Changeset 294
- Timestamp:
- Oct 31, 2010, 10:26:42 AM (14 years ago)
- Location:
- trunk
- Files:
-
- 3 added
- 20 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/Makefile.in
r292 r294 124 124 sh_processcheck.h sh_portcheck.h sh_pthread.h sh_string.h \ 125 125 sh_log_check.h sh_log_evalrule.h sh_log_correlate.h \ 126 sh_log_mark.h sh_log_repeat.h sh_inotify.h 126 sh_log_mark.h sh_log_repeat.h sh_inotify.h sh_registry.h 127 127 128 128 … … 165 165 $(srcsrc)/sh_log_check.c $(srcsrc)/dnmalloc.c \ 166 166 $(srcsrc)/sh_inotify.c $(srcsrc)/sh_log_repeat.c \ 167 $(srcsrc)/sh_audit.c $(srcsrc)/sh_registry.c \ 167 168 $(srcsrc)/t-test1.c 168 169 … … 183 184 sh_log_parse_generic.o \ 184 185 sh_log_correlate.o sh_log_mark.o sh_log_repeat.o \ 185 sh_pthread.o sh_string.o sh_inotify.o dnmalloc.o 186 sh_pthread.o sh_string.o sh_inotify.o dnmalloc.o \ 187 sh_audit.o sh_registry.o 186 188 187 189 KERN = kern_head.h kern_head.c … … 1703 1705 sh_entropy.o: $(srcsrc)/sh_entropy.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h $(srcinc)/sh_tiger.h $(srcinc)/sh_calls.h $(srcinc)/sh_pthread.h $(srcinc)/sh_static.h $(srcinc)/sh_pthread.h $(srcinc)/CuTest.h 1704 1706 sh_forward.o: $(srcsrc)/sh_forward.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_tiger.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h $(srcinc)/sh_forward.h $(srcinc)/sh_srp.h $(srcinc)/sh_fifo.h $(srcinc)/sh_tools.h $(srcinc)/sh_entropy.h $(srcinc)/sh_html.h $(srcinc)/sh_nmail.h $(srcinc)/sh_socket.h $(srcinc)/sh_static.h $(srcinc)/rijndael-api-fst.h $(srcinc)/sh_readconf.h $(srcinc)/zAVLTree.h $(srcinc)/sh_extern.h 1705 sh_modules.o: $(srcsrc)/sh_modules.c Makefile config_xor.h $(srcinc)/sh_modules.h $(srcinc)/sh_pthread.h $(srcinc)/sh_utmp.h $(srcinc)/sh_mounts.h $(srcinc)/sh_userfiles.h $(srcinc)/sh_kern.h $(srcinc)/sh_suidchk.h $(srcinc)/sh_processcheck.h $(srcinc)/sh_portcheck.h $(srcinc)/sh_logmon.h 1707 sh_modules.o: $(srcsrc)/sh_modules.c Makefile config_xor.h $(srcinc)/sh_modules.h $(srcinc)/sh_pthread.h $(srcinc)/sh_utmp.h $(srcinc)/sh_mounts.h $(srcinc)/sh_userfiles.h $(srcinc)/sh_kern.h $(srcinc)/sh_suidchk.h $(srcinc)/sh_processcheck.h $(srcinc)/sh_portcheck.h $(srcinc)/sh_logmon.h $(srcinc)/sh_registry.h 1706 1708 sh_utmp.o: $(srcsrc)/sh_utmp.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_error.h $(srcinc)/sh_modules.h $(srcinc)/sh_utmp.h $(srcinc)/sh_pthread.h $(srcinc)/sh_inotify.h 1707 1709 sh_kern.o: $(srcsrc)/sh_kern.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_utils.h $(srcinc)/sh_error.h $(srcinc)/sh_modules.h $(srcinc)/sh_kern.h sh_ks_xor.h $(srcinc)/sh_unix.h $(srcinc)/sh_hash.h … … 1751 1753 dnmalloc.o: $(srcsrc)/dnmalloc.c Makefile config.h 1752 1754 t-test1.o: $(srcsrc)/t-test1.c Makefile config.h $(srcinc)/malloc.h 1753 sh_port2proc.o: $(srcsrc)/sh_port2proc.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_error_min.h $(srcinc)/sh_pthread.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h1755 sh_port2proc.o: $(srcsrc)/sh_port2proc.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_error_min.h $(srcinc)/sh_pthread.h 1754 1756 sh_log_parse_syslog.o: $(srcsrc)/sh_log_parse_syslog.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_log_check.h $(srcinc)/sh_utils.h $(srcinc)/sh_string.h 1755 1757 sh_log_parse_pacct.o: $(srcsrc)/sh_log_parse_pacct.