Changeset 68
- Timestamp:
- Oct 30, 2006, 12:03:44 AM (18 years ago)
- Location:
- trunk
- Files:
-
- 43 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/Makefile.in
r65 r68 87 87 LIBS_KVM = @sh_libkvm@ 88 88 CFLAGS = @CFLAGS@ 89 COMPILE = $(CC) $(DEFS) $(INCLUDES) $(CPPFLAGS) $(CFLAGS) 89 CUTEST = 90 COMPILE = $(CC) $(DEFS) $(INCLUDES) $(CPPFLAGS) $(CFLAGS) $(CUTEST) 90 91 LINK = $(CC) $(DBGDEF) -O $(LDFLAGS) -o $@ 91 92 … … 114 115 lzoconf.h minilzo.h rijndael-alg-fst.h rijndael-api-fst.h \ 115 116 rijndael-boxes-fst.h sh_socket.h sh_ignore.h sh_prelude.h \ 116 sh_mounts.h sh_userfiles.h sh_static.h sh_prelink.h 117 sh_mounts.h sh_userfiles.h sh_static.h sh_prelink.h \ 118 sh_processcheck.h sh_portcheck.h 117 119 118 120 … … 146 148 $(srcsrc)/sh_userfiles.c $(srcsrc)/sh_prelude.c \ 147 149 $(srcsrc)/sh_prelink.c $(srcsrc)/sh_static.c \ 148 $(srcsrc)/sh_prelude_old.c 150 $(srcsrc)/sh_portcheck.c \ 151 $(srcsrc)/sh_processcheck.c $(srcsrc)/sh_prelude_old.c 149 152 150 153 OBJECTS = sh_files.o sh_tiger0.o sh_tiger2.o sh_tiger2_64.o \ … … 159 162 zAVLTree.o sh_socket.o sh_ignore.o sh_prelude.o \ 160 163 sh_mounts.o sh_userfiles.o sh_prelink.o sh_static.o \ 161 sh_pr elude_old.o164 sh_processcheck.o sh_portcheck.o sh_prelude_old.o 162 165 163 166 KERN = kern_head.h kern_head.c … … 165 168 TESTSUITE = test.sh testcompile.sh testhash.sh testtiger.txt \ 166 169 testtimesrv.sh \ 167 testext.sh testrc_1ext.in test_ext.c.in \170 testext.sh testrc_1ext.in test_ext.c.in testrun_1d.sh \ 168 171 testrun_1.sh testrun_1a.sh testrun_1b.sh testrun_1c.sh testrc_1 \ 169 172 testrun_2.sh testrun_2a.sh testrun_2b.sh testrc_2.in \ … … 808 811 echo $(top_srcdir)/docs/HOWTO-client+server.html >> debian/docs; \ 809 812 echo $(top_srcdir)/docs/HOWTO-samhain+GnuPG.html >> debian/docs; \ 810 echo $(top_srcdir)/docs/MANUAL-2_ 2.html.tar >> debian/docs; \811 echo $(top_srcdir)/docs/MANUAL-2_ 2.pdf >> debian/docs; \813 echo $(top_srcdir)/docs/MANUAL-2_3.html.tar >> debian/docs; \ 814 echo $(top_srcdir)/docs/MANUAL-2_3.pdf >> debian/docs; \ 812 815 echo $(top_srcdir)/docs/README.gcc_bug >> debian/docs; \ 813 816 echo $(top_srcdir)/docs/README.LZO >> debian/docs; \ … … 819 822 820 823 deb-run: 821 @maintainer=`gpg --list-secret-keys | grep ' sec' | cut -d" " -f 5- | sed 's/^ *//' | sed q1`;\824 @maintainer=`gpg --list-secret-keys | grep 'uid ' | cut -d" " -f 5- | sed 's/^ *//' | sed q1`;\ 822 825 if test "x$$maintainer" = x; then \ 823 826 maintainer="Nobody Nowhere <nobody@example.com>"; \ … … 1148 1151 rm x_`echo $@ |sed 's%\.o$$%%'`.c 1149 1152 1150 cutest: internal.h $(OBJECTS) $(CUTEST_OBJECTS) sh_tiger_i.o $(srcsrc)/make-tests.sh 1153 1154 cutest: $(SOURCES) $(CUTEST_SOURCES) 1155 @$(MAKE) CUTEST='-DSH_CUTEST=1' intcutest 1156 1157 intcutest: internal.h $(OBJECTS) $(CUTEST_OBJECTS) sh_tiger_i.o $(srcsrc)/make-tests.sh 1151 1158 cd $(srcsrc)/ && ./make-tests.sh >CuTestMain.c 1152 1159 @$(COMPILE) -o CuTestMain.o -c $(srcsrc)/CuTestMain.c; \ … … 1154 1161 rm -f samhain.o; \ 1155 1162 ./encode $(XOR_CODE) $(srcsrc)/samhain.c; \ 1156 $(COMPILE) $(VFLAG) - DSH_CUTEST=1 -o samhain.o -c x_samhain.c; \1163 $(COMPILE) $(VFLAG) -o samhain.o -c x_samhain.c; \ 1157 1164 rm x_samhain.c; \ 1158 1165 $(LINK) sh_tiger_i.o $(CUTEST_OBJECTS) CuTestMain.o CuTest.o $(OBJECTS) $(LIBS_TRY); \ 1166 test -f ./intcutest && mv ./intcutest ./cutest; \ 1159 1167 ./cutest 1160 1168 … … 1631 1639 sh_entropy.o: $(srcsrc)/sh_entropy.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h $(srcinc)/sh_tiger.h $(srcinc)/sh_calls.h $(srcinc)/sh_static.h 1632 1640 sh_forward.o: $(srcsrc)/sh_forward.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_tiger.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h $(srcinc)/sh_forward.h $(srcinc)/sh_srp.h $(srcinc)/sh_fifo.h $(srcinc)/sh_tools.h $(srcinc)/sh_entropy.h $(srcinc)/sh_html.h $(srcinc)/sh_mail.h $(srcinc)/sh_socket.h $(srcinc)/sh_static.h $(srcinc)/rijndael-api-fst.h $(srcinc)/sh_readconf.h $(srcinc)/zAVLTree.h $(srcinc)/sh_extern.h 1633 sh_modules.o: $(srcsrc)/sh_modules.c Makefile config_xor.h $(srcinc)/sh_modules.h $(srcinc)/sh_utmp.h $(srcinc)/sh_mounts.h $(srcinc)/sh_userfiles.h $(srcinc)/sh_kern.h $(srcinc)/sh_suidchk.h 1641 sh_modules.o: $(srcsrc)/sh_modules.c Makefile config_xor.h $(srcinc)/sh_modules.h $(srcinc)/sh_utmp.h $(srcinc)/sh_mounts.h $(srcinc)/sh_userfiles.h $(srcinc)/sh_kern.h $(srcinc)/sh_suidchk.h $(srcinc)/sh_processcheck.h $(srcinc)/sh_portcheck.h 1634 1642 sh_utmp.o: $(srcsrc)/sh_utmp.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_error.h $(srcinc)/sh_modules.h $(srcinc)/sh_utmp.h 1635 1643 sh_kern.o: $(srcsrc)/sh_kern.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_error.h $(srcinc)/sh_modules.h $(srcinc)/sh_kern.h sh_ks_xor.h $(srcinc)/sh_unix.h $(srcinc)/sh_hash.h … … 1674 1682 sh_prelude_old.o: $(srcsrc)/sh_prelude_old.c Makefile config_xor.h $(srcinc)/slib.h $(srcinc)/sh_mem.h $(srcinc)/sh_cat.h $(srcinc)/sh_error_min.h $(srcinc)/sh_prelude.h $(srcinc)/sh_static.h 1675 1683 sh_async.o: $(srcsrc)/sh_async.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_calls.h $(srcinc)/sh_error.h 1684 sh_processcheck.o: $(srcsrc)/sh_processcheck.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_modules.h $(srcinc)/sh_processcheck.h $(srcinc)/sh_utils.h $(srcinc)/sh_error.h $(srcinc)/sh_extern.h $(srcinc)/CuTest.h 1685 sh_portcheck.o: $(srcsrc)/sh_portcheck.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_mem.h $(srcinc)/sh_utils.h $(srcinc)/sh_modules.h $(srcinc)/CuTest.h -
trunk/aclocal.m4
r64 r68 402 402 x_libraries=NONE 403 403 DESTDIR= 404 SH_ENABLE_OPTS="db-reload xml-log message-queue login-watch mounts-check userfiles debug ptrace static network udp nocl stealth micro-stealth install-name identity khide suidcheck base largefile mail external-scripts encrypt srp"404 SH_ENABLE_OPTS="db-reload xml-log message-queue login-watch process-check port-check mounts-check userfiles debug ptrace static network udp nocl stealth micro-stealth install-name identity khide suidcheck base largefile mail external-scripts encrypt srp" 405 405 SH_WITH_OPTS="prelude libprelude-prefix database libwrap cflags libs console altconsole timeserver alttimeserver rnd egd-socket port logserver altlogserver kcheck gpg checksum fp recipient sender trusted tmp-dir config-file log-file pid-file state-dir data-file html-file" 406 406 … … 1238 1238 ])dnl 1239 1239 1240 AC_DEFUN([sh_CHECK_POSIX_ACL], 1241 [ 1242 AC_CHECK_HEADERS(sys/acl.h) 1243 if test $ac_cv_header_sys_acl_h = yes; then 1244 1245 AC_CHECK_LIB([acl], [acl_get_file], sh_lacl=yes, sh_lacl=no) 1246 if test x"$sh_lacl" = xyes; then 1247 LIBACL=-lacl 1248 else 1249 LIBACL= 1250 fi 1251 1252 OLDLIBS="$LIBS" 1253 LIBS="$LIBS $LIBACL" 1254 AC_CHECK_FUNCS([acl_free acl_get_file acl_get_fd], 1255 [sh_facl=yes],[sh_facl=no]) 1256 LIBS="$OLDLIBS" 1257 1258 if test x"$sh_facl" = xyes; then 1259 AC_DEFINE(USE_ACL, 1, [Define if you want ACL support.]) 1260 LIBS="$LIBS $LIBACL" 1261 fi 1262 fi 1263 ]) 1264 1265 AC_DEFUN([sh_CHECK_XATTR], 1266 [ 1267 AC_CHECK_HEADERS(attr/xattr.h) 1268 if test $ac_cv_header_attr_xattr_h = yes; then 1269 1270 AC_CHECK_LIB([attr], [getxattr], sh_lattr=yes, sh_lattr=no) 1271 if test x"$sh_lattr" = xyes; then 1272 LIBATTR=-lattr 1273 else 1274 LIBATTR= 1275 fi 1276 1277 OLDLIBS="$LIBS" 1278 LIBS="$LIBS $LIBATTR" 1279 AC_CHECK_FUNCS([getxattr lgetxattr fgetxattr], 1280 [sh_fattr=yes],[sh_fattr=no]) 1281 LIBS="$OLDLIBS" 1282 1283 if test x"$sh_fattr" = xyes; then 1284 AC_DEFINE(USE_XATTR, 1, [Define if you want extended attributes support.]) 1285 LIBS="$LIBS $LIBATTR" 1286 fi 1287 fi 1288 ]) 1240 1289 1241 1290 dnl Autoconf macros for libprelude -
trunk/configure.ac
r61 r68 13 13 dnl start 14 14 dnl 15 AM_INIT_AUTOMAKE(samhain, 2. 2.5)15 AM_INIT_AUTOMAKE(samhain, 2.3.0) 16 16 AC_CANONICAL_HOST 17 17 … … 200 200 linux/ext2_fs.h ext2fs/ext2_fs.h \ 201 201 elf.h linux/elf.h \ 202 paths.h arpa/nameser.h arpa/nameser_compat.h, 202 paths.h arpa/nameser.h arpa/nameser_compat.h \ 203 rpc/rpcent.h, 203 204 [], 204 205 [], … … 264 265 inet_aton gethostbyname setutent setrlimit gethostname uname \ 265 266 initgroups getpagesize \ 266 ttyname fchmod 267 ttyname fchmod \ 268 getsid getpriority getpgid 267 269 ) 268 270 AC_CHECK_FUNC(statfs, AC_DEFINE(HAVE_STATFS) statfs="yes", statfs="no") … … 374 376 ]) 375 377 378 dnl ***************************************** 379 dnl checks for extended attribute or ACL 380 dnl support 381 dnl ***************************************** 382 383 sh_CHECK_XATTR 384 sh_CHECK_POSIX_ACL 376 385 377 386 dnl ***************************************** … … 529 538 530 539 dnl 540 dnl check for /proc filesystem 541 dnl 542 if test -d "/proc/$$" 543 then 544 AC_DEFINE([HAVE_PROCFS],[1],[Define if you have a proc fs]) 545 fi 546 547 dnl 531 548 dnl check for GNU gmp 532 549 dnl … … 543 560 AC_CHECK_HEADERS(gmp.h) 544 561 562 AC_MSG_CHECKING([for ps]) 563 PS= 564 for ff in /usr/ucb /bin /usr/bin; do 565 if test -x "$ff/ps"; then 566 PS="$ff/ps" 567 AC_MSG_RESULT([$PS]) 568 break 569 fi 570 done 571 if test x$PS = x 572 then 573 AC_MSG_RESULT([no]) 574 AC_MSG_ERROR([No ps in /usr/ucb /bin /usr/bin]) 575 fi 576 AC_DEFINE_UNQUOTED([PSPATH], _("$PS"), [Path to ps]) 577 578 AC_MSG_CHECKING([how to use ps]) 579 $PS ax >/dev/null 2>&1 580 if test $? -eq 0; then 581 one=`$PS ax | wc -l` 582 else 583 one=0 584 fi 585 $PS -e >/dev/null 2>&1 586 if test $? -eq 0; then 587 two=`$PS -e | wc -l` 588 else 589 two=0 590 fi 591 if test $one -ge $two 592 then 593 PSARG="ax" 594 else 595 PSARG="-e" 596 fi 597 AC_DEFINE_UNQUOTED([PSARG], _("$PSARG"), [Argument for ps]) 598 AC_MSG_RESULT([$PS $PSARG]) 545 599 546 600 dnl ***************************************** … … 1218 1272 ) 1219 1273 1274 AC_ARG_ENABLE(process-check, 1275 [ --enable-process-check check processes [[no]]], 1276 [ 1277 if test "x${enable_process_check}" = xyes; then 1278 AC_CHECK_LIB([rt], [sched_getparam], sh_lrt=yes, sh_lrt=no) 1279 if test x"$sh_lrt" = xyes; then 1280 LIBRT=-lrt 1281 else 1282 LIBRT= 1283 fi 1284 LIBS="$LIBS $LIBRT" 1285 AC_DEFINE(SH_USE_PROCESSCHECK, [1], [Define if you want to check processes]) 1286 fi 1287 ] 1288 ) 1289 1290 AC_ARG_ENABLE(port-check, 1291 [ --enable-port-check check ports [[no]]], 1292 [ 1293 if test "x${enable_port_check}" = xyes; then 1294 AC_DEFINE(SH_USE_PORTCHECK, [1], [Define if you want to check ports]) 1295 fi 1296 ] 1297 ) 1298 1220 1299 AC_ARG_ENABLE(userfiles, 1221 1300 [ --enable-userfiles check for users' config files [[no]]], -
