Changeset 481 for trunk/include

Timestamp:

Jul 18, 2015, 5:06:52 PM (9 years ago)

Author:

katerina

Message:

Enhancements and fixes for tickets #374, #375, #376, #377, #378, and #379.

Location:

trunk/include

Files:

• kern_head.h (deleted)
• rijndael-alg-fst.h (modified) (1 diff)
• rijndael-api-fst.h (modified) (4 diffs)
• rijndael-boxes-fst.h (deleted)
• samhain.h (modified) (11 diffs)
• sh_calls.h (modified) (2 diffs)
• sh_cat.h (modified) (3 diffs)
• sh_dbCheck.h (added)
• sh_dbCreate.h (added)
• sh_dbIO.h (added)
• sh_dbIO_int.h (added)
• sh_error.h (modified) (2 diffs)
• sh_error_min.h (modified) (1 diff)
• sh_extern.h (modified) (2 diffs)
• sh_fifo.h (modified) (5 diffs)
• sh_files.h (modified) (3 diffs)
• sh_forward.h (deleted)
• sh_gpg.h (modified) (2 diffs)
• sh_guid.h (added)
• sh_hash.h (modified) (4 diffs)
• sh_html.h (modified) (1 diff)
• sh_inotify.h (modified) (2 diffs)
• sh_kern.h (deleted)
• sh_prelink.h (modified) (1 diff)
• sh_sem.h (added)
• sh_socket.h (modified) (1 diff)
• sh_tiger.h (modified) (1 diff)
• sh_tools.h (modified) (4 diffs)
• sh_trace.h (modified) (1 diff)
• sh_unix.h (modified) (7 diffs)
• sh_xfer.h (added)
• slib.h (modified) (1 diff)

trunk/include/rijndael-alg-fst.h

@@ -1 @@
-/*
- * rijndael-alg-fst.h   v2.3   April '2000
+/*      $NetBSD: rijndael-alg-fst.h,v 1.4 2005/12/11 12:20:52 christos Exp $    */
+/*      $KAME: rijndael-alg-fst.h,v 1.5 2003/07/15 10:47:16 itojun Exp $        */
+/**
+ * rijndael-alg-fst.h
  *
- * Optimised ANSI C code
+ * @version 3.0 (December 2000)
  *
+ * Optimised ANSI C code for the Rijndael cipher (now AES)
+ *
+ * @author Vincent Rijmen <vincent.rijmen@esat.kuleuven.ac.be>
+ * @author Antoon Bosselaers <antoon.bosselaers@esat.kuleuven.ac.be>
+ * @author Paulo Barreto <paulo.barreto@terra.com.br>
+ *
+ * This code is hereby placed in the public domain.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS
+ * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+ * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+ * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
-
-/*@-fixedformalarray@*/
-
 #ifndef __RIJNDAEL_ALG_FST_H
 #define __RIJNDAEL_ALG_FST_H
 
-#define MAXKC                   (256/32)
-#define MAXROUNDS               14
-
-/* USUAL_TYPES */
-#ifndef USUAL_TYPES
-#define USUAL_TYPES
-typedef unsigned char   byte;
-typedef unsigned char   word8;  
-typedef unsigned short  word16; 
-typedef unsigned int    word32;
-#endif 
+#define RIJNDAEL_MAXKC  (256/32)
+#define RIJNDAEL_MAXKB  (256/8)
+#define RIJNDAEL_MAXNR  14
 
 #ifdef SH_ENCRYPT
 
-int rijndaelKeySched(word8 k[MAXKC][4], word8 rk[MAXROUNDS+1][4][4], int ROUNDS);
-
-int rijndaelKeyEncToDec(word8 W[MAXROUNDS+1][4][4], int ROUNDS);
-
-int rijndaelEncrypt(word8 a[16], word8 b[16], word8 rk[MAXROUNDS+1][4][4], int ROUNDS);
-
-
-int rijndaelDecrypt(word8 a[16], word8 b[16], word8 rk[MAXROUNDS+1][4][4], int ROUNDS);
-
-#ifdef INTERMEDIATE_VALUE_KAT
-int rijndaelEncryptRound(word8 a[4][4], word8 rk[MAXROUNDS+1][4][4], int ROUNDS, int rounds);
-int rijndaelDecryptRound(word8 a[4][4], word8 rk[MAXROUNDS+1][4][4], int ROUNDS, int rounds);
-#endif
+int rijndaelKeySetupEnc(u32 rk[/*4*(Nr + 1)*/], const u8 cipherKey[], int keyBits);
+int rijndaelKeySetupDec(u32 rk[/*4*(Nr + 1)*/], const u8 cipherKey[], int keyBits);
+void rijndaelEncrypt(const u32 rk[/*4*(Nr + 1)*/], int Nr, const u8 pt[16], u8 ct[16]);
+void rijndaelDecrypt(const u32 rk[/*4*(Nr + 1)*/], int Nr, const u8 ct[16], u8 pt[16]);
 
