Changes in / [20:30]


Ignore:
Location:
/trunk
Files:
6 added
2 deleted
98 edited

Legend:

Unmodified
Added
Removed
  • /trunk/COPYING

    r20 r30  
    131131
    132132  (vi) Support for the MD5 hash algorithm is provided by code
    133   from beecrypt which is distributed under the LGPL.
    134 
    135       /*
    136        * md5.c
    137        *
    138        * MD5 hash function, code
    139        *
    140        * Copyright (c) 2000 Virtual Unlimited B.V.
    141        *
    142        * Author: Bob Deblier <bob@virtualunlimited.com>
    143        *
    144        * This library is free software; you can redistribute it and/or
    145        * modify it under the terms of the GNU Lesser General Public
    146        * License as published by the Free Software Foundation; either
    147        * version 2.1 of the License, or (at your option) any later version.
    148        *
    149        * This library is distributed in the hope that it will be useful,
    150        * but WITHOUT ANY WARRANTY; without even the implied warranty of
    151        * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
    152        * Lesser General Public License for more details.
    153        *
    154        * You should have received a copy of the GNU Lesser General Public
    155        * License along with this library; if not, write to the Free Software
    156        * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307
    157        * USA
    158        */
     133  from busybox which is distributed under the GPL.
     134
     135   /* md5.c - Functions to compute MD5 message digest of files or memory blocks
     136    *         according to the definition of MD5 in RFC 1321 from April 1992.
     137    * Copyright (C) 1995, 1996 Free Software Foundation, Inc.
     138    *
     139    * NOTE: The canonical source of this file is maintained with the GNU C
     140    * Library.  Bugs can be reported to bug-glibc@prep.ai.mit.edu.
     141    *
     142    * This program is free software; you can redistribute it and/or modify it
     143    * under the terms of the GNU General Public License as published by the
     144    * Free Software Foundation; either version 2, or (at your option) any
     145    * later version.
     146    *
     147    * This program is distributed in the hope that it will be useful,
     148    * but WITHOUT ANY WARRANTY; without even the implied warranty of
     149    * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
     150    * GNU General Public License for more details.
     151    *
     152    * You should have received a copy of the GNU General Public License
     153    * along with this program; if not, write to the Free Software Foundation,
     154    * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
     155    */
     156
     157   /* Written by Ulrich Drepper <drepper@gnu.ai.mit.edu>, 1995.  */
     158
    159159
    160160  (vi) Support for the SHA-1 hash algorithm is provided by code
  • /trunk/Makefile.in

    r20 r30  
    152152        testtimesrv.sh \
    153153        testext.sh testrc_1ext.in test_ext.c.in \
    154         testrun_1.sh testrun_1a.sh testrun_1b.sh testrc_1 \
     154        testrun_1.sh testrun_1a.sh testrun_1b.sh testrun_1c.sh testrc_1 \
    155155        testrun_2.sh testrun_2a.sh testrun_2b.sh testrc_2.in \
    156156        testrun_2c.sh testrun_2d.sh
     
    793793        echo $(top_srcdir)/docs/HOWTO-client+server.html >> debian/docs; \
    794794        echo $(top_srcdir)/docs/HOWTO-samhain+GnuPG.html >> debian/docs; \
    795         echo $(top_srcdir)/docs/MANUAL-2_0.html.tar      >> debian/docs; \
    796         echo $(top_srcdir)/docs/MANUAL-2_0.ps            >> debian/docs; \
     795        echo $(top_srcdir)/docs/MANUAL-2_2.html.tar      >> debian/docs; \
     796        echo $(top_srcdir)/docs/MANUAL-2_2.pdf           >> debian/docs; \
    797797        echo $(top_srcdir)/docs/README.gcc_bug           >> debian/docs; \
    798798        echo $(top_srcdir)/docs/README.LZO               >> debian/docs; \
     
    10901090
    10911091CUTEST_SOURCES = $(srcsrc)/cutest_sh_tools.c \
     1092                $(srcsrc)/cutest_sh_utils.c \
     1093                $(srcsrc)/cutest_sh_unix.c \
     1094                $(srcsrc)/cutest_slib.c \
    10921095                $(srcsrc)/cutest_zAVLTree.c \
    10931096                $(srcsrc)/cutest_sh_tiger0.c
    10941097
    1095 CUTEST_OBJECTS = cutest_sh_tools.o cutest_zAVLTree.o cutest_sh_tiger0.o
     1098CUTEST_OBJECTS = cutest_sh_tools.o \
     1099        cutest_sh_utils.o \
     1100        cutest_sh_unix.o \
     1101        cutest_slib.o \
     1102        cutest_zAVLTree.o \
     1103        cutest_sh_tiger0.o
    10961104
    10971105$(CUTEST_OBJECTS): $(CUTEST_SOURCES)
     
    16011609sh_err_console.o: $(srcsrc)/sh_err_console.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_utils.h
    16021610sh_err_syslog.o: $(srcsrc)/sh_err_syslog.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h
    1603 sh_schedule.o: $(srcsrc)/sh_schedule.c Makefile config_xor.h $(srcinc)/sh_mem.h $(srcinc)/sh_schedule.h
     1611sh_schedule.o: $(srcsrc)/sh_schedule.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_mem.h $(srcinc)/sh_schedule.h
    16041612bignum.o: $(srcsrc)/bignum.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/bignum.h
    16051613mkhdr.o: $(srcsrc)/mkhdr.c Makefile config.h
  • /trunk/configure.ac

    r20 r30  
    3737dnl start
    3838dnl
    39 AM_INIT_AUTOMAKE(samhain, 2.2.0rc1)
     39AM_INIT_AUTOMAKE(samhain, 2.2.0rc3)
    4040AC_CANONICAL_HOST
    4141
     
