- Timestamp:
- Oct 31, 2011, 9:42:22 PM (13 years ago)
- Location:
- trunk/src
- Files:
-
- 5 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/sh_fInotify.c
r368 r371 143 143 } 144 144 } 145 else if (arg != NULL && arg->initval < 0 && 146 (sh.flag.isdaemon != S_TRUE && sh.flag.loop != S_TRUE)) 147 { 148 sh.flag.inotify = 0; 149 return SH_MOD_FAILED; 150 } 145 151 else if (arg != NULL && arg->initval == SH_MOD_THREAD && 146 152 (sh.flag.isdaemon == S_TRUE || sh.flag.loop == S_TRUE)) … … 162 168 ssize_t len = -1; 163 169 char * buffer = SH_ALLOC(16384); 170 static int count = 0; 164 171 165 172 if (ShfInotifyActive == S_FALSE) … … 175 182 /* Blocking read from inotify file descriptor. 176 183 */ 177 len = sh_inotify_read (buffer, 16384);184 len = sh_inotify_read_timeout(buffer, 16384, 1); 178 185 179 186 if (len > 0) … … 203 210 */ 204 211 sh_inotify_recheck_watches (&sh_file_watches, &sh_file_missing); 212 213 ++count; 214 215 if (count >= 10) 216 { 217 count = 0; /* Re-expand glob patterns to discover added files */ 218 sh_files_check_globFilePatterns(); 219 } 205 220 206 221 return 0; … … 274 289 SH_MUTEX_LOCK(mutex_thread_nolog); 275 290 sh_error_handle((-1), FIL__, __LINE__, 0, MSG_E_SUBGEN, 276 _("Cannot set max_user_watches"), _("sh_fInotify_set_nwatches")); 291 _("Cannot set max_user_watches"), 292 _("sh_fInotify_set_nwatches")); 277 293 SH_MUTEX_UNLOCK(mutex_thread_nolog); 278 294 return; … … 353 369 unsigned long check_mask; 354 370 char * filename; 371 extern int flag_err_debug; 372 373 if (flag_err_debug == SL_TRUE) 374 { 375 char dbgbuf[256]; 376 sl_strlcpy (dbgbuf, "inotify mask: ", sizeof(dbgbuf)); 377 if (event->mask & IN_ACCESS) sl_strlcat(dbgbuf, "IN_ACCESS ", sizeof(dbgbuf)); 378 if (event->mask & IN_ATTRIB) sl_strlcat(dbgbuf, "IN_ATTRIB ", sizeof(dbgbuf)); 379 if (event->mask & IN_CLOSE_WRITE) sl_strlcat(dbgbuf, "IN_CLOSE_WRITE ", sizeof(dbgbuf)); 380 if (event->mask & IN_CLOSE_NOWRITE) sl_strlcat(dbgbuf, "IN_CLOSE_NOWRITE ", sizeof(dbgbuf)); 381 if (event->mask & IN_CREATE) sl_strlcat(dbgbuf, "IN_CREATE ", sizeof(dbgbuf)); 382 if (event->mask & IN_DELETE) sl_strlcat(dbgbuf, "IN_DELETE ", sizeof(dbgbuf)); 383 if (event->mask & IN_DELETE_SELF) sl_strlcat(dbgbuf, "IN_DELETE_SELF ", sizeof(dbgbuf)); 384 if (event->mask & IN_MODIFY) sl_strlcat(dbgbuf, "IN_MODIFY ", sizeof(dbgbuf)); 385 if (event->mask & IN_MOVE_SELF) sl_strlcat(dbgbuf, "IN_MOVE_SELF ", sizeof(dbgbuf)); 386 if (event->mask & IN_MOVED_FROM) sl_strlcat(dbgbuf, "IN_MOVED_FROM ", sizeof(dbgbuf)); 387 if (event->mask & IN_MOVED_TO) sl_strlcat(dbgbuf, "IN_MOVED_TO ", sizeof(dbgbuf)); 388 if (event->mask & IN_OPEN) sl_strlcat(dbgbuf, "IN_OPEN ", sizeof(dbgbuf)); 389 if (event->mask & IN_IGNORED) sl_strlcat(dbgbuf, "IN_IGNORED ", sizeof(dbgbuf)); 390 if (event->mask & IN_ISDIR) sl_strlcat(dbgbuf, "IN_ISDIR ", sizeof(dbgbuf)); 391 if (event->mask & IN_Q_OVERFLOW) sl_strlcat(dbgbuf, "IN_Q_OVERFLOW ", sizeof(dbgbuf)); 392 if (event->mask & IN_UNMOUNT) sl_strlcat(dbgbuf, "IN_UNMOUNT ", sizeof(dbgbuf)); 393 SH_MUTEX_LOCK(mutex_thread_nolog); 394 sh_error_handle(SH_ERR_ALL, FIL__, __LINE__, 0, MSG_E_SUBGEN, 395 dbgbuf, _("sh_fInotify_process")); 396 SH_MUTEX_UNLOCK(mutex_thread_nolog); 397 } 398 355 399 356 400 if (event->wd >= 0) … … 438 482 } 439 483 440 if ( (event->mask & (IN_A CCESS|IN_MODIFY)) != 0)484 if ( (event->mask & (IN_ATTRIB|IN_MODIFY)) != 0) 441 485 { 442 486 sh_files_search_file(path, &class, &check_mask, &reported); … … 477 521 if (S_FALSE == sh_ignore_chk_new(path)) 478 522 { 523 int ret; 524 479 525 sh_files_clear_file_reported(path); 480 526 481 sh_files_search_file(path, &class, &check_mask, &reported);527 ret = sh_files_search_file(path, &class, &check_mask, &reported); 482 528 483 529 sh_files_filecheck (class, check_mask, filename, … … 486 532 if (SH_FFLAG_REPORTED_SET(reported)) 487 533 sh_files_set_file_reported(path); 534 535 if (ret != 0) 536 { 537 sh_inotify_add_watch(path, &sh_file_watches, &ret, 538 class, check_mask); 539 } 488 540 } 489 541 } -
trunk/src/sh_files.c
r367 r371 56 56 #include <glob.h> 57 57 #endif 58 #ifdef HAVE_FNMATCH_H 59 #include <fnmatch.h> 60 #endif 61 58 62 59 63 #include "samhain.h" … … 281 285 static zAVLTree * zfileList = NULL; 282 286 287 SH_MUTEX_STATIC(mutex_zfiles, PTHREAD_MUTEX_INITIALIZER); 288 SH_MUTEX_STATIC(mutex_zglob, PTHREAD_MUTEX_INITIALIZER); 283 289 284 290 static int sh_files_fullpath (char * testdir, char * d_name, … … 503 509 SL_ENTER(_("sh_files_delfilestack")); 504 510 511 SH_MUTEX_LOCK(mutex_zfiles); 505 512 zAVLFreeTree (zfileList, free_dirstack); 506 513 zfileList = NULL; 514 SH_MUTEX_UNLOCK(mutex_zfiles); 507 515 508 516 SL_RETURN(0, _("sh_files_delfilestack")); … … 559 567 SL_ENTER(_("sh_files_reset")); 560 568 569 SH_MUTEX_LOCK(mutex_zfiles); 561 570 for (ptr = (dirstack_t *) zAVLFirst(&avlcursor, zfileList); ptr; 562 571 ptr = (dirstack_t *) zAVLNext(&avlcursor)) 563 572 ptr->checked = 0; 564 573 SH_MUTEX_UNLOCK(mutex_zfiles); 565 574 SL_RET0(_("sh_files_reset")); 566 575 } … … 903 912 new_item_ptr->childs_checked = S_FALSE; 904 913 914 SH_MUTEX_LOCK(mutex_zfiles); 905 915 if (zfileList == NULL) 906 916 { … … 914 924 915 925 ret = zAVLInsert (zfileList, new_item_ptr); 926 SH_MUTEX_UNLOCK(mutex_zfiles); 916 927 917 928 if (-1 == ret) … … 920 931 aud__exit(FIL__, __LINE__, EXIT_FAILURE); 