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_log_check.h $(srcinc)/sh_utils.h $(srcinc)/sh_string.h … … 1766 1768 sh_log_parse_generic.o: $(srcsrc)/sh_log_parse_generic.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_log_check.h $(srcinc)/sh_string.h 1767 1769 sh_login_track.o: $(srcsrc)/sh_login_track.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h $(srcinc)/sh_string.h $(srcinc)/sh_tools.h $(srcinc)/sh_error_min.h $(srcinc)/CuTest.h $(srcinc)/CuTest.h 1770 sh_audit.o: $(srcsrc)/sh_audit.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_extern.h $(srcinc)/sh_utils.h 1771 sh_registry.o: $(srcsrc)/sh_registry.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h $(srcinc)/sh_modules.h $(srcinc)/sh_hash.h $(srcinc)/sh_tiger.h -
trunk/configure.ac
r293 r294 12 12 dnl start 13 13 dnl 14 AM_INIT_AUTOMAKE(samhain, 2. 7.2c)14 AM_INIT_AUTOMAKE(samhain, 2.8.0) 15 15 AC_DEFINE([SAMHAIN], 1, [Application is samhain]) 16 16 AC_CANONICAL_HOST … … 86 86 *cygwin*) 87 87 AC_DEFINE(HOST_IS_CYGWIN) 88 AC_DEFINE([USE_REGISTRY_CHECK], 1, [Define for registry check]) 88 89 dnmalloc_ok=no 89 90 AC_MSG_RESULT([no trusted paths and no dnmalloc]) … … 230 231 regex.h glob.h \ 231 232 linux/ext2_fs.h linux/fs.h ext2fs/ext2_fs.h asm/segment.h \ 232 elf.h linux/elf.h \233 elf.h linux/elf.h auparse.h \ 233 234 paths.h arpa/nameser.h arpa/nameser_compat.h \ 234 235 rpc/rpcent.h rpc/rpc.h sys/statvfs.h, … … 442 443 ]) 443 444 445 sh_auparse=no 446 447 if test "x$ac_cv_header_auparse_h" = "xyes" 448 then 449 AC_CHECK_LIB(auparse, auparse_find_field, [ 450 LIBS="$LIBS -lauparse" 451 sh_auparse=yes 452 AC_DEFINE(HAVE_AUPARSE_LIB, 1, [Define if you have the auparse lib]) 453 ]) 454 fi 455 444 456 dnl arguments for accept 445 457 … … 952 964 then 953 965 tmp_LIBS=`echo $LIBS | sed 's%\-lresolv%%' ` 966 LIBS="${tmp_LIBS}" 967 fi 968 if test x"${sh_auparse}" = xyes 969 then 970 tmp_LIBS=`echo $LIBS | sed 's%\-lauparse%%' ` 954 971 LIBS="${tmp_LIBS}" 955 972 fi -
trunk/depend.dep
r292 r294 18 18 sh_entropy.o: $(srcsrc)/sh_entropy.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h $(srcinc)/sh_tiger.h $(srcinc)/sh_calls.h $(srcinc)/sh_pthread.h $(srcinc)/sh_static.h $(srcinc)/sh_pthread.h $(srcinc)/CuTest.h 19 19 sh_forward.o: $(srcsrc)/sh_forward.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_tiger.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h $(srcinc)/sh_forward.h $(srcinc)/sh_srp.h $(srcinc)/sh_fifo.h $(srcinc)/sh_tools.h $(srcinc)/sh_entropy.h $(srcinc)/sh_html.h $(srcinc)/sh_nmail.h $(srcinc)/sh_socket.h $(srcinc)/sh_static.h $(srcinc)/rijndael-api-fst.h $(srcinc)/sh_readconf.h $(srcinc)/zAVLTree.h $(srcinc)/sh_extern.h 20 sh_modules.o: $(srcsrc)/sh_modules.c Makefile config_xor.h $(srcinc)/sh_modules.h $(srcinc)/sh_pthread.h $(srcinc)/sh_utmp.h $(srcinc)/sh_mounts.h $(srcinc)/sh_userfiles.h $(srcinc)/sh_kern.h $(srcinc)/sh_suidchk.h $(srcinc)/sh_processcheck.h $(srcinc)/sh_portcheck.h $(srcinc)/sh_logmon.h 20 sh_modules.o: $(srcsrc)/sh_modules.c Makefile config_xor.h $(srcinc)/sh_modules.h $(srcinc)/sh_pthread.h $(srcinc)/sh_utmp.h $(srcinc)/sh_mounts.h $(srcinc)/sh_userfiles.h $(srcinc)/sh_kern.h $(srcinc)/sh_suidchk.h $(srcinc)/sh_processcheck.h $(srcinc)/sh_portcheck.h $(srcinc)/sh_logmon.h $(srcinc)/sh_registry.h 21 21 sh_utmp.o: $(srcsrc)/sh_utmp.