 /* SH_ENCRYPT */
 #endif
-
-/* __RIJNDAEL_ALG_FST_H */
-#endif 
-
+#endif /* __RIJNDAEL_ALG_FST_H */

trunk/include/rijndael-api-fst.h

@@ -1 @@
-/*
- * rijndael-api-fst.h   v2.3   April '2000
+/*      $NetBSD: rijndael-api-fst.h,v 1.8 2007/01/21 23:00:08 cbiere Exp $      */
+
+/**
+ * rijndael-api-fst.h
  *
- * Optimised ANSI C code
+ * @version 2.9 (December 2000)
  *
+ * Optimised ANSI C code for the Rijndael cipher (now AES)
+ *
+ * @author Vincent Rijmen <vincent.rijmen@esat.kuleuven.ac.be>
+ * @author Antoon Bosselaers <antoon.bosselaers@esat.kuleuven.ac.be>
+ * @author Paulo Barreto <paulo.barreto@terra.com.br>
+ *
+ * This code is hereby placed in the public domain.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS
+ * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+ * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+ * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * Acknowledgements:
+ *
+ * We are deeply indebted to the following people for their bug reports,
+ * fixes, and improvement suggestions to this implementation. Though we
+ * tried to list all contributions, we apologise in advance for any
+ * missing reference.
+ *
+ * Andrew Bales <Andrew.Bales@Honeywell.com>
+ * Markus Friedl <markus.friedl@informatik.uni-erlangen.de>
+ * John Skodon <skodonj@webquill.com>
  */
 
@@ -9 +41 @@
 #define __RIJNDAEL_API_FST_H
 
+/* Blocksize: 16 * 8 = 128; 128 * 1 = 128 */
+#define     B_SIZ    16
+#define     BNUM      1
+
+
+#if defined(UINT32)
+typedef unsigned char u8;
+typedef UINT32 u32;
+#else
+
+typedef unsigned char u8;
+#if defined(HAVE_INT_32)
+typedef unsigned int u32;
+#elif defined(HAVE_LONG_32)
+typedef unsigned long u32;
+#elif defined(HAVE_SHORT_32)
+typedef unsigned short u32;
+#else
+#error "No 32 bit integer type found"
+#endif
+
+#endif
+
 #include "rijndael-alg-fst.h"
 
-/*  Defines:
-    Add any additional defines you need
-*/
-
-#define     BNUM                  1
-#define     B_SIZ                 16
-#define     STRICT_ALIGN          1 /*  For safety          */
-
-
+/*  Generic Defines  */
 #define     DIR_ENCRYPT           0 /*  Are we encrpyting?  */
 #define     DIR_DECRYPT           1 /*  Are we decrpyting?  */
@@ -33 +80 @@
 #define     BITSPERBLOCK        128 /* Default number of bits in a cipher block */
 
-/*  Error Codes - CHANGE POSSIBLE: inclusion of additional error codes  */
-
+/*  Error Codes  */
 #define     BAD_KEY_DIR          -1 /*  Key direction is invalid, e.g., unknown value */
 #define     BAD_KEY_MAT          -2 /*  Key material not of correct length */
@@ -45 +91 @@
 #define     BAD_OTHER            -9 /*  Unknown error */
 
-/*  CHANGE POSSIBLE:  inclusion of algorithm specific defines  */
-#define     MAX_KEY_SIZE         64 /* # of ASCII char's needed to represent a key */
-#define     MAX_IV_SIZE          16 /* # bytes needed to represent an IV  */
+/*  Algorithm-specific Defines  */
+#define     RIJNDAEL_MAX_KEY_SIZE         64 /* # of ASCII char's needed to represent a key */
+#define     RIJNDAEL_MAX_IV_SIZE          16 /* # bytes needed to represent an IV  */
 
 #ifdef SH_ENCRYPT
 
-/*  Typedefs:
+/*  Typedefs  */
 
-        Typedef'ed data storage elements.  Add any algorithm specific 
-parameters at the bottom of the structs as appropriate.
-*/
-
-typedef unsigned char   RIJ_BYTE;
+typedef unsigned char   BYTE;
 