trunk/depend.dep
r48 r68 18 18 sh_entropy.o: $(srcsrc)/sh_entropy.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h $(srcinc)/sh_tiger.h $(srcinc)/sh_calls.h $(srcinc)/sh_static.h 19 19 sh_forward.o: $(srcsrc)/sh_forward.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_tiger.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h $(srcinc)/sh_forward.h $(srcinc)/sh_srp.h $(srcinc)/sh_fifo.h $(srcinc)/sh_tools.h $(srcinc)/sh_entropy.h $(srcinc)/sh_html.h $(srcinc)/sh_mail.h $(srcinc)/sh_socket.h $(srcinc)/sh_static.h $(srcinc)/rijndael-api-fst.h $(srcinc)/sh_readconf.h $(srcinc)/zAVLTree.h $(srcinc)/sh_extern.h 20 sh_modules.o: $(srcsrc)/sh_modules.c Makefile config_xor.h $(srcinc)/sh_modules.h $(srcinc)/sh_utmp.h $(srcinc)/sh_mounts.h $(srcinc)/sh_userfiles.h $(srcinc)/sh_kern.h $(srcinc)/sh_suidchk.h 20 sh_modules.o: $(srcsrc)/sh_modules.c Makefile config_xor.h $(srcinc)/sh_modules.h $(srcinc)/sh_utmp.h $(srcinc)/sh_mounts.h $(srcinc)/sh_userfiles.h $(srcinc)/sh_kern.h $(srcinc)/sh_suidchk.h $(srcinc)/sh_processcheck.h $(srcinc)/sh_portcheck.h 21 21 sh_utmp.o: $(srcsrc)/sh_utmp.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_error.h $(srcinc)/sh_modules.h $(srcinc)/sh_utmp.h 22 22 sh_kern.o: $(srcsrc)/sh_kern.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_error.h $(srcinc)/sh_modules.h $(srcinc)/sh_kern.h sh_ks_xor.h $(srcinc)/sh_unix.h $(srcinc)/sh_hash.h … … 61 61 kern_head.o: $(srcsrc)/kern_head.c Makefile config.h $(srcinc)/kern_head.h $(srcinc)/kern_head.h 62 62 sh_async.o: $(srcsrc)/sh_async.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_calls.h $(srcinc)/sh_error.h 63 sh_processcheck.o: $(srcsrc)/sh_processcheck.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_modules.h $(srcinc)/sh_processcheck.h $(srcinc)/sh_utils.h $(srcinc)/sh_error.h $(srcinc)/sh_extern.h $(srcinc)/CuTest.h 64 sh_portcheck.o: $(srcsrc)/sh_portcheck.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_mem.h $(srcinc)/sh_utils.h $(srcinc)/sh_modules.h $(srcinc)/CuTest.h -
trunk/depend.sum
r48 r68 1 896592903 1 1289129628 -
trunk/docs/Changelog
r65 r68 1 2.3.0: 2 * fix concurrency for inserts in oracle db 3 * add acl_(new|old) to database schema 4 * check for selix attributes and/or posix acl 5 * new option UseSelinuxCheck (bool) 6 * new option UseAclCheck (bool) 7 * regression tests for above 8 * add module to check for open ports 9 * add module to check processes (hidden/fake/missing) 10 * use const char* for argument of module configuration callbacks 11 1 12 2.2.6: 2 13 * fix error about non-readable file with no checksum required … … 4 15 * fix 'make deb' makefile target 5 16 * fix default export severity for server 6 17 7 18 2.2.5 (05-10-2006): 8 19 * fix broken Install.sh, reported by Alexander Kraemer -
trunk/docs/README.UPGRADE
r27 r68 1 2 from lower to 2.3.x: database scheme has changed slightly 3 4 -- MySQL: 5 ALTER TABLE samhain.log ADD COLUMN acl_old BLOB; 6 ALTER TABLE samhain.log ADD COLUMN acl_new BLOB; 7 8 -- PostgreSQL: 9 ALTER TABLE samhain.log ADD COLUMN acl_old TEXT; 10 ALTER TABLE samhain.log ADD COLUMN acl_new TEXT; 11 12 -- Oracle: 13 ALTER TABLE samhain.log ADD COLUMN acl_old VARCHAR2(4000); 14 ALTER TABLE samhain.log ADD COLUMN acl_new VARCHAR2(4000); 15 DROP TRIGGER trigger_on_log; 16 17 1 18 2 19 since 2.2.0: server-to-server relay is possible -
trunk/include/rijndael-api-fst.h
r1 r68 25 25 #define MODE_CBC 2 /* Are we ciphering in CBC mode? */ 26 26 #define MODE_CFB1 3 /* Are we ciphering in 1-bit CFB mode? */ 27 #ifndef TRUE 27 28 #define TRUE 1 29 #endif 30 #ifndef FALSE 28 31 #define FALSE 0 32 #endif 29 33 #define BITSPERBLOCK 128 /* Default number of bits in a cipher block */ 30 34 -
trunk/include/samhain.h
r40 r68 316 316 } while (0) 317 317 318 #define SH_VALIDATE_GE(a,b) \ 319 do { \ 320 if ((a) < (b)) safe_fatal(#a " < " #b, FIL__, __LINE__);\ 321 } while (0) 322 318 323 #if defined(HAVE_MLOCK) && !defined(HAVE_BROKEN_MLOCK) 319 324 #define MLOCK(a, b) \ -
trunk/include/sh_cat.h
r1 r68 130 130 MSG_UT_ROT, 131 131 132 #endif 133 134 #ifdef SH_USE_PROCESSCHECK 135 MSG_PCK_CHECK, 136 MSG_PCK_OK, 137 MSG_PCK_HIDDEN, 138 MSG_PCK_FAKE, 139 MSG_PCK_MISS, 140 #endif 141 142 #ifdef SH_USE_PORTCHECK 143 MSG_PORT_REPORT, 132 144 #endif 133 145 -
trunk/include/sh_kern.h
r1 r68 12 12 int sh_kern_null (void); 13 13 14 int sh_kern_set_activate (char * c); 15 int sh_kern_set_severity (char * c); 16 int sh_kern_set_timer (char * c); 17 int sh_kern_set_idt (char * c); 18 19 /* FIXME: document these */ 20 int sh_kern_set_sct_addr (char * c); 21 int sh_kern_set_sc_addr (char * c); 22 int sh_kern_set_proc_root (char * c); 23 int sh_kern_set_proc_root_lookup (char * c); 24 int sh_kern_set_proc_root_iops (char * c); 14 int sh_kern_set_activate (const char * c); 15 int sh_kern_set_severity (const char * c); 16 int sh_kern_set_timer (const char * c); 17 int sh_kern_set_idt (const char * c); 18 int sh_kern_set_sct_addr (const char * c); 19 int sh_kern_set_sc_addr (const char * c); 20 int sh_kern_set_proc_root (const char * c); 21 int sh_kern_set_proc_root_lookup (const char * c); 22 int sh_kern_set_proc_root_iops (const char * c); 25 23 26 24 extern sh_rconf sh_kern_table[]; -
trunk/include/sh_modules.h
r1 r68 7 7 { 8 8 char * the_opt; 9 int (*func)(c har * opt);9 int (*func)(const char * opt); 10 10 } sh_rconf; 11 11 -
trunk/include/sh_suidchk.h
r1 r68 12 12 int sh_suidchk_free_schedule (void); 13 13 14 int sh_suidchk_set_activate (c har * c);15 int sh_suidchk_set_severity (c har * c);16 int sh_suidchk_set_timer (c har * c);17 int sh_suidchk_set_schedule (c har * c);18 int sh_suidchk_set_exclude (c har * c);19 int sh_suidchk_set_fps (c har * c);20 int sh_suidchk_set_yield (c har * c);21 int sh_suidchk_set_quarantine (c har * c);22 int sh_suidchk_set_qmethod (c har * c);23 int sh_suidchk_set_qdelete (c har * c);14 int sh_suidchk_set_activate (const char * c); 15 int sh_suidchk_set_severity (const char * c); 16 int sh_suidchk_set_timer (const char * c); 17 int sh_suidchk_set_schedule (const char * c); 18 int sh_suidchk_set_exclude (const char * c); 19 int sh_suidchk_set_fps (const char * c); 20 int sh_suidchk_set_yield (const char * c); 21 int sh_suidchk_set_quarantine (const char * c); 22 int sh_suidchk_set_qmethod (const char * c); 23 int sh_suidchk_set_qdelete (const char * c); 24 24 25 25 -
trunk/include/sh_unix.h
r40 r68 139 139 char link_c_mode[11]; 140 140 int linkisok; 141 char * attr_string; 141 142 } file_type; 143 144 extern int sh_unix_check_selinux; 145 extern int sh_unix_check_acl; 142 146 143 147 /* mlock utilities … … 157 161 */ 158 162 int sh_unix_uselocaltime (const char * c); 163 164 /* whether to perform selinux/acl checks 165 */ 166 #ifdef USE_XATTR 167 int sh_unix_setcheckselinux (const char * c); 168 #endif 169 #ifdef USE_ACL 170 int sh_unix_setcheckacl (const char * c); 171 #endif 159 172 160 173 /* set I/O limit -
trunk/include/sh_userfiles.h
r1 r68 16 16 int sh_userfiles_reconf (void); 17 17 18 int sh_userfiles_set_uid (c har * str);19 int sh_userfiles_add_file(c har *c);20 int sh_userfiles_set_interval(c har *c);21 int sh_userfiles_set_active(c har *c);18 int sh_userfiles_set_uid (const char * str); 19 int sh_userfiles_add_file(const char *c); 20 int sh_userfiles_set_interval(const char *c); 21 int sh_userfiles_set_active(const char *c); 22 22 int sh_userfiles_check_internal(); 23 23 -
trunk/include/sh_utils.h
r34 r68 63 63 char * sh_util_strsep (char **str, const char *delim); 64 64 65 /* compactify verbose acl text 66 */ 67 char * sh_util_acl_compact (char * buf, ssize_t len); 68 65 69 /* set signature type HASH-TIGER/HMAC-TIGER 66 70 */ … … 84 88 */ 85 89 int sh_util_hidesetup(const char * c); 90 91 /* valif utf-8 string 92 */ 93 int sh_util_valid_utf8 (const unsigned char * str); 94 95 /* filenames are utf8 96 */ 97 int sh_util_obscure_utf8 (const char * c); 86 98 87 99 /* exceptions to obscure name check -
trunk/include/sh_utmp.h
r1 r68 12 12 int sh_utmp_null (void); 13 13 14 int sh_utmp_set_login_activate (c har * c);15 int sh_utmp_set_login_solo (c har * c);16 int sh_utmp_set_login_multi (c har * c);17 int sh_utmp_set_logout_good (c har * c);18 int sh_utmp_set_login_timer (c har * c);14 int sh_utmp_set_login_activate (const char * c); 15 int sh_utmp_set_login_solo (const char * c); 16 int sh_utmp_set_login_multi (const char * c); 17 int sh_utmp_set_logout_good (const char * c); 18 int sh_utmp_set_login_timer (const char * c); 19 19 20 20 extern sh_rconf sh_utmp_table[]; -
trunk/rules.deb-light.in
r1 r68 69 69 sed 's%/etc/init.d/@install_name@ start%:%' > postinst.tmp && \ 70 70 mv postinst.tmp postinst.debhelper 71 [ -f debian/postinst.debhelper ] && \ 72 cd debian && \ 73 cat postinst.debhelper | \ 74 sed 's%invoke-rc.d @install_name@ start%:%' > postinst.tmp && \ 75 mv postinst.tmp postinst.debhelper 71 76 [ -f debian/prerm.debhelper ] && \ 72 77 cd debian && \ 73 78 cat prerm.debhelper | \ 74 79 sed 's%/etc/init.d/@install_name@ stop%/etc/init.d/@install_name@ stop || echo service @install_name@ already stopped%' > prerm.tmp && \ 80 mv prerm.tmp prerm.debhelper 81 [ -f debian/prerm.debhelper ] && \ 82 cd debian && \ 83 cat prerm.debhelper | \ 84 sed 's%invoke-rc.d @install_name@ stop%invoke-rc.d @install_name@ stop || echo service @install_name@ already stopped%' > prerm.tmp && \ 75 85 mv prerm.tmp prerm.debhelper 76 86 # dh_installmanpages -
trunk/rules.deb.in
r65 r68 70 70 dh_installdebconf 71 71 dh_installdocs 72 [ -f debian/tmp/usr/share/doc/@install_name@/MANUAL-2_ 2.html.tar ] && \72 [ -f debian/tmp/usr/share/doc/@install_name@/MANUAL-2_3.html.tar ] && \ 73 73 cd debian/tmp/usr/share/doc/@install_name@ && \ 74 tar xf MANUAL-2_ 2.html.tar && mv MANUAL-2_2manual.html && \75 rm -f MANUAL-2_ 2.html.tar74 tar xf MANUAL-2_3.html.tar && mv MANUAL-2_3 manual.html && \ 75 rm -f MANUAL-2_3.html.tar 76 76 dh_installexamples @top_srcdir@/scripts/example_pager.pl \ 77 77 @top_srcdir@/scripts/example_sms.pl \ -
trunk/samhain.spec.in
r34 r68 179 179 %dir @mylogdir@ 180 180 %doc docs/BUGS COPYING docs/Changelog docs/TODO 181 %doc LICENSE docs/FAQ.html docs/HOWTO* docs/MANUAL-2_ 2.* docs/README*181 %doc LICENSE docs/FAQ.html docs/HOWTO* docs/MANUAL-2_3.* docs/README* 182 182 @mydataroot@ 183 183 %if "%{withstg_prg}" == "xsamhain_stealth" -