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_error.h $(srcinc)/sh_modules.h $(srcinc)/sh_utmp.h $(srcinc)/sh_pthread.h $(srcinc)/sh_inotify.h 22 22 sh_kern.o: $(srcsrc)/sh_kern.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_utils.h $(srcinc)/sh_error.h $(srcinc)/sh_modules.h $(srcinc)/sh_kern.h sh_ks_xor.h $(srcinc)/sh_unix.h $(srcinc)/sh_hash.h … … 68 68 dnmalloc-portable.o: $(srcsrc)/dnmalloc-portable.c Makefile config.h 69 69 dnmalloc.o: $(srcsrc)/dnmalloc.c Makefile config.h 70 sh_port2proc.o: $(srcsrc)/sh_port2proc.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_error_min.h $(srcinc)/sh_pthread.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h70 sh_port2proc.o: $(srcsrc)/sh_port2proc.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_error_min.h $(srcinc)/sh_pthread.h 71 71 sh_log_parse_syslog.o: $(srcsrc)/sh_log_parse_syslog.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_log_check.h $(srcinc)/sh_utils.h $(srcinc)/sh_string.h 72 72 sh_log_parse_pacct.o: $(srcsrc)/sh_log_parse_pacct.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_log_check.h $(srcinc)/sh_utils.h $(srcinc)/sh_string.h … … 83 83 sh_log_parse_generic.o: $(srcsrc)/sh_log_parse_generic.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_log_check.h $(srcinc)/sh_string.h 84 84 sh_login_track.o: $(srcsrc)/sh_login_track.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h $(srcinc)/sh_string.h $(srcinc)/sh_tools.h $(srcinc)/sh_error_min.h $(srcinc)/CuTest.h $(srcinc)/CuTest.h 85 sh_audit.o: $(srcsrc)/sh_audit.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_extern.h $(srcinc)/sh_utils.h 86 sh_registry.o: $(srcsrc)/sh_registry.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h $(srcinc)/sh_modules.h $(srcinc)/sh_hash.h $(srcinc)/sh_tiger.h -
trunk/depend.sum
r292 r294 1 2 4311829741 2205834486 -
trunk/docs/Changelog
r293 r294 1 2.8.0: 2 * Add registry checking 3 * Use auditd records to find out who did it 4 1 5 2.7.2c: 2 * Fix uppercase hostname problem in client/server communication 6 * Fix uppercase hostname problem in client/server communication 7 3 8 4 9 2.7.2b: … … 12 17 * sh_utils.c: fixed an endianess issue that prevented cross-verification 13 18 of email signatures (reported by A. Zangerl) 14 15 16 * sh_readconf.c: fix comparison of SeverityUserX string 19 * sh_login_track.c: fix compiler warning (ignored return value 20 of fwrite) 21 * sh_readconf.c: fix comparison of SeverityUserX string 17 22 (reported by max__) 18 23 * sh_processcheck.c: sh_prochk_set_maxpid: set retval on success -
trunk/include/sh_cat.h
r279 r294 173 173 MSG_LOGMON_MARK, 174 174 MSG_LOGMON_BURST, 175 #endif 176 177 #ifdef USE_REGISTRY_CHECK 178 MSG_REG_MISS, 179 MSG_REG_NEW, 180 MSG_REG_CHANGE, 175 181 #endif 176 182 -
trunk/include/sh_extern.h
r275 r294 41 41 */ 42 42 int sh_ext_popen_init (sh_tas_t * task, char * command); 43 44 /* 45 * -- Execute command, return first line of output 46 */ 47 int sh_ext_system (char * command); 43 48 44 49 /* -
trunk/include/sh_files.h
