yulectl";370 kill $PROC_Y371 return 1372 fi373 374 375 ./yulectl -v -c RELOAD foobar1 >test_log_yulectl 2>/dev/null376 377 if [ $? -ne 0 ]; then378 YULECTL_PASSWORD=samhain; export YULECTL_PASSWORD379 ./yulectl -v -c RELOAD foobar1 >test_log_yulectl380 if [ $? -ne 0 ]; then381 kill ${PROC_Y}382 [ -z "$verbose" ] || log_msg_fail "yulectl";383 return 1384 fi385 fi386 387 ./yulectl -v -c RELOAD foobar2 >test_yulectl_log388 389 if [ $? -ne 0 ]; then390 kill ${PROC_Y}391 [ -z "$verbose" ] || log_msg_fail "yulectl";392 return 1393 fi394 395 ./yulectl -v -c RELOAD foobar3 >test_log_yulectl396 397 if [ $? -ne 0 ]; then398 kill ${PROC_Y}399 [ -z "$verbose" ] || log_msg_fail "yulectl";400 return 1401 fi402 403 ./yulectl -v -c LISTALL dummy >test_log_yulectl404 405 if [ $? -ne 0 ]; then406 kill ${PROC_Y}407 [ -z "$verbose" ] || log_msg_fail "yulectl";408 return 1409 fi410 411 tmp=`cat test_log_yulectl | grep RELOAD | wc -l`412 if [ $tmp -ne 3 ]; then413 kill ${PROC_Y}414 [ -z "$verbose" ] || log_msg_fail "command confirmation";415 return 1416 fi417 418 ./yulectl -v -c CANCEL foobar3 >test_log_yulectl419 420 if [ $? -ne 0 ]; then421 kill ${PROC_Y}422 [ -z "$verbose" ] || log_msg_fail "yulectl";423 return 1424 fi425 426 ./yulectl -v -c LISTALL dummy >test_log_yulectl427 428 if [ $? -ne 0 ]; then429 kill ${PROC_Y}430 [ -z "$verbose" ] || log_msg_fail "yulectl";431 return 1432 fi433 434 tmp=`cat test_log_yulectl | grep RELOAD | wc -l`435 if [ $tmp -ne 2 ]; then436 kill ${PROC_Y}437 [ -z "$verbose" ] || log_msg_fail "command confirmation";438 return 1439 fi440 441 kill ${PROC_Y}442 sleep 2443 kill -9 ${PROC_Y} >/dev/null 2>&1444 445 [ -z "$VALGRIND" ] || {446 tmp=`cat test_log_valgrind 2>/dev/null | wc -l`;447 if [ $tmp -ne 0 ]; then448 [ -z "$verbose" ] || log_msg_fail "valgrind reports errors";449 cat test_log_valgrind450 return 1;451 fi;452 }453 454 return 0455 }456 457 do_test_5 () {458 459 [ -z "$verbose" ] || {460 echo;461 echo "${S}Start Server${E}: ./yule -l info -p none &";462 echo;463 }464 465 ( cat <<EOF466 <!-- head -->467 <html><head><title>test</title></head>468 <body>469 Current time: %T <br>470 <table>471 <!-- ehead -->472 EOF473 ) >head.html474 475 ( cat <<EOF476 <!-- foot -->477 </table>478 </body>479 <!-- efoot -->480 EOF481 ) >foot.html482 483 ( cat <<EOF484 <!-- entry -->485 <tr>486 <td>%H</td>487 <td>%S</td>488 <td>%T</td>489 </tr>490 <!-- eentry -->491 EOF492 ) >entry.html493 494 ${VALGRIND} ./yule -l info -p none -e none \495 >/dev/null 2>>test_log_valgrind &496 PROC_Y=$!497 sleep 5498 499 egrep '<!-- head -->' $HTML >/dev/null 2>&1500 if [ $? -ne 0 ]; then501 # rm -f head.html; rm -f foot.html; rm -f entry.html;502 kill $PROC_Y503 [ -z "$verbose" ] || log_msg_fail "head.html (1)";504 return 1505 fi506 507 egrep '<!