 /*  The structure for key information */
 typedef struct {
-    RIJ_BYTE  direction;                /* Key used for encrypting or decrypting? */
-    int   keyLen;                   /* Length of the key  */
-    char  keyMaterial[MAX_KEY_SIZE+1];  /* Raw key data in ASCII, e.g., user input or KAT values */
-        /*  The following parameters are algorithm dependent, replace or add as necessary  */
-        int   ROUNDS;                   /* key-length-dependent number of rounds */
-    int   blockLen;                 /* block length */
-    word8 keySched[MAXROUNDS+1][4][4];  /* key schedule         */
+  u32   rk[4*(RIJNDAEL_MAXNR + 1)];        /* key schedule */
+  u32   ek[4*(RIJNDAEL_MAXNR + 1)];        /* CFB1 key schedule (encryption only) */
+  BYTE  direction;                /* Key used for encrypting or decrypting? */
+  int   keyLen;                   /* Length of the key  */
+  char  keyMaterial[RIJNDAEL_MAX_KEY_SIZE+1];  /* Raw key data in ASCII, e.g., user input or KAT values */
+  int   Nr;                       /* key-length-dependent number of rounds */
 } keyInstance;
 
 /*  The structure for cipher information */
 typedef struct {                    /* changed order of the components */
-    RIJ_BYTE  mode;                     /* MODE_ECB, MODE_CBC, or MODE_CFB1 */
-    RIJ_BYTE  IV[MAX_IV_SIZE];          /* A possible Initialization Vector for ciphering */
-        /*  Add any algorithm specific parameters needed here  */
-    int   blockLen;                 /* Sample: Handles non-128 bit block sizes (if available) */
+    u32  IV[RIJNDAEL_MAX_IV_SIZE / sizeof(u32)];
+                        /* A possible Initialization Vector for ciphering */
+    BYTE  mode;                     /* MODE_ECB, MODE_CBC, or MODE_CFB1 */
 } cipherInstance;
 
 /*  Function prototypes  */
-/*  CHANGED: nothing
-        TODO: implement the following extensions to setup 192-bit and 256-bit block lengths:
-        makeKeyEx():    parameter blockLen added
-                        -- this parameter is absolutely necessary if you want to
-                        setup the round keys in a variable block length setting 
-            cipherInitEx(): parameter blockLen added (for obvious reasons)              
- */
 
-int makeKey(keyInstance *key, RIJ_BYTE direction, int keyLen, char *keyMaterial);
+int rijndael_makeKey(keyInstance *, BYTE, int, const char *);
 
-int cipherInit(cipherInstance *cipher, RIJ_BYTE mode, char *IV);
+int rijndael_cipherInit(cipherInstance *, BYTE, const char *);
 
-int blockEncrypt(cipherInstance *cipher, keyInstance *key,
-                 RIJ_BYTE *input, int inputLen, RIJ_BYTE *outBuffer);
+int rijndael_blockEncrypt(cipherInstance *, keyInstance *, const BYTE *, int, BYTE *);
 
-int blockDecrypt(cipherInstance *cipher, keyInstance *key,
-                 RIJ_BYTE *input, int inputLen, RIJ_BYTE *outBuffer);
-#ifdef INTERMEDIATE_VALUE_KAT
-int cipherUpdateRounds(cipherInstance *cipher, keyInstance *key,
-                       RIJ_BYTE *input, int inputLen, RIJ_BYTE *outBuffer, int rounds);
-#endif
+int rijndael_padEncrypt(cipherInstance *, keyInstance *, const BYTE *, int, BYTE *);
+
+int rijndael_blockDecrypt(cipherInstance *, keyInstance *, const BYTE *, int, BYTE *);
+
+int rijndael_padDecrypt(cipherInstance *, keyInstance *, const BYTE *, int, BYTE *);
 
 /* SH_ENCRYPT */
 #endif
-
-/*  __RIJNDAEL_API_FST_H */
-#endif 
+#endif /* __RIJNDAEL_API_FST_H */

trunk/include/samhain.h

@@ -28 +28 @@
 #endif
 
+#if defined(__GNUC__) && (__GNUC__ >= 4)
+#define SH_GNUC_SENTINEL __attribute__((__sentinel__))
+#else
+#define SH_GNUC_SENTINEL
+#endif
+
+#if defined(__GNUC__) && (__GNUC__ >= 3)
+#undef  SH_GNUC_PURE
+#define SH_GNUC_PURE     __attribute__((pure))
+#undef  SH_GNUC_CONST
+#define SH_GNUC_CONST    __attribute__((const))
+#undef  SH_GNUC_NORETURN
+#define SH_GNUC_NORETURN __attribute__((noreturn))
+#undef  SH_GNUC_MALLOC
+#define SH_GNUC_MALLOC   __attribute__((malloc))
+#else
+#undef  SH_GNUC_PURE
+#define SH_GNUC_PURE
+#undef  SH_GNUC_CONST
+#define SH_GNUC_CONST
+#undef  SH_GNUC_NORETURN
+#define SH_GNUC_NORETURN
+#undef  SH_GNUC_MALLOC
+#define SH_GNUC_MALLOC
+#endif
+
 /**************************************************
  *
@@ -57 +83 @@
 