r256 r294 21 21 #define SH_FILES_H 22 22 23 void sh_audit_mark (char * file); 24 void sh_audit_delete_all (); 25 char * sh_audit_fetch (char * file, time_t time, char * result, size_t rsize); 26 23 27 struct sh_dirent { 24 28 char * sh_d_name; 25 29 struct sh_dirent * next; 26 30 }; 31 27 32 28 33 /* free a directory listing -
trunk/include/sh_hash.h
r205 r294 70 70 /* Check whether a file is present in the database. 71 71 */ 72 int sh_hash_have_it (c har * newname);72 int sh_hash_have_it (const char * newname); 73 73 74 74 /* Get a file if it is present in the database. 75 * If fileHash != NULL also return checksum. 75 76 */ 76 int sh_hash_get_it (c har * newname, file_type * tmpFile);77 int sh_hash_get_it (const char * newname, file_type * tmpFile, char * fileHash); 77 78 78 79 /* Delete the database from memory. … … 113 114 void sh_hash_unvisited (ShErrLevel level); 114 115 116 /* Search for unvisited entries in the database, custom error handler. 117 */ 118 void sh_hash_unvisited_custom (char prefix, void(*handler)(const char * key)); 119 115 120 /* Set a file's status to 'visited'. This is required for 116 121 * files that should be ignored, and may be present in the … … 135 140 int hash_full_tree (void); 136 141 137 /* Insert data 142 /* Insert data. 143 * 'key' -> path 144 * 'str' -> binary with size 'size' 138 145 */ 139 void sh_hash_push2db (char * key, unsigned long val1, 140 unsigned long val2, unsigned long val3, 141 unsigned char * str, int size); 146 struct store2db { 147 UINT64 val0; 148 UINT64 val1; 149 UINT64 val2; 150 UINT64 val3; 151 char checksum[KEY_LEN+1]; 152 unsigned char * str; 153 int size; 154 }; 155 156 void sh_hash_push2db (const char * key, struct store2db * save); 157 142 158 143 159 /* Retrieve data 144 160 */ 145 char * sh_hash_db2pop (char * key, unsigned long * val1, 146 unsigned long * val2, unsigned long * val3, 147 int * size); 161 char * sh_hash_db2pop (const char * key, struct store2db * get); 162 148 163 149 164 /* Write out database -
trunk/include/sh_unix.h
r265 r294 90 90 /* use prelink */ 91 91 #define MODI_PREL (1 << 13) 92 92 93 /* get content */ 93 94 #define MODI_TXT ((1 << 14)|MODI_CHK) 94 95 95 #define MODI_TXT_ENABLED(a) (((a)&(1 << 14))!=0) 96 97 /* get audit record */ 98 #define MODI_AUDIT (1 << 15) 99 #define MODI_AUDIT_ENABLED(a) (((a)&(1 << 15))!=0) 100 96 101 97 102 #define SH_TXT_MAX 9200 -
trunk/src/samhain.c
r265 r294 745 745 sh_hash_hashdelete(); 746 746 sh_files_hle_reg (NULL); 747 /* 748 * Only flush on exit if running as deamon. 749 * Otherwise we couldn't run another instance 750 * while the deamon is running (would leave the 751 * deamon with flushed ruleset). 752 */ 753 if (sh.flag.isdaemon == S_TRUE) 754 { 755 sh_audit_delete_all (); 756 } 747 757 #endif 748 758 #if defined(SH_WITH_SERVER) … … 1769 1779 (void) sh_ignore_clean (); 1770 1780 (void) hash_full_tree (); 1781 sh_audit_delete_all (); 1782 1771 1783 1772 1784 #if defined(SH_WITH_CLIENT) -
trunk/src/sh_cat.c
