Changeset 415 for trunk/src/sh_audit.c

Timestamp:

Nov 1, 2012, 7:45:54 AM (12 years ago)

Author:

katerina

Message:

Fixes for tickets #314, #315, #316, #317, #318, #319, #320, and #321.

File:

• trunk/src/sh_audit.c (modified) (5 diffs)

trunk/src/sh_audit.c

@@ -211 +211 @@
   if (p >= 0)
     {
-      char command[64];
-
-      sl_snprintf(command, sizeof(command), _("%s -D -k samhain"),
+      char ctl[64];
+
+      sl_snprintf(ctl, sizeof(ctl), _("%s -D -k samhain"),
                   _(actl_paths[p]));
       sh_error_handle (SH_ERR_ALL, FIL__, __LINE__, 
@@ -219 +219 @@
                        _("Deleting audit daemon rules with key samhain"),
                        _("sh_audit_delete_all") );
-      sh_ext_system(command);
-    }
-  return;
-}
-
-void sh_audit_mark (const char * file)
+
+      sl_strlcpy(ctl, _(actl_paths[p]), sizeof(ctl));
+      sh_ext_system(ctl, ctl, "-D", "-k", _("samhain"), NULL);
+    }
+  return;
+}
+
+static void sh_audit_mark_int (const char * file)
 {
   static int flushRules = 0;
@@ -243 +245 @@
       char * command = SH_ALLOC(len);
       char * safe;
+      char   ctl[64];
 
       sl_snprintf(command, len, _("%s -w %s -p wa -k samhain"),
@@ -255 +258 @@
       SH_FREE(safe);
 
-      sh_ext_system(command);
-    }
-  return;
-}
-
+      sl_strlcpy(ctl, _(actl_paths[p]), sizeof(ctl));
+      sl_strlcpy(command, file, len);
+
+      sh_ext_system(ctl, ctl, "-w", command, "-p", "wa", "-k", _("samhain"), NULL);
+
+      SH_FREE(command);
+    }
+  return;
+}
+
+struct aud_list {
+  char * file;
+  struct aud_list * next;
+};
+
+struct aud_list * mark_these = NULL;
+
+static void add_this (char * file)
+{
+  struct aud_list * this = SH_ALLOC(sizeof(struct aud_list));
+  this->file = sh_utils_strdup(file);
+  this->next = mark_these;
+  return;
+}
+
+static int test_exchange (struct aud_list * this, char * file)
+{
+  size_t len0 = sl_strlen(this->file);
+  size_t len1 = sl_strlen(file);
+  int    ret  = -1;
+
+  if (len0 == len1)
+    {
+      return strcmp(this->file, file);
+    }
+  else
+    {
+      char * s0 = SH_ALLOC(len0 + 2);
+      char * s1 = SH_ALLOC(len1 + 2);
+
+       sl_strlcpy(s0, this->file, len0 + 2); 
+       sl_strlcpy(s1, file,       len1 + 2); 
+
+       if (s0 < s1)
+         {
+           sl_strlcat(s0, "/", len0 + 2);
+           ret = strncmp(s0, s1, len0 + 1);
+         }
+       else
+         {
+           sl_strlcat(s1, "/", len1 + 2);
+           if (0 == strncmp(s0, s1, len1 + 1))
+             {
+               SH_FREE(this->file);
+               this->file = sh_utils_strdup(file);
+               ret = 0;
+             }
+         }
+       SH_FREE(s0);
+       SH_FREE(s1);
+    }
+  
+  return ret;
+}
+
+void sh_audit_mark (char * file)
+{
+  struct aud_list * all  = mark_these;
+  struct aud_list * this = mark_these;
+
+  if (!mark_these) {
+    add_this (file);
+    return;
+  }
+
+  while (this)
+    {
+      if (0 == test_exchange(this, file))
+        return;
+      this = this->next;
+    }
+
+  add_this (file);
+  return;
+}
+
+void sh_audit_commit ()
+{
+  struct aud_list * next;
+  struct aud_list * this = mark_these;
+
+  mark_these = NULL;
+
+  while (this)
+    {
+      sh_audit_mark_int (this->file);
+      next = this->next;
+      SH_FREE(this->file);
+      SH_FREE(this);
+      this = next;
+    }
+  
+}
 
 static int sh_audit_checkdaemon()
@@ -381 +482 @@
   return;
 }
+void sh_audit_commit ()
+{
+  return;
+}
 #endif