921 932 } 922 923 if (3 == ret) 933 else if (3 == ret) 924 934 { 925 935 if (sh.flag.started != S_TRUE) … … 930 940 new_item_ptr = NULL; 931 941 } 932 933 if (new_item_ptr && MODI_AUDIT_ENABLED(new_item_ptr->check_mask)) 934 { 935 sh_audit_mark(new_item_ptr->name); 942 else 943 { 944 unsigned long mask = sh_files_maskof(class); 945 if (MODI_AUDIT_ENABLED(mask)) 946 { 947 sh_audit_mark(new_item_ptr->name); 948 } 936 949 } 937 950 SL_RETURN(0, _("sh_files_push_file_int")); … … 954 967 955 968 static void sh_files_pushglob (int class, int type, const char * p, int rdepth, 956 unsigned long check_mask , int flag)969 unsigned long check_mask_in, int flag) 957 970 { 958 971 int globstatus = -1; 959 972 unsigned int gloop; 960 973 glob_t pglob; 974 975 volatile unsigned long check_mask = check_mask_in; 961 976 962 977 SL_ENTER(_("sh_files_pushglob")); … … 974 989 int ret; 975 990 991 SH_MUTEX_TRYLOCK(mutex_zfiles); 976 992 fileName = sh_util_strdup (p); 977 993 … … 1001 1017 SH_FREE(new_item_ptr); 1002 1018 } 1019 SH_MUTEX_TRYLOCK_UNLOCK(mutex_zfiles); 1003 1020 } 1004 1021 … … 1058 1075 } 1059 1076 1060 void sh_files_check_glob Patterns()1077 void sh_files_check_globFilePatterns() 1061 1078 { 1062 1079 sh_globstack_t * testPattern; … … 1065 1082 SL_ENTER(_("sh_files_check_globPatterns")); 1066 1083 1067 for (testPattern = (sh_globstack_t *) zAVLFirst (&cursor, zglobList); testPattern; 1084 SH_MUTEX_LOCK(mutex_zglob); 1085 for (testPattern = (sh_globstack_t *) zAVLFirst (&cursor, zglobList); 1086 testPattern; 1087 testPattern = (sh_globstack_t *) zAVLNext (&cursor)) 1088 { 1089 if (testPattern->type == SH_LIST_FILE) 1090 { 1091 sh_files_pushglob(testPattern->class, testPattern->type, 1092 testPattern->name, testPattern->rdepth, 1093 testPattern->check_mask, 1); 1094 } 1095 } 1096 SH_MUTEX_UNLOCK(mutex_zglob); 1097 SL_RET0(_("sh_files_check_globPatterns")); 1098 } 1099 1100 void sh_files_check_globPatterns() 1101 { 1102 sh_globstack_t * testPattern; 1103 zAVLCursor cursor; 1104 1105 SL_ENTER(_("sh_files_check_globPatterns")); 1106 1107 SH_MUTEX_LOCK(mutex_zglob); 1108 for (testPattern = (sh_globstack_t *) zAVLFirst (&cursor, zglobList); 1109 testPattern; 1068 1110 testPattern = (sh_globstack_t *) zAVLNext (&cursor)) 1069 1111 { … … 1072 1114 testPattern->check_mask, 1); 1073 1115 } 1116 SH_MUTEX_UNLOCK(mutex_zglob); 1074 1117 SL_RET0(_("sh_files_check_globPatterns")); 1075 1118 } … … 1097 1140 SL_ENTER(_("sh_files_delglobstack")); 1098 1141 1142 SH_MUTEX_LOCK(mutex_zglob); 1099 1143 zAVLFreeTree (zglobList, free_globstack); 1100 1144 zglobList = NULL; 1145 SH_MUTEX_UNLOCK(mutex_zglob); 1101 1146 1102 