r279 r294 166 166 { MSG_LOGMON_MARK, SH_ERR_SEVERE, EVENT, N_("msg=\"POLICY [Logfile] Event %s missing for %lu seconds\"") }, 167 167 { MSG_LOGMON_BURST, SH_ERR_SEVERE, EVENT, N_("msg=\"POLICY [Logfile] Repeated %d times: %s\" host=\"%s\"") }, 168 #endif 169 170 #ifdef USE_REGISTRY_CHECK 171 { MSG_REG_MISS, SH_ERR_SEVERE, EVENT, N_("msg=\"POLICY [RegistryKeyMissing]\" path=\"%s\" %s")}, 172 { MSG_REG_NEW, SH_ERR_SEVERE, EVENT, N_("msg=\"POLICY [RegistryKeyNew]\" path=\"%s\" %s")}, 173 { MSG_REG_CHANGE, SH_ERR_SEVERE, EVENT, N_("msg=\"POLICY [RegistryKeyChanged]\" path=\"%s\" %s")}, 168 174 #endif 169 175 … … 503 509 #endif 504 510 511 #ifdef USE_REGISTRY_CHECK 512 { MSG_REG_MISS, SH_ERR_SEVERE, EVENT, N_("msg=<POLICY [RegistryKeyMissing] %s>, path=<%s>, %s")}, 513 { MSG_REG_NEW, SH_ERR_SEVERE, EVENT, N_("msg=<POLICY [RegistryKeyNew] %s>, path=<%s>, %s")}, 514 { MSG_REG_CHANGE, SH_ERR_SEVERE, EVENT, N_("msg=<POLICY [RegistryKeyChanged] %s>, path=<%s>, %s")}, 515 #endif 516 505 517 #if defined(SH_WITH_CLIENT) || defined(SH_STANDALONE) 506 518 -
trunk/src/sh_extern.c
r289 r294 839 839 840 840 return status; 841 } 842 843 /* Execute a system command */ 844 845 int sh_ext_system (char * command) 846 { 847 sh_tas_t task; 848 int status; 849 850 SL_ENTER(_("sh_ext_system")); 851 852 status = sh_ext_popen_init (&task, command); 853 854 if (status != 0) 855 { 856 sh_error_handle(SH_ERR_ERR, FIL__, __LINE__, status, MSG_E_SUBGEN, 857 _("Could not execute command"), _("sh_ext_system")); 858 SL_RETURN ((-1), _("sh_ext_system")); 859 } 860 861 /* close pipe and return exit status 862 */ 863 (void) sh_ext_pclose(&task); 864 sh_ext_tas_free (&task); 865 SL_RETURN ((status), _("sh_ext_system")); 841 866 } 842 867 -
trunk/src/sh_files.c
r286 r294 742 742 if (0 == strncmp(myword, _("TXT"), 3)) 743 743 sh_files_set_mask (mask, MODI_TXT, act); 744 744 /* get content */ 745 if (0 == strncmp(myword, _("AUDIT"), 3)) 746 sh_files_set_mask (mask, MODI_AUDIT, act); 745 747 } 746 748 } … … 915 917 SH_FREE(fileName); 916 918 SH_FREE(new_item_ptr); 917 } 918 919 new_item_ptr = NULL; 920 } 921 922 if (new_item_ptr && MODI_AUDIT_ENABLED(new_item_ptr->check_mask)) 923 { 924 sh_audit_mark(new_item_ptr->name); 925 } 919 926 SL_RETURN(0, _("sh_files_push_file_int")); 920 927 } … … 1472 1479 SH_FREE(dirName); 1473 1480 SH_FREE(new_item_ptr); 1481 new_item_ptr = NULL; 1482 } 1483 1484 if (new_item_ptr && MODI_AUDIT_ENABLED(new_item_ptr->check_mask)) 1485 { 1486 sh_audit_mark(new_item_ptr->name); 1474 1487 } 1475 1488 -
trunk/src/sh_getopt.c
r272 r294 464 464 if (num > 0) fputc ('\n', stdout); 465 465 fputs (_(" optionally store full text for files"), stdout); ++num; 466 #endif 467 #if !defined(SH_COMPILE_STATIC) && defined(__linux__) && defined(HAVE_AUPARSE_H) && defined(HAVE_AUPARSE_LIB) 468 if (num > 0) fputc ('\n', stdout); 469 fputs (_(" optionally report auditd record of changed file"), stdout); ++num; 466 470 #endif 467 471 #if defined(USE_XATTR) -
trunk/src/sh_hash.c
r279 r294 393 393 } 394 394 395 static sh_file_t * hashsearch (c har * s);395 static sh_file_t * hashsearch (const char * s); 396 396 397 397 static sh_file_t * tab[TABSIZE]; … … 403 403 **************************************************************/ 404 404 405 static int hashfunc(c har *s)405 static int hashfunc(const char *s) 406 406 { 407 407 unsigned int n = 0; … … 467 467 * 468 468 **************************************************************/ 469 static sh_file_t * delete_db_entry(sh_file_t *p) 470 { 471 if (p->fullpath) 472 { 473 SH_FREE(p->fullpath); 474 p->fullpath = NULL; 475 } 476 if (p->linkpath) 477 { 478 if (p->linkpath != notalink) 479 