 /* end IPv6 */
-
-#define REPLACE_OLD
 
 /* Standard buffer sizes. 
@@ -101 +125 @@
 #define PW_LEN     8
 
-#undef  GOOD
-#define GOOD  1
-#undef  BAD
-#define BAD   0
-#undef  ON
-#define ON    1
-#undef  OFF
-#define OFF   0
 #undef  S_TRUE
 #define S_TRUE    1
 #undef  S_FALSE
 #define S_FALSE   0
+
+#undef  GOOD
+#define GOOD  S_TRUE
+#undef  BAD
+#define BAD   S_FALSE
+
+
+#ifdef HAVE_INTTYPES_H
+#include <inttypes.h>
+#endif
+#ifdef HAVE_STDINT_H
+#include <stdint.h>
+#endif
+
+#if !defined(HAVE_UINT16_T)
+#define UINT16 unsigned short
+#else
+#define UINT16 uint16_t
+#endif
+
+#if !defined(HAVE_UINT32_T)
 
 /* An unsigned integer guaranteed to be 32 bit.
@@ -129 +166 @@
 #endif
 
-#ifdef HAVE_INTTYPES_H
-#include <inttypes.h>
-#endif
-#ifdef HAVE_STDINT_H
-#include <stdint.h>
-#endif
-
-#if !defined(HAVE_UINT16_T)
-#define UINT16 unsigned short
-#else
-#define UINT16 uint16_t
+#else
+#define UINT32 uint32_t
+#define SINT32 int32_t
+
 #endif
 
@@ -305 +335 @@
   int    client_severity;          /* TRUE if client severity used    */
   int    client_class;             /* TRUE if client class used       */
+  int    hidefile;                 /* TRUE if file not shown in log   */
+  int    inotify;                  /* Flags for inotify               */
   int    audit;
   unsigned long aud_mask;
-  int    hidefile;                 /* TRUE if file not shown in log   */
-  int    inotify;                  /* Flags for inotify               */
 } sh_sh_flag;
 
@@ -347 +377 @@
   /*@null@*//*@out@*/ char   * timezone;
 
+  int delayload;
+
 #ifdef SCREW_IT_UP
   int sigtrap_max_duration;
 #endif
 
+  char * outpath;
 } sh_struct;
 
@@ -365 +398 @@
 extern volatile  int      sig_termfast;           /* SIGTERM */
 extern volatile  int      sig_force_check;        /* SIGTTOU */
+extern volatile  int      sh_load_delta_flag;
 
 extern long int eintr__result;
@@ -420 +454 @@
 #endif
 
-#if defined(__GNUC__) && (__GNUC__ >= 4)
-#define SH_GNUC_SENTINEL __attribute__((__sentinel__))
-#else
-#define SH_GNUC_SENTINEL
-#endif
-
-#if defined(__GNUC__) && (__GNUC__ >= 3)
-#undef  SH_GNUC_PURE
-#define SH_GNUC_PURE     __attribute__((pure))
-#undef  SH_GNUC_CONST
-#define SH_GNUC_CONST    __attribute__((const))
-#undef  SH_GNUC_NORETURN
-#define SH_GNUC_NORETURN __attribute__((noreturn))
-#undef  SH_GNUC_MALLOC
-#define SH_GNUC_MALLOC   __attribute__((malloc))
-#else
-#undef  SH_GNUC_PURE
-#define SH_GNUC_PURE
-#undef  SH_GNUC_CONST
-#define SH_GNUC_CONST
-#undef  SH_GNUC_NORETURN
-#define SH_GNUC_NORETURN
-#undef  SH_GNUC_MALLOC
-#define SH_GNUC_MALLOC
-#endif
 
