Changeset 68 for trunk/src/sh_unix.c

Timestamp:

Oct 30, 2006, 12:03:44 AM (18 years ago)

Author:

rainer

Message:

Update trunk to samhain 2.3

File:

• trunk/src/sh_unix.c (modified) (3 diffs)

trunk/src/sh_unix.c

@@ -2863 +2863 @@
                                         alert_timeout),
                  KEY_LEN+1);
-
+      
       /* return */
       SL_RETURN( 0, _("sh_unix_checksum_size"));
@@ -2874 +2874 @@
   SL_RETURN( -1, _("sh_unix_checksum_size"));
 }
+
+int sh_unix_check_selinux = S_FALSE;
+int sh_unix_check_acl     = S_FALSE;
+
+#ifdef USE_ACL
+
+#include <sys/acl.h>
+static char * sh_unix_getinfo_acl (char * path, int fd, struct stat * buf)
+{
+  /* system.posix_acl_access, system.posix_acl_default
+   */
+  char *  out  = NULL;
+  char *  collect = NULL;
+  char *  tmp;
+  char *  out_compact;
+  ssize_t len;
+  acl_t   result;
+
+  SL_ENTER(_("sh_unix_getinfo_acl"));
+
+  result = (fd == -1) ? 
+    acl_get_file (path, ACL_TYPE_ACCESS) :
+    acl_get_fd   (fd);
+
+  if (result)
+    {
+      out = acl_to_text (result, &len);
+      if (out && (len > 0)) {
+        out_compact = sh_util_acl_compact (out, len);
+        acl_free(out);
+        if (out_compact) 
+          {
+            collect = sh_util_strconcat (_("acl_access:"), out_compact, NULL);
+            SH_FREE(out_compact);
+          }
+      }
+      acl_free(result);
+    }
+  
+  
+  if ( S_ISDIR(buf->st_mode) ) 
+    {
+      result = acl_get_file (path, ACL_TYPE_DEFAULT);
+      
+      if (result)
+        {
+          out = acl_to_text (result, &len);
+          if (out && (len > 0)) {
+            out_compact = sh_util_acl_compact (out, len);
+            acl_free(out);
+            if (out_compact) {
+              if (collect) {
+                tmp = sh_util_strconcat (_("acl_default:"), 
+                                         out_compact, ":", collect, NULL);
+                SH_FREE(collect);
+              }
+              else {
+                tmp = sh_util_strconcat (_("acl_default:"), out_compact, NULL);
+              }
+              SH_FREE(out_compact);
+              collect = tmp;
+            }
+          }
+          acl_free(result);
+        }
+    }
+  
+  SL_RETURN((collect),_("sh_unix_getinfo_acl"));
+}
+#endif
+
+#ifdef USE_XATTR
+
+#include <attr/xattr.h>
+static char * sh_unix_getinfo_xattr_int (char * path, int fd, char * name)
+{
+  char *  out   = NULL;
+  char *  tmp   = NULL;
+  size_t  size  = 256;
+  ssize_t result;
+
+  SL_ENTER(_("sh_unix_getinfo_xattr_int"));
+
+  out = SH_ALLOC(size);
+
+  result = (fd == -1) ? 
+    lgetxattr (path, name, out, size-1) :
+    fgetxattr (fd,   name, out, size-1);
+
+  if (result == -1 && errno == ERANGE) 
+    {
+      SH_FREE(out);
+      result = (fd == -1) ? 
+        lgetxattr (path, name, NULL, 0) :
+        fgetxattr (fd,   name, NULL, 0);
+      size = result + 1;
+      out  = SH_ALLOC(size);
+      result = (fd == -1) ? 
+        lgetxattr (path, name, out, size-1) :
+        fgetxattr (fd,   name, out, size-1);
+    }
+
+  if ((result > 0) && ((size_t)result < size))
+    {
+      out[size-1] = '\0';
+      tmp = out;
+    }
+  else
+    {
+      SH_FREE(out);
+    }
+
+  SL_RETURN((tmp),_("sh_unix_getinfo_xattr_int"));
+}
+
+
+static char * sh_unix_getinfo_xattr (char * path, int fd, struct stat * buf)
+{
+  /* system.posix_acl_access, system.posix_acl_default, security.selinux 
+   */
+  char *  tmp;
+  char *  out  = NULL;
+  char *  collect = NULL;
+
+  SL_ENTER(_("sh_unix_getinfo_xattr"));
+
+#ifdef USE_ACL
+  /*
+   * we need the acl_get_fd/acl_get_file functions, getxattr will only
+   * yield the raw bytes
+   */
+  if (sh_unix_check_acl == S_TRUE) 
+    {
+      out = sh_unix_getinfo_acl(path, fd, buf);
+      
+      if (out)
+        {
+          collect = out;
+        }
+  }
+#endif
+
+  out = sh_unix_getinfo_xattr_int(path, fd, _("security.selinux"));
+
+  if (out)
+    {
+      if (collect) {
+        tmp = sh_util_strconcat(_("selinux:"), out, ":", collect, NULL);
+        SH_FREE(collect);
+      }
+      else {
+        tmp = sh_util_strconcat(_("selinux:"), out, NULL);
+      }
+      SH_FREE(out);
+      collect = tmp;
+    }
+
+  SL_RETURN((collect),_("sh_unix_getinfo_xattr"));
+}
+#endif
+
+#ifdef USE_XATTR
+int sh_unix_setcheckselinux (const char * c)
+{
+  int i;
+  SL_ENTER(_("sh_unix_setcheckselinux"));
+  i = sh_util_flagval(c, &(sh_unix_check_selinux));
+
+  SL_RETURN(i, _("sh_unix_setcheckselinux"));
+}
+#endif
+
+#ifdef USE_ACL
+int sh_unix_setcheckacl (const char * c)
+{
+  int i;
+  SL_ENTER(_("sh_unix_setcheckacl"));
+  i = sh_util_flagval(c, &(sh_unix_check_acl));
+
+  SL_RETURN(i, _("sh_unix_setcheckacl"));
+}
+#endif
+    
 
 int sh_unix_getinfo (int level, char * filename, file_type * theFile, 
@@ -3124 +3307 @@
                          &theFile->attributes, theFile->c_attributes, 
                          fd, &buf);
+#endif
+
+#if defined(USE_XATTR)
+  if (sh_unix_check_selinux == S_TRUE)
+    theFile->attr_string = sh_unix_getinfo_xattr (theFile->fullpath, fd, &buf);
+#elif defined(USE_ACL)
+  if (sh_unix_check_acl == S_TRUE)
+    theFile->attr_string = sh_unix_getinfo_acl (theFile->fullpath, fd, &buf);
+#else
+  theFile->attr_string = NULL;
 #endif