SH_FREE(p->linkpath); 480 p->linkpath = NULL; 481 } 482 if (p->attr_string) 483 { 484 SH_FREE(p->attr_string); 485 p->attr_string = NULL; 486 } 487 SH_FREE(p); 488 return NULL; 489 } 490 469 491 static void hash_unvisited (int j, 470 492 sh_file_t *prev, sh_file_t *p, ShErrLevel level) … … 560 582 else 561 583 prev->next = p->next; 562 if (p->fullpath) 563 { 564 SH_FREE(p->fullpath); 565 p->fullpath = NULL; 566 } 567 if (p->linkpath) 568 { 569 if (p->linkpath != notalink) 570 SH_FREE(p->linkpath); 571 p->linkpath = NULL; 572 } 573 if (p->attr_string) 574 { 575 SH_FREE(p->attr_string); 576 p->attr_string = NULL; 577 } 578 SH_FREE(p); 579 p = NULL; 584 585 p = delete_db_entry(p); 586 580 587 SL_RET0(_("hash_unvisited")); 581 588 #else … … 640 647 } 641 648 649 /********************************************************************* 650 * 651 * Search for unvisited entries in the database, custom error handler. 652 * 653 *********************************************************************/ 654 void sh_hash_unvisited_custom (char prefix, void(*handler)(const char * key)) 655 { 656 int i; 657 sh_file_t *p = NULL; 658 sh_file_t *prev = NULL; 659 sh_file_t *next = NULL; 660 661 SL_ENTER(_("sh_hash_unvisited_custom")); 662 663 SH_MUTEX_LOCK(mutex_hash); 664 for (i = 0; i < TABSIZE; ++i) 665 { 666 if (tab[i] != NULL) 667 { 668 p = tab[i]; prev = p; 669 670 do 671 { 672 next = p->next; 673 674 if (p->fullpath && 675 prefix == p->fullpath[0]) 676 { 677 if ((!SH_FFLAG_VISITED_SET(p->fflags)) 678 && (!SH_FFLAG_REPORTED_SET(p->fflags))) 679 { 680 handler(p->fullpath); 681 682 if (!SH_FFLAG_CHECKED_SET(p->fflags)) 683 { 684 /* delete */ 685 if (tab[i] == p) 686 { 687 tab[i] = p->next; 688 prev = tab[i]; 689 next = prev; 690 } 691 else 692 { 693 prev->next = p->next; 694 next = prev->next; 695 } 696 697 p = delete_db_entry(p); 698 } 699 } 700 if (p) 701 { 702 CLEAR_SH_FFLAG_VISITED(p->fflags); 703 CLEAR_SH_FFLAG_CHECKED(p->fflags); 704 } 705 } 706 if (p) 707 prev = p; 708 p = next; 709 } 710 while (p); 711 } 712 } 713 SH_MUTEX_UNLOCK(mutex_hash); 714 715 SL_RET0(_("hash_unvisited_custom")); 716 } 717 642 718 643 719 /********************************************************************** … … 683 759 * 684 760 ***********************************************************************/ 685 static sh_file_t * hashsearch (c har * s)761 static sh_file_t * hashsearch (const char * s) 686 762 { 687 763 sh_file_t * p; … … 1947 2023 * 1948 2024 *********************************************************************/ 1949 static sh_file_t * sh_hash_have_it_int (c har * newname)2025 static sh_file_t * sh_hash_have_it_int (const char * newname) 1950 2026 { 1951 2027 sh_file_t * p; … … 1968 2044 } 1969 2045 1970 int sh_hash_have_it (c har * newname)2046 int sh_hash_have_it (const char * newname) 1971 2047 { 1972 2048 sh_file_t * p; … … 1993 2069 } 1994 2070 1995 int sh_hash_get_it (c har * newname, file_type * tmpFile)2071 int sh_hash_get_it (const char * newname, file_type * tmpFile, char * fileHash) 1996 2072 { 1997 2073 sh_file_t * p; … … 2017 2093 tmpFile->mtime = p->theFile.mtime; 2018 2094 tmpFile->ctime = p->theFile.ctime; 2095 tmpFile->atime = p->theFile.atime; 2096 2097 if (NULL != fileHash) 2098 sl_strlcpy(fileHash, p->theFile.checksum, KEY_LEN+1); 