trunk/scripts/redhat_i386.client.spec.in
r34 r68 136 136 %dir /var/log 137 137 #%doc docs/BUGS COPYING docs/Changelog docs/TODO 138 #%doc LICENSE docs/HOWTO* docs/MANUAL-2_ 2.* docs/README*138 #%doc LICENSE docs/HOWTO* docs/MANUAL-2_3.* docs/README* 139 139 /etc 140 140 /usr/local/sbin/samhain -
trunk/scripts/samhain.ebuild.in
r1 r68 69 69 dodoc docs/BUGS COPYING docs/Changelog LICENSE docs/README \ 70 70 docs/README.UPGRADE docs/sh_mounts.txt docs/sh_userfiles.txt \ 71 docs/MANUAL-2_ 0.ps docs/MANUAL-2_0.html.tar71 docs/MANUAL-2_3.ps docs/MANUAL-2_3.html.tar 72 72 73 73 dohtml docs/HOWTO-client+server.html docs/HOWTO-samhain+GnuPG.html \ -
trunk/scripts/samhain.spec.in
r34 r68 122 122 %dir %{_localstatedir}/log 123 123 %doc docs/BUGS COPYING docs/Changelog docs/TODO 124 %doc LICENSE docs/HOWTO* docs/MANUAL-2_ 2.* docs/README*124 %doc LICENSE docs/HOWTO* docs/MANUAL-2_3.* docs/README* 125 125 %{_localstatedir}/lib/%{name} 126 126 %{_sbindir}/%{name} -
trunk/sql_init/samhain.mysql.init
r1 r68 86 86 iowner_new BIGINT, 87 87 igroup_old BIGINT, 88 igroup_new BIGINT 88 igroup_new BIGINT, 89 89 90 90 91 acl_old BLOB, 92 acl_new BLOB 91 93 92 94 ); -
trunk/sql_init/samhain.oracle.init
r1 r68 73 73 iowner_new NUMBER(20), 74 74 igroup_old NUMBER(20), 75 igroup_new NUMBER(20) 75 igroup_new NUMBER(20), 76 acl_old VARCHAR2(4000), 77 acl_new VARCHAR2(4000) 76 78 ); 77 78 CREATE OR REPLACE TRIGGER trigger_on_log79 before insert on log80 for each row81 declare82 log_index integer;83 begin84 select log_log_index_seq.NEXTVAL into :new.log_index from dual;85 end trigger_on_log;86 .87 run;88 79 89 80 CREATE UNIQUE INDEX log_log_index_key on log (log_index); -
trunk/sql_init/samhain.postgres.init
r35 r68 80 80 iowner_new BIGINT, 81 81 igroup_old BIGINT, 82 igroup_new BIGINT 82 igroup_new BIGINT, 83 83 84 acl_old TEXT, 85 acl_new TEXT 84 86 ); 85 87 -
trunk/src/cutest_sh_utils.c
r34 r68 7 7 #include "sh_utils.h" 8 8 9 void Test_sh_util_acl_compact (CuTest *tc) { 10 char * ret = 0; 11 char inp1[] = "user::r--\nuser:lisa:rwx\t\t#effective: r--\ngroup::r--\ngroup:toolies:rw- #effective: r--\nmask::r--\nother::r--\n"; 12 char inp2[] = "use\n\nuser:lisa:rwx\t\t#effective: r--\ngroup::r--\ngroup:toolies:rw- #effective: r--\nmask::r--\nother::r--\n"; 13 char inp3[] = "user:\177\145\177\122:r--\nuser:lisa:rwx\t\t#effective: r--\ngroup::r--\ngroup:toolies:rw- #effective: r--\nmask::r--\nother::r--\n"; 14 15 ret = sh_util_acl_compact (inp1, strlen(inp1)); 16 CuAssertPtrNotNull(tc, ret); 17 CuAssertStrEquals(tc, "u::r--,u:lisa:rwx,g::r--,g:toolies:rw-,m::r--,o::r--", 18 ret); 19 20 ret = sh_util_acl_compact (inp2, strlen(inp2)); 21 CuAssertPtrNotNull(tc, ret); 22 CuAssertStrEquals(tc, "use,u:lisa:rwx,g::r--,g:toolies:rw-,m::r--,o::r--", 23 ret); 24 25 ret = sh_util_acl_compact (inp3, strlen(inp3)); 26 CuAssertPtrNotNull(tc, ret); 27 CuAssertStrEquals(tc, "u:eR:r--,u:lisa:rwx,g::r--,g:toolies:rw-,m::r--,o::r--", 28 ret); 29 30 return; 31 } 32 9 33 void Test_sh_util_strdup_ok (CuTest *tc) { 10 34 char * ret = 0; … … 108 132 109 133 return; 134 } 135 136 void Test_sh_util_utf8_ok (CuTest *tc) { 137 int ret = 0; 138 #if defined(SH_WITH_CLIENT) || defined(SH_STANDALONE) 139 unsigned char seq[16]; 140 unsigned char input[16] = "foobar"; 141 142 seq[0] = 0x00; 143 ret = sh_util_valid_utf8(seq); 144 CuAssertIntEquals(tc, ret, S_TRUE); 145 146 seq[0] = 0xd7; seq[1] = 0x90; seq[2] = 0x00; 147 ret = sh_util_valid_utf8(seq); 148 CuAssertIntEquals(tc, ret, S_TRUE); 149 150 seq[0] = 0xed; seq[1] = 0x9f; seq[2] = 0xbf; seq[3] = 0x00; 151 ret = sh_util_valid_utf8(seq); 152 CuAssertIntEquals(tc, ret, S_TRUE); 153 154 seq[0] = 0xee; seq[1] = 0x80; seq[2] = 0x80; seq[3] = 0x00; 155 ret = sh_util_valid_utf8(seq); 156 CuAssertIntEquals(tc, ret, S_TRUE); 157 158 seq[0] = 0xef; seq[1] = 0xbf; seq[2] = 0xbd; seq[3] = 0x00; 159 ret = sh_util_valid_utf8(seq); 160 CuAssertIntEquals(tc, ret, S_TRUE); 161 162 seq[0] = 0xf4; seq[1] = 0x8f; seq[2] = 0xbf; seq[3] = 0xbf; seq[4] = 0x00; 163 ret = sh_util_valid_utf8(seq); 164 CuAssertIntEquals(tc, ret, S_TRUE); 165 166 seq[0] = 0xf4; seq[1] = 0x90; seq[2] = 0x80; seq[3] = 0x80; seq[4] = 0x00; 167 ret = sh_util_valid_utf8(seq); 168 CuAssertIntEquals(tc, ret, S_TRUE); 169 170 seq[0] = 0xd7; seq[1] = 0x90; seq[2] = 0xd7; seq[3] = 0x90; seq[4] = 0x00; 171 ret = sh_util_valid_utf8(seq); 172 CuAssertIntEquals(tc, ret, S_TRUE); 173 174 /* cont. char */ 175 176 seq[0] = 0x80; seq[1] = 0x00; 177 ret = sh_util_valid_utf8(seq); 178 CuAssertIntEquals(tc, ret, S_FALSE); 179 180 seq[0] = 0xbf; seq[1] = 0x00; 181 ret = sh_util_valid_utf8(seq); 182 CuAssertIntEquals(tc, ret, S_FALSE); 183 184 /* overlong */ 185 186 seq[0] = 0xc0; seq[1] = 0xaf; seq[2] = 0x00; 187 ret = sh_util_valid_utf8(seq); 188 CuAssertIntEquals(tc, ret, S_FALSE); 189 190 seq[0] = 0xe0; seq[1] = 0x8f; seq[2] = 0xaf; seq[3] = 0x00; 191 ret = sh_util_valid_utf8(seq); 192 CuAssertIntEquals(tc, ret, S_FALSE); 193 194 seq[0] = 0xf0; seq[1] = 0x80; seq[2] = 0x80; seq[3] = 0xaf; seq[4] = 0x00; 195 ret = sh_util_valid_utf8(seq); 196 CuAssertIntEquals(tc, ret, S_FALSE); 197 198 /* overlong */ 199 200 seq[0] = 0xc1; seq[1] = 0xbf; seq[2] = 0x00; 201 ret = sh_util_valid_utf8(seq); 202 CuAssertIntEquals(tc, ret, S_FALSE); 203 204 seq[0] = 0xe0; seq[1] = 0x9f; seq[2] = 0xbf; seq[3] = 0x00; 205 ret = sh_util_valid_utf8(seq); 206 CuAssertIntEquals(tc, ret, S_FALSE); 207 208 seq[0] = 0xf0; seq[1] = 0x8f; seq[2] = 0xbf; seq[3] = 0xbf; seq[4] = 0x00; 209 ret = sh_util_valid_utf8(seq); 210 CuAssertIntEquals(tc, ret, S_FALSE); 211 212 /* overlong */ 213 214 seq[0] = 0xc0; seq[1] = 0x80; seq[2] = 0x00; 215 ret = sh_util_valid_utf8(seq); 216 CuAssertIntEquals(tc, ret, S_FALSE); 217 218 seq[0] = 0xe0; seq[1] = 0x80; seq[2] = 0x80; seq[3] = 0x00; 219 ret = sh_util_valid_utf8(seq); 220 CuAssertIntEquals(tc, ret, S_FALSE); 221 222 seq[0] = 0xf0; seq[1] = 0x80; seq[2] = 0x80; seq[3] = 0x80; seq[4] = 0x00; 223 ret = sh_util_valid_utf8(seq); 224 CuAssertIntEquals(tc, ret, S_FALSE); 225 226 /* cont missing */ 227 228 seq[0] = 0xd7; seq[1] = 0x20; seq[3] = 0x00; 229 ret = sh_util_valid_utf8(seq); 230 CuAssertIntEquals(tc, ret, S_FALSE); 231 232 seq[0] = 0xee; seq[1] = 0x80; seq[2] = 0x20; seq[3] = 0x00; 233 ret = sh_util_valid_utf8(seq); 234 CuAssertIntEquals(tc, ret, S_FALSE); 235 236 seq[0] = 0xf4; seq[1] = 0x8f; seq[2] = 0xbf; seq[3] = 0x20; seq[4] = 0x00; 237 ret = sh_util_valid_utf8(seq); 238 CuAssertIntEquals(tc, ret, S_FALSE); 239 240 241 ret = sh_util_obscure_ok ("0x01,0x02,0x03"); 242 CuAssertIntEquals(tc, ret, 0); 243 244 ret = sh_util_valid_utf8 (input); 245 CuAssertIntEquals(tc, ret, S_TRUE); 246 247 input[0] = '\t'; 248 ret = sh_util_valid_utf8 (input); 249 CuAssertIntEquals(tc, ret, S_FALSE); 250 251 input[0] = 0x01; 252 ret = sh_util_valid_utf8 (input); 253 CuAssertIntEquals(tc, ret, S_TRUE); 254 255 input[0] = 0x02; 256 ret = sh_util_valid_utf8 (input); 257 CuAssertIntEquals(tc, ret, S_TRUE); 258 259 input[0] = 0x03; 260 ret = sh_util_valid_utf8 (input); 261 CuAssertIntEquals(tc, ret, S_TRUE); 262 263 input[0] = 0x04; 264 ret = sh_util_valid_utf8 (input); 265 CuAssertIntEquals(tc, ret, S_FALSE); 266 267 268 #else 269 CuAssertIntEquals(tc, ret, 0); 270 #endif 110 271 } 111 272 -
trunk/src/sh_cat.c
r1 r68 122 122 { MSG_UT_ROT, SH_ERR_WARN, RUN, N_("msg=\"Logfile size decreased\" path=\"%s\"")}, 123 123 124 #endif 125 126 #ifdef SH_USE_PROCESSCHECK 127 { MSG_PCK_CHECK, SH_ERR_NOTICE, RUN, N_("msg=\"Checking processes in pid interval [%ld,%ld]\"")}, 128 { MSG_PCK_OK, SH_ERR_ALL, RUN, N_("msg=\"PID %ld found with tests %s\"")}, 129 { MSG_PCK_HIDDEN, SH_ERR_SEVERE, EVENT, N_("msg=\"POLICY [Process] Hidden pid: %ld tests: %s\"")}, 130 { MSG_PCK_FAKE, SH_ERR_SEVERE, EVENT, N_("msg=\"POLICY [Process] Fake pid: %ld tests: %s\"")}, 131 { MSG_PCK_MISS, SH_ERR_SEVERE, EVENT, N_("msg=\"POLICY [Process] Missing: %s\"")}, 132 #endif 133 134 #ifdef SH_USE_PORTCHECK 135 { MSG_PORT_REPORT, SH_ERR_SEVERE, EVENT, N_("msg=\"%s\"")}, 124 136 #endif 125 137 … … 181 193 { MSG_TCP_MISMATCH,SH_ERR_ERR, TCP, N_("msg=\"Protocol mismatch\"")}, 182 194 { MSG_TCP_MISENC, SH_ERR_ERR, TCP, N_("msg=\"Encryption mismatch in %s: server: %s client: %s\"")}, 183 { MSG_TCP_NONAME, SH_ERR_ERR, TCP, N_("msg=\"No server name available\"")},195 { MSG_TCP_NONAME, SH_ERR_ERR, TCP, N_("msg=\"No server name known\"")}, 184 196 { MSG_TCP_UNEXP, SH_ERR_ERR, TCP, N_("msg=\"Unexpected reply\"")}, 185 197 { MSG_TCP_EFIL, SH_ERR_ERR, TCP, N_("msg=\"Could not open temporary file\"")}, … … 424 436 { MSG_UT_ROT, SH_ERR_WARN, RUN, N_("msg=<Logfile size decreased>, path=<%s>")}, 425 437 438 #endif 439 440 #ifdef SH_USE_PROCESSCHECK 441 { MSG_PCK_CHECK, SH_ERR_NOTICE, RUN, N_("msg=<Checking processes in pid interval [%ld,%ld]>")}, 442 { MSG_PCK_OK, SH_ERR_ALL, RUN, N_("msg=<PID %ld found with tests %s>")}, 443 { MSG_PCK_HIDDEN, SH_ERR_SEVERE, EVENT, N_("msg=<POLICY [Process] Hidden pid: %ld tests: %s>")}, 444 { MSG_PCK_FAKE, SH_ERR_SEVERE, EVENT, N_("msg=<POLICY [Process] Fake pid: %ld tests: %s>")}, 445 { MSG_PCK_MISS, SH_ERR_SEVERE, EVENT, N_("msg=<POLICY [Process] Missing: %s>")}, 446 #endif 447 448 #ifdef SH_USE_PORTCHECK 449 { MSG_PORT_REPORT, SH_ERR_SEVERE, EVENT, N_("msg=<%s>")}, 426 450 #endif 427 451 -
trunk/src/sh_database.c