-- foot -->' $HTML >/dev/null 2>&1508 if [ $? -ne 0 ]; then509 rm -f head.html; rm -f foot.html; rm -f entry.html;510 kill $PROC_Y511 [ -z "$verbose" ] || log_msg_fail "foot.html (1)";512 return 1513 fi514 515 [ -z "$verbose" ] || {516 echo;517 echo "${S}Start Client${E}: ./samhain.new -l none -p none -e info -t check";518 echo;519 }520 521 ${VALGRIND} ./samhain.new -t check -p none -l none -e info --bind-address=127.0.0.1 >/dev/null 2>>test_log_valgrind522 if test x$? = x0; then523 [ -z "$verbose" ] || log_msg_ok "samhain.new -t check";524 else525 kill $PROC_Y526 [ -z "$quiet" ] && log_msg_fail "samhain.new -t check";527 return 1528 fi529 530 kill $PROC_Y531 sleep 5532 533 # rm -f head.html; rm -f foot.html; rm -f entry.html;534 535 egrep "START(>|\").*Yule(>|\")" $LOGFILE >/dev/null 2>&1536 if [ $? -ne 0 ]; then537 [ -z "$verbose" ] || log_msg_fail "Server start";538 return 1539 fi540 egrep "NEW CLIENT" $LOGFILE >/dev/null 2>&1541 if [ $? -ne 0 ]; then542 [ -z "$verbose" ] || log_msg_fail "Client connect";543 return 1544 fi545 egrep "remote_host.*Checking.*/bin" $LOGFILE >/dev/null 2>&1546 if [ $? -ne 0 ]; then547 [ -z "$verbose" ] || log_msg_fail "Client file check";548 return 1549 fi550 egrep "remote_host.*EXIT.*Samhain" $LOGFILE >/dev/null 2>&1551 if [ $? -ne 0 ]; then552 [ -z "$verbose" ] || log_msg_fail "Client exit";553 return 1554 fi555 egrep "EXIT.*Yule.*SIGTERM" $LOGFILE >/dev/null 2>&1556 if [ $? -ne 0 ]; then557 [ -z "$verbose" ] || log_msg_fail "Server exit";558 return 1559 fi560 561 egrep '<!-- head -->' $HTML >/dev/null 2>&1562 if [ $? -ne 0 ]; then563 [ -z "$verbose" ] || log_msg_fail "head.html";564 return 1565 fi566 egrep '<!-- ehead -->' $HTML >/dev/null 2>&1567 if [ $? -ne 0 ]; then568 [ -z "$verbose" ] || log_msg_fail "end head.html";569 return 1570 fi571 572 egrep '<!-- entry -->' $HTML >/dev/null 2>&1573 if [ $? -ne 0 ]; then574 [ -z "$verbose" ] || log_msg_fail "entry.html";575 return 1576 fi577 egrep '<!-- eentry -->' $HTML >/dev/null 2>&1578 if [ $? -ne 0 ]; then579 [ -z "$verbose" ] || log_msg_fail "end entry.html";580 return 1581 fi582 583 egrep '<!-- foot -->' $HTML >/dev/null 2>&1584 if [ $? -ne 0 ]; then585 [ -z "$verbose" ] || log_msg_fail "foot.html";586 return 1587 fi588 egrep '<!-- efoot -->' $HTML >/dev/null 2>&1589 if [ $? -ne 0 ]; then590 [ -z "$verbose" ] || log_msg_fail "end foot.html";591 return 1592 fi593 594 [ -z "$VALGRIND" ] || {595 tmp=`cat test_log_valgrind 2>/dev/null | wc -l`;596 if [ $tmp -ne 0 ]; then597 [ -z "$verbose" ] || log_msg_fail "valgrind reports errors";598 cat test_log_valgrind599 return 1;600 fi;601 }602 603 return 0604 }605 606 237 607 238 testrun2_internal () … … 637 268 fi 638 269 639 # save binary and build server 2270 # save binary and build server 640 271 # 641 272 cp samhain samhain.build || return 1 642 $MAKEclean >/dev/null || return 1643 644 ${TOP_SRCDIR}/configure --quiet $TRUST --enable-debug --enable-network=server --enable-xml-log --enable-login-watch --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$ {RCFILE}2 --with-log-file=${LOGFILE}2 --with-pid-file=$PW_DIR/.samhain_lock2 --with-html-file=${HTML}2 --with-state-dir=$PW_DIR --enable-encrypt=2 --with-port=49778273 make clean >/dev/null || return 1 274 275 ${TOP_SRCDIR}/configure --quiet $TRUST --enable-debug --enable-network=server --enable-xml-log --enable-login-watch --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$RCFILE --with-log-file=$LOGFILE --with-pid-file=$PW_DIR/.samhain_lock --with-data-file=$PW_DIR/.samhain_file --enable-identity=rainer --enable-encrypt=2 645 276 # 646 277 if test x$? = x0; then … … 659 290 fi 660 291 661 # save binary and build server662 #663 cp yule yule.2 || return 1664 $MAKE clean >/dev/null || return 1665 666 ${TOP_SRCDIR}/configure --quiet $TRUST --enable-debug --enable-network=server --enable-xml-log --enable-login-watch --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$RCFILE --with-log-file=$LOGFILE --with-pid-file=$PW_DIR/.samhain_lock --with-html-file=$HTML --with-state-dir=$PW_DIR --enable-encrypt=2667 #668 if test x$? = x0; then669 [ -z "$verbose" ] || log_msg_ok "configure...";670 $MAKE > /dev/null 2>>test_log671 if test x$? = x0; then672 [ -z "$verbose" ] || log_msg_ok "make...";673 else674 [ -z "$quiet" ] && log_msg_fail "make...";675 return 1676 fi677 678 else679 [ -z "$quiet" ] && log_msg_fail "configure...";680 return 1681 fi682 683 292 684 293 ##################################################################### … … 721 330 mv samhain.build.new samhain.new || return 1 722 331 723 # Set in server 724 725 ./samhain_setpwd yule new $SHPW >/dev/null 726 727 if test x$? = x0; then 728 [ -z "$verbose" ] || log_msg_ok "./samhain_setpwd yule new $SHPW"; 729 else 730 [ -z "$quiet" ] && log_msg_fail "./samhain_setpwd yule new $SHPW"; 731 return 1 732 fi 733 734 mv yule.new yule || return 1 735 736 # 737 738 rm -f ./.samhain_log* 739 rm -f ./.samhain_lock* 740 741 SHCLT=`./yule -P $SHPW` 332 rm -f ./.samhain_log.* 333 rm -f ./.samhain_lock 334 335 SHCLT=`./yule -P $SHPW | sed s%HOSTNAME%${SH_LOCALHOST}%` 742 336 743 337 if test x$? = x0; then … … 748 342 fi 749 343 750 SHCLT1=`echo "${SHCLT}" | sed s%HOSTNAME%${SH_LOCALHOST}%` 751 AHOST=`find_hostname` 752 SHCLT2=`echo "${SHCLT}" | sed s%HOSTNAME%${AHOST}%` 753 754 755 echo $SHCLT1 >> testrc_2 756 echo $SHCLT2 >> testrc_2 757 cp testrc_2 testrc_22 344 echo $SHCLT >> testrc_2 758 345 759 346 do_test_1 … … 766 353 do_test_2 767 354 if [ $? -eq 0 ]; then 768 [ -z "$quiet" ] && log_ok 2 ${MAXTEST} "Client logging, sep arate logfiles";769 else 770 [ -z "$quiet" ] && log_fail 2 ${MAXTEST} "Client logging, sep arate logfiles";355 [ -z "$quiet" ] && log_ok 2 ${MAXTEST} "Client logging, seperate logfiles"; 356 else 357 [ -z "$quiet" ] && log_fail 2 ${MAXTEST} "Client logging, seperate logfiles"; 771 358 fi 772 359 … … 778 365 fi 779 366 780 do_test_4781 if [ $? -eq 0 ]; then782 [ -z "$quiet" ] && log_ok 4 ${MAXTEST} "Server command socket";783 else784 [ -z "$quiet" ] && log_fail 4 ${MAXTEST} "Server command socket";785 fi786 787 do_test_5788 if [ $? -eq 0 ]; then789 [ -z "$quiet" ] && log_ok 5 ${MAXTEST} "Server status file";790 else791 [ -z "$quiet" ] && log_fail 5 ${MAXTEST} "Server status file";792 fi793 794 367 return $? 795 368 } 796 369 797 MAXTEST= 5; export MAXTEST370 MAXTEST=3; export MAXTEST 798 371 799 372 testrun2 () -
/trunk/test/testrun_2a.sh