 
@@ -481 +490 @@
 #ifdef USE_SUID
 #define MLOCK(a, b) \
-      if ((skey != NULL) && skey->mlock_failed == SL_FALSE){ \
+      if ((skey != NULL) && skey->mlock_failed == S_FALSE){ \
         (void) sl_set_suid(); \
-        if (sh_unix_mlock(FIL__, __LINE__, a, b) < 0) skey->mlock_failed = SL_TRUE; \
+        if (sh_unix_mlock(FIL__, __LINE__, a, b) < 0) skey->mlock_failed = S_TRUE; \
         (void) sl_unset_suid(); }
 #else
 #define MLOCK(a, b) \
-      if ((skey != NULL) && skey->mlock_failed == SL_FALSE){ \
-        if (sh_unix_mlock(FIL__, __LINE__, a, b) < 0) skey->mlock_failed = SL_TRUE; }
+      if ((skey != NULL) && skey->mlock_failed == S_FALSE){ \
+        if (sh_unix_mlock(FIL__, __LINE__, a, b) < 0) skey->mlock_failed = S_TRUE; }
 #endif 
 #else
@@ -498 +507 @@
 #ifdef USE_SUID
 #define MUNLOCK(a, b) \
-      if ((skey != NULL) && skey->mlock_failed == SL_FALSE){ \
+      if ((skey != NULL) && skey->mlock_failed == S_FALSE){ \
         (void) sl_set_suid(); \
         (void) sh_unix_munlock( a, b );\
@@ -504 +513 @@
 #else
 #define MUNLOCK(a, b) \
-      if ((skey != NULL) && skey->mlock_failed == SL_FALSE){ \
+      if ((skey != NULL) && skey->mlock_failed == S_FALSE){ \
         (void) sh_unix_munlock( a, b ); }
 #endif 

trunk/include/sh_calls.h

@@ -30 +30 @@
 
 /*@-fixedformalarray@*/
+
+#include "config_xor.h"
+#if defined(__GNUC__) && (__GNUC__ >= 3)
+#undef  SH_GNUC_NORETURN
+#define SH_GNUC_NORETURN __attribute__((noreturn))
+#else
+#undef  SH_GNUC_NORETURN
+#define SH_GNUC_NORETURN
+#endif
+
 
 /* Set aud functions
@@ -83 +93 @@
                              int * o_noatime);
 /*@noreturn@*/
-void     aud_exit   (const char * file, int line, int fd);
+void     aud_exit   (const char * file, int line, int fd) SH_GNUC_NORETURN;
 /*@noreturn@*/
-void     aud__exit  (const char * file, int line, int fd);
+void     aud__exit  (const char * file, int line, int fd) SH_GNUC_NORETURN;
 pid_t    aud_fork   (const char * file, int line);
 int      aud_pipe   (const char * file, int line, int modus[2]);

trunk/include/sh_cat.h

@@ -75 +75 @@
  MSG_CHECK_0,     
  MSG_CHECK_1,     
+ MSG_CHECK_2,     
  MSG_STAMP,       
                   
@@ -80 +81 @@
  MSG_D_DSTART,    
  MSG_D_FAIL,      
-
+ MSG_D_DELTAOK,
+ MSG_D_DELTAFAIL,
 
 #ifndef HAVE_URANDOM 
@@ -98 +100 @@
  MSG_SUID_QREPORT,
  MSG_SUID_ERROR,
-#endif
-
-#ifdef SH_USE_KERN
- /* FreeBSD */
- MSG_KERN_POLICY,    
- MSG_KERN_POL_CO,
-
- /* Linux */
- MSG_KERN_SYSCALL,
- MSG_KERN_PROC,
- MSG_KERN_IDT,
- MSG_KERN_GATE,
 #endif
 

trunk/include/sh_error.h

@@ -178 +178 @@
 int sh_error_setdebug (char * debug_s);
 
-/* error messages
- */
-/*@owned@*/char * sh_error_message (int tellme, char * str, size_t len);
-
 /* switch on/off log to file temporarily
  */
@@ -198 +194 @@
 void reset_count_dev_console(void);
 
+/* close the message queue [no-op if !defined(WITH_MESSAGE_QUEUE)]
+ */
+void close_ipc (void);
+
 #ifdef WITH_MESSAGE_QUEUE
-/* close the message queue
- */
-void close_ipc (void);
-
 /* enable message queue
  */

trunk/include/sh_error_min.h

@@ -35 +35 @@
 int sh_error_convert_level (const char * str_s);
 
+/* error messages
+ */
+char * sh_error_message (int tellme, char * str, size_t len);
+
 #endif

trunk/include/sh_extern.h

@@ -42 +42 @@
  *    executes shell command
  */
-int sh_ext_popen_init (sh_tas_t * task, char * command, char * argv0, ...) SH_GNUC_SENTINEL;
+int sh_ext_popen_init (sh_tas_t * task, const char * command, char * argv0, ...) SH_GNUC_SENTINEL;
 
 /*
@@ -52 +52 @@
  * -- Execute command, return first line of output
  */
-char * sh_ext_popen_str (char * command);
+char * sh_ext_popen_str (const char * command);
 
 /*

trunk/include/sh_fifo.h

@@ -33 +33 @@
 } SH_FIFO;
 