r54 r68 109 109 char link_old[1024]; 110 110 char link_new[1024]; 111 char acl_old[1024]; 112 char acl_new[1024]; 111 113 112 114 long long_data[20]; … … 204 206 { NULL, N_("attr_old"), 0, 71, 16, 0, offsetof(struct dbins_, attr_old)}, 205 207 { NULL, N_("attr_new"), 0, 72, 16, 0, offsetof(struct dbins_, attr_new)}, 208 { NULL, N_("acl_old"), 0, 73, 1024, 0, offsetof(struct dbins_, acl_old)}, 209 { NULL, N_("acl_new"), 0, 74, 1024, 0, offsetof(struct dbins_, acl_new)}, 206 210 207 211 { NULL, NULL, 0, 0, 0, 0, 0 } … … 497 501 static OCIError * o_error = NULL; 498 502 static OCIStmt * o_statement; 503 static OCIBind * o_bind = (OCIBind *) 0; 499 504 static text o_errormsg[512]; 500 505 static sb4 o_errorcode; … … 666 671 oracle_connected: 667 672 668 /* 669 * Insert 670 */ 673 /* Get row index 674 */ 675 sl_strlcpy (row_query, _("SELECT log_log_index_seq.NEXTVAL FROM dual"), 128); 676 671 677 #ifdef DB_DEBUG 672 678 sh_error_handle(SH_ERR_NOTICE, FIL__, __LINE__, 0, MSG_E_SUBGEN, 673 query,679 row_query, 674 680 _("sh_database_query")); 675 681 #endif 676 682 677 683 if (OCIStmtPrepare(o_statement, o_error, 678 (OraText*) query, sl_strlen(query),684 (OraText*) row_query, sl_strlen(row_query), 679 685 OCI_NTV_SYNTAX, OCI_DEFAULT)) 680 {681 OCIErrorGet(o_error, 1, NULL,682 &o_errorcode, o_errormsg, sizeof(o_errormsg),683 OCI_HTYPE_ERROR);684 sh_stripnl (o_errormsg);685 sh_error_handle((-1), FIL__, __LINE__, (long) o_errorcode, MSG_E_SUBGEN,686 o_errormsg,687 _("sh_database_query"));688 if (retry == 0 &&689 (3114 == o_errorcode || 0 == strncmp(o_errormsg, _("ORA-03114"), 9)))690 {691 ++retry; sh_database_reset(); goto oracle_doconnect;692 }693 goto err_out;694 }695 696 if (OCIStmtExecute(o_servicecontext,697 o_statement, o_error, 1, 0,698 NULL, NULL, OCI_COMMIT_ON_SUCCESS))699 686 { 700 687 OCIErrorGet(o_error, 1, NULL, … … 713 700 } 714 701 715 #ifdef DB_DEBUG 716 sh_error_handle(SH_ERR_NOTICE, FIL__, __LINE__, 0, MSG_E_SUBGEN, 717 _("No error on insert"), 718 _("sh_database_query")); 719 #endif 720 721 /* Get row index 722 */ 723 sl_strlcpy (row_query, _("SELECT MAX(log_index) FROM "), 128); 724 sl_strlcat (row_query, db_table, 128); 725 726 #ifdef DB_DEBUG 727 sh_error_handle(SH_ERR_NOTICE, FIL__, __LINE__, 0, MSG_E_SUBGEN, 728 row_query, 729 _("sh_database_query")); 730 #endif 731 732 if (OCIStmtPrepare(o_statement, o_error, 733 (OraText*) row_query, sl_strlen(row_query), 734 OCI_NTV_SYNTAX, OCI_DEFAULT)) 702 if (OCIStmtExecute(o_servicecontext, o_statement, o_error, 703 0, 0, NULL, NULL, OCI_DEFAULT)) 735 704 { 736 705 OCIErrorGet(o_error, 1, NULL, … … 749 718 } 750 719 751 if (OCIStmtExecute(o_servicecontext, o_statement, o_error, 752 0, 0, NULL, NULL, OCI_DEFAULT)) 720 if (OCIDefineByPos (o_statement, &o_define, o_error, 1, 721 &result, sizeof(result), 722 SQLT_INT, 0, 0, 0, OCI_DEFAULT)) 753 723 { 754 724 OCIErrorGet(o_error, 1, NULL, … … 766 736 goto err_out; 767 737 } 768 769 if (OCIDefineByPos (o_statement, &o_define, o_error, 1, 770 &result, sizeof(result), 771 SQLT_INT, 0, 0, 0, OCI_DEFAULT)) 738 if (OCIStmtFetch (o_statement, o_error, 1, OCI_FETCH_NEXT, OCI_DEFAULT)) 772 739 { 773 740 OCIErrorGet(o_error, 1, NULL, … … 785 752 goto err_out; 786 753 } 787 if (OCIStmtFetch (o_statement, o_error, 1, OCI_FETCH_NEXT, OCI_DEFAULT)) 754 755 #ifdef DB_DEBUG 756 sl_snprintf(row_query, 127, _("Returned value: %d"), result); 757 sh_error_handle(SH_ERR_NOTICE, FIL__, __LINE__, 0, MSG_E_SUBGEN, 758 row_query, 759 _("sh_database_query")); 760 #endif 761 762 *id = result; 763 764 /* do the insert 765 */ 766 #ifdef DB_DEBUG 767 sh_error_handle(SH_ERR_NOTICE, FIL__, __LINE__, 0, MSG_E_SUBGEN, 768 query, 769 _("sh_database_query")); 770 #endif 771 772 if (OCIStmtPrepare(o_statement, o_error, 773 (OraText*) query, sl_strlen(query), 774 OCI_NTV_SYNTAX, OCI_DEFAULT)) 775 { 776 OCIErrorGet(o_error, 1, NULL, 777 &o_errorcode, o_errormsg, sizeof(o_errormsg), 778 OCI_HTYPE_ERROR); 779 sh_stripnl (o_errormsg); 780 sh_error_handle((-1), FIL__, __LINE__, (long) o_errorcode, MSG_E_SUBGEN, 781 o_errormsg, 782 _("sh_database_query")); 783 if (retry == 0 && 784 (3114 == o_errorcode || 0 == strncmp(o_errormsg, _("ORA-03114"), 9))) 785 { 786 ++retry; sh_database_reset(); goto oracle_doconnect; 787 } 788 goto err_out; 789 } 790 791 if (OCIBindByPos(o_statement, &o_bind, o_error, 1, 792 (dvoid *) &result, (sword) sizeof(result), SQLT_INT, 793 (dvoid *) 0, (ub2 *) 0, (ub2 *) 0, (ub4) 0, (ub4 *) 0, OCI_DEFAULT)) 788 794 { 789 795 OCIErrorGet(o_error, 1, NULL, … … 801 807 goto err_out; 802 808 } 803 809 810 if (OCIStmtExecute(o_servicecontext, 811 o_statement, o_error, 1, 0, 812 NULL, NULL, OCI_COMMIT_ON_SUCCESS)) 813 { 814 OCIErrorGet(o_error, 1, NULL, 815 &o_errorcode, o_errormsg, sizeof(o_errormsg), 816 OCI_HTYPE_ERROR); 817 sh_stripnl (o_errormsg); 818 sh_error_handle((-1), FIL__, __LINE__, (long) o_errorcode, MSG_E_SUBGEN, 819 o_errormsg, 820 _("sh_database_query")); 821 if (retry == 0 && 822 (3114 == o_errorcode || 0 == strncmp(o_errormsg, _("ORA-03114"), 9))) 823 { 824 ++retry; sh_database_reset(); goto oracle_doconnect; 825 } 826 goto err_out; 827 } 828 804 829 #ifdef DB_DEBUG 805 sl_snprintf(row_query, 127, _("Returned value: %d"), result);806 830 sh_error_handle(SH_ERR_NOTICE, FIL__, __LINE__, 0, MSG_E_SUBGEN, 807 row_query,831 _("No error on insert"), 808 832 _("sh_database_query")); 809 833 #endif 810 811 *id = result;812 834 813 835 if (sh_persistent_dbconn == S_FALSE) … … 1254 1276 (void) 1255 1277 sl_snprintf (values, SH_QUERY_MAX, 1256 _("( %s,%c%s%c,to_date(%c%s%c,'YYYY-MM-DD HH24:MI:SS'),%c%s%c,%c%s%c"),1278 _("(:1,%s,%c%s%c,to_date(%c%s%c,'YYYY-MM-DD HH24:MI:SS'),%c%s%c,%c%s%c"), 1257 1279 id >= 0 ? num : _("NULL"), 1258 1280 '\'', db_entry->host,'\'', … … 1263 1285 '\''); 1264 1286 (void) sl_snprintf (columns, 1023, 1265 _("(log_ ref,log_host,log_time,log_sev,log_msg"));1287 _("(log_index,log_ref,log_host,log_time,log_sev,log_msg")); 1266 1288 #elif defined(WITH_POSTGRES) 1267 1289 /* Prepare query for PQexecParams … … 1495 1517 } 1496 1518 1497 static int is_escaped( unsigned char * p) {1519 static int is_escaped(char * p_in) { 1498 1520 1499 1521 int escp = 0; 1500 1522 int retv = S_TRUE; 1523 unsigned char * p = (unsigned char *) p_in; 1501 1524 1502 1525 while (*p != '\0') -
trunk/src/sh_files.c
r61 r68 1563 1563 */ 1564 1564 sl_strlcpy (theFile.fullpath, iname, PATH_MAX); 1565 theFile.attr_string = NULL; 1565 1566 1566 1567 (void) relativeName; … … 1571 1572 if ((sig_termfast == 1) || (sig_terminate == 1)) 1572 1573 { 1574 if (theFile.attr_string) SH_FREE(theFile.attr_string); 1573 1575 SL_RETURN((0), _("sh_files_checkdir")); 1574 1576 } … … 1577 1579 { 1578 1580 SH_FREE(tmpname); 1581 if (theFile.attr_string) SH_FREE(theFile.attr_string); 1579 1582 SL_RETURN((-1), _("sh_files_checkdir")); 1580 1583 } … … 1586 1589 tmpname); 1587 1590 SH_FREE(tmpname); 1591 if (theFile.attr_string) SH_FREE(theFile.attr_string); 1588 1592 SL_RETURN((-1), _("sh_files_checkdir")); 1589 1593 } … … 1607 1611 SH_FREE(tmpname); 1608 1612 1613 if (theFile.attr_string) SH_FREE(theFile.attr_string); 1609 1614 SL_RETURN((-1), _("sh_files_checkdir")); 1610 1615 } … … 1660 1665 if (sig_termfast == 1) 1661 1666 { 1667 if (theFile.attr_string) SH_FREE(theFile.attr_string); 1662 1668 SL_RETURN((0), _("sh_files_checkdir")); 1663 1669 } … … 1850 1856 if ((sig_termfast == 1) || (sig_terminate == 1)) 1851 1857 { 1858 if (theFile.attr_string) SH_FREE(theFile.attr_string); 1852 1859 SL_RETURN((0), _("sh_files_checkdir")); 1853 1860 } … … 1896 1903 #endif 1897 1904 1905 if (theFile.attr_string) SH_FREE(theFile.attr_string); 1898 1906 SH_FREE(tmpname); 1899 1907 … … 1986 1994 */ 1987 1995 sl_strlcpy (theFile.fullpath, fullpath, PATH_MAX); 1988 theFile.check_mask = sh_files_maskof(class); 1989 theFile.reported = (*reported); 1996 theFile.check_mask = sh_files_maskof(class); 1997 theFile.reported = (*reported); 1998 theFile.attr_string = NULL; 1990 1999 1991 2000 TPT(( 0, FIL__, __LINE__, _("msg=<checking file: %s>\n"), fullpath)); … … 2001 2010 fullpath, status)); 2002 2011 if (class == SH_LEVEL_ALLIGNORE && sh.flag.checkSum != SH_CHECK_INIT) 2003 sh_hash_set_visited_true (fullpath); 2012 sh_hash_set_visited_true (fullpath); 2013 if (theFile.attr_string) 2014 SH_FREE(theFile.attr_string); 2004 2015 SL_RETURN(SH_FILE_UNKNOWN, _("sh_files_filecheck")); 2005 2016 } … … 2080 2091 } 2081 2092 #else 2082 2093 (void) rsrcflag; /* avoid compiler warning */ 2083 2094 #endif 2084 2095 2085 2096 ret_point: 2097 2098 if (theFile.attr_string) SH_FREE(theFile.attr_string); 2086 2099 2087 2100 switch (theFile.c_mode[0]) -
trunk/src/sh_hash.c
r40 r68 285 285 char * fullpath; 286 286 char * linkpath; 287 char * attr_string; 287 288 int visited; 288 289 int reported; … … 337 338 #endif 338 339 340 #define REC_FLAGS_ATTR (1<<8) 341 #define REC_FLAGS_MASK 0xFF00 339 342 340 343 /************************************************************** … … 389 392 theFile->hardlinks = p->theFile.hardlinks; 390 393 394 if (p->attr_string) 395 theFile->attr_string = sh_util_strdup(p->attr_string); 396 else 397 theFile->attr_string = NULL; 398 391 399 SL_RETURN((theFile), _("sh_hash_create_ft")); 392 400 } … … 440 448 SH_FREE(tmp); 441 449 SH_FREE(str); 450 if (theFile->attr_string) 451 SH_FREE(theFile->attr_string); 442 452 SH_FREE(theFile); 443 453 return 0; … … 517 527 MSG_FI_MISS2, tmp, str); 518 528 SH_FREE(str); 529 if (theFile->attr_string) 530 SH_FREE(theFile->attr_string); 519 531 SH_FREE(theFile); 520 532 … … 532 544 theFile = sh_hash_create_ft (p, fileHash); 533 545 sh_hash_pushdata (theFile, fileHash); 546 if (theFile->attr_string) 547 SH_FREE(theFile->attr_string); 534 548 SH_FREE(theFile); 535 549 } … … 554 568 p->linkpath = NULL; 555 569 } 570 if (p->attr_string) 571 { 572 SH_FREE(p->attr_string); 573 p->attr_string = NULL; 574 } 556 575 SH_FREE(p); 557 576 p = NULL; … … 576 595 MSG_FI_MISS2, tmp, str); 577 596 SH_FREE(str); 597 if (theFile->attr_string) 598 SH_FREE(theFile->attr_string); 578 599 SH_FREE(theFile); 579 600 … … 635 656 SH_FREE(p->linkpath); 636 657 p->linkpath = NULL; 658 } 659 if (p->attr_string) 660 { 661 SH_FREE(p->attr_string); 662 p->attr_string = NULL; 637 663 } 638 664 SH_FREE(p); … … 696 722 if(p->linkpath) 697 723 SH_FREE(p->linkpath); 724 if(p->attr_string) 725 SH_FREE(p->attr_string); 698 726 memcpy(p, s, sizeof(sh_file_t)); 699 727 p->next = q; … … 868 896 char * fullpath; 869 897 char * linkpath; 898 char * attr_string = NULL; 870 899 char * tmp; 871 900 … … 908 937 #endif 909 938 910 if ( ft.mark!= REC_MAGIC)939 if ((ft.mark & ~REC_FLAGS_MASK) != REC_MAGIC) 911 940 { 912 941 SH_FREE(p); … … 967 996 linkpath[len-2] = '\0'; 968 997 998 /* Read next record -- Part Four -- attr_string 999 */ 1000 if ((ft.mark & REC_FLAGS_ATTR) != 0) 1001 { 1002 i = sh_hash_getline (sh_fin_fd, line, size); 1003 if (i < 0 ) 1004 { 1005 SH_FREE(line); 1006 SH_FREE(fullpath); 1007 SH_FREE(linkpath); 1008 SH_FREE(p); 1009 dlog(1, FIL__, __LINE__, 1010 _("There is a corrupt record in the file signature database: %s\nThe attribute string is missing.