Changeset 580

Timestamp:

Nov 2, 2023, 8:57:17 AM (13 months ago)

Author:

katerina

Message:

Fix for ticket #468 (file attributes). Also add option to switch off check.

Location:

trunk

Files:

• configure.ac (modified) (1 diff)
• docs/Changelog (modified) (1 diff)
• include/sh_unix.h (modified) (1 diff)
• src/sh_hash.c (modified) (1 diff)
• src/sh_readconf.c (modified) (1 diff)
• src/sh_unix.c (modified) (10 diffs)

trunk/configure.ac

@@ -12 +12 @@
 dnl start
 dnl
-AM_INIT_AUTOMAKE(samhain, 4.4.10)
+AM_INIT_AUTOMAKE(samhain, 4.5.0)
 AC_DEFINE([SAMHAIN], 1, [Application is samhain])
 AC_CANONICAL_HOST

trunk/docs/Changelog

@@ -1 @@
-4.4.10:
+4.5.0  (31-10-2023):
+        * fix for reading file attributes on Linux file systems
+        * new option UseAttributesCheck (boolean, default=yes)
+
+4.4.10 (14-05-2023):
         * fix for (very minor) memleak in sh_unix.c: sh_check_rotated_log()
         * fix for memleak in sh_files.c: sh_files_checkdir(), not all cases for
         scandir() covered (issue reported by T. Greulich)
 
-4.4.9:
+4.4.9 (10-05-2022):
         * fix for double newline stripping when reading from database
 

trunk/include/sh_unix.h

@@ -217 +217 @@
 int sh_unix_setcheckacl (const char * c);
 #endif
+#if defined(__linux__) || defined(HAVE_STAT_FLAGS)
+int sh_unix_setcheckattributes (const char * c);
+#endif
 
 /* set I/O limit

trunk/src/sh_hash.c

@@ -2257 +2257 @@
                       _("mode_old=\"%s\" mode_new=\"%s\" attr_old=\"%s\" attr_new=\"%s\" imode_old=\"%ld\" imode_new=\"%ld\" iattr_old=\"%ld\" iattr_new=\"%ld\" "),
 #else
-                      _("mode_old=<%s>, mode_new=<%s>, attr_old=<%s>, attr_new=<%s>, "),
+                      _("mode_old=<%s>, mode_new=<%s>, attr_old=<%s>, attr_new=<%s>, imode_old=<%ld>, imode_new=<%ld>, iattr_old=<%ld>, iattr_new=<%ld>, "),
 #endif
                       p->theFile.c_mode, theFile->c_mode,
-                      p->theFile.c_attributes, theFile->c_attributes
-#ifdef SH_USE_XML
-                      , (long) p->theFile.mode, (long) theFile->mode,
+                      p->theFile.c_attributes, theFile->c_attributes,
+
+                      (long) p->theFile.mode, (long) theFile->mode,
                       (long) p->theFile.attributes, 
                       (long) theFile->attributes
-#endif
                       );
 #else

trunk/src/sh_readconf.c

@@ -1011 +1011 @@
   { N_("hardlinkoffset"),       SH_SECTION_MISC,   SH_SECTION_NONE,
     sh_files_hle_reg },
+#if defined(__linux__) || defined(HAVE_STAT_FLAGS)
+  { N_("useattributescheck"),      SH_SECTION_MISC,   SH_SECTION_NONE, 
+    sh_unix_setcheckattributes },
+#endif
 #if defined(USE_XATTR)
   { N_("useselinuxcheck"),      SH_SECTION_MISC,   SH_SECTION_NONE, 

trunk/src/sh_unix.c

@@ -3139 +3139 @@
  **************************************************************/
 
-#if (defined(__linux__) && (defined(HAVE_LINUX_EXT2_FS_H) || defined(HAVE_EXT2FS_EXT2_FS_H))) || defined(HAVE_STAT_FLAGS)
+#if defined(__linux__) || defined(HAVE_STAT_FLAGS)
 