r30 r20 1 1 #! /bin/sh 2 3 #4 # Copyright Rainer Wichmann (2006)5 #6 # License Information:7 # This program is free software; you can redistribute it and/or modify8 # it under the terms of the GNU General Public License as published by9 # the Free Software Foundation; either version 2 of the License, or10 # (at your option) any later version.11 #12 # This program is distributed in the hope that it will be useful,13 # but WITHOUT ANY WARRANTY; without even the implied warranty of14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the15 # GNU General Public License for more details.16 #17 # You should have received a copy of the GNU General Public License18 # along with this program; if not, write to the Free Software19 # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.20 #21 2 22 3 LOGFILE="$PW_DIR/.samhain_log"; export LOGFILE … … 25 6 SERVER_BUILDOPTS="--quiet $TRUST --enable-network=server --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=REQ_FROM_SERVER$PW_DIR/testrc_2 --with-data-file=REQ_FROM_SERVER$PW_DIR/.samhain_file --with-logserver=${SH_LOCALHOST} --with-log-file=$PW_DIR/.samhain_log --with-pid-file=$PW_DIR/.samhain_lock"; export SERVER_BUILDOPTS 26 7 27 CLIENT_BUILDOPTS="--quiet $TRUST --enable-debug --enable-network=client --enable-srp --prefix=$PW_DIR -- with-tmp-dir=$PW_DIR --localstatedir=$PW_DIR --with-config-file=REQ_FROM_SERVER$RCFILE --with-data-file=REQ_FROM_SERVER$PW_DIR/.samhain_file --with-logserver=localhost --with-log-file=$LOGFILE --with-pid-file=$PW_DIR/.samhain_lock"; export CLIENT_BUILDOPTS8 CLIENT_BUILDOPTS="--quiet $TRUST --enable-debug --enable-network=client --enable-srp --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=REQ_FROM_SERVER$RCFILE --with-data-file=REQ_FROM_SERVER$PW_DIR/.samhain_file --with-logserver=localhost --with-log-file=$LOGFILE --with-pid-file=$PW_DIR/.samhain_lock"; export CLIENT_BUILDOPTS 28 9 29 10 do_test_1_a () { … … 34 15 echo; 35 16 } 36 rm -f test_log_valgrind 37 38 ${VALGRIND} ./yule -l info -p none >/dev/null 2>>test_log_valgrind & 17 ./yule -l info -p none >/dev/null 2>&1 & 39 18 PROC_Y=$! 40 19 sleep 5 … … 46 25 } 47 26 48 ${VALGRIND} ./samhain.new -t check -p none -l none -e info --bind-address=127.0.0.1 >/dev/null 2>>test_log_valgrind27 ./samhain.new -t check -p none -l none -e info --bind-address=127.0.0.1 >/dev/null 2>&1 49 28 if test x$? = x0; then 50 29 [ -z "$verbose" ] || log_msg_ok "samhain.new -t check"; … … 84 63 fi 85 64 86 [ -z "$VALGRIND" ] || {87 tmp=`cat test_log_valgrind 2>/dev/null | wc -l`;88 if [ $tmp -ne 0 ]; then89 [ -z "$verbose" ] || log_msg_fail "valgrind reports errors";90 cat test_log_valgrind91 return 1;92 fi;93 }94 65 95 66 return 0 … … 131 102 # 132 103 cp samhain samhain.build || return 1 133 $MAKEclean >/dev/null || return 1104 make clean >/dev/null || return 1 134 105 135 106 ${TOP_SRCDIR}/configure ${SERVER_BUILDOPTS} … … 159 130 rm -f ./rc.${SH_LOCALHOST} 160 131 rm -f ./file.${SH_LOCALHOST} 161 rm -f "./rc.${ALTHOST}"162 rm -f "./file.