\n"), 1011 (NULL == file_path('D', 'R'))? _("(null)"):file_path('D', 'R')); 1012 sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_P_NODATA, 1013 ( (NULL == file_path('D', 'R')) ? _("(null)") : 1014 file_path('D', 'R')) 1015 ); 1016 aud_exit (FIL__, __LINE__,EXIT_FAILURE); 1017 } 1018 1019 tmp = unquote_string (line); 1020 1021 len = sl_strlen(tmp)+1; 1022 attr_string = SH_ALLOC(len); 1023 (void) sl_strlcpy (attr_string, tmp, len); 1024 if (tmp) 1025 SH_FREE(tmp); 1026 if (attr_string[len-2] == '\n') 1027 attr_string[len-2] = '\0'; 1028 } 1029 969 1030 /* Read next record -- Part Four -- Decode 970 1031 */ … … 986 1047 sh_do_decode(linkpath, sl_strlen(linkpath)); 987 1048 } 1049 if ((ft.mark & REC_FLAGS_ATTR) != 0) 1050 { 1051 sh_do_decode(attr_string, sl_strlen(attr_string)); 1052 } 988 1053 #endif 989 1054 … … 995 1060 p->fullpath = fullpath; 996 1061 p->linkpath = linkpath; 1062 1063 p->attr_string = attr_string; 997 1064 998 1065 /* set to an invalid value … … 1313 1380 char * fullpath = NULL; 1314 1381 char * linkpath = NULL; 1382 char * attr_string = NULL; 1315 1383 1316 1384 char * line = NULL; … … 1518 1586 } 1519 1587 1588 if (buf != NULL && buf->attr_string != NULL) 1589 { 1590 old_len = sl_strlen(buf->attr_string); 1591 #if defined(SH_STEALTH) 1592 sh_do_encode(buf->attr_string, old_len); 1593 #endif 1594 tmp = quote_string(buf->attr_string); 1595 if (tmp) 1596 { 1597 attr_string = tmp; 1598 tmp = NULL; 1599 } 1600 #if defined(SH_STEALTH) 1601 sh_do_decode(buf->attr_string, old_len); 1602 #endif 1603 } 1604 1605 1520 1606 if (buf != NULL) { 1521 1607 p.mark = REC_MAGIC; 1608 if (attr_string) 1609 p.mark |= REC_FLAGS_ATTR; 1522 1610 sl_strlcpy(p.c_mode, buf->c_mode, 11); 1523 1611 sl_strlcpy(p.c_group, buf->c_group, GROUP_MAX+1); … … 1640 1728 sl_write_line (pushdata_fd, fullpath, sl_strlen(fullpath)); 1641 1729 sl_write_line (pushdata_fd, linkpath, sl_strlen(linkpath)); 1730 if (attr_string) 1731 sl_write_line (pushdata_fd, attr_string, sl_strlen(attr_string)); 1642 1732 } else { 1643 1733 fwrite (&p, sizeof(sh_filestore_t), 1, stdout); 1644 1734 printf ("%s\n", fullpath); 1645 1735 printf ("%s\n", linkpath); 1736 if (attr_string) 1737 printf ("%s\n", attr_string); 1646 1738 } 1647 1739 … … 1656 1748 SH_FREE(fullpath); 1657 1749 SH_FREE(linkpath); 1750 if (attr_string) 1751 SH_FREE(attr_string); 1658 1752 1659 1753 SL_RET0(_("sh_hash_pushdata")); … … 1689 1783 f = sh_hash_create_ft (p, fileHash); 1690 1784 sh_hash_pushdata (f, fileHash); 1785 if (f->attr_string) 1786 SH_FREE(f->attr_string); 1691 1787 SH_FREE(f); 1692 1788 } … … 1757 1853 tmpFile->mtime = p->theFile.mtime; 1758 1854 tmpFile->ctime = p->theFile.ctime; 1855 1856 tmpFile->attr_string = NULL; 1759 1857 return 0; 1760 1858 } … … 1857 1955 int i = 0; 1858 1956 char * p; 1957 1958 tmpFile.attr_string = NULL; 1859 1959 1860 1960 sl_strlcpy(tmpFile.fullpath, key, PATH_MAX); … … 1979 2079 char * fullpath; 1980 2080 char * linkpath; 2081 char * attr_string = NULL; 1981 2082 1982 2083 SL_ENTER(_("sh_hash_push_int")); … … 1985 2086 1986 2087 p.mark = REC_MAGIC; 2088 if (buf->attr_string) 2089 p.mark |= REC_FLAGS_ATTR; 1987 2090 sl_strlcpy(p.c_mode, buf->c_mode, 11); 1988 2091 sl_strlcpy(p.c_group, buf->c_group, GROUP_MAX+1); … … 2015 2118 fp->modi_mask = 0L; 2016 2119 2120 if (buf->attr_string) 2121 attr_string = sh_util_strdup(buf->attr_string); 2122 fp->attr_string = attr_string; 2123 2017 2124 len = sl_strlen(buf->fullpath); 2018 2125 if (len <= MAX_PATH_STORE) … … 2235 2342 } 2236 2343 } 2344 2345 if (theFile->attr_string) 2346 { 2347 tmp_lnk = sh_util_safe_name(theFile->attr_string); 2348 if (tmp_lnk) 2349 { 2350 if (is_new) 2351 sl_snprintf(tmp, SH_BUFSIZE, _("acl_new=\"%s\" "), tmp_lnk); 2352 else 2353 sl_snprintf(tmp, SH_BUFSIZE, _("acl_old=\"%s\" "), tmp_lnk); 2354 SH_FREE(tmp_lnk); 2355 sl_strlcat(msg, tmp, SH_BUFSIZE); 2356 } 2357 } 2358 2237 2359 2238 2360 SH_FREE(tmp); … … 2387 2509 } 2388 2510 2511 if (theFile->attr_string) 2512 { 2513 tmp_lnk = sh_util_safe_name(theFile->attr_string); 2514 if (tmp_lnk) 2515 { 2516 if (is_new) 2517 sl_snprintf(tmp, SH_BUFSIZE, _(", acl_new=<%s> "), tmp_lnk); 2518 else 2519 sl_snprintf(tmp, SH_BUFSIZE, _(", acl_old=<%s> "), tmp_lnk); 2520 SH_FREE(tmp_lnk); 2521 sl_strlcat(msg, tmp, SH_BUFSIZE); 2522 } 2523 } 2524 2389 2525 SH_FREE(tmp); 2390 2526 return (msg); … … 2605 2741 2606 2742 if ( ( (theFile->mode != p->theFile.mode) 2743 #if defined(USE_ACL) || defined(USE_XATTR) 2744 || ( (sh_unix_check_selinux|sh_unix_check_acl) && 2745 ( 2746 (theFile->attr_string == NULL && p->attr_string != NULL) || 2747 (theFile->attr_string != NULL && p->attr_string == NULL) || 2748 (theFile->attr_string != NULL && 0 != strcmp(theFile->attr_string, p->attr_string)) 2749 ) 2750 ) 2751 #endif 2607 2752 #if defined(__linux__) || defined(HAVE_STAT_FLAGS) 2608 2753 || (theFile->attributes != p->theFile.attributes) 2609 2754 #endif 2610 2755 ) 2611 2756 && (theFile->check_mask & MODI_MOD) != 0) 2612 2757 { … … 2652 2797 } 2653 2798 2654 if ( theFile->atime != (time_t) p->theFile.atime&&2655 (theFile->check_mask & MODI_ATM) != 0)2799 if ( (theFile->check_mask & MODI_ATM) != 0 && 2800 theFile->atime != (time_t) p->theFile.atime) 2656 2801 { 2657 2802 modi_mask |= MODI_ATM; … … 2705 2850 if ( ((modi_mask & MODI_MOD) != 0) 2706 2851 #if defined(HAVE_LIBPRELUDE) && defined(HAVE_LIBPRELUDE_9) 2707 || ((modi_mask & MODI_USR) != 0)2708 || ((modi_mask & MODI_GRP) != 0)2852 || ((modi_mask & MODI_USR) != 0) 2853 || ((modi_mask & MODI_GRP) != 0) 2709 2854 #endif 2710 2855 ) … … 2729 2874 sl_snprintf(tmp, SH_BUFSIZE, 2730 2875 _("mode_old=\"%s\" mode_new=\"%s\" imode_old=\"%ld\" imode_new=\"%ld\" "), 2731 #else 2732 sl_snprintf(tmp, SH_BUFSIZE, _("mode_old=<%s>, mode_new=<%s>, "), 2733 #endif 2734 p->theFile.c_mode, theFile->c_mode 2876 p->theFile.c_mode, theFile->c_mode, 2877 (long) p->theFile.mode, (long) theFile->mode); 2878 #else 2879 sl_snprintf(tmp, SH_BUFSIZE, _("mode_old=<%s>, mode_new=<%s>, "), 2880 p->theFile.c_mode, theFile->c_mode); 2881 #endif 2882 #endif 2883 sl_strlcat(msg, tmp, SH_BUFSIZE); 2884 2885 #if defined(USE_ACL) || defined(USE_XATTR) 2886 if (theFile->attr_string != NULL || p->attr_string != NULL) 2887 { 2888 sl_snprintf(tmp, SH_BUFSIZE, 2735 2889 #ifdef SH_USE_XML 2736 , (long) p->theFile.mode, (long) theFile->mode 2737 #endif 2738 ); 2739 #endif 2740 sl_strlcat(msg, tmp, SH_BUFSIZE); 2890 _("acl_old=\"%s\" acl_new=\"%s\" "), 2891 #else 2892 _("acl_old=<%s>, acl_new=<%s>, "), 2893 #endif 2894 (p->attr_string) ? p->attr_string : _("none"), 2895 (theFile->attr_string) ? theFile->attr_string : _("none")); 2896 2897 sl_strlcat(msg, tmp, SH_BUFSIZE); 2898 } 2899 #endif 2900 2741 2901 #ifdef REPLACE_OLD 2742 2902 if ((modi_mask & MODI_MOD) != 0) … … 2754 2914 p->theFile.attributes = theFile->attributes; 2755 2915 #endif 2916 #if defined(USE_ACL) || defined(USE_XATTR) 2917 if (p->attr_string == NULL && theFile->attr_string != NULL) 2918 { p->attr_string = sh_util_strdup (theFile->attr_string); } 2919 else if (p->attr_string != NULL && theFile->attr_string == NULL) 2920 { SH_FREE(p->attr_string); p->attr_string = NULL; } 2921 else if (theFile->attr_string != NULL && p->attr_string != NULL) 2922 { 2923 if (0 != strcmp(theFile->attr_string, p->attr_string)) 2924 { 2925 SH_FREE(p->attr_string); 2926 p->attr_string = sh_util_strdup (theFile->attr_string); 2927 } 2928 } 2929 #endif 2756 2930 } 2757 2931 } … … 3039 3213 sl_strlcpy(theFile->c_attributes, p->theFile.c_attributes, 16); 3040 3214 theFile->attributes = p->theFile.attributes; 3215 #endif 3216 #if defined(USE_ACL) || defined(USE_XATTR) 3217 if (theFile->attr_string == NULL && p->attr_string != NULL) 3218 { theFile->attr_string = sh_util_strdup (p->attr_string); } 3219 else if (theFile->attr_string != NULL && p->attr_string == NULL) 3220 { SH_FREE(theFile->attr_string); theFile->attr_string = NULL; } 3221 else if (theFile->attr_string != NULL && p->attr_string != NULL) 3222 { 3223 if (0 != strcmp(theFile->attr_string, p->attr_string)) 3224 { 3225 SH_FREE(theFile->attr_string); 3226 theFile->attr_string = sh_util_strdup (p->attr_string); 3227 } 3228 } 3041 3229 #endif 3042 3230 … … 3084 3272 p->theFile.attributes = theFile->attributes; 3085 3273 #endif 3274 #if defined(USE_ACL) || defined(USE_XATTR) 3275 if (p->attr_string == NULL && theFile->attr_string != NULL) 3276 { p->attr_string = sh_util_strdup (theFile->attr_string); } 3277 else if (p->attr_string != NULL && theFile->attr_string == NULL) 3278 { SH_FREE(p->attr_string); p->attr_string = NULL; } 3279 else if (theFile->attr_string != NULL && p->attr_string != NULL) 3280 { 3281 if (0 != strcmp(theFile->attr_string, p->attr_string)) 3282 { 3283 SH_FREE(p->attr_string); 3284 p->attr_string = sh_util_strdup (theFile->attr_string); 3285 } 3286 } 3287 #endif 3086 3288 3087 3289 if (theFile->c_mode[0] == 'l') … … 3216 3418 char * tmp; 3217 3419 char str[81]; 3420 size_t i; 3218 3421 3219 3422 if (ListWithDelimiter == S_TRUE) … … 3270 3473 tmp = sh_util_safe_name(p->linkpath); 3271 3474 if (ListWithDelimiter == S_TRUE) 3272 printf(_(" %s \n"), tmp);3475 printf(_(" %s"), tmp); 3273 3476 else 3274 printf(_(" -> %s \n"), tmp);3477 printf(_(" -> %s"), tmp); 3275 3478 SH_FREE(tmp); 3276 3479 } 3277 else 3278 printf("\n"); 3480 if (ListWithDelimiter == S_TRUE) 3481 putchar(','); 3482 3483 if (p->attr_string) 3484 { 3485 tmp = sh_util_safe_name(p->attr_string); 3486 if (ListWithDelimiter == S_TRUE) { 3487 for (i = 0; i < strlen(tmp); ++i) 3488 if (tmp[i] == ',') tmp[i] = ';'; 3489 } 3490 printf(_(" %s"), tmp); 3491 SH_FREE(tmp); 3492 } 3493 else 3494 { 3495 if (ListWithDelimiter == S_TRUE) 3496 printf(_(" no_attr")); 3497 } 3498 putchar('\n'); 3279 3499 3280 3500 return; -
trunk/src/sh_kern.c
r51 r68 209 209 int i = 0; 210 210 char * p; 211 212 tmpFile.attr_string = NULL; 211 213 212 214 sl_strlcpy(tmpFile.fullpath, name, PATH_MAX); … … 1790 1792 *************/ 1791 1793 1792 int sh_kern_set_severity (c har * c)1794 int sh_kern_set_severity (const char * c) 1793 1795 { 1794 1796 char tmp[32]; … … 1799 1801 } 1800 1802 1801 int sh_kern_set_timer (c har * c)1803 int sh_kern_set_timer (const char * c) 1802 1804 { 1803 1805 long val; … … 1816 1818 } 1817 1819 1818 int sh_kern_set_activate (c har * c)1820 int sh_kern_set_activate (const char * c) 1819 1821 { 1820 1822 int i; … … 1824 1826 } 1825 1827 1826 int sh_kern_set_idt (c har * c)1828 int sh_kern_set_idt (const char * c) 1827 1829 { 1828 1830 int i; … … 1832 1834 } 1833 1835 1834 int sh_kern_set_sc_addr (c har * c)1836 int sh_kern_set_sc_addr (const char * c) 1835 1837 { 1836 1838 char * endptr; … … 1853 1855 } 1854 1856 1855 int sh_kern_set_sct_addr (c har * c)1857 int sh_kern_set_sct_addr (const char * c) 1856 1858 { 1857 1859 char * endptr; … … 1874 1876 } 1875 1877 1876 int sh_kern_set_proc_root (c har * c)1878 int sh_kern_set_proc_root (const char * c) 1877 1879 { 1878 1880 char * endptr; … … 1896 1898 } 1897 1899 1898 int sh_kern_set_proc_root_iops (c har * c)1900 int sh_kern_set_proc_root_iops (const char * c) 1899 1901 { 1900 1902 char * endptr; … … 1918 1920 } 1919 1921 1920 int sh_kern_set_proc_root_lookup (c har * c)1922 int sh_kern_set_proc_root_lookup (const char * c) 1921 1923 { 1922 1924 char * endptr; … … 1941 1943 #endif 1942 1944 1943 /* #ifdef SH_USE_ UTMP*/1944 #endif 1945 1946 1947 1945 /* #ifdef SH_USE_KERN */ 1946 #endif 1947 1948 1949 -