 #if defined(__linux__)
@@ -3148 +3148 @@
 #if defined(HAVE_EXT2FS_EXT2_FS_H)
 #include <ext2fs/ext2_fs.h>
-#else
+#elif defined(HAVE_LINUX_EXT2_FS_H)
 #include <linux/ext2_fs.h>
 #endif
@@ -3245 +3245 @@
 #ifdef HAVE_EXT2_IOCTLS
   int /* fd, */ r, f;
+  unsigned long keep_flags = 0;
   
   SL_ENTER(_("sh_unix_getinfo_attr"));
 
   *flags = 0;
+  
   (void) buf;
 
@@ -3259 +3261 @@
 
   
-  r = ioctl (fd, EXT2_IOC_GETFLAGS, &f);
+  r = ioctl (fd, FS_IOC_GETFLAGS, &f);
   /* sl_close_fd (FIL__, __LINE__, fd); */
 
@@ -3270 +3272 @@
   *flags = f;
 
-/* ! HAVE_EXT2_IOCTLS */
+/* ! HAVE_FS_IOCTLS */
 #else 
 
@@ -3277 +3279 @@
   *flags = 0;                                     /* modified by R.Wichmann */
 
-/* ! HAVE_EXT2_IOCTLS */
+/* ! HAVE_FS_IOCTLS */
 #endif 
 /*
@@ -3288 +3290 @@
     goto theend;
 
-#ifdef EXT2_SECRM_FL
-  if ( (*flags & EXT2_SECRM_FL) != 0  )   c_attr[0] = 's';
-#endif
-#ifdef EXT2_UNRM_FL 
-  if ( (*flags & EXT2_UNRM_FL) != 0   )   c_attr[1] = 'u';
-#endif
-#ifdef EXT2_SYNC_FL
-  if ( (*flags & EXT2_SYNC_FL) != 0    )  c_attr[2] = 'S';
-#endif
-#ifdef EXT2_IMMUTABLE_FL
-  if ( (*flags & EXT2_IMMUTABLE_FL) != 0) c_attr[3] = 'i';
-#endif
-#ifdef EXT2_APPEND_FL
-  if ( (*flags & EXT2_APPEND_FL) != 0  )  c_attr[4] = 'a';
-#endif
-#ifdef EXT2_NODUMP_FL
-  if ( (*flags & EXT2_NODUMP_FL) != 0  )  c_attr[5] = 'd';
-#endif
-#ifdef EXT2_NOATIME_FL
-  if ( (*flags & EXT2_NOATIME_FL) != 0)   c_attr[6] = 'A';
-#endif
-#ifdef EXT2_COMPR_FL
-  if ( (*flags & EXT2_COMPR_FL) != 0   )  c_attr[7] = 'c';
-#endif
-
-#ifdef EXT2_TOPDIR_FL
-  if ( (*flags & EXT2_TOPDIR_FL) != 0  )  c_attr[8] = 'T';
-#endif
-#ifdef EXT2_DIRSYNC_FL
-  if ( (*flags & EXT2_DIRSYNC_FL) != 0 )  c_attr[9] = 'D';
-#endif
-#ifdef EXT2_NOTAIL_FL
-  if ( (*flags & EXT2_NOTAIL_FL) != 0  )  c_attr[10] = 't';
-#endif
-#ifdef EXT2_JOURNAL_DATA_FL
-  if ( (*flags & EXT2_JOURNAL_DATA_FL) != 0)  c_attr[11] = 'j';
-#endif
-
+#ifdef FS_SECRM_FL
+  if ( (*flags & FS_SECRM_FL) != 0  )  { c_attr[0] = 's'; keep_flags |= FS_SECRM_FL; }
+#endif
+#ifdef FS_UNRM_FL 
+  if ( (*flags & FS_UNRM_FL) != 0   )  { c_attr[1] = 'u'; keep_flags |= FS_UNRM_FL; }
+#endif
+#ifdef FS_SYNC_FL
+  if ( (*flags & FS_SYNC_FL) != 0    ) { c_attr[2] = 'S'; keep_flags |= FS_SYNC_FL; }
+#endif
+#ifdef FS_IMMUTABLE_FL
+  if ( (*flags & FS_IMMUTABLE_FL) != 0) { c_attr[3] = 'i'; keep_flags |= FS_IMMUTABLE_FL; }
+#endif
+#ifdef FS_APPEND_FL
+  if ( (*flags & FS_APPEND_FL) != 0  )  { c_attr[4] = 'a'; keep_flags |= FS_APPEND_FL; }
+#endif
+#ifdef FS_NODUMP_FL
+  if ( (*flags & FS_NODUMP_FL) != 0  )  { c_attr[5] = 'd'; keep_flags |= FS_NODUMP_FL; }
+#endif
+#ifdef FS_NOATIME_FL
+  if ( (*flags & FS_NOATIME_FL) != 0)   { c_attr[6] = 'A'; keep_flags |= FS_NOATIME_FL; }
+#endif
+#ifdef FS_COMPR_FL
+  if ( (*flags & FS_COMPR_FL) != 0   )  { c_attr[7] = 'c'; keep_flags |= FS_COMPR_FL; }
+#endif
+
+#ifdef FS_TOPDIR_FL
+  if ( (*flags & FS_TOPDIR_FL) != 0  )  { c_attr[8] = 'T'; keep_flags |= FS_TOPDIR_FL; }
+#endif
+#ifdef FS_DIRSYNC_FL
+  if ( (*flags & FS_DIRSYNC_FL) != 0 )  { c_attr[9] = 'D'; keep_flags |= FS_DIRSYNC_FL; }
+#endif
+#ifdef FS_NOTAIL_FL
+  if ( (*flags & FS_NOTAIL_FL) != 0  )  { c_attr[10] = 't'; keep_flags |= FS_NOTAIL_FL; }
+#endif
+#ifdef FS_JOURNAL_DATA_FL
+  if ( (*flags & FS_JOURNAL_DATA_FL) != 0)  { c_attr[11] = 'j'; keep_flags |= FS_JOURNAL_DATA_FL; }
+#endif
+
+  *flags = keep_flags;
+  
  theend:
-  /* ext2 */
-#endif
-
-  c_attr[12] = '\0';
+  /* !HAVE_STAT_FLAGS */
+#endif
+
+  c_attr[ATTRBUF_USED] = '\0';
 