    763763               ;;
    764764               *)
    765                AM_PATH_LIBPRELUDE([0.9.0],
     765               AM_PATH_LIBPRELUDE([0.9.6],
    766766               [
    767767                AC_DEFINE(HAVE_LIBPRELUDE,1,[Have libprelude])
  • /trunk/depend.dep

    r20 r30  
    3434sh_err_console.o: $(srcsrc)/sh_err_console.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_utils.h
    3535sh_err_syslog.o: $(srcsrc)/sh_err_syslog.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h
    36 sh_schedule.o: $(srcsrc)/sh_schedule.c Makefile config_xor.h $(srcinc)/sh_mem.h $(srcinc)/sh_schedule.h
     36sh_schedule.o: $(srcsrc)/sh_schedule.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_mem.h $(srcinc)/sh_schedule.h
    3737bignum.o: $(srcsrc)/bignum.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/bignum.h
    3838mkhdr.o: $(srcsrc)/mkhdr.c Makefile config.h
  • /trunk/depend.sum

    r20 r30  
    1 3476546078
     12018699483
  • /trunk/deploy.sh.in

    r20 r30  
    11#! /bin/sh
     2
     3#
     4# Copyright Rainer Wichmann (2005)
     5#
     6# License Information:
     7# This program is free software; you can redistribute it and/or modify
     8# it under the terms of the GNU General Public License as published by
     9# the Free Software Foundation; either version 2 of the License, or
     10# (at your option) any later version.
     11#
     12# This program is distributed in the hope that it will be useful,
     13# but WITHOUT ANY WARRANTY; without even the implied warranty of
     14# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
     15# GNU General Public License for more details.
     16#
     17# You should have received a copy of the GNU General Public License
     18# along with this program; if not, write to the Free Software
     19# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
     20#
    221
    322#VERSION2.0
  • /trunk/docs/Changelog

    r20 r30  
    112.2.0:
     2        * patch by Jim Simmons for samhainadmin.pl.in
     3        * fix testsuite portability problems
     4        * fix md5 endianess problem detected on HP-UX 11i / PA-RISC 8700
     5        * fix potential NULL dereference in sh_utmp_endutent()
     6        * patch by Neil Gorsuch for suidchk.c (do not scan lustre, afs, mmfs)
     7        * fix sh_ext_popen (OpenBSD needs non-null argv[0] in execve)
     8        * fix make_tests.sh portability (echo '"\n"' does not work on OpenBSD)
     9        * fix bug in sh_utils_obscurename (check isascii)
     10        * scan h_aliases for FQDN if h_name is not
     11        * add copyright/license info to test scripts
     12        * add copyright/license info to deployment system scripts
     13        * support server-to-server relay
     14        * new CL option --server-port
     15        * minor improvements in manual
     16        * patch by Yoann Vandoorselaere for sh_prelude.c
     17        * allow --longopt arg as well as --longopt=arg
     18        * verify checksum of growing log files (up to previous size)
     19        * rewrite of the test suite
    220        * added a bit of unit testing
    3         * improved the windows howto according to suggestions by
    4           Jorge Morgado
    521        * minor optimizations in various places
    622        * optimized implementation of tiger checksum algorithm
     
    1531        * slib.c: remove fcntl's from sl_read_timeout (caller sets O_NONBLOCK),
    1632          add function sl_read_timeout_prep
     33
     342.1.3 (13-03-2006):
     35        * fix compile problem in slib.c (reported by Lawrence Bowie)
     36        * fix bug with combination of one-shot update mode and file check
     37          schedule (reportedby Dan Track)
     38        * improved the windows howto according to suggestions by
     39          Jorge Morgado
     40        * fix samhain_hide kernel module for new linux kernel versions
     41        * fix minor problem with dead client detection (problem reported
     42          by Michal Kustosik)
    1743
    18442.1.2 (10-01-2006):
  • /trunk/docs/README.UPGRADE

    r20 r30  
     1
     2since 2.2.0: server-to-server relay is possible
     3
     4  -- this implies that problems will arise if your server is misconfigured
     5     to connect to itself (SetExportSeverity is explicitely set
     6     to a threshold different from 'none', and the logserver is set to
     7     localhost). The server may deadlock in this case.
     8
     9
     10
    111since 2.1.0: update and daemon mode can be combined
    212
  • /trunk/dsys/comBUILD

    r20 r30  
    44#
    55#########################################################################
     6#
     7# Copyright Rainer Wichmann (2005)
     8#
     9# License Information:
     10# This program is free software; you can redistribute it and/or modify
     11# it under the terms of the GNU General Public License as published by
     12# the Free Software Foundation; either version 2 of the License, or
     13# (at your option) any later version.
     14#
     15# This program is distributed in the hope that it will be useful,
     16# but WITHOUT ANY WARRANTY; without even the implied warranty of
     17# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
     18# GNU General Public License for more details.
     19#
     20# You should have received a copy of the GNU General Public License
     21# along with this program; if not, write to the Free Software
     22# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
     23#
    624
    725commandBUILD() {
  • /trunk/dsys/comCHECKSRC

    r20 r30  
    44#
    55#########################################################################
     6#
     7# Copyright Rainer Wichmann (2005)
     8#
     9# License Information:
     10# This program is free software; you can redistribute it and/or modify
     11# it under the terms of the GNU General Public License as published by
     12# the Free Software Foundation; either version 2 of the License, or
     13# (at your option) any later version.
     14#
     15# This program is distributed in the hope that it will be useful,
     16# but WITHOUT ANY WARRANTY; without even the implied warranty of
     17# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
     18# GNU General Public License for more details.
     19#
     20# You should have received a copy of the GNU General Public License
     21# along with this program; if not, write to the Free Software
     22# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
     23#
    624
    725commandCHECKSRC() {
  • /trunk/dsys/comCLEAN

    r20 r30  
    44#
    55#########################################################################
     6#
     7# Copyright Rainer Wichmann (2005)
     8#
     9# License Information:
     10# This program is free software; you can redistribute it and/or modify
     11# it under the terms of the GNU General Public License as published by
     12# the Free Software Foundation; either version 2 of the License, or
     13# (at your option) any later version.
     14#
     15# This program is distributed in the hope that it will be useful,
     16# but WITHOUT ANY WARRANTY; without even the implied warranty of
     17# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
     18# GNU General Public License for more details.
     19#
     20# You should have received a copy of the GNU General Public License
     21# along with this program; if not, write to the Free Software
     22# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
     23#
    624
    725commandCLEAN() {
  • /trunk/dsys/comDOWNLOAD

    r20 r30  
    44#
    55#########################################################################
     6#
     7# Copyright Rainer Wichmann (2005)
     8#
     9# License Information:
     10# This program is free software; you can redistribute it and/or modify
     11# it under the terms of the GNU General Public License as published by
     12# the Free Software Foundation; either version 2 of the License, or
     13# (at your option) any later version.
     14#
     15# This program is distributed in the hope that it will be useful,
     16# but WITHOUT ANY WARRANTY; without even the implied warranty of
     17# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
     18# GNU General Public License for more details.
     19#
     20# You should have received a copy of the GNU General Public License
     21# along with this program; if not, write to the Free Software
     22# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
     23#
    624
    725commandDOWNLOAD() {
     