trunk/src/sh_modules.c
r1 r68 13 13 #include "sh_kern.h" 14 14 #include "sh_suidchk.h" 15 #include "sh_processcheck.h" 16 #include "sh_portcheck.h" 15 17 16 18 sh_mtype modList[] = { … … 74 76 }, 75 77 #endif 78 76 79 #ifdef SH_USE_SUIDCHK 77 80 { … … 88 91 }, 89 92 #endif 93 94 #ifdef SH_USE_PROCESSCHECK 95 { 96 N_("PROCESSCHECK"), 97 0, 98 sh_prochk_init, 99 sh_prochk_timer, 100 sh_prochk_check, 101 sh_prochk_cleanup, 102 sh_prochk_reconf, 103 104 N_("[ProcessCheck]"), 105 sh_prochk_table, 106 }, 107 #endif 108 109 #ifdef SH_USE_PORTCHECK 110 { 111 N_("PORTCHECK"), 112 0, 113 sh_portchk_init, 114 sh_portchk_timer, 115 sh_portchk_check, 116 sh_portchk_cleanup, 117 sh_portchk_reconf, 118 119 N_("[PortCheck]"), 120 sh_portchk_table, 121 }, 122 #endif 123 90 124 { 91 125 NULL, -
trunk/src/sh_mounts.c
r34 r68 51 51 52 52 /* Prototypes for configuration functions */ 53 int sh_mounts_config_activate (c har * opt);54 int sh_mounts_config_timer (c har * opt);55 int sh_mounts_config_mount (c har * opt);56 int sh_mounts_config_sevmnt (c har * opt);57 int sh_mounts_config_sevopt (c har * opt);53 int sh_mounts_config_activate (const char * opt); 54 int sh_mounts_config_timer (const char * opt); 55 int sh_mounts_config_mount (const char * opt); 56 int sh_mounts_config_sevmnt (const char * opt); 57 int sh_mounts_config_sevopt (const char * opt); 58 58 59 59 /* Prototype for the function to read info on mounted filesystems */ … … 276 276 277 277 /* Configure to check a particular mount */ 278 int sh_mounts_config_mount (c har * opt)278 int sh_mounts_config_mount (const char * opt_in) 279 279 { 280 280 struct sh_mounts_mnt *m; 281 281 struct sh_mounts_opt *o; 282 char *sp, *temp ;282 char *sp, *temp, *opt; 283 283 284 284 SL_ENTER(_("sh_mounts_config_mount")); … … 286 286 /* It's probably best to make a copy of opt before messing about with it 287 287 * via string functions. Good practice and all that. */ 288 temp = sh_util_strdup(opt );288 temp = sh_util_strdup(opt_in); 289 289 290 290 /* Since we're going to "consume" this new buffer, it'll be good to have a 291 291 * reference to it's allocated memory so we can free it later. Let's use 292 * temp for that, and the now-unused"opt" for consumption */292 * temp for that, and "opt" for consumption */ 293 293 opt = temp; 294 294 … … 327 327 328 328 /* Simply sets our boolean as to whether this module is active */ 329 int sh_mounts_config_activate (c har * opt)329 int sh_mounts_config_activate (const char * opt) 330 330 { 331 331 int i; … … 336 336 337 337 /* Sets up our timer */ 338 int sh_mounts_config_timer (c har * opt)338 int sh_mounts_config_timer (const char * opt) 339 339 { 340 340 long val; … … 357 357 358 358 /* Configure severity for "mount missing" messages */ 359 int sh_mounts_config_sevmnt (c har * opt)359 int sh_mounts_config_sevmnt (const char * opt) 360 360 { 361 361 int retval = 0; … … 370 370 } 371 371 372 int sh_mounts_config_sevopt (c har * opt)372 int sh_mounts_config_sevopt (const char * opt) 373 373 { 374 374 int retval = 0; -
trunk/src/sh_readconf.c
r27 r68 857 857 { N_("hardlinkoffset"), SH_SECTION_MISC, SH_SECTION_NONE, 858 858 sh_files_hle_reg }, 859 #if defined(USE_XATTR) 860 { N_("useselinuxcheck"), SH_SECTION_MISC, SH_SECTION_NONE, 861 sh_unix_setcheckselinux }, 862 #endif 863 #if defined(USE_ACL) 864 { N_("useaclcheck"), SH_SECTION_MISC, SH_SECTION_NONE, 865 sh_unix_setcheckacl }, 866 #endif 859 867 { N_("addokchars"), SH_SECTION_MISC, SH_SECTION_NONE, 860 868 sh_util_obscure_ok }, 869 { N_("filenamesareutf8"), SH_SECTION_MISC, SH_SECTION_NONE, /* FIXME document this option */ 870 sh_util_obscure_utf8 }, 861 871 { N_("setrecursionlevel"), SH_SECTION_MISC, SH_SECTION_NONE, 862 872 sh_files_setrecursion }, -
trunk/src/sh_suidchk.c
r61 r68 146 146 static int ShSuidchkSeverity = SH_ERR_SEVERE; 147 147 static char * ShSuidchkExclude = NULL; 148 static intExcludeLen = 0;148 static size_t ExcludeLen = 0; 149 149 150 150 static time_t FileLimNow = 0; … … 554 554 ) 555 555 ) 556 { 556 { /* way too long routine */ 557 557 558 558 (void) sl_strlcpy (theFile.fullpath, tmpcat, PATH_MAX); 559 theFile.check_mask = sh_files_maskof(SH_LEVEL_READONLY); 560 theFile.reported = S_FALSE; 559 theFile.check_mask = sh_files_maskof(SH_LEVEL_READONLY); 560 theFile.reported = S_FALSE; 561 theFile.attr_string = NULL; 562 561 563 status = sh_unix_getinfo (ShDFLevel[SH_ERR_T_RO], 562 564 thisEntry->d_name, … … 971 973 } 972 974 SH_FREE(tmp); 973 974 } 975 if (theFile.attr_string) 976 SH_FREE(theFile.attr_string); 977 978 } /* end of way too long routine */ 975 979 } 976 980 SH_FREE(tmpcat); 977 981 } 982 978 983 #ifdef HAVE_SCHED_YIELD 979 984 if (ShSuidchkYield == S_TRUE) … … 989 994 } 990 995 #endif 996 991 997 } while (thisEntry != NULL); 992 998 … … 1087 1093 *************/ 1088 1094 1089 int sh_suidchk_set_severity (c har * c)1095 int sh_suidchk_set_severity (const char * c) 1090 1096 { 1091 1097 int retval; … … 1099 1105 } 1100 1106 1101 int sh_suidchk_set_exclude (c har * c)1107 int sh_suidchk_set_exclude (const char * c) 1102 1108 { 1103 1109 SL_ENTER(_("sh_suidchk_set_exclude")); 1110 1104 1111 if (c == NULL || c[0] == '\0') 1105 1112 { … … 1118 1125 SH_FREE(ShSuidchkExclude); 1119 1126 1120 ExcludeLen = (int) sl_strlen(c); 1121 if (c[ExcludeLen-1] == '/') 1122 { 1123 c[ExcludeLen-1] = '\0'; 1127 ShSuidchkExclude = sh_util_strdup (c); 1128 ExcludeLen = sl_strlen (ShSuidchkExclude); 1129 if (ShSuidchkExclude[ExcludeLen-1] == '/') 1130 { 1131 ShSuidchkExclude[ExcludeLen-1] = '\0'; 1124 1132 ExcludeLen--; 1125 1133 } 1126 ShSuidchkExclude = SH_ALLOC((size_t) ExcludeLen + 1);1127 (void) sl_strlcpy(ShSuidchkExclude, c, (size_t)(ExcludeLen + 1));1128 1129 1134 SL_RETURN(0, _("sh_suidchk_set_exclude")); 1130 1135 } 1131 1136 1132 int sh_suidchk_set_timer (c har * c)1137 int sh_suidchk_set_timer (const char * c) 1133 1138 { 1134 1139 long val; … … 1163 1168 } 1164 1169 1165 int sh_suidchk_set_schedule (c har * str)1170 int sh_suidchk_set_schedule (const char * str) 1166 1171 { 1167 1172 int status; … … 1201 1206 1202 1207 1203 int sh_suidchk_set_fps (c har * c)1208 int sh_suidchk_set_fps (const char * c) 1204 1209 { 1205 1210 long val; … … 1218 1223 } 1219 1224 1220 int sh_suidchk_set_yield (c har * c)1225 int sh_suidchk_set_yield (const char * c) 1221 1226 { 1222 1227 int i; … … 1231 1236 } 1232 1237 1233 int sh_suidchk_set_activate (c har * c)1238 int sh_suidchk_set_activate (const char * c) 1234 1239 { 1235 1240 int i; … … 1239 1244 } 1240 1245 1241 int sh_suidchk_set_quarantine (c har * c)1246 int sh_suidchk_set_quarantine (const char * c) 1242 1247 { 1243 1248 int i; … … 1247 1252 } 1248 1253 1249 int sh_suidchk_set_qdelete (c har * c)1254 int sh_suidchk_set_qdelete (const char * c) 1250 1255 { 1251 1256 int i; … … 1255 1260 } 1256 1261 1257 int sh_suidchk_set_qmethod (c har * c)1262 int sh_suidchk_set_qmethod (const char * c) 1258 1263 { 1259 1264 long val; -
trunk/src/sh_unix.c
r65 r68 2863 2863 alert_timeout), 2864 2864 KEY_LEN+1); 2865 2865 2866 2866 /* return */ 2867 2867 SL_RETURN( 0, _("sh_unix_checksum_size")); … … 2874 2874 SL_RETURN( -1, _("sh_unix_checksum_size")); 2875 2875 } 2876 2877 int sh_unix_check_selinux = S_FALSE; 2878 int sh_unix_check_acl = S_FALSE; 2879 2880 #ifdef USE_ACL 2881 2882 #include <sys/acl.h> 2883 static char * sh_unix_getinfo_acl (char * path, int fd, struct stat * buf) 2884 { 2885 /* system.posix_acl_access, system.posix_acl_default 2886 */ 2887 char * out = NULL; 2888 char * collect = NULL; 2889 char * tmp; 2890 char * out_compact; 2891 ssize_t len; 2892 acl_t result; 2893 2894 SL_ENTER(_("sh_unix_getinfo_acl")); 2895 2896 result = (fd == -1) ? 2897 acl_get_file (path, ACL_TYPE_ACCESS) : 2898 acl_get_fd (fd); 2899 2900 if (result) 2901 { 2902 out = acl_to_text (result, &len); 2903 if (out && (len > 0)) { 2904 out_compact = sh_util_acl_compact (out, len); 2905 acl_free(out); 2906 if (out_compact) 2907 { 2908 collect = sh_util_strconcat (_("acl_access:"), out_compact, NULL); 2909 SH_FREE(out_compact); 2910 } 2911 } 2912 acl_free(result); 2913 } 2914 2915 2916 if ( S_ISDIR(buf->st_mode) ) 2917 { 2918 result = acl_get_file (path, ACL_TYPE_DEFAULT); 2919 2920 if (result) 2921 { 2922 out = acl_to_text (result, &len); 2923 if (out && (len > 0)) { 2924 out_compact = sh_util_acl_compact (out, len); 2925 acl_free(out); 2926 if (out_compact) { 2927 if (collect) { 2928 tmp = sh_util_strconcat (_("acl_default:"), 2929 out_compact, ":", collect, NULL); 2930 SH_FREE(collect); 2931 } 2932 else { 2933 tmp = sh_util_strconcat (_("acl_default:"), out_compact, NULL); 2934 } 2935 SH_FREE(out_compact); 2936 collect = tmp; 2937 } 2938 } 2939 acl_free(result); 2940 } 2941 } 2942 2943 SL_RETURN((collect),_("sh_unix_getinfo_acl")); 2944 } 2945 #endif 2946 2947 #ifdef USE_XATTR 2948 2949 #include <attr/xattr.h> 2950 static char * sh_unix_getinfo_xattr_int (char * path, int fd, char * name) 2951 { 2952 char * out = NULL; 2953 char * tmp = NULL; 2954 size_t size = 256; 2955 ssize_t result; 2956 2957 SL_ENTER(_("sh_unix_getinfo_xattr_int")); 2958 2959 out = SH_ALLOC(size); 2960 2961 result = (fd == -1) ? 2962 lgetxattr (path, name, out, size-1) : 2963 fgetxattr (fd, name, out, size-1); 2964 2965 if (result == -1 && errno == ERANGE) 2966 { 2967 SH_FREE(out); 2968 result = (fd == -1) ? 2969 lgetxattr (path, name, NULL, 0) : 2970 fgetxattr (fd, name, NULL, 0); 2971 size = result + 1; 2972 out = SH_ALLOC(size); 2973 result = (fd == -1) ? 