Changeset 294 for trunk/include

Timestamp:

Oct 31, 2010, 10:26:42 AM (14 years ago)

Author:

katerina

Message:

Tikets #213 and #214 (Use auditd to determine who changed a file, Windows registry check).

Location:

trunk/include

Files:

• sh_cat.h (modified) (1 diff)
• sh_extern.h (modified) (1 diff)
• sh_files.h (modified) (1 diff)
• sh_hash.h (modified) (3 diffs)
• sh_registry.h (added)
• sh_unix.h (modified) (1 diff)

trunk/include/sh_cat.h

@@ -173 +173 @@
  MSG_LOGMON_MARK,
  MSG_LOGMON_BURST,
+#endif
+
+#ifdef USE_REGISTRY_CHECK
+ MSG_REG_MISS,
+ MSG_REG_NEW,
+ MSG_REG_CHANGE,
 #endif
 

trunk/include/sh_extern.h

@@ -41 +41 @@
  */
 int sh_ext_popen_init (sh_tas_t * task, char * command);
+
+/*
+ * -- Execute command, return first line of output
+ */
+int sh_ext_system (char * command);
 
 /*

trunk/include/sh_files.h

@@ -21 +21 @@
 #define SH_FILES_H
 
+void sh_audit_mark (char * file);
+void sh_audit_delete_all ();
+char * sh_audit_fetch (char * file, time_t time, char * result, size_t rsize);
+
 struct sh_dirent {
   char             * sh_d_name;
   struct sh_dirent * next;
 };
+
 
 /* free a directory listing

trunk/include/sh_hash.h

@@ -70 +70 @@
 /* Check whether a file is present in the database.
  */
-int sh_hash_have_it (char * newname);
+int sh_hash_have_it (const char * newname);
 
 /* Get a file if it is present in the database.
+ * If fileHash != NULL also return checksum.
  */
-int sh_hash_get_it (char * newname, file_type * tmpFile);
+int sh_hash_get_it (const char * newname, file_type * tmpFile, char * fileHash);
 
 /* Delete the database from memory.
@@ -113 +114 @@
 void sh_hash_unvisited (ShErrLevel level);
 
+/* Search for unvisited entries in the database, custom error handler.
+ */
+void sh_hash_unvisited_custom (char prefix, void(*handler)(const char * key));
+
 /* Set a file's status to 'visited'. This is required for
  * files that should be ignored, and may be present in the
@@ -135 +140 @@
 int hash_full_tree (void); 
 
-/* Insert data
+/* Insert data.
+ * 'key' -> path
+ * 'str' -> binary with size 'size'
  */
-void sh_hash_push2db (char * key, unsigned long val1, 
-                      unsigned long val2, unsigned long val3,
-                      unsigned char * str, int size);
+struct store2db {
+  UINT64 val0;
+  UINT64 val1;
+  UINT64 val2;
+  UINT64 val3;
+  char   checksum[KEY_LEN+1];
+  unsigned char * str;
+  int size;
+};
+
+void sh_hash_push2db (const char * key, struct store2db * save);
+
 
 /* Retrieve data
  */
-char * sh_hash_db2pop (char * key, unsigned long * val1, 
-                       unsigned long * val2, unsigned long * val3,
-                       int * size);
+char * sh_hash_db2pop (const char * key,  struct store2db * get);
+
 
 /* Write out database

trunk/include/sh_unix.h

@@ -90 +90 @@
 /* use prelink     */
 #define MODI_PREL (1 << 13)
+
 /* get content     */
 #define MODI_TXT ((1 << 14)|MODI_CHK)
-
 #define MODI_TXT_ENABLED(a) (((a)&(1 << 14))!=0)
+
+/* get audit record  */
+#define MODI_AUDIT (1 << 15)
+#define MODI_AUDIT_ENABLED(a) (((a)&(1 << 15))!=0)
+
 
 #define SH_TXT_MAX 9200