    111129    if test -z "$command"
    112130    then
    113         printFATAL "No wget, curl, lynx, links, lwp-request, fetch in your \$PATH, cannot download"
     131        printFATAL "No wget, curl, lynx, links, lwp-request, fetch, fget in your \$PATH, cannot download"
    114132    fi
    115133
  • /trunk/dsys/comINSTALL

    r20 r30  
    44#
    55#########################################################################
     6#
     7# Copyright Rainer Wichmann (2005)
     8#
     9# License Information:
     10# This program is free software; you can redistribute it and/or modify
     11# it under the terms of the GNU General Public License as published by
     12# the Free Software Foundation; either version 2 of the License, or
     13# (at your option) any later version.
     14#
     15# This program is distributed in the hope that it will be useful,
     16# but WITHOUT ANY WARRANTY; without even the implied warranty of
     17# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
     18# GNU General Public License for more details.
     19#
     20# You should have received a copy of the GNU General Public License
     21# along with this program; if not, write to the Free Software
     22# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
     23#
    624
    725commandINSTALL() {
  • /trunk/dsys/comUNINSTALL

    r20 r30  
    44#
    55#########################################################################
     6#
     7# Copyright Rainer Wichmann (2005)
     8#
     9# License Information:
     10# This program is free software; you can redistribute it and/or modify
     11# it under the terms of the GNU General Public License as published by
     12# the Free Software Foundation; either version 2 of the License, or
     13# (at your option) any later version.
     14#
     15# This program is distributed in the hope that it will be useful,
     16# but WITHOUT ANY WARRANTY; without even the implied warranty of
     17# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
     18# GNU General Public License for more details.
     19#
     20# You should have received a copy of the GNU General Public License
     21# along with this program; if not, write to the Free Software
     22# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
     23#
    624
    725commandUNINSTALL() {
  • /trunk/dsys/funcBUILD

    r20 r30  
    44#
    55#########################################################################
     6#
     7# Copyright Rainer Wichmann (2005)
     8#
     9# License Information:
     10# This program is free software; you can redistribute it and/or modify
     11# it under the terms of the GNU General Public License as published by
     12# the Free Software Foundation; either version 2 of the License, or
     13# (at your option) any later version.
     14#
     15# This program is distributed in the hope that it will be useful,
     16# but WITHOUT ANY WARRANTY; without even the implied warranty of
     17# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
     18# GNU General Public License for more details.
     19#
     20# You should have received a copy of the GNU General Public License
     21# along with this program; if not, write to the Free Software
     22# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
     23#
    624
    725#------------------------------------------------------------------------
  • /trunk/dsys/funcDB

    r20 r30  
    44#
    55#########################################################################
     6#
     7# Copyright Rainer Wichmann (2005)
     8#
     9# License Information:
     10# This program is free software; you can redistribute it and/or modify
     11# it under the terms of the GNU General Public License as published by
     12# the Free Software Foundation; either version 2 of the License, or
     13# (at your option) any later version.
     14#
     15# This program is distributed in the hope that it will be useful,
     16# but WITHOUT ANY WARRANTY; without even the implied warranty of
     17# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
     18# GNU General Public License for more details.
     19#
     20# You should have received a copy of the GNU General Public License
     21# along with this program; if not, write to the Free Software
     22# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
     23#
    624
    725DBFTEST=0
  • /trunk/dsys/funcDIALOG

    r20 r30  
    44#
    55#########################################################################
     6#
     7# Copyright Rainer Wichmann (2005)
     8#
     9# License Information:
     10# This program is free software; you can redistribute it and/or modify
     11# it under the terms of the GNU General Public License as published by
     12# the Free Software Foundation; either version 2 of the License, or
     13# (at your option) any later version.
     14#
     15# This program is distributed in the hope that it will be useful,
     16# but WITHOUT ANY WARRANTY; without even the implied warranty of
     17# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
     18# GNU General Public License for more details.
     19#
     20# You should have received a copy of the GNU General Public License
     21# along with this program; if not, write to the Free Software
     22# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
     23#
    624
    725# print without newline
  • /trunk/dsys/funcEXE

    r20 r30  
    44#
    55#########################################################################
     6#
     7# Copyright Rainer Wichmann (2005)
     8#
     9# License Information:
     10# This program is free software; you can redistribute it and/or modify
     11# it under the terms of the GNU General Public License as published by
     12# the Free Software Foundation; either version 2 of the License, or
     13# (at your option) any later version.
     14#
     15# This program is distributed in the hope that it will be useful,
     16# but WITHOUT ANY WARRANTY; without even the implied warranty of
     17# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
     18# GNU General Public License for more details.
     19#
     20# You should have received a copy of the GNU General Public License
     21# along with this program; if not, write to the Free Software
     22# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
     23#
    624
    725findEXE() {
  • /trunk/dsys/funcINSTALL

    r20 r30  
    44#
    55#########################################################################
     6#
     7# Copyright Rainer Wichmann (2005)
     8#
     9# License Information:
     10# This program is free software; you can redistribute it and/or modify
     11# it under the terms of the GNU General Public License as published by
     12# the Free Software Foundation; either version 2 of the License, or
     13# (at your option) any later version.
     14#
     15# This program is distributed in the hope that it will be useful,
     16# but WITHOUT ANY WARRANTY; without even the implied warranty of
     17# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
     18# GNU General Public License for more details.
     19#
     20# You should have received a copy of the GNU General Public License
     21# along with this program; if not, write to the Free Software
     22# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
     23#
    624
    725getconfopts () {
  • /trunk/dsys/funcPRINT