1147 SL_RETURN(0, _("sh_files_delglobstack")); … … 1245 1290 } 1246 1291 1292 static void * sh_dummy_ptr; 1293 1247 1294 unsigned long sh_dirs_chk (int which) 1248 1295 { … … 1252 1299 dirstack_t * dst_ptr; 1253 1300 int status; 1254 unsigned long dcount = 0;1301 volatile unsigned long dcount = 0; 1255 1302 char * tmp; 1256 1303 1257 1304 SL_ENTER(_("sh_dirs_chk")); 1258 1305 1306 sh_dummy_ptr = (void *) &ptr; 1307 1259 1308 if (which == 1) 1260 1309 tree = zdirListOne; … … 1271 1320 if (ptr->checked == S_FALSE) 1272 1321 { 1322 SH_MUTEX_LOCK(mutex_zfiles); 1273 1323 /* 28 Aug 2001 check the top level directory 1274 1324 */ … … 1290 1340 } 1291 1341 } 1342 SH_MUTEX_UNLOCK(mutex_zfiles); 1292 1343 1293 1344 if (status == S_FALSE) … … 1755 1806 #endif 1756 1807 1808 static void * sh_dummy_dirlist; 1809 1757 1810 /* -- check a single directory and its content 1758 1811 */ … … 1781 1834 int rdepth_next; 1782 1835 int class_next; 1783 intfile_class_next;1836 volatile int file_class_next; 1784 1837 unsigned long check_mask_next; 1785 unsigned long file_check_mask_next;1786 1787 intchecked_flag = S_FALSE;1788 intcchecked_flag = S_FALSE;1838 volatile unsigned long file_check_mask_next; 1839 1840 volatile int checked_flag = S_FALSE; 1841 volatile int cchecked_flag = S_FALSE; 1789 1842 1790 1843 dirstack_t * dst_ptr; … … 1797 1850 1798 1851 SL_ENTER(_("sh_files_checkdir")); 1852 1853 sh_dummy_dirlist = (void *) &dirlist; 1799 1854 1800 1855 if (sig_urgent > 0) { … … 2045 2100 } 2046 2101 2102 SH_MUTEX_LOCK(mutex_zfiles); 2047 2103 dst_ptr = (dirstack_t *) zAVLSearch(zfileList, tmpcat); 2048 2104 … … 2059 2115 /* cchecked_flag = dst_ptr->childs_checked; */ 2060 2116 } 2117 SH_MUTEX_UNLOCK(mutex_zfiles); 2061 2118 2062 2119 /* ---- Has been checked already. ---- … … 2518 2575 * ----------------------------------- 2519 2576 */ 2520 int sh_files_search_file(char * name, int * class, unsigned long *check_mask, int *reported) 2521 { 2522 dirstack_t * item = zAVLSearch(zfileList, name); 2577 int sh_files_search_file(char * name, int * class, 2578 unsigned long *check_mask, int *reported) 2579 { 2580 int retval = 0; 2581 #if defined(HAVE_GLOB_H) && defined(HAVE_FNMATCH_H) 2582 sh_globstack_t * testPattern; 2583 zAVLCursor cursor; 2584 #endif 2585 dirstack_t * item; 2586 2587 SH_MUTEX_LOCK(mutex_zfiles); 2588 item = zAVLSearch(zfileList, name); 2523 2589 2524 2590 if (item) … … 2527 2593 *class = item->class; 2528 2594 *reported = item->is_reported; 2529 return 1; 2530 } 2531 return 0; 2595 retval = 1; 2596 goto out; 2597 } 2598 2599 #if defined(HAVE_GLOB_H) && defined(HAVE_FNMATCH_H) 2600 SH_MUTEX_LOCK(mutex_zglob); 2601 for (testPattern = (sh_globstack_t *) zAVLFirst (&cursor, zglobList); 2602 testPattern; 2603 testPattern = (sh_globstack_t *) zAVLNext (&cursor)) 2604 { 2605 if (testPattern->type == SH_LIST_FILE) 2606 { 2607 if (0 == fnmatch(testPattern->name, name, FNM_PATHNAME|FNM_PERIOD)) 2608 { 2609 *check_mask = testPattern->check_mask; 2610 *class = testPattern->class; 2611 retval = 1; 2612 break; 2613 } 2614 2615 } 2616 } 2617 SH_MUTEX_UNLOCK(mutex_zglob); 2618 #endif 2619 out: 2620 SH_MUTEX_UNLOCK(mutex_zfiles); 2621 return retval; 2532 2622 } 2533 2623 2534 2624 void sh_files_set_file_reported(char * name) 2535 2625 { 2536 dirstack_t * item = zAVLSearch(zfileList, name); 2626 dirstack_t * item; 2627 2628 SH_MUTEX_LOCK_UNSAFE(mutex_zfiles); 2629 item = zAVLSearch(zfileList, name); 2537 2630 2538 2631 if (item) … … 2541 2634 SET_SH_FFLAG_REPORTED(item->is_reported); 2542 2635 } 2636 SH_MUTEX_UNLOCK_UNSAFE(mutex_zfiles); 2543 2637 return; 2544 2638 } … … 2546 2640 void sh_files_clear_file_reported(char * name) 2547 2641 { 2548 dirstack_t * item = zAVLSearch(zfileList, name); 2642 dirstack_t * item; 2643 2644 SH_MUTEX_LOCK_UNSAFE(mutex_zfiles); 2645 item = zAVLSearch(zfileList, name); 2549 2646 2550 2647 if (item) … … 2552 2649 CLEAR_SH_FFLAG_REPORTED(item->is_reported); 2553 2650 } 2651 SH_MUTEX_UNLOCK_UNSAFE(mutex_zfiles); 2554 2652 return; 2555 2653 } … … 2567 2665 dirstack_t * pfilL; 2568 2666 zAVLCursor cursor; 2667 volatile int retval = -1; 2569 2668 2570 2669 SL_ENTER(_("check_file")); … … 2573 2672 SL_RETURN(0, _("check_file")); 2574 2673 2674 SH_MUTEX_LOCK(mutex_zfiles); 2575 2675 for (pfilL = (dirstack_t *) zAVLFirst (&cursor, zfileList); pfilL; 2576 2676 pfilL = (dirstack_t *) zAVLNext (&cursor)) … … 2580 2680 (pfilL->check_mask & MODI_CTM) == 0 && 2581 2681 (pfilL->check_mask & MODI_MTM) == 0) 2582 SL_RETURN(0, _("check_file")); 2583 } 2584 SL_RETURN((-1), _("check_file")); 2585 } 2586 2682 { 2683 retval = 0; 2684 break; 2685 } 2686 } 2687 SH_MUTEX_UNLOCK(mutex_zfiles); 2688 2689 SL_RETURN(retval, _("check_file")); 2690 } 2691 2692 static void * sh_dummy_pdirL; 2693 2587 2694 int sh_files_test_setup_int (zAVLTree * tree) 2588 2695 { … … 2596 2703 SL_ENTER(_("sh_files_test_setup")); 2597 2704 2705 sh_dummy_pdirL = (void *) &pdirL; 2706 2598 2707 for (pdirL = (dirstack_t *) zAVLFirst (&cursor1, tree); pdirL; 2599 2708 pdirL = (dirstack_t *) zAVLNext (&cursor1)) … … 2601 2710 dlen = strlen(pdirL->name); 2602 2711 2712 SH_MUTEX_LOCK(mutex_zfiles); 2603 2713 for (pfilL = (dirstack_t *) zAVLFirst (&cursor2, zfileList); pfilL; 2604 2714 pfilL = (dirstack_t *) zAVLNext (&cursor2)) … … 2631 2741 } 2632 2742 } 2743 SH_MUTEX_UNLOCK(mutex_zfiles); 2633 2744 } 2634 2745 -