+#define SH_FIFO_INITIALIZER { NULL, NULL, 0 }
+
 /*****************************************************
  *
@@ -42 +44 @@
  *
  */
-#define fifo_init(fifo_p) { fifo_p->fifo_cts = 0; fifo_p->head_ptr = NULL; \
- fifo_p->tail_ptr = NULL; }
+#define fifo_init(fifo_p) { (fifo_p)->fifo_cts = 0; (fifo_p)->head_ptr = NULL; \
+    (fifo_p)->tail_ptr = NULL; }
 
 
@@ -50 +52 @@
  * Returns: -1 if the list is full, 0 on success 
  */
-int push_list (SH_FIFO * fifo, char * indat, int in_i, const char * in_str);
+int push_list (SH_FIFO * fifo, const char * indat, int in_i, const char * in_str);
+#define sh_fifo_push(a, b) push_list((a), (b), 0, NULL)
 
 /* Push an item on the tail of the list.
@@ -56 +59 @@
  * Returns: -1 if the list is full, 0 on success 
  */
-int push_tail_list (SH_FIFO * fifo, char * indat, int in_i, const char * in_str);
+int push_tail_list (SH_FIFO * fifo, const char * indat, int in_i, const char * in_str);
+#define sh_fifo_push_tail(a, b) push_tail_list((a), (b), 0, NULL)
 
 /* pop an item from the tail of the list
@@ -64 +68 @@
  */
 char * pop_list (SH_FIFO * fifo);
+#define sh_fifo_pop(a) pop_list((a))
 
+/* ----  Special functions -------------------------------------------------*/
 
+/* This is for eMail where different recipients may be eligible for         *
+ * different subsets of messages. We need to delete all that were sent      *
+ * to all intended recipients, and keep all with at least one failure.      */
+
+/* Iterate over list and check for each if it is valid for 'tag';
+ * i.e. (item->s_extra == tag). If yes, add to the returned string.
+ * If (okNull == False) then item->s_xtra must be defined
+ */
 sh_string * tag_list (SH_FIFO * fifo, char * tag,
                       int(*check)(int, const char*, const char*, const void*),
                       const void * info, int okNull);
+
+/* Flag all tagged as candidate to keep */
 void rollback_list (SH_FIFO * fifo);
+/* Flag all tagged as candidate to delete */
 void mark_list (SH_FIFO * fifo);
+/* Remove all flags */
 void reset_list (SH_FIFO * fifo);
+/* Delete all marked for delete that are not flagged for keep */
 int commit_list (SH_FIFO * fifo);
 

trunk/include/sh_files.h

@@ -31 +31 @@
 };
 
+/* Fix the check flags
+ */
+void sh_files_fixup_mask (int class, unsigned long * check_flags);
+
+/* Dequote a filename in the config file
+ */
+char * sh_files_parse_input(const char * str_s, size_t * len);
+
 /* Check whether a file is in the config 
  */
@@ -233 +241 @@
 int sh_files_redef_allignore(const char * str);
 
-ShFileType sh_files_filecheck (int class, unsigned long check_mask,
+ShFileType sh_files_filecheck (int class, unsigned long check_flags,
                                const char * dirName, 
                                const char * infileName,
@@ -239 +247 @@
                                int rsrcflag);
 
-int sh_files_checkdir (int iclass, unsigned long check_mask, 
+int sh_files_checkdir (int iclass, unsigned long check_flags, 
                        int idepth, char * iname, 
                        char * relativeName);
 
 int sh_files_search_file(char * name, int * class, 
-                         unsigned long *check_mask, int * reported);
+                         unsigned long *check_flags, int * reported);
 int sh_files_search_dir(char * name, int * class, 
-                        unsigned long *check_mask, int *reported,
+                        unsigned long *check_flags, int *reported,
                         int * rdepth);
 void sh_files_set_file_reported(const char * name);

trunk/include/sh_gpg.h

@@ -23 +23 @@
 #define SH_GPG_H
 
+#define SIG_CONF 1
+#define SIG_DATA 2
+
 /* Top level function to verify file.
  */
@@ -30 +33 @@
  * and/or database cannot be verified; otherwise returns 0
  */
-int sh_gpg_check_sign (long file_1, long file_2, int what);
+int sh_gpg_check_sign (long file, int what);
 
 /* log successful startup

trunk/include/sh_hash.h

@@ -28 +28 @@
 #include "sh_error.h"
 
+/* the report_checkflags flag
+ */
+int get_report_checkflags();
+
+/* whether to report checkflags
+ */
+int set_report_checkflags(const char * c);
+
 /* convert to policy string
  */
@@ -40 +48 @@
 int hashreport_missing( char *fullpath, int level);
 