    r20 r30  
    44#
    55#########################################################################
     6#
     7# Copyright Rainer Wichmann (2005)
     8#
     9# License Information:
     10# This program is free software; you can redistribute it and/or modify
     11# it under the terms of the GNU General Public License as published by
     12# the Free Software Foundation; either version 2 of the License, or
     13# (at your option) any later version.
     14#
     15# This program is distributed in the hope that it will be useful,
     16# but WITHOUT ANY WARRANTY; without even the implied warranty of
     17# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
     18# GNU General Public License for more details.
     19#
     20# You should have received a copy of the GNU General Public License
     21# along with this program; if not, write to the Free Software
     22# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
     23#
    624
    725# Fatal error
  • /trunk/dsys/funcSETUP

    r20 r30  
    44#
    55#########################################################################
     6#
     7# Copyright Rainer Wichmann (2005)
     8#
     9# License Information:
     10# This program is free software; you can redistribute it and/or modify
     11# it under the terms of the GNU General Public License as published by
     12# the Free Software Foundation; either version 2 of the License, or
     13# (at your option) any later version.
     14#
     15# This program is distributed in the hope that it will be useful,
     16# but WITHOUT ANY WARRANTY; without even the implied warranty of
     17# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
     18# GNU General Public License for more details.
     19#
     20# You should have received a copy of the GNU General Public License
     21# along with this program; if not, write to the Free Software
     22# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
     23#
    624
    725# test setup
  • /trunk/dsys/initscript

    r20 r30  
    11#! /bin/sh
     2
     3#
     4# Copyright Rainer Wichmann (2005)
     5#
     6# License Information:
     7# This program is free software; you can redistribute it and/or modify
     8# it under the terms of the GNU General Public License as published by
     9# the Free Software Foundation; either version 2 of the License, or
     10# (at your option) any later version.
     11#
     12# This program is distributed in the hope that it will be useful,
     13# but WITHOUT ANY WARRANTY; without even the implied warranty of
     14# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
     15# GNU General Public License for more details.
     16#
     17# You should have received a copy of the GNU General Public License
     18# along with this program; if not, write to the Free Software
     19# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
     20#
    221
    322startup=no
  • /trunk/dsys/postinstall

    r20 r30  
    11#! /bin/sh
     2
     3#
     4# Copyright Rainer Wichmann (2005)
     5#
     6# License Information:
     7# This program is free software; you can redistribute it and/or modify
     8# it under the terms of the GNU General Public License as published by
     9# the Free Software Foundation; either version 2 of the License, or
     10# (at your option) any later version.
     11#
     12# This program is distributed in the hope that it will be useful,
     13# but WITHOUT ANY WARRANTY; without even the implied warranty of
     14# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
     15# GNU General Public License for more details.
     16#
     17# You should have received a copy of the GNU General Public License
     18# along with this program; if not, write to the Free Software
     19# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
     20#
    221
    322name=`./samhain-install.sh --print-config name`
  • /trunk/dsys/preinstall

    r20 r30  
    11#! /bin/sh
     2#
     3# Copyright Rainer Wichmann (2005)
     4#
     5# License Information:
     6# This program is free software; you can redistribute it and/or modify
     7# it under the terms of the GNU General Public License as published by
     8# the Free Software Foundation; either version 2 of the License, or
     9# (at your option) any later version.
     10#
     11# This program is distributed in the hope that it will be useful,
     12# but WITHOUT ANY WARRANTY; without even the implied warranty of
     13# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
     14# GNU General Public License for more details.
     15#
     16# You should have received a copy of the GNU General Public License
     17# along with this program; if not, write to the Free Software
     18# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
     19#
    220
    321name=`./samhain-install.sh --print-config name`
  • /trunk/include/samhain.h

    r20 r30  
    138138  SH_LEVEL_USER0       = 7,
    139139  SH_LEVEL_USER1       = 8,
    140   SH_LEVEL_PRELINK     = 9
     140  SH_LEVEL_USER2       = 9,
     141  SH_LEVEL_USER3       = 10,
     142  SH_LEVEL_USER4       = 11,
     143  SH_LEVEL_PRELINK     = 12
    141144};
    142145
     
    290293/*@null@*/ extern sh_key_t  *skey;
    291294
     295/**************************************************
     296 *
     297 * macros
     298 *
     299 **************************************************/
     300
     301/* signal-safe log function
     302 */
     303int  safe_logger (int signal, int method, char * details);
     304void safe_fatal  (int signal, int method, char * details, char *f, int l);
     305
     306#define SH_VALIDATE_EQ(a,b) \
     307     do { \
     308         if ((a) != (b)) safe_fatal(0, 0, #a " != " #b, FIL__, __LINE__);\
     309     } while (0)
     310
     311#define SH_VALIDATE_NE(a,b) \
     312     do { \
     313         if ((a) == (b)) safe_fatal(0, 0, #a " == " #b, FIL__, __LINE__);\
     314     } while (0)
    292315
    293316#if defined(HAVE_MLOCK) && !defined(HAVE_BROKEN_MLOCK)
  • /trunk/include/sh_calls.h

    r20 r30  
    3333/* Set aud functions
    3434 */
    35 int sh_aud_set_functions(char * str_s);
     35int sh_aud_set_functions(const char * str_s);
    3636
    3737
  • /trunk/include/sh_database.h

    r20 r30  
    55int sh_database_insert (char * message);
    66
    7 int sh_database_use_persistent (char * str);
     7int sh_database_use_persistent (const char * str);
    88
    9 int sh_database_set_database (char * str);
    10 int sh_database_set_table (char * str);
    11 int sh_database_set_host (char * str);
    12 int sh_database_set_user (char * str);
    13 int sh_database_set_password (char * str);
    14 int sh_database_add_to_hash  (char * str);
    15 int set_enter_wrapper (char * str);
     9int sh_database_set_database (const char * str);
     10int sh_database_set_table (const char * str);
     11int sh_database_set_host (const char * str);
     12int sh_database_set_user (const char * str);
     13int sh_database_set_password (const char * str);
     14int sh_database_add_to_hash  (const char * str);
     15int set_enter_wrapper (const char * str);
    1616#endif
  • /trunk/include/sh_error.h

    r20 r30  
    3030  SH_ERR_T_START  = 0,
    3131
    32   /* 1-9 = SH_LEVEL_XXX */
     32  /* 1-13 = SH_LEVEL_XXX */
    3333
    3434  SH_ERR_T_RO      = SH_LEVEL_READONLY,
     