trunk/src/sh_hash.c
r367 r371 1510 1510 unlock_and_exit: 1511 1511 ; /* 'label at end of compound statement */ 1512 SH_MUTEX_ UNLOCK(mutex_hash);1512 SH_MUTEX_TRYLOCK_UNLOCK(mutex_hash); 1513 1513 1514 1514 SL_RET0(_("sh_hash_hashdelete")); -
trunk/src/sh_inotify.c
r369 r371 213 213 ssize_t sh_inotify_read(char * buffer, size_t count) 214 214 { 215 ssize_t len = -1; 216 int ifd = sh_inotify_getfd(); 217 218 do { 219 len = read (ifd, buffer, count); 220 } while (len < 0 && (errno == EINTR || errno == EAGAIN)); 221 222 return len; 223 } 224 225 ssize_t sh_inotify_read_timeout(char * buffer, size_t count, int timeout) 226 { 215 227 ssize_t len; 216 228 int ifd = sh_inotify_getfd(); 217 229 218 do { 219 len = read (ifd, buffer, count); 220 } while (len < 0 || errno == EINTR); 230 len = sl_read_timeout_fd (ifd, buffer, count, timeout, SL_FALSE); 221 231 222 232 return len; 223 233 } 234 224 235 225 236 static void sh_inotify_free_watch(void * item) … … 287 298 { 288 299 listcursor->curnode = listcursor->curnode->next; 289 return listcursor->curnode->watch; 300 if (listcursor->curnode) 301 return listcursor->curnode->watch; 302 else 303 return NULL; 290 304 } 291 305 … … 512 526 int ifd = sh_get_inotify_fd(); 513 527 514 extern void sh_fInotify_report_add(char * path, int class, unsigned long check_mask); 528 extern void sh_fInotify_report_add(char * path, 529 int class, unsigned long check_mask); 515 530 516 531 sh_dummy_litem = (void*) &litem; … … 520 535 SH_MUTEX_LOCK(mutex_list_dormant); 521 536 522 for (litem = sh_inotify_list_first(&listcursor, save); litem; 523 litem = sh_inotify_list_next(&listcursor, save)) 537 litem = sh_inotify_list_first(&listcursor, save); 538 539 while (litem) 524 540 { 525 541 have_next: … … 545 561 } 546 562 } 563 litem = sh_inotify_list_next(&listcursor, save); 547 564 } 548 565 SH_MUTEX_UNLOCK(mutex_list_dormant); … … 725 742 /* -- Blocking read on inotify file descriptor 726 743 */ 727 sh_inotify_read(buffer, sizeof(buffer));744 len = sh_inotify_read(buffer, sizeof(buffer)); 728 745 729 746 if (len > 0) -
trunk/src/slib.c
r318 r371 2611 2611 else if (byteread == 0) 2612 2612 { 2613 /* zero indicates end of file */ 2613 2614 break; 2614 2615 } … … 2646 2647 TPT(( 0, FIL__, __LINE__, _("msg=<timeout>"))); 2647 2648 errno = 0; 2649 if (bytes > 0) 2650 return ((int) bytes); 2648 2651 return (SL_TIMEOUT); 2649 2652 } … … 2676 2679 TPT(( 0, FIL__, __LINE__, _("msg=<timeout>"))); 2677 2680 errno = 0; 2681 if (bytes > 0) 2682 return ((int) bytes); 2678 2683 return (SL_TIMEOUT); 2679 2684 }
Note:
See TracChangeset
for help on using the changeset viewer.