2099 2019 2100 tmpFile->attr_string = NULL; 2020 2101 retval = 0; … … 2144 2225 { 2145 2226 int i; 2146 SL_ENTER(_("sh_hash_set_ visited"));2227 SL_ENTER(_("sh_hash_set_missing")); 2147 2228 i = sh_hash_set_visited_int(newname, SH_FFLAG_CHECKED); 2148 SL_RETURN(i, _("sh_hash_set_ visited"));2229 SL_RETURN(i, _("sh_hash_set_missing")); 2149 2230 } 2150 2231 … … 2177 2258 ******************************************************************/ 2178 2259 2179 void sh_hash_push2db (char * key, unsigned long val1, 2180 unsigned long val2, unsigned long val3, 2181 unsigned char * str, int size) 2260 void sh_hash_push2db (const char * key, struct store2db * save) 2182 2261 { 2183 2262 int i = 0; … … 2186 2265 file_type * tmpFile = SH_ALLOC(sizeof(file_type)); 2187 2266 2267 int size = save->size; 2268 unsigned char * str = save->str; 2269 2270 2188 2271 tmpFile->attr_string = NULL; 2189 2272 tmpFile->link_path = NULL; 2190 2273 2191 2274 sl_strlcpy(tmpFile->fullpath, key, PATH_MAX); 2192 tmpFile->size = val1;2193 tmpFile->mtime = val2;2194 tmpFile->ctime = val3;2195 2196 tmpFile->atime = 0; 2275 tmpFile->size = save->val0; 2276 tmpFile->mtime = save->val1; 2277 tmpFile->ctime = save->val2; 2278 tmpFile->atime = save->val3; 2279 2197 2280 tmpFile->mode = 0; 2198 2281 tmpFile->owner = 0; … … 2226 2309 } 2227 2310 2228 if (sh.flag.checkSum == SH_CHECK_ CHECK &&2229 sh.flag.update == S_TRUE)2230 sh_hash_pushdata_memory (tmpFile, SH_KEY_NULL);2311 if (sh.flag.checkSum == SH_CHECK_INIT) 2312 sh_hash_pushdata (tmpFile, 2313 (save->checksum[0] == '\0') ? SH_KEY_NULL : save->checksum); 2231 2314 else 2232 sh_hash_pushdata (tmpFile, SH_KEY_NULL); 2315 sh_hash_pushdata_memory (tmpFile, 2316 (save->checksum[0] == '\0') ? SH_KEY_NULL : save->checksum); 2233 2317 2234 2318 if (tmpFile->link_path) SH_FREE(tmpFile->link_path); … … 2239 2323 extern int sh_util_hextobinary (char * binary, char * hex, int bytes); 2240 2324 2241 char * sh_hash_db2pop (char * key, unsigned long * val1, 2242 unsigned long * val2, unsigned long * val3, 2243 int * size) 2325 char * sh_hash_db2pop (const char * key, struct store2db * save) 2244 2326 { 2245 2327 size_t len; … … 2247 2329 int i; 2248 2330 char * retval = NULL; 2331 char fileHash[KEY_LEN+1]; 2249 2332 file_type * tmpFile = SH_ALLOC(sizeof(file_type)); 2250 2333 2251 *size = 0; 2252 2253 if (0 == sh_hash_get_it (key, tmpFile)) 2254 { 2255 *val1 = tmpFile->size; 2256 *val2 = tmpFile->mtime; 2257 *val3 = tmpFile->ctime; 2334 save->size = 0; 2335 2336 if (0 == sh_hash_get_it (key, tmpFile, fileHash)) 2337 { 2338 save->val0 = tmpFile->size; 2339 save->val1 = tmpFile->mtime; 2340 save->val2 = tmpFile->ctime; 2341 save->val3 = tmpFile->atime; 2342 2343 sl_strlcpy(save->checksum, fileHash, KEY_LEN+1); 2258 2344 2259 2345 if (tmpFile->link_path && tmpFile->link_path[0] != '-') … … 2266 2352 if (i == 0) 2267 2353 { 2268 *size = (len/2);2269 p[ *size] = '\0';2354 save->size = (len/2); 2355 p[save->size] = '\0'; 2270 2356 retval = p; 2271 2357 } … … 2273 2359 { 2274 2360 SH_FREE(p); 2275 *size = 0;2361 save->size = 0; 2276 2362 } 2277 2363 } 2278 2364 else 2279 2365 { 2280 *size = 0;2366 save->size = 0; 2281 2367 } 2282 2368 } 2283 2369 else 2284 2370 { 2285 *size = -1; 2286 *val1 = 0; 