    4040  SH_ERR_T_USER0   = SH_LEVEL_USER0, 
    4141  SH_ERR_T_USER1   = SH_LEVEL_USER1, 
     42  SH_ERR_T_USER2   = SH_LEVEL_USER2, 
     43  SH_ERR_T_USER3   = SH_LEVEL_USER3, 
     44  SH_ERR_T_USER4   = SH_LEVEL_USER4, 
    4245  SH_ERR_T_PRELINK = SH_LEVEL_PRELINK, 
    4346
    44   SH_ERR_T_DIR    = 10,
    45   SH_ERR_T_FILE   = 11,
    46   SH_ERR_T_NAME   = 12,
     47  SH_ERR_T_DIR    = 13,
     48  SH_ERR_T_FILE   = 14,
     49  SH_ERR_T_NAME   = 15,
    4750
    48   SH_ERR_T_END    = 13
     51  SH_ERR_T_END    = 16
    4952};
    5053
     
    8184/* set mask for message class
    8285 */
    83 int sh_error_log_mask (char * c);
    84 int sh_error_print_mask (char * c);
    85 int sh_error_mail_mask (char * c);
    86 int sh_error_export_mask (char * c);
    87 int sh_error_syslog_mask (char * c);
    88 int sh_error_external_mask (char * c);
    89 int sh_error_database_mask (char * c);
    90 int sh_error_prelude_mask (char * c);
     86int sh_error_log_mask (const char * c);
     87int sh_error_print_mask (const char * c);
     88int sh_error_mail_mask (const char * c);
     89int sh_error_export_mask (const char * c);
     90int sh_error_syslog_mask (const char * c);
     91int sh_error_external_mask (const char * c);
     92int sh_error_database_mask (const char * c);
     93int sh_error_prelude_mask (const char * c);
    9194
    9295
     
    99102#ifdef SH_WITH_SERVER
    100103void sh_error_set_peer(const char * str);
    101 int  set_flag_sep_log (char * str);
     104int  set_flag_sep_log (const char * str);
    102105#endif
    103106
     
    108111/* convert a string to a numeric priority
    109112 */
    110 int sh_error_convert_level (char * str_s);
     113int sh_error_convert_level (const char * str_s);
    111114
    112115/* only to stderr (GOOD/BAD)
     
    116119/* set syslog facility
    117120 */
    118 int  sh_log_set_facility (char * c);
     121int  sh_log_set_facility (const char * c);
    119122
    120123/* define message header
    121124 */
    122 int sh_error_ehead (/*@null@*/char * s);
     125int sh_error_ehead (/*@null@*/const char * s);
    123126
    124127/* set level for error logging
     
    128131/* set severity levels
    129132 */
    130 int sh_error_set_iv (int iv, char *  severity_s);
     133int sh_error_set_iv (int iv, const char *  severity_s);
    131134
    132135/* set priorities
     
    178181/* (re)set the console device(s)
    179182 */
    180 int sh_log_set_console (char * address);
     183int sh_log_set_console (const char * address);
    181184void reset_count_dev_console(void);
    182185
     
    188191/* enable message queue
    189192 */
    190 int enable_msgq(char * foo);
     193int enable_msgq(const char * foo);
    191194#endif
    192195 
  • /trunk/include/sh_extern.h

    r20 r30  
    4343 * -- add CL argument, return # of arguments
    4444 */
    45 int sh_ext_tas_add_argv(sh_tas_t * tas, char * val);
     45int sh_ext_tas_add_argv(sh_tas_t * tas, const char * val);
    4646/*
    4747 * -- remove last CL argument
     
    5151 * -- add environment variable, return # of variables
    5252 */
    53 int sh_ext_tas_add_envv(sh_tas_t * tas, char * key, char * val);
     53int sh_ext_tas_add_envv(sh_tas_t * tas, const char * key, const char * val);
    5454/*
    5555 * -- set command
    5656 */
    57 void sh_ext_tas_command(sh_tas_t * tas, char * command);
     57void sh_ext_tas_command(sh_tas_t * tas, const char * command);
    5858/*
    5959 * -- initialize task structure
     
    7171 * -- start a new external command, and add it to the list
    7272 */
    73 int sh_ext_setcommand(char * cmd);
     73int sh_ext_setcommand(const char * cmd);
    7474
    7575/*
     
    8181 * -- set deadtime
    8282 */
    83 int sh_ext_deadtime (char * str);
     83int sh_ext_deadtime (const char * str);
    8484
    8585/*
    8686 * -- add keywords to the OR filter
    8787 */
    88 int sh_ext_add_or (char * str);
     88int sh_ext_add_or (const char * str);
    8989
    9090/*
    9191 * -- add keywords to the AND filter
    9292 */
    93 int sh_ext_add_and (char * str);
     93int sh_ext_add_and (const char * str);
    9494
    9595/*
    9696 * -- add keywords to the NOT filter
    9797 */
    98 int sh_ext_add_not (char * str);
     98int sh_ext_add_not (const char * str);
    9999
    100100/*
    101101 * -- add keywords to the CL argument list
    102102 */
    103 int sh_ext_add_argv (char * str);
     103int sh_ext_add_argv (const char * str);
    104104
    105105/*
    106106 * -- add a path to the environment
    107107 */
    108 int sh_ext_add_default (char * str);
     108int sh_ext_add_default (const char * str);
    109109
    110110/*
    111111 * -- add an environment variable
    112112 */
    113 int sh_ext_add_environ (char * str);
     113int sh_ext_add_environ (const char * str);
    114114
    115115/*
    116116 * -- define type
    117117 */
    118 int sh_ext_type (char * str);
     118int sh_ext_type (const char * str);
    119119
    120120/*
    121121 * -- define checksum
    122122 */
    123 int sh_ext_checksum (char * str);
     123int sh_ext_checksum (const char * str);
    124124
    125125/*
    126126 * -- choose privileges
    127127 */
    128 int sh_ext_priv (char * c);
     128int sh_ext_priv (const char * c);
    129129
    130130/*
  • /trunk/include/sh_files.h

    r20 r30  
    2323/* register exceptions to hardlink check
    2424 */
    25 int sh_files_hle_reg (char * str);
     25int sh_files_hle_reg (const char * str);
    2626
    2727/* check the setup
     