+/* remove internal db record for a file (checks for some flags).
+ */
+void sh_hash_remove (const char * path);
+
 /* remove internal db record for a file
  */
-void sh_hash_remove (const char * path);
-
-/* write database to stdout
- */
-int sh_hash_pushdata_stdout (const char * str);
-
-/* version string for database
- */
-int sh_hash_version_string(const char * str);
+void sh_hash_remove_unconditional (const char * path);
+
+/* Insert a "null" record in-memory (representing a missing file).
+ */
+void sh_hash_insert_null(char * str);
+
+#ifdef SH_DBIO_INT_H
+/* Check for "null" record
+ */
+int sh_hash_is_null_record(sh_filestore_t * theFile);
+#endif
 
 /* Dont report on ctm/mtm change for directories
@@ -56 +70 @@
 int sh_hash_loosedircheck(const char * str);
 
-/* List database content
- */
-int sh_hash_list_db (const char * db_file);
-
 /* List database content for a single file
  */
 int set_list_file (const char * c);
 
+/* Set the path of that file
+ */
+char * get_list_file();
+
 /* List database content with full detail
  */
@@ -75 +89 @@
  */
 void sh_hash_init (void);
+
+/* Check init status
+ */
+int sh_hash_get_initialized();
+
+/* Read the database from disk and fill sh.data.hash with checksum.
+ */
+void sh_hash_init_and_checksum();
+
+/* Set status to 'database is read in'.
+ */
+void sh_hash_set_initialized();
 
 /* Check whether a file is present in the database.

trunk/include/sh_html.h

@@ -53 +53 @@
   int                     encf_flag;
   int                     ency_flag;
+  int                     ivst_flag;
   int                     status_now;
   int                     status_arr[CLT_MAX];

trunk/include/sh_inotify.h

@@ -32 +32 @@
 
 int sh_inotify_add_watch(char * filename, sh_watches * watches, int  * errnum,
-                         int class, unsigned long check_mask, int type, int rdepth);
+                         int class, unsigned long check_flags, int type, int rdepth);
 
 int sh_inotify_add_watch_later(const char * filename, sh_watches * watches, 
                                int  * errnum,
-                               int class, unsigned long check_mask, 
+                               int class, unsigned long check_flags, 
                                int type, int rdepth);
 
 char * sh_inotify_pop_dormant(sh_watches * watches, int * class, 
-                              unsigned long * check_mask, int * type, int * rdepth);
+                              unsigned long * check_flags, int * type, int * rdepth);
 
 void sh_inotify_purge_dormant(sh_watches * watches);
@@ -47 +47 @@
 
 char * sh_inotify_search_item(sh_watches * watches, int watch, 
-                              int * class, unsigned long * check_mask, 
+                              int * class, unsigned long * check_flags, 
                               int * type, int * rdepth);
 ssize_t sh_inotify_read(char * buffer, size_t count);

trunk/include/sh_prelink.h

@@ -6 +6 @@
  * alert_timeout: timeout for read
  */
-int sh_prelink_run (char * path, char * file_hash, int alert_timeout);
+int sh_prelink_run (char * path, char * file_hash, int alert_timeout, unsigned long mask);
 
 /* return S_TRUE if ELF file, S_FALSE otherwise

trunk/include/sh_socket.h

@@ -8 +8 @@
 
 #if defined (SH_WITH_CLIENT)
-void sh_socket_server_cmd(const char * srvcmd);
+char * sh_socket_get_uuid(int * errflag, unsigned int * count, time_t * last);
+int    sh_socket_store_uuid(const char * cmd);
+int    sh_socket_return_uuid(const char * uuid, unsigned int count, time_t last);
+void   sh_socket_server_cmd(const char * srvcmd);
+int    set_delta_retry_interval(const char * str);
+int    set_delta_retry_count(const char * str);
 #endif
 

trunk/include/sh_tiger.h

@@ -44 +44 @@
 int sh_tiger_get_hashtype (void);
 
+/* set the hash fuction in use in the mask
+ */
+void sh_tiger_get_mask_hashtype(unsigned long * mask);
+
+
+/* reset the hash function to the one in the mask
+ */
+void sh_tiger_set_hashtype_mask(unsigned long mask);
+
 /* GnuPG-like format, returns allocated memory
  */

trunk/include/sh_tools.h

@@ -8 +8 @@
  */
 #define SH_PROTO_SRP (1 << 0)
+#define SH_PROTO_IVA (1 << 1)
 #define SH_PROTO_MSG (1 << 2)
 #define SH_PROTO_BIG (1 << 3)
 #define SH_PROTO_END (1 << 4)
-#define SH_PROTO_ENC (1 << 5)
+#define SH_PROTO_EN1 (1 << 5)
 #define SH_PROTO_EN2 (1 << 6)
+#define SH_PROTO_ENC (SH_PROTO_EN1|SH_PROTO_EN2)
 #define SH_MASK_ENC (SH_PROTO_ENC|SH_PROTO_EN2)
 