2287 *val2 = 0; 2288 *val3 = 0; 2371 save->size = -1; 2372 save->val0 = 0; 2373 save->val1 = 0; 2374 save->val2 = 0; 2375 save->val3 = 0; 2289 2376 } 2290 2377 if (tmpFile->link_path) SH_FREE(tmpFile->link_path); … … 3459 3546 tmp_lnk_old, tmp_lnk); 3460 3547 #else 3461 sl_snprintf(tmp, SH_MSG_BUF, _("link_old=<%s>, link_new=<%s> "),3548 sl_snprintf(tmp, SH_MSG_BUF, _("link_old=<%s>, link_new=<%s>, "), 3462 3549 tmp_lnk_old, tmp_lnk); 3463 3550 #endif … … 3479 3566 } 3480 3567 3568 if (MODI_AUDIT_ENABLED(theFile->check_mask)) 3569 { 3570 char result[256]; 3571 3572 if (NULL != sh_audit_fetch (theFile->fullpath, theFile->mtime, result, sizeof(result))) 3573 { 3574 #ifdef SH_USE_XML 3575 sl_strlcat(msg, _("obj=\""), SH_MSG_BUF); 3576 #else 3577 sl_strlcat(msg, _("obj=<"), SH_MSG_BUF); 3578 #endif 3579 3580 sl_strlcat(msg, result, SH_MSG_BUF); 3581 3582 #ifdef SH_USE_XML 3583 sl_strlcat(msg, _("\" "), SH_MSG_BUF); 3584 #else 3585 sl_strlcat(msg, _(">"), SH_MSG_BUF); 3586 #endif 3587 } 3588 } 3481 3589 3482 3590 tmp_path = sh_util_safe_name(theFile->fullpath); -
trunk/src/sh_kern.c
r286 r294 169 169 170 170 char * sh_kern_db_syscall (int num, char * prefix, 171 void * in_name, unsigned long * addr,171 void * in_name, unsigned long * addr, 172 172 unsigned int * code1, unsigned int * code2, 173 173 int * size, int direction) … … 177 177 unsigned long x1 = 0, x2 = 0; 178 178 unsigned char * name = (unsigned char *) in_name; 179 struct store2db save; 179 180 180 181 sl_snprintf(path, 128, "K_%s_%04d", prefix, num); 181 182 183 memset(save, '\0', sizeof(struct store2db)); 184 182 185 if (direction == SH_KERN_DBPUSH) 183 186 { 184 x1 = *code1; 185 x2 = *code2; 186 187 sh_hash_push2db (path, *addr, x1, x2, 188 name, (name == NULL) ? 0 : (*size)); 187 save.val0 = *addr; 188 save.val1 = *code1; 189 save.val2 = *code2; 190 save.str = name; 191 save.size = (name == NULL) ? 0 : (*size); 192 193 sh_hash_push2db (path, &save); 189 194 } 190 195 else 191 196 { 192 p = sh_hash_db2pop (path, addr, &x1, &x2, size); 193 *code1 = (unsigned int) x1; 194 *code2 = (unsigned int) x2; 197 p = sh_hash_db2pop (path, &save); 198 199 *addr = (unsigned long) save.val0; 200 *code1 = (unsigned int) save.val1; 201 *code2 = (unsigned int) save.val2; 202 203 *size = (int) save.size; 195 204 } 196 205 return p; -
trunk/src/sh_modules.c
r259 r294 17 17 #include "sh_portcheck.h" 18 18 #include "sh_logmon.h" 19 #include "sh_registry.h" 19 20 20 21 sh_mtype modList[] = { … … 155 156 #endif 156 157 158 #ifdef USE_REGISTRY_CHECK 159 { 160 N_("REGISTRY"), 161 -1, 162 0, 163 sh_reg_check_init, 164 sh_reg_check_timer, 165 sh_reg_check_run, 166 sh_reg_check_cleanup, 167 sh_reg_check_reconf, 168 169 N_("[Registry]"), 170 sh_reg_check_table, 171 PTHREAD_MUTEX_INITIALIZER, 172 }, 173 #endif 174 157 175 { 158 176 NULL, -
trunk/src/sh_unix.c
r293 r294 3353 3353 { 3354 3354 /* lookup file in database */ 3355 status = sh_hash_get_it (filename, tmpFile );3355 status = sh_hash_get_it (filename, tmpFile, NULL); 3356 3356 if (status != 0) { 3357 3357 goto out; -
trunk/src/sh_utils.c
r293 r294 796 796 SL_RETURN( 0, _("sh_util_sigtype")); 797 797 } 798 799 798 800 799 char * sh_util_siggen (char * hexkey,
Note:
See TracChangeset
for help on using the changeset viewer.