    3535/* activate hardlink check
    3636 */
    37 int sh_files_check_hardlinks (char * opt);
     37int sh_files_check_hardlinks (const char * opt);
    3838
    3939/* set recursion depth
     
    4343/* report only once
    4444 */
    45 int sh_files_reportonce(char * c);
     45int sh_files_reportonce(const char * c);
    4646
    4747/* report full details
    4848 */
    49 int sh_files_fulldetail(char * c);
     49int sh_files_fulldetail(const char * c);
    5050
    5151/* reset the 'checked' flag
     
    6767/* push a directory on the stack USER0
    6868 */
    69 int  sh_files_pushdir_user0 (char * dirName);
     69int  sh_files_pushdir_user0 (const char * dirName);
    7070
    7171/* push a directory on the stack USER1
    7272 */
    73 int  sh_files_pushdir_user1 (char * dirName);
     73int  sh_files_pushdir_user1 (const char * dirName);
     74
     75/* push a directory on the stack USER2
     76 */
     77int  sh_files_pushdir_user2 (const char * dirName);
     78
     79/* push a directory on the stack USER3
     80 */
     81int  sh_files_pushdir_user3 (const char * dirName);
     82
     83/* push a directory on the stack USER4
     84 */
     85int  sh_files_pushdir_user4 (const char * dirName);
    7486
    7587/* push a directory on the stack PRELINK
    7688 */
    77 int  sh_files_pushdir_prelink (char * dirName);
     89int  sh_files_pushdir_prelink (const char * dirName);
    7890
    7991/* push a directory on the stack ATTR
    8092 */
    81 int  sh_files_pushdir_attr (char * dirName);
     93int  sh_files_pushdir_attr (const char * dirName);
    8294
    8395/* push a directory on the stack READONLY
    8496 */
    85 int  sh_files_pushdir_ro (char * dirName);
     97int  sh_files_pushdir_ro (const char * dirName);
    8698
    8799/* push a directory on the stack LOGFILE
    88100 */
    89 int  sh_files_pushdir_log (char * dirName);
     101int  sh_files_pushdir_log (const char * dirName);
    90102
    91103/* push a directory on the stack GROWING LOGFILE
    92104 */
    93 int  sh_files_pushdir_glog (char * dirName);
     105int  sh_files_pushdir_glog (const char * dirName);
    94106
    95107/* push a directory on the stack IGNORE NONE
    96108 */
    97 int  sh_files_pushdir_noig (char * dirName);
     109int  sh_files_pushdir_noig (const char * dirName);
    98110
    99111/* push a directory on the stack IGNORE ALL
    100112 */
    101 int  sh_files_pushdir_allig (char * dirName);
     113int  sh_files_pushdir_allig (const char * dirName);
    102114
    103115
    104116/* push a file on the stack USER0
    105117 */
    106 int  sh_files_pushfile_user0 (char * dirName);
     118int  sh_files_pushfile_user0 (const char * dirName);
    107119
    108120/* push a file on the stack USER1
    109121 */
    110 int  sh_files_pushfile_user1 (char * dirName);
     122int  sh_files_pushfile_user1 (const char * dirName);
     123
     124/* push a file on the stack USER2
     125 */
     126int  sh_files_pushfile_user2 (const char * dirName);
     127
     128/* push a file on the stack USER3
     129 */
     130int  sh_files_pushfile_user3 (const char * dirName);
     131
     132/* push a file on the stack USER4
     133 */
     134int  sh_files_pushfile_user4 (const char * dirName);
    111135
    112136/* push a file on the stack PRELINK
    113137 */
    114 int  sh_files_pushfile_prelink (char * dirName);
     138int  sh_files_pushfile_prelink (const char * dirName);
    115139
    116140/* push a file on the stack ATTR
    117141 */
    118 int  sh_files_pushfile_attr (char * dirName);
     142int  sh_files_pushfile_attr (const char * dirName);
    119143
    120144/* push a file on the stack READONLY
    121145 */
    122 int  sh_files_pushfile_ro (char * dirName);
     146int  sh_files_pushfile_ro (const char * dirName);
    123147
    124148/* push a file on the stack LOGFILE
    125149 */
    126 int  sh_files_pushfile_log (char * dirName);
     150int  sh_files_pushfile_log (const char * dirName);
    127151
    128152/* push a file on the stack GROWING LOGFILE
    129153 */
    130 int  sh_files_pushfile_glog (char * dirName);
     154int  sh_files_pushfile_glog (const char * dirName);
    131155
    132156/* push a file on the stack IGNORE NONE
    133157 */
    134 int  sh_files_pushfile_noig (char * dirName);
     158int  sh_files_pushfile_noig (const char * dirName);
    135159
    136160/* push a file on the stack IGNORE ALL
    137161 */
    138 int  sh_files_pushfile_allig (char * dirName);
     162int  sh_files_pushfile_allig (const char * dirName);
    139163
    140164
     
    153177/* redefine policies
    154178 */
    155 int sh_files_redef_user0(char * str);
    156 int sh_files_redef_user1(char * str);
    157 int sh_files_redef_prelink(char * str);
    158 int sh_files_redef_readonly(char * str);
    159 int sh_files_redef_loggrow(char * str);
    160 int sh_files_redef_logfiles(char * str);
    161 int sh_files_redef_attributes(char * str);
    162 int sh_files_redef_noignore(char * str);
    163 int sh_files_redef_allignore(char * str);
     179int sh_files_redef_user0(const char * str);
     180int sh_files_redef_user1(const char * str);
     181int sh_files_redef_user2(const char * str);
     182int sh_files_redef_user3(const char * str);
     183int sh_files_redef_user4(const char * str);
     184int sh_files_redef_prelink(const char * str);
     185int sh_files_redef_readonly(const char * str);
     186int sh_files_redef_loggrow(const char * str);
     187int sh_files_redef_logfiles(const char * str);
     188int sh_files_redef_attributes(const char * str);
     189int sh_files_redef_noignore(const char * str);
     190int sh_files_redef_allignore(const char * str);
    164191
    165192
  • /trunk/include/sh_forward.h

    r20 r30  
    3232/* set time limit
    3333 */
    34 int sh_forward_set_time_limit(char * str);
     34int sh_forward_set_time_limit(const char * str);
    3535
    3636/* error level for lookup failure
    3737 */
    38 int sh_forward_lookup_level (char * c);
     38int sh_forward_lookup_level (const char * c);
    3939
    4040/* create client entry for given password
     