${ALTHOST}"163 132 164 133 cp ${SCRIPTDIR}/testrc_2.in testrc_2 … … 197 166 rm -f ./.samhain_lock 198 167 199 SHCLT=`./yule -P $SHPW `168 SHCLT=`./yule -P $SHPW | sed s%HOSTNAME%${SH_LOCALHOST}%` 200 169 201 170 if test x$? = x0; then … … 206 175 fi 207 176 208 SHCLT1=`echo "${SHCLT}" | sed s%HOSTNAME%${SH_LOCALHOST}%` 209 AHOST=`find_hostname` 210 SHCLT2=`echo "${SHCLT}" | sed s%HOSTNAME%${AHOST}%` 211 212 213 echo $SHCLT1 >> testrc_2 214 echo $SHCLT2 >> testrc_2 215 177 echo $SHCLT >> testrc_2 216 178 217 179 cp ./testrc_2 ./rc.${SH_LOCALHOST} … … 224 186 } 225 187 226 MAXTEST= 5; export MAXTEST188 MAXTEST=1; export MAXTEST 227 189 228 190 testrun2a () … … 237 199 # 238 200 testrun2a_internal 201 # 239 202 do_test_1_a 240 203 if [ $? -eq 0 ]; then … … 242 205 else 243 206 [ -z "$quiet" ] && log_fail 1 ${MAXTEST} "Client download+logging"; 244 fi245 #246 SERVER_BUILDOPTS_ORIG="${SERVER_BUILDOPTS}"247 CLIENT_BUILDOPTS_ORIG="${CLIENT_BUILDOPTS}"248 #249 SERVER_BUILDOPTS="${SERVER_BUILDOPTS_ORIG} --disable-srp"250 CLIENT_BUILDOPTS="${CLIENT_BUILDOPTS_ORIG} --disable-srp"251 #252 testrun2a_internal253 do_test_1_a254 if [ $? -eq 0 ]; then255 [ -z "$quiet" ] && log_ok 2 ${MAXTEST} "SRP disabled";256 else257 [ -z "$quiet" ] && log_fail 2 ${MAXTEST} "SRP disabled";258 fi259 #260 SERVER_BUILDOPTS="${SERVER_BUILDOPTS_ORIG} --disable-encrypt"261 CLIENT_BUILDOPTS="${CLIENT_BUILDOPTS_ORIG} --disable-encrypt"262 #263 testrun2a_internal264 do_test_1_a265 if [ $? -eq 0 ]; then266 [ -z "$quiet" ] && log_ok 3 ${MAXTEST} "Encryption disabled";267 else268 [ -z "$quiet" ] && log_fail 3 ${MAXTEST} "Encryption disabled";269 fi270 #271 SERVER_BUILDOPTS="${SERVER_BUILDOPTS_ORIG} --enable-encrypt=1"272 CLIENT_BUILDOPTS="${CLIENT_BUILDOPTS_ORIG} --enable-encrypt=1"273 #274 testrun2a_internal275 do_test_1_a276 if [ $? -eq 0 ]; then277 [ -z "$quiet" ] && log_ok 4 ${MAXTEST} "Encryption (v1)";278 else279 [ -z "$quiet" ] && log_fail 4 ${MAXTEST} "Encryption (v1)";280 fi281 #282 SERVER_BUILDOPTS="${SERVER_BUILDOPTS_ORIG}"283 CLIENT_BUILDOPTS="${CLIENT_BUILDOPTS_ORIG} --enable-encrypt=1"284 #285 testrun2a_internal286 do_test_1_a287 if [ $? -eq 0 ]; then288 [ -z "$quiet" ] && log_ok 5 ${MAXTEST} "Encryption backward compat";289 else290 [ -z "$quiet" ] && log_fail 5 ${MAXTEST} "Encryption backward compat";291 207 fi 292 208 # -
/trunk/test/testrun_2b.sh
r30 r20 1 1 #! /bin/sh 2 3 #4 # Copyright Rainer Wichmann (2006)5 #6 # License Information:7 # This program is free software; you can redistribute it and/or modify8 # it under the terms of the GNU General Public License as published by9 # the Free Software Foundation; either version 2 of the License, or10 # (at your option) any later version.11 #12 # This program is distributed in the hope that it will be useful,13 # but WITHOUT ANY WARRANTY; without even the implied warranty of14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the15 # GNU General Public License for more details.16 #17 # You should have received a copy of the GNU General Public License18 # along with this program; if not, write to the Free Software19 # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.20 #21 2 22 3 LOGFILE="$PW_DIR/.samhain_log"; export LOGFILE … … 26 7 SERVER_BUILDOPTS="--quiet $TRUST --enable-network=server --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=REQ_FROM_SERVER$PW_DIR/testrc_2 --with-data-file=REQ_FROM_SERVER$PW_DIR/.samhain_file --with-logserver=${SH_LOCALHOST} --with-log-file=$PW_DIR/.samhain_log --with-pid-file=$PW_DIR/.samhain_lock"; export SERVER_BUILDOPTS 27 8 28 CLIENT_BUILDOPTS="--quiet $TRUST --enable-micro-stealth=137 --enable-debug --enable-network=client --enable-srp --prefix=$PW_DIR -- with-tmp-dir=$PW_DIR --localstatedir=$PW_DIR --with-config-file=REQ_FROM_SERVER${RCFILE_C} --with-data-file=REQ_FROM_SERVER$PW_DIR/.samhain_file --with-logserver=localhost --with-log-file=$LOGFILE --with-pid-file=$PW_DIR/.samhain_lock"; export CLIENT_BUILDOPTS9 CLIENT_BUILDOPTS="--quiet $TRUST --enable-micro-stealth=137 --enable-debug --enable-network=client --enable-srp --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=REQ_FROM_SERVER${RCFILE_C} --with-data-file=REQ_FROM_SERVER$PW_DIR/.samhain_file --with-logserver=localhost --with-log-file=$LOGFILE --with-pid-file=$PW_DIR/.samhain_lock"; export CLIENT_BUILDOPTS 29 10 30 11 testrun2b_internal () … … 80 61 81 62 cp samhain samhain.build || return 1 82 $MAKEclean >/dev/null || return 163 make clean >/dev/null || return 1 83 64 84 65 ${TOP_SRCDIR}/configure ${SERVER_BUILDOPTS} … … 144 125 rm -f ./.samhain_lock 145 126 146 SHCLT=`./yule -P $SHPW `127 SHCLT=`./yule -P $SHPW | sed s%HOSTNAME%${SH_LOCALHOST}%` 147 128 148 129 if test x$? = x0; then … … 153 134 fi 154 135 155 SHCLT1=`echo "${SHCLT}" | sed s%HOSTNAME%${SH_LOCALHOST}%` 156 AHOST=`find_hostname` 157 SHCLT2=`echo "${SHCLT}" | sed s%HOSTNAME%${AHOST}%` 158 159 160 echo $SHCLT1 >> testrc_2 161 echo $SHCLT2 >> testrc_2 162 136 echo $SHCLT >> testrc_2 163 137 164 138 cp "${RCFILE_C}" ./rc.${SH_LOCALHOST} … … 166 140 167 141 ALTHOST=`find_hostname` 168 cp "${RCFILE_C}""./rc.${ALTHOST}"142 cp ./testrc_2 "./rc.${ALTHOST}" 169 143 cp ./file.${SH_LOCALHOST} "./file.${ALTHOST}" 2>/dev/null 170 144 } … … 192 166 193 167 testrun2b_internal "$GPG" 194 195 SAVE_VALGRIND="${VALGRIND}"; VALGRIND=''; export VALGRIND 168 196 169 do_test_1_a 197 VALGRIND="${SAVE_VALGRIND}"; export VALGRIND198 170 if [ $? -eq 0 ]; then 199 171 [ -z "$quiet" ] && log_ok 1 ${MAXTEST} "Client download+logging w/gpg"; -
/trunk/test/testrun_2c.sh
r30 r20 1 1 #! /bin/sh 2 3 #4 # Copyright Rainer Wichmann (2006)5 #6 # License Information:7 # This program is free software; you can redistribute it and/or modify8 # it under the terms of the GNU General Public License as published by9 # the Free Software Foundation; either version 2 of the License, or10 # (at your option) any later version.11 #12 # This program is distributed in the hope that it will be useful,13 # but WITHOUT ANY WARRANTY; without even the implied warranty of14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the15 # GNU General Public License for more details.16 #17 # You should have received a copy of the GNU General Public License18 # along with this program; if not, write to the Free Software19 # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.20 #21 2 22 3 SERVER_BUILDOPTS="--quiet $TRUST --enable-xml-log --enable-debug --enable-network=server --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=REQ_FROM_SERVER$PW_DIR/testrc_2 --with-data-file=REQ_FROM_SERVER$PW_DIR/.samhain_file --with-logserver=${SH_LOCALHOST} --with-log-file=$PW_DIR/.samhain_log --with-pid-file=$PW_DIR/.samhain_lock --with-database=mysql"; export SERVER_BUILDOPTS 23 4 24 CLIENT_BUILDOPTS="--quiet $TRUST --prefix=$PW_DIR -- with-tmp-dir=$PW_DIR --localstatedir=$PW_DIR --enable-network=client --disable-mail --disable-external-scripts --enable-login-watch --enable-xml-log --enable-db-reload --with-logserver=localhost --with-config-file=REQ_FROM_SERVER$PW_DIR/testrc_2 --with-data-file=REQ_FROM_SERVER$PW_DIR/.samhain_file --with-log-file=$PW_DIR/.samhain_log --with-pid-file=$PW_DIR/.samhain_lock"; export CLIENT_BUILDOPTS5 CLIENT_BUILDOPTS="--quiet $TRUST --prefix=$PW_DIR --localstatedir=$PW_DIR --enable-network=client --disable-mail --disable-external-scripts --enable-login-watch --enable-xml-log --enable-db-reload --with-logserver=localhost --with-config-file=REQ_FROM_SERVER$PW_DIR/testrc_2 --with-data-file=REQ_FROM_SERVER$PW_DIR/.samhain_file --with-log-file=$PW_DIR/.samhain_log --with-pid-file=$PW_DIR/.samhain_lock"; export CLIENT_BUILDOPTS 25 6 26 7 check_mysql_log () { … … 92 73 REPLACEMENT="DatabaseSeverity=info" 93 74 ex $RCFILE <<EOF 94 %s/$ORIGINAL/$REPLACEMENT/g95 wq75 :%s/$ORIGINAL/$REPLACEMENT/g 76 :wq 96 77 EOF 97 78 # -
/trunk/test/testrun_2d.sh
r30 r20 1 1 #! /bin/sh 2 3 #4 # Copyright Rainer Wichmann (2006)5 #6 # License Information:7 # This program is free software; you can redistribute it and/or modify8 # it under the terms of the GNU General Public License as published by9 # the Free Software Foundation; either version 2 of the License, or10 # (at your option) any later version.11 #12 # This program is distributed in the hope that it will be useful,13 # but WITHOUT ANY WARRANTY; without even the implied warranty of14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the15 # GNU General Public License for more details.16 #17 # You should have received a copy of the GNU General Public License18 # along with this program; if not, write to the Free Software19 # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.20 #21 2 22 3 SERVER_BUILDOPTS="--quiet $TRUST --enable-xml-log --enable-debug --enable-network=server --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=REQ_FROM_SERVER$PW_DIR/testrc_2 --with-data-file=REQ_FROM_SERVER$PW_DIR/.samhain_file --with-logserver=${SH_LOCALHOST} --with-log-file=$PW_DIR/.samhain_log --with-pid-file=$PW_DIR/.samhain_lock --with-database=postgresql"; export SERVER_BUILDOPTS 23 4 24 CLIENT_BUILDOPTS="--quiet $TRUST --prefix=$PW_DIR -- with-tmp-dir=$PW_DIR --localstatedir=$PW_DIR --enable-network=client --disable-mail --disable-external-scripts --enable-login-watch --enable-xml-log --enable-db-reload --with-logserver=localhost --with-config-file=REQ_FROM_SERVER$PW_DIR/testrc_2 --with-data-file=REQ_FROM_SERVER$PW_DIR/.samhain_file --with-log-file=$PW_DIR/.samhain_log --with-pid-file=$PW_DIR/.samhain_lock"; export CLIENT_BUILDOPTS5 CLIENT_BUILDOPTS="--quiet $TRUST --prefix=$PW_DIR --localstatedir=$PW_DIR --enable-network=client --disable-mail --disable-external-scripts --enable-login-watch --enable-xml-log --enable-db-reload --with-logserver=localhost --with-config-file=REQ_FROM_SERVER$PW_DIR/testrc_2 --with-data-file=REQ_FROM_SERVER$PW_DIR/.samhain_file --with-log-file=$PW_DIR/.samhain_log --with-pid-file=$PW_DIR/.samhain_lock"; export CLIENT_BUILDOPTS 25 6 26 7 check_psql_log () { … … 94 75 REPLACEMENT="DatabaseSeverity=info" 95 76 ex $RCFILE <<EOF 96 %s/$ORIGINAL/$REPLACEMENT/g97 wq77 :%s/$ORIGINAL/$REPLACEMENT/g 78 :wq 98 79 EOF 99 80 # 100 81 do_test_1_a 101 #102 82 if [ $? -ne 0 ]; then 103 83 [ -z "$quiet" ] && log_fail 1 ${MAXTEST} "Client/server w/postgresql"; -
/trunk/test/testtimesrv.sh
r30 r20 1 1 #! /bin/sh 2 3 #4 # Copyright Rainer Wichmann (2006)5 #6 # License Information:7 # This program is free software; you can redistribute it and/or modify8 # it under the terms of the GNU General Public License as published by9 # the Free Software Foundation; either version 2 of the License, or10 # (at your option) any later version.11 #12 # This program is distributed in the hope that it will be useful,13 # but WITHOUT ANY WARRANTY; without even the implied warranty of14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the15 # GNU General Public License for more details.16 #17 # You should have received a copy of the GNU General Public License18 # along with this program; if not, write to the Free Software19 # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.20 #21 2 22 3 RCFILE="$PW_DIR/testrc_1.dyn"; export RCFILE … … 30 11 prep_testdata () 31 12 { 32 if test -d "$BASE"; then 33 chmod -R 0700 "${BASE}" || { 34 [ -z "$quiet" ] && log_msg_fail "chmod -R 0700 ${BASE}"; 35 return 1; 36 } 37 fi 13 chmod -R 0700 "${BASE}" || { 14 [ -z "$quiet" ] && log_msg_fail "chmod -R 0700 ${BASE}"; 15 return 1; 16 } 38 17 39 18 rm -rf "${BASE}" || { … … 142 121 # standalone compilation 143 122 # 144 [ -z "$verbose" ] || { echo; echo "${S}Building standalone agent ${E}"; echo; }123 [ -z "$verbose" ] || { echo; echo "${S}Building standalone agent w/timeserver${E}"; echo; } 145 124 # 146 125 if test -r "Makefile"; then … … 152 131 if test x$? = x0; then 153 132 [ -z "$verbose" ] || log_msg_ok "configure..."; 154 $MAKE > /dev/null 2>>test_log133 $MAKE > /dev/null 155 134 if test x$? = x0; then 156 135 [ -z "$verbose" ] || log_msg_ok "make..."; -
/trunk/yulerc.template
r30 r20 165 165 ##################################################### 166 166 167 [Misc] 168 169 ## whether to become a daemon process 170 ## (this is not honoured on database initialisation) 171 # 172 # Daemon = no 173 Daemon = yes 174 175 167 176 168 177 [Misc] … … 174 183 # SetLoopTime = 60 175 184 SetLoopTime = 600 176 177 ## Normally, client messages are regarded as data within a178 ## server message of fixed severity. The following two179 ## options cause the server to use the original severity/class180 ## of client messages for logging.181 #182 # UseClientSeverity = False183 # UseClientClass = False184 185 185 186 ## The maximum time between client messages (seconds)
Note:
See TracChangeset
for help on using the changeset viewer.