2974 lgetxattr (path, name, out, size-1) : 2975 fgetxattr (fd, name, out, size-1); 2976 } 2977 2978 if ((result > 0) && ((size_t)result < size)) 2979 { 2980 out[size-1] = '\0'; 2981 tmp = out; 2982 } 2983 else 2984 { 2985 SH_FREE(out); 2986 } 2987 2988 SL_RETURN((tmp),_("sh_unix_getinfo_xattr_int")); 2989 } 2990 2991 2992 static char * sh_unix_getinfo_xattr (char * path, int fd, struct stat * buf) 2993 { 2994 /* system.posix_acl_access, system.posix_acl_default, security.selinux 2995 */ 2996 char * tmp; 2997 char * out = NULL; 2998 char * collect = NULL; 2999 3000 SL_ENTER(_("sh_unix_getinfo_xattr")); 3001 3002 #ifdef USE_ACL 3003 /* 3004 * we need the acl_get_fd/acl_get_file functions, getxattr will only 3005 * yield the raw bytes 3006 */ 3007 if (sh_unix_check_acl == S_TRUE) 3008 { 3009 out = sh_unix_getinfo_acl(path, fd, buf); 3010 3011 if (out) 3012 { 3013 collect = out; 3014 } 3015 } 3016 #endif 3017 3018 out = sh_unix_getinfo_xattr_int(path, fd, _("security.selinux")); 3019 3020 if (out) 3021 { 3022 if (collect) { 3023 tmp = sh_util_strconcat(_("selinux:"), out, ":", collect, NULL); 3024 SH_FREE(collect); 3025 } 3026 else { 3027 tmp = sh_util_strconcat(_("selinux:"), out, NULL); 3028 } 3029 SH_FREE(out); 3030 collect = tmp; 3031 } 3032 3033 SL_RETURN((collect),_("sh_unix_getinfo_xattr")); 3034 } 3035 #endif 3036 3037 #ifdef USE_XATTR 3038 int sh_unix_setcheckselinux (const char * c) 3039 { 3040 int i; 3041 SL_ENTER(_("sh_unix_setcheckselinux")); 3042 i = sh_util_flagval(c, &(sh_unix_check_selinux)); 3043 3044 SL_RETURN(i, _("sh_unix_setcheckselinux")); 3045 } 3046 #endif 3047 3048 #ifdef USE_ACL 3049 int sh_unix_setcheckacl (const char * c) 3050 { 3051 int i; 3052 SL_ENTER(_("sh_unix_setcheckacl")); 3053 i = sh_util_flagval(c, &(sh_unix_check_acl)); 3054 3055 SL_RETURN(i, _("sh_unix_setcheckacl")); 3056 } 3057 #endif 3058 2876 3059 2877 3060 int sh_unix_getinfo (int level, char * filename, file_type * theFile, … … 3124 3307 &theFile->attributes, theFile->c_attributes, 3125 3308 fd, &buf); 3309 #endif 3310 3311 #if defined(USE_XATTR) 3312 if (sh_unix_check_selinux == S_TRUE) 3313 theFile->attr_string = sh_unix_getinfo_xattr (theFile->fullpath, fd, &buf); 3314 #elif defined(USE_ACL) 3315 if (sh_unix_check_acl == S_TRUE) 3316 theFile->attr_string = sh_unix_getinfo_acl (theFile->fullpath, fd, &buf); 3317 #else 3318 theFile->attr_string = NULL; 3126 3319 #endif 3127 3320 -
trunk/src/sh_userfiles.c
r27 r68 115 115 } 116 116 117 int sh_userfiles_set_uid (c har * str)117 int sh_userfiles_set_uid (const char * str) 118 118 { 119 119 char * end; 120 c har * p = str;120 const char * p = str; 121 121 unsigned long lower; 122 122 unsigned long upper = 0; … … 183 183 * directory that should be checked. */ 184 184 185 int sh_userfiles_add_file(c har *c) {185 int sh_userfiles_add_file(const char *c) { 186 186 struct userfileslist *new; 187 187 char *s, *orig; … … 232 232 } 233 233 234 /* Decide if we're active. 1 means yes, all else means no */235 236 int sh_userfiles_set_active(c har *c) {234 /* Decide if we're active. 235 */ 236 int sh_userfiles_set_active(const char *c) { 237 237 int value; 238 238 239 239 SL_ENTER(_("sh_userfiles_set_active")); 240 241 240 value = sh_util_flagval(c, &ShUserfilesActive); 242 243 /*244 if( value == 1 ) {245 ShUserfilesActive = S_TRUE;246 } else {247 ShUserfilesActive = S_FALSE;248 }249 */250 251 241 SL_RETURN((value), _("sh_userfiles_set_active")); 252 242 } -
trunk/src/sh_utils.c
r34 r68 196 196 197 197 SL_RETURN(i, _("sh_util_hidesetup")); 198 } 199 200 char * sh_util_acl_compact(char * buf, ssize_t len) 201 { 202 unsigned char * p = (unsigned char *) buf; 203 int state = 0; 204 ssize_t rem = 0; 205 char * out; 206 207 SH_VALIDATE_NE(buf, NULL); 208 SH_VALIDATE_GE(len, 0); 209 210 out = SH_ALLOC(len + 1); 211 212 while (*p != '\0') { 213 214 /* -- not at start or after newline 215 */ 216 if (state == 1) { 217 if (*p == '\n' || *p == ' ' || *p == '\t' || *p == '#') { 218 while (*p != '\n') { 219 ++p; 220 if (*p == '\0') { 221 goto exit_it; 222 } 223 } 224 out[rem] = ','; ++rem; 225 while (p[1] == '\n') ++p; /* scan over consecutive newlines */ 226 state = 0; 227 if (p[1] == '\0') { 228 if (rem > 0) out[rem-1] = '\0'; 229 break; 230 } 231 } 232 else { 233 if (*p <= 0x7F && isgraph((int) *p)) { 234 out[rem] = (char) *p; ++rem; 235 } 236 } 237 } 238 239 /* -- at start or after newline 240 */ 241 else /* if (state == 0) */ { 242 if (0 == strncmp((char *) p, "user", 4)) { 243 out[rem] = 'u'; ++rem; 244 p += 3; state = 1; 245 } else if (0 == strncmp((char *) p, "group", 5)) { 246 out[rem] = 'g'; ++rem; 247 p += 4; state = 1; 248 } else if (0 == strncmp((char *) p, "mask", 4)) { 249 out[rem] = 'm'; ++rem; 250 p += 3; state = 1; 251 } else if (0 == strncmp((char *) p, "other", 5)) { 252 out[rem] = 'o'; 253 p += 4; state = 1; ++rem; 254 } else if (*p == '\0') { 255 if (rem > 0) { out[rem-1] = '\0'; } 256 break; 257 } else { 258 if (*p <= 0x7F && isprint((int) *p)) { 259 out[rem] = (char) *p; ++rem; 260 } 261 } 262 state = 1; 263 } 264 ++p; 265 } 266 exit_it: 267 out[rem] = '\0'; 268 return out; 198 269 } 199 270 … … 1343 1414 static unsigned char sh_obscure_index[256]; 1344 1415 1416 int sh_util_valid_utf8 (const unsigned char * str) 1417 { 1418 size_t len = strlen((char *)str); 1419 size_t l = 0; 1420 unsigned char c; 1421 1422 #define SH_VAL_UTF8_1 ((c != '\0') && ((c & 0x80) == 0x00)) 1423 #define SH_VAL_UTF8_2 ((c != '\0') && ((c & 0xE0) == 0xC0)) /* 110x xxxx */ 1424 #define SH_VAL_UTF8_3 ((c != '\0') && ((c & 0xF0) == 0xE0)) /* 1110 xxxx */ 1425 #define SH_VAL_UTF8_4 ((c != '\0') && ((c & 0xF8) == 0xF0)) /* 1111 0xxx */ 1426 #define SH_VAL_UTF8_N ((c != '\0') && ((c & 0xC0) == 0x80)) /* 10xx xxxx */ 1427 #define SH_VAL_BAD ((c == '"') || (c == '\t') || (c == '\b') || (c == '\f') || (c == '\n') || \ 1428 (c == '\r') || (c == '\v') || iscntrl((int) c) || \ 1429 (c != ' ' && !isgraph ((int) c))) 1430 1431 while(l < len) 1432 { 1433 c = str[l]; 1434 1435 if (SH_VAL_UTF8_1) 1436 { 1437 if (SH_VAL_BAD && (sh_obscure_index[c] != 1)) return S_FALSE; 1438 ++l; continue; /* ASCII character */ 1439 } 1440 else if (SH_VAL_UTF8_2) 1441 { 1442 if ((c & 0x3e) == 0x00) 1443 return S_FALSE; /* overlong 2-byte seq. */ 1444 ++l; if (l == len) return S_FALSE; c = str[l]; 1445 if(!SH_VAL_UTF8_N) return S_FALSE; 1446 ++l; continue; 1447 1448 } 1449 else if (SH_VAL_UTF8_3) 1450 { 1451 ++l; if (l == len) return S_FALSE; c = str[l]; 1452 if(!SH_VAL_UTF8_N) return S_FALSE; 1453 if (((str[l-1] & 0x1F) == 0x00) && ((c & 0x60) == 0x00)) 1454 return S_FALSE; /* overlong 3-byte seq. */ 1455 ++l; if (l == len) return S_FALSE; c = str[l]; 1456 if(!SH_VAL_UTF8_N) return S_FALSE; 1457 ++l; continue; 1458 } 1459 else if (SH_VAL_UTF8_4) 1460 { 1461 ++l; if (l == len) return S_FALSE; c = str[l]; 1462 if(!SH_VAL_UTF8_N) return S_FALSE; 1463 if (((str[l-1] & 0x0F) == 0x00) && ((c & 0x70) == 0x00)) 1464 return S_FALSE; /* overlong 4-byte seq. */ 1465 ++l; if (l == len) return S_FALSE; c = str[l]; 1466 if(!SH_VAL_UTF8_N) return S_FALSE; 1467 ++l; if (l == len) return S_FALSE; c = str[l]; 1468 if(!SH_VAL_UTF8_N) return S_FALSE; 1469 ++l; continue; 1470 } 1471 return S_FALSE; 1472 } 1473 return S_TRUE; 1474 } 1475 1476 1345 1477 int sh_util_obscure_ok (const char * str) 1346 1478 { … … 1387 1519 } 1388 1520 1521 static int sh_obscure_check_utf8 = S_FALSE; 1522 1523 int sh_util_obscure_utf8 (const char * c) 1524 { 1525 int i; 1526 SL_ENTER(_("sh_util_obscure_utf8")); 1527 i = sh_util_flagval(c, &(sh_obscure_check_utf8)); 1528 1529 SL_RETURN(i, _("sh_util_obscure_utf8")); 1530 } 1531 1532 1389 1533 int sh_util_obscurename (ShErrLevel level, char * name_orig, int flag) 1390 1534 { … … 1396 1540 1397 1541 ASSERT_RET((name != NULL), _("name != NULL"), (0)) 1542 1543 if (sh_obscure_check_utf8 == S_TRUE) 1544 { 1545 if (S_FALSE == sh_util_valid_utf8(name)) 1546 { 1547 goto err; 1548 } 1549 SL_RETURN((0),_("sh_util_obscurename")); 1550 } 1398 1551 1399 1552 /* -- Check name. -- … … 1410 1563 if (sh_obscure_index[i] != (unsigned char)1) 1411 1564 { 1412 if (flag == S_TRUE) 1413 { 1414 safe = sh_util_safe_name (name_orig); 1415 sh_error_handle (level, FIL__, __LINE__, 0, MSG_FI_OBSC, 1416 safe); 1417 SH_FREE(safe); 1418 } 1419 SL_RETURN((-1),_("sh_util_obscurename")); 1565 goto err; 1420 1566 } 1421 1567 } … … 1424 1570 1425 1571 SL_RETURN((0),_("sh_util_obscurename")); 1426 } 1572 1573 err: 1574 1575 if (flag == S_TRUE) 1576 { 1577 safe = sh_util_safe_name (name_orig); 1578 sh_error_handle (level, FIL__, __LINE__, 0, MSG_FI_OBSC, 1579 safe); 1580 SH_FREE(safe); 1581 } 1582 SL_RETURN((-1),_("sh_util_obscurename")); 1583 } 1584 1427 1585 #endif 1428 1586 -
trunk/src/sh_utmp.c
r34 r68 547 547 *************/ 548 548 549 int sh_utmp_set_login_solo (c har * c)549 int sh_utmp_set_login_solo (const char * c) 550 550 { 551 551 int retval; … … 559 559 } 560 560 561 int sh_utmp_set_login_multi (c har * c)561 int sh_utmp_set_login_multi (const char * c) 562 562 { 563 563 int retval; … … 571 571 } 572 572 573 int sh_utmp_set_logout_good (c har * c)573 int sh_utmp_set_logout_good (const char * c) 574 574 { 575 575 int retval; … … 583 583 } 584 584 585 int sh_utmp_set_login_timer (c har * c)585 int sh_utmp_set_login_timer (const char * c) 586 586 { 587 587 int retval = 0; … … 603 603 } 604 604 605 int sh_utmp_set_login_activate (c har * c)605 int sh_utmp_set_login_activate (const char * c) 606 606 { 607 607 int i; -
trunk/test/test.sh