   SL_RETURN(0, _("sh_unix_getinfo_attr"));
@@ -3614 +3618 @@
 int sh_unix_check_selinux = S_FALSE;
 int sh_unix_check_acl     = S_FALSE;
+int sh_unix_check_attributes  = S_TRUE;
 
 #ifdef USE_ACL
@@ -3774 +3779 @@
 
   SL_RETURN((collect),_("sh_unix_getinfo_xattr"));
+}
+#endif
+
+#if defined(__linux__) || defined(HAVE_STAT_FLAGS)
+int sh_unix_setcheckattributes (const char * c)
+{
+  int i;
+  SL_ENTER(_("sh_unix_setcheckattributes"));
+  i = sh_util_flagval(c, &(sh_unix_check_attributes));
+
+  SL_RETURN(i, _("sh_unix_setcheckattributes"));
 }
 #endif
@@ -4206 +4222 @@
   theFile->attributes      =    0;
 
-#if (defined(__linux__) && (defined(HAVE_LINUX_EXT2_FS_H) || defined(HAVE_EXT2FS_EXT2_FS_H))) || defined(HAVE_STAT_FLAGS)
+#if defined(__linux__) || defined(HAVE_STAT_FLAGS)
   if (theFile->c_mode[0] != 'c' && theFile->c_mode[0] != 'b' &&
-      theFile->c_mode[0] != 'l' )
-    sh_unix_getinfo_attr(theFile->fullpath, 
-                         &theFile->attributes, theFile->c_attributes, 
-                         fd, &buf);
+      theFile->c_mode[0] != 'l' ) {
+    if (sh_unix_check_attributes == S_TRUE)
+      sh_unix_getinfo_attr(theFile->fullpath, 
+                           &theFile->attributes, theFile->c_attributes, 
+                           fd, &buf);
+  }
 #endif
 #endif