    4242int sh_forward_make_client (const char * str);
    4343
     44/* set port to which we connect
     45 */
     46int sh_forward_server_port (const char * str);
     47
    4448#ifdef SH_WITH_SERVER
    4549
    4650#ifdef INET_SYSLOG
    47 int set_syslog_active(char * c);
     51int set_syslog_active(const char * c);
    4852#endif
    4953
     
    5559 * and set by accept()
    5660 */
    57 int set_socket_peer (char * c);
     61int set_socket_peer (const char * c);
    5862
    5963/* whether to use client severity
    6064 */
    61 int sh_forward_use_clt_sev (char * c);
     65int sh_forward_use_clt_sev (const char * c);
    6266
    6367/* whether to use client class
    6468 */
    65 int sh_forward_use_clt_class (char * c);
     69int sh_forward_use_clt_class (const char * c);
    6670
    6771/* server port
    6872 */
    69 int sh_forward_set_port(char * c);
     73int sh_forward_set_port(const char * c);
    7074
    7175/* server interface
    7276 */
    73 int sh_forward_set_interface(char * c);
     77int sh_forward_set_interface(const char * c);
    7478
    7579/* a wrapper function
     
    7983/* register a client
    8084 */
    81 int sh_forward_register_client (char * str);
     85int sh_forward_register_client (const char * str);
    8286
    8387/* start server
     
    9195#endif
    9296
    93 #ifdef SH_WITH_CLIENT
     97#if defined(SH_WITH_CLIENT) || defined(SH_WITH_SERVER)
    9498/* talk to server
    9599 */
    96100long  sh_forward (char * errmsg);
    97101
     102/* set log server
     103 */
     104int sh_forward_setlogserver (const char * address);
     105void reset_count_dev_server(void);
     106#endif
     107
     108#ifdef SH_WITH_CLIENT
    98109
    99110/* request file from server. file may be "CONF" or "DATA".
     
    101112long sh_forward_req_file (char * file);
    102113
    103 /* set log server
    104  */
    105 int sh_forward_setlogserver (char * address);
    106 void reset_count_dev_server(void);
    107 
    108114#endif
    109115
  • /trunk/include/sh_hash.h

    r20 r30  
    4242/* version string for database
    4343 */
    44 int sh_hash_version_string(char * str);
     44int sh_hash_version_string(const char * str);
    4545
    4646/* List database content
  • /trunk/include/sh_ignore.h

    r20 r30  
    22#define SH_IGNORE_H
    33
    4 int sh_ignore_add_del (char * addpath);
    5 int sh_ignore_add_new (char * addpath);
     4int sh_ignore_add_del (const char * addpath);
     5int sh_ignore_add_new (const char * addpath);
    66
    77int sh_ignore_chk_del (const char * chkpath);
  • /trunk/include/sh_mail.h

    r20 r30  
    2626/* set a relay server
    2727 */
    28 int sh_mail_set_relay (char * str_s);
     28int sh_mail_set_relay (const char * str_s);
    2929
    3030/* send to all recpts. in one mail
    3131 */
    32 int sh_mail_setFlag (char * str);
     32int sh_mail_setFlag (const char * str);
    3333
    3434/* set the subject string
    3535 */
    36 int set_mail_subject (char * str);
     36int set_mail_subject (const char * str);
    3737
    3838/* test mailbox
     
    4444#define SH_MAX_FAIL    48
    4545
    46 int sh_mail_setNum (char * str);
     46int sh_mail_setNum (const char * str);
    4747
    48 int sh_mail_setaddress (char * address);
     48int sh_mail_setaddress (const char * address);
    4949void reset_count_dev_mail(void);
    50 int sh_mail_setaddress_int (char * address);
     50int sh_mail_setaddress_int (const char * address);
    5151
    5252/* call if not urgent
     
    6060/* set sender of mail
    6161 */
    62 int sh_mail_set_sender (char *str);
     62int sh_mail_set_sender (const char *str);
    6363
    64 int sh_mail_add_or  (char * str);
    65 int sh_mail_add_and (char * str);
    66 int sh_mail_add_not (char * str);
     64int sh_mail_add_or  (const char * str);
     65int sh_mail_add_and (const char * str);
     66int sh_mail_add_not (const char * str);
    6767
    6868#endif
  • /trunk/include/sh_prelink.h

    r20 r30  
    1414/* configuration
    1515 */
    16 int sh_prelink_set_path (char * str);
    17 int sh_prelink_set_hash (char * str);
     16int sh_prelink_set_path (const char * str);
     17int sh_prelink_set_hash (const char * str);
    1818#endif
  • /trunk/include/sh_prelude.h

    r20 r30  
    66int  sh_prelude_init();
    77
    8 int sh_prelude_set_profile(char *arg);
     8int sh_prelude_set_profile(const char *arg);
    99
    1010int sh_prelude_alert (int priority, int class, char * message,
     
    1313/* map severity levels
    1414 */
    15 int sh_prelude_map_info (char * str);
    16 int sh_prelude_map_low (char * str);
    17 int sh_prelude_map_medium (char * str);
    18 int sh_prelude_map_high (char * str);
     15int sh_prelude_map_info (const char * str);
     16int sh_prelude_map_low (const char * str);
     17int sh_prelude_map_medium (const char * str);
     18int sh_prelude_map_high (const char * str);
    1919
    2020#endif
  • /trunk/include/sh_tiger.h

    r20 r30  
    2222/* NEW Thu Oct 18 19:59:08 CEST 2001
    2323 */
    24 int sh_tiger_hashtype (char * c);
     24int sh_tiger_hashtype (const char * c);
    2525char * sh_tiger_generic_hash (char * filename, TigerType what,
    2626                              UINT64 Length, int timeout);
  • /trunk/include/sh_tools.h

    r20 r30  
    5353
    5454
    55 #if defined (SH_WITH_CLIENT)
     55#if defined (SH_WITH_CLIENT) || defined(SH_WITH_SERVER)
    5656
    5757unsigned long write_port (int sockfd, char *buf, unsigned long nbytes,
     