@@ -44 +46 @@
 #if defined (SH_WITH_SERVER)
 
+unsigned char sh_tools_probe_store(unsigned char protocol, int * probe_flag);
+
 int get_open_max (void);
 
-void put_header (/*@out@*/unsigned char * head, int protocol, 
+void put_header (/*@out@*/unsigned char * head, const int protocol, 
                  unsigned long * length, char * u);
 
@@ -59 +63 @@
 /* returns allocated buffer
  */
-char * get_client_conf_file (char * peer, unsigned long * length);
+char * get_client_conf_file (const char * peer, unsigned long * length);
 
 /* returns allocated buffer
  */
-char * get_client_data_file (char * peer, unsigned long * length);
+char * get_client_data_file (const char * peer, unsigned long * length);
 
+/* returns allocated buffer
+ */
+char * get_client_uuid_file (const char * peer, unsigned long * length, const char * uuid);
 #endif
+
 
 unsigned long read_port (int sockfd, char *buf, unsigned long nbytes, 
@@ -72 +80 @@
 
 #if defined (SH_WITH_CLIENT) || defined(SH_WITH_SERVER)
+
+void sh_tools_probe_reset();
 
 unsigned long write_port (int sockfd, char *buf, unsigned long nbytes, 

trunk/include/sh_trace.h

@@ -9 +9 @@
 #define ASSERT(expr, expr1) \
       if (!(expr)) \
-         fprintf(stderr, \
+        { \
+         fprintf(stderr,            \
                  SDG_AERRO, \
-                 FIL__, __LINE__, expr1 );
+                 FIL__, __LINE__, expr1 ); \
+          abort(); \
+        }
 
 

trunk/include/sh_unix.h

@@ -68 +68 @@
 /* inode        */
 #define MODI_INO (1 << 2)
+
 /* user         */
 #define MODI_USR (1 << 3)
@@ -74 +75 @@
 /* mtime        */
 #define MODI_MTM (1 << 5)
+
 /* ctime        */
 #define MODI_CTM (1 << 6)
@@ -80 +82 @@
 /* size         */
 #define MODI_SIZ (1 << 8)
+
 /* file mode    */
 #define MODI_MOD (1 << 9)
@@ -86 +89 @@
 /* device type   */
 #define MODI_RDEV (1 << 11)
+
 /* size may grow   */
 #define MODI_SGROW (1 << 12)
 /* use prelink     */
 #define MODI_PREL (1 << 13)
-
 /* get content     */
 #define MODI_TXT ((1 << 14)|MODI_CHK)
@@ -98 +101 @@
 #define MODI_AUDIT (1 << 15)
 #define MODI_AUDIT_ENABLED(a) (((a)&(1 << 15))!=0)
-
-#define MODI_INIT 0xDA000000UL
-#define MODI_INITIALIZED(a) (((a) & 0xFF000000UL) == MODI_INIT)
+/* do not check  */
+#define MODI_NOCHECK (1 << 16)
+/* do not check  */
+#define MODI_ALLIGNORE (1 << 17)
+
+#define MODI_TIGER192  0x01000000UL
+#define MODI_SHA1      0x02000000UL
+#define MODI_MD5       0x03000000UL
+#define MODI_SHA256    0x04000000UL
+#define MODI_HASHTYPE  0x0F000000UL
+
+#define MODI_INIT 0xD0000000UL
+#define MODI_INITIALIZED(a) (((a) & 0xF0000000UL) == MODI_INIT)
+
+#define MODI_SET(a, b) ((a) |= (b))
+#define MODI_CLEAR(a, b) ((a) &= ~(b))
+#define MODI_ISSET(a, b) (((a) & (b)) != 0)
 
 #define SH_TXT_MAX 9200
@@ -128 +145 @@
 
 typedef struct file_struct {
-  unsigned long    check_mask;
+  unsigned long    check_flags;
   int              file_reported;
   char             fullpath[PATH_MAX];
@@ -314 +331 @@
  */
 int sh_check_rotated_log (const char * path,  
-                          UINT64 old_size, UINT64 old_inode, const char * old_hash);
+                          UINT64 old_size, UINT64 old_inode, const char * old_hash, unsigned long mask);
 
 /* obtain file info

trunk/include/slib.h

@@ -60 +60 @@
  * TRUE, FALSE
  */
-#define SL_TRUE  1
-#define SL_FALSE 0
+#if !defined(S_TRUE)
+#define S_TRUE  1
+#define S_FALSE 0
+#endif
 
 #define SH_GRBUF_SIZE   4096