r60 r68 138 138 usage() { 139 139 echo "test.sh [options] <test_number> [hostname]" 140 echo " [-q|--quiet|-v|--verbose] [-s|--stoponerr] [- -no-cleanup]"140 echo " [-q|--quiet|-v|--verbose] [-s|--stoponerr] [-n|--no-cleanup]" 141 141 echo " [--srcdir=top_srcdir] [--color=always|never|auto]" 142 142 echo … … 149 149 echo " ${S}test.sh 7${E} -- GnuPG signed files / prelude log" 150 150 echo " ${S}test.sh 8${E} -- Suidcheck" 151 152 echo " ${S}test.sh 10${E} -- Test c/s init/check (testrc_2.in)" 153 echo " ${S}test.sh 11${E} -- Test full c/s init/check (testrc_2.in)" 154 echo " ${S}test.sh 12${E} -- Test full c/s w/gpg (testrc_2.in)" 155 echo " ${S}test.sh 13${E} -- Test full c/s w/mysql (testrc_2.in)" 156 echo " ${S}test.sh 14${E} -- Test full c/s w/postgres (testrc_2.in)" 151 echo " ${S}test.sh 9${E} -- Process check" 152 echo " ${S}test.sh 10${E} -- Port check" 153 154 echo " ${S}test.sh 20${E} -- Test c/s init/check (testrc_2.in)" 155 echo " ${S}test.sh 21${E} -- Test full c/s init/check (testrc_2.in)" 156 echo " ${S}test.sh 22${E} -- Test full c/s w/gpg (testrc_2.in)" 157 echo " ${S}test.sh 23${E} -- Test full c/s w/mysql (testrc_2.in)" 158 echo " ${S}test.sh 24${E} -- Test full c/s w/postgres (testrc_2.in)" 157 159 echo " ${S}test.sh all${E} -- All tests" 158 160 } … … 162 164 echo " (1) testcompile.sh (2) testhash.sh (3) testrun_1.sh (4) testrun_1a.sh" 163 165 echo " (5) testext.sh (6) testtimesrv.sh (7) testrun_1b.sh (8) testrun_1c.sh" 164 echo " (10) testrun_2.sh (11) testrun_2a.sh (12) testrun_2b.sh (13) testrun_2c.sh" 165 echo " (14) testrun_2d.sh" 166 echo " (9) testrun_1d.sh" 167 echo " (20) testrun_2.sh (21) testrun_2a.sh (22) testrun_2b.sh (23) testrun_2c.sh" 168 echo " (24) testrun_2d.sh" 166 169 } 167 170 … … 185 188 -q|--quiet) quiet=on; verbose= ;; 186 189 -s|--stoponerr) stoponerr=on;; 187 - -no-cleanup) cleanup= ;;190 -n|--no-cleanup) cleanup= ;; 188 191 --really-all) doall=on;; 189 192 --valgrind) usevalgrind=on;; … … 366 369 367 370 log_fail () { 368 log_msg "$1" "$2" failure "$3";371 [ -z "$quiet" ] && log_msg "$1" "$2" failure "$3"; 369 372 let "failcount = failcount + 1" >/dev/null; 370 373 test -z "$stoponerr" || exit 1; 371 374 } 372 375 log_ok () { 373 log_msg "$1" "$2" success "$3";376 [ -z "$quiet" ] && log_msg "$1" "$2" success "$3"; 374 377 let "okcount = okcount + 1" >/dev/null; 375 378 } 376 379 log_skip () { 377 log_msg "$1" "$2" skipped "$3";380 [ -z "$quiet" ] && log_msg "$1" "$2" skipped "$3"; 378 381 let "skipcount = skipcount + 1" >/dev/null; 379 382 } … … 441 444 print_summary () 442 445 { 443 let "gcount = okcount + skipcount + failcount" >/dev/null; 446 # let "gcount = okcount + skipcount + failcount" >/dev/null; 447 gcount=$MAXTEST; 448 let "failcount = gcount - okcount - skipcount" >/dev/null; 449 444 450 [ -z "$quiet" ] && { 445 451 echo … … 594 600 exit $? 595 601 fi 602 if test x$1 = x9; then 603 . ${SCRIPTDIR}/testrun_1.sh 604 . ${SCRIPTDIR}/testrun_1d.sh 605 testrun1d 606 print_summary 607 exit $? 608 fi 596 609 if test x$1 = x10; then 610 . ${SCRIPTDIR}/testrun_1.sh 611 . ${SCRIPTDIR}/testrun_1e.sh 612 testrun1e 613 print_summary 614 exit $? 615 fi 616 if test x$1 = x20; then 597 617 . ${SCRIPTDIR}/testrun_2.sh 598 618 testrun2 $hostname … … 600 620 exit $? 601 621 fi 602 if test x$1 = x 11; then622 if test x$1 = x21; then 603 623 . ${SCRIPTDIR}/testrun_2a.sh 604 624 testrun2a $hostname … … 606 626 exit $? 607 627 fi 608 if test x$1 = x 12; then628 if test x$1 = x22; then 609 629 . ${SCRIPTDIR}/testrun_2a.sh 610 630 . ${SCRIPTDIR}/testrun_2b.sh … … 613 633 exit $? 614 634 fi 615 if test x$1 = x 13; then635 if test x$1 = x23; then 616 636 . ${SCRIPTDIR}/testrun_2a.sh 617 637 . ${SCRIPTDIR}/testrun_2c.sh … … 620 640 exit $? 621 641 fi 622 if test x$1 = x 14; then642 if test x$1 = x24; then 623 643 . ${SCRIPTDIR}/testrun_2a.sh 624 644 . ${SCRIPTDIR}/testrun_2d.sh … … 644 664 let "TEST_MAX = TEST_MAX + MAXTEST" >/dev/null 645 665 . ${SCRIPTDIR}/testrun_1c.sh 666 let "TEST_MAX = TEST_MAX + MAXTEST" >/dev/null 667 . ${SCRIPTDIR}/testrun_1d.sh 668 let "TEST_MAX = TEST_MAX + MAXTEST" >/dev/null 669 . ${SCRIPTDIR}/testrun_1e.sh 646 670 let "TEST_MAX = TEST_MAX + MAXTEST" >/dev/null 647 671 . ${SCRIPTDIR}/testrun_2.sh … … 687 711 MAXTEST=${TEST_MAX}; export MAXTEST 688 712 testrun1c 713 # 714 . ${SCRIPTDIR}/testrun_1.sh 715 . ${SCRIPTDIR}/testrun_1d.sh 716 MAXTEST=${TEST_MAX}; export MAXTEST 717 testrun1d 718 # 719 . ${SCRIPTDIR}/testrun_1.sh 720 . ${SCRIPTDIR}/testrun_1e.sh 721 MAXTEST=${TEST_MAX}; export MAXTEST 722 testrun1e 689 723 # 690 724 . ${SCRIPTDIR}/testrun_2.sh -
trunk/test/testcompile.sh
r54 r68 20 20 # 21 21 22 MAXTEST=6 1; export MAXTEST22 MAXTEST=63; export MAXTEST 23 23 24 24 run_flawfinder () … … 164 164 # test standalone compilation 165 165 # 166 TEST="${S}standalone w/suidcheck ${E}"166 TEST="${S}standalone w/suidcheck w/processcheck${E}" 167 167 # 168 168 if test -r "Makefile"; then … … 170 170 fi 171 171 # 172 ${TOP_SRCDIR}/configure --quiet --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test --enable-suidcheck > /dev/null 2>> test_log 172 ${TOP_SRCDIR}/configure --quiet --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test --enable-suidcheck --enable-process-check > /dev/null 2>> test_log 173 # 174 let "num = num + 1" >/dev/null 175 testmake $? $num || let "numfail = numfail + 1" >/dev/null 176 let "num = num + 1" >/dev/null 177 run_smatch $? $num || let "numfail = numfail + 1" >/dev/null 178 179 # 180 # test standalone compilation 181 # 182 TEST="${S}standalone w/processcheck w/portcheck${E}" 183 # 184 if test -r "Makefile"; then 185 $MAKE distclean 186 fi 187 # 188 ${TOP_SRCDIR}/configure --quiet --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test --enable-process-check --enable-port-check > /dev/null 2>> test_log 173 189 # 174 190 let "num = num + 1" >/dev/null -
trunk/test/testrun_1.sh
r51 r68 41 41 testrun1_setup=0 42 42 43 MAXTEST=1 1; export MAXTEST43 MAXTEST=13; export MAXTEST 44 44 45 45 test_dirs () { … … 70 70 # combine file check schedule with one-shot mode 71 71 # 72 TESTPOLICY_1 1="72 TESTPOLICY_13=" 73 73 [ReadOnly] 74 74 dir=99${BASE} 75 75 " 76 76 77 mod_testdata_1 1() {77 mod_testdata_13 () { 78 78 one_sec_sleep 79 79 echo "foobar" >"${BASE}/c/x"; # bad … … 87 87 } 88 88 89 chk_testdata_1 1() {89 chk_testdata_13 () { 90 90 # CDIRS="a b c a/a a/b a/c a/a/a a/a/b a/a/c a/a/a/a a/a/a/b a/a/a/c"; 91 91 tmp=`grep CRIT $LOGFILE | wc -l` … … 110 110 } 111 111 112 TESTPOLICY_1 0="112 TESTPOLICY_12=" 113 113 [ReadOnly] 114 114 dir=99${BASE} … … 119 119 " 120 120 121 mod_testdata_1 0() {121 mod_testdata_12 () { 122 122 one_sec_sleep 123 123 echo "foobar" >"${BASE}/b/x"; # ok … … 129 129 } 130 130 131 chk_testdata_12 () { 132 # CDIRS="a b c a/a a/b a/c a/a/a a/a/b a/a/c a/a/a/a a/a/a/b a/a/a/c"; 133 tmp=`grep CRIT $LOGFILE | wc -l` 134 if [ $tmp -ne 3 ]; then 135 [ -z "$verbose" ] || log_msg_fail "policy count"; 136 return 1 137 fi 138 egrep "CRIT.*POLICY \[ReadOnly\] C-------TS.*${BASE}/c/x" $LOGFILE >/dev/null 2>&1 139 if [ $? -ne 0 ]; then 140 [ -z "$verbose" ] || log_msg_fail "${BASE}/c/x"; 141 return 1 142 fi 143 egrep "CRIT.*POLICY \[Attributes\] -----M----.*${BASE}/a/a/x" $LOGFILE >/dev/null 2>&1 144 if [ $? -ne 0 ]; then 145 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/a/x"; 146 return 1 147 fi 148 egrep "CRIT.*POLICY \[Attributes\] -----M----.*${BASE}/a/y" $LOGFILE >/dev/null 2>&1 149 if [ $? -ne 0 ]; then 150 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/y"; 151 return 1 152 fi 153 CDIRS="a a/a a/b a/c c"; 154 NDIRS="b a/a/a a/a/b a/a/c a/a/a/a a/a/a/b a/a/a/c"; 155 test_dirs; 156 return $? 157 } 158 159 # 160 # --- ACL/SELinux test case 161 # 162 TESTPOLICY_11=" 163 [ReadOnly] 164 dir=99${BASE} 165 [IgnoreAll] 166 dir=-1${BASE}/b 167 [Attributes] 168 dir=1${BASE}/a 169 [Misc] 170 UseSelinuxCheck = no 171 UseAclCheck = no 172 " 173 174 mod_testdata_11 () { 175 one_sec_sleep 176 setfacl -m 'user:nobody:r--' "${BASE}/b/x"; # ok (ign) 177 setfacl -m 'user:nobody:r--' "${BASE}/c/x"; # bad 178 setfacl -m 'user:nobody:r--' "${BASE}/a/x"; # bad 179 setfattr -n 'security.selinux' -v "system_u:object_r:etc_t\000" "${BASE}/b/y"; # ok (ign) 180 setfattr -n 'security.selinux' -v "system_u:object_r:etc_t\000" "${BASE}/a/a/a/x";# ok (depth) 181 setfattr -n 'security.selinux' -v "system_u:object_r:etc_t\000" "${BASE}/a/x"; # bad 182 setfattr -n 'security.selinux' -v "system_u:object_r:etc_t\000" "${BASE}/a/y"; # bad 183 } 184 185 chk_testdata_11 () { 186 # CDIRS="a b c a/a a/b a/c a/a/a a/a/b a/a/c a/a/a/a a/a/a/b a/a/a/c"; 187 tmp=`grep CRIT $LOGFILE | wc -l` 188 if [ $tmp -ne 1 ]; then 189 [ -z "$verbose" ] || log_msg_fail "policy count"; 190 return 1 191 fi 192 egrep "CRIT.*POLICY \[ReadOnly\] --------T-.*${BASE}/c/x" $LOGFILE >/dev/null 2>&1 193 if [ $? -ne 0 ]; then 194 [ -z "$verbose" ] || log_msg_fail "${BASE}/c/x"; 195 return 1 196 fi 197 CDIRS="a a/a a/b a/c c"; 198 NDIRS="b a/a/a a/a/b a/a/c a/a/a/a a/a/a/b a/a/a/c"; 199 test_dirs; 200 return $? 201 } 202 203 TESTPOLICY_10=" 204 [ReadOnly] 205 dir=99${BASE} 206 [IgnoreAll] 207 dir=-1${BASE}/b 208 [Attributes] 209 dir=1${BASE}/a 210 " 211 212 mod_testdata_10 () { 213 one_sec_sleep 214 setfacl -m 'user:nobody:r--' "${BASE}/b/x"; # ok (ign) 215 setfacl -m 'user:nobody:r--' "${BASE}/c/x"; # bad 216 setfacl -m 'user:nobody:r--' "${BASE}/a/x"; # bad 217 setfattr -n 'security.selinux' -v "system_u:object_r:etc_t\000" "${BASE}/b/y"; # ok (ign) 218 setfattr -n 'security.selinux' -v "system_u:object_r:etc_t\000" "${BASE}/a/a/a/x";# ok (depth) 219 setfattr -n 'security.selinux' -v "system_u:object_r:etc_t\000" "${BASE}/a/x"; # bad 220 setfattr -n 'security.selinux' -v "system_u:object_r:etc_t\000" "${BASE}/a/y"; # bad 221 } 222 131 223 chk_testdata_10 () { 132 224 # CDIRS="a b c a/a a/b a/c a/a/a a/a/b a/a/c a/a/a/a a/a/a/b a/a/a/c"; … … 136 228 return 1 137 229 fi 138 egrep "CRIT.*POLICY \[ReadOnly\] C-------TS.*${BASE}/c/x" $LOGFILE >/dev/null 2>&1230 egrep "CRIT.*POLICY \[ReadOnly\] -----M--T-.*${BASE}/c/x" $LOGFILE >/dev/null 2>&1 139 231 if [ $? -ne 0 ]; then 140 232 [ -z "$verbose" ] || log_msg_fail "${BASE}/c/x"; 141 233 return 1 142 234 fi 143 egrep "CRIT.*POLICY \[Attributes\] -----M----.*${BASE}/a/ a/x" $LOGFILE >/dev/null 2>&1144 if [ $? -ne 0 ]; then 145 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/ a/x";235 egrep "CRIT.*POLICY \[Attributes\] -----M----.*${BASE}/a/x" $LOGFILE >/dev/null 2>&1 236 if [ $? -ne 0 ]; then 237 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/x"; 146 238 return 1 147 239 fi … … 825 917 run_check () 826 918 { 827 ${VALGRIND} ./samhain -t check -p none -l debug 2>>test_log_valgrind828 919 ${VALGRIND} ./samhain -t check -p none -l debug 2>>test_log_valgrind 920 829 921 if test x$? = x0; then 922 830 923 ./samhain -j -L $LOGFILE >"${LOGFILE}.tmp" && mv "${LOGFILE}.tmp" "${LOGFILE}" 924 831 925 if [ $? -ne 0 ]; then 832 926 [ -z "$quiet" ] && log_msg_fail "mv logfile..."; … … 927 1021 { 928 1022 if [ $1 -ne 0 ]; then 929 [ -z "$quiet" ] &&log_fail ${2} ${MAXTEST};1023 log_fail ${2} ${MAXTEST}; 930 1024 return 1 931 1025 fi … … 1012 1106 [ -z "$quiet" ] && log_ok ${tcount} ${MAXTEST}; 1013 1107 fi 1108 # 1014 1109 let "tcount = tcount + 1" >/dev/null 1110 # 1111 if [ -z "$doall" -a $tcount -eq 10 ]; then 1112 log_skip 10 $MAXTEST 'ACL/SELinux test (or use --really-all)' 1113 let "tcount = tcount + 1" >/dev/null 1114 fi 1115 # 1116 if [ -z "$doall" -a $tcount -eq 11 ]; then 1117 log_skip 11 $MAXTEST 'ACL/SELinux test (or use --really-all)' 1118 let "tcount = tcount + 1" >/dev/null 1119 fi 1120 # 1015 1121 POLICY=`eval echo '"$'"TESTPOLICY_$tcount"'"'` 1016 1122 done
Note:
See TracChangeset
for help on using the changeset viewer.