    6565                 unsigned long * length, char * u);
    6666
    67 
    68 SL_TICKET open_tmp (void);
    69 int close_tmp (SL_TICKET fd);
    70 int rewind_tmp (SL_TICKET fd);
     67/*
     68  SL_TICKET open_tmp (void);
     69  int close_tmp (SL_TICKET fd);
     70  int rewind_tmp (SL_TICKET fd);
     71*/
    7172
    7273void sh_tools_server_cmd(const char * srvcmd);
     
    7879#endif
    7980
     81#if defined(SH_WITH_CLIENT) || defined(SH_WITH_SERVER) || defined(SH_STEALTH) || defined(WITH_GPG) || defined(WITH_PGP)
     82SL_TICKET open_tmp (void);
     83int close_tmp (SL_TICKET fd);
     84int rewind_tmp (SL_TICKET fd);
     85#endif
    8086
    8187#endif
  • /trunk/include/sh_unix.h

    r20 r30  
    9999extern  unsigned long mask_USER0;
    100100extern  unsigned long mask_USER1;
     101extern  unsigned long mask_USER2;
     102extern  unsigned long mask_USER3;
     103extern  unsigned long mask_USER4;
    101104/* like READONLY, but without MTM,CTM,SIZ,INO, abd with PREL)
    102105 */
     
    141144int sh_unix_munlock(void * addr, size_t len);
    142145int sh_unix_count_mlock();
     146/* public for unit tests */
     147int sh_unix_pagesize();
     148unsigned long sh_unix_lookup_page(void * in_addr, size_t len, int * num_pages);
    143149
    144150/* chroot directory
     
    148154/* whether to use localtime for file timesatams in logs
    149155 */
    150 int sh_unix_uselocaltime (char * c);
     156int sh_unix_uselocaltime (const char * c);
    151157
    152158/* set I/O limit
    153159 */
    154 int  sh_unix_set_io_limit (char * c);
     160int  sh_unix_set_io_limit (const char * c);
    155161void sh_unix_io_pause ();
    156162
     
    199205/* checksum of own binary
    200206 */
    201 int sh_unix_self_hash (char * c);
     207int sh_unix_self_hash (const char * c);
    202208
    203209/* return BAD on failure
     
    207213/* add a trusted user to the list
    208214 */
    209 int tf_add_trusted_user(char *);
     215int tf_add_trusted_user(const char *);
    210216
    211217/* check a file
     
    224230/* set the timeserver address
    225231 */
    226 int sh_unix_settimeserver (char * address);
     232int sh_unix_settimeserver (const char * address);
    227233void reset_count_dev_time(void);
    228234
  • /trunk/include/sh_utils.h

    r20 r30  
    6565/* set signature type HASH-TIGER/HMAC-TIGER
    6666 */
    67 int sh_util_sigtype (char * c);
     67int sh_util_sigtype (const char * c);
    6868
    6969/* compute a signature
     
    8383/* don't log output files
    8484 */
    85 int sh_util_hidesetup(char * c);
     85int sh_util_hidesetup(const char * c);
    8686
    8787/* exceptions to obscure name check
    8888 */
    89 int sh_util_obscure_ok (char * str);
     89int sh_util_obscure_ok (const char * str);
    9090
    9191/* read a hexchar
  • /trunk/man/samhain.8

    r20 r30  
    4848.SS "MISCELLANEOUS"
    4949.PP
     50
     51.B samhain
     52.RI \-\-server\-port= portnumber
    5053
    5154.B samhain
     
    300303.SS "MISCELLANEOUS OPTIONS"
    301304.PP
     305
     306.B samhain
     307.RI \-\-server\-port= portnumber
     308
     309Choose the port on the server host to which the client will connect.
    302310
    303311.B samhain
  • /trunk/man/samhainrc.5

    r20 r30  
    9696.TP
    9797.I "[User1]"
     98.TP
     99.I "[User2]"
     100.TP
     101.I "[User3]"
     102.TP
     103.I "[User4]"
    98104These are reserved for user-defined policies.
    99105.TP
     
    172178.br
    173179.BI  SeverityUser0= val,
     180.br
     181.BI  SeverityUser1= val,
     182.br
     183.BI  SeverityUser2= val,
     184.br
     185.BI  SeverityUser3= val,
    174186and
    175187.br
    176 .BI  SeverityUser1= val
     188.BI  SeverityUser4= val
    177189define the error levels for failures to verify the integrity of
    178190files/directories of the respective types. I.e. if such a file shows
     
    514526sets the hostname for the log server.
    515527.br
     528.BI SetServerPort= portnumber
     529sets the port on the server to connect to.
     530.br
    516531.BI SetDatabasePath= AUTO|/path
    517532Path to database (AUTO to tack hostname on compiled-in path).
     
    547562.BI RedefUser1= +/-XXX,+/-YYY,...
    548563Add or subtract tests XXX from the User1 policy.
     564.br
     565.BI RedefUser2= +/-XXX,+/-YYY,...
     566Add or subtract tests XXX from the User2 policy.
     567.br
     568.BI RedefUser3= +/-XXX,+/-YYY,...
     569Add or subtract tests XXX from the User3 policy.
     570.br
     571.BI RedefUser4= +/-XXX,+/-YYY,...
     572Add or subtract tests XXX from the User4 policy.
    549573.TP
    550574.B Server Only
  • /trunk/scripts/README

    r20 r30  
    4040   This script will do this automatically. Run 'samhainrc_update.sh -h'
    4141   for usage instructions. You may need to change the location of the
    42    samhainrc file by editing the line 'SAMHAIN_CFG="/etc/samhainrc"'
     42   samhainrc file by editing the line 'cfgfile="/etc/samhainrc"'
    4343   at the beginning of the script.
    4444 
  • /trunk/scripts/samhainadmin.pl.in

    r20 r30  
    2929use Fcntl qw(:DEFAULT :flock);
    3030
     31# Do I/O to the data file in binary mode (so it
     32# wouldn't complain about invalid UTF-8 characters).
     33use bytes;
     34
    3135File::Temp->safe_level( File::Temp::HIGH );
    3236
     
    515519    $action = 'f';
    516520}
    517 elsif (defined ($opts{'create-cfgfile'})) {
     521elsif (defined ($opts{'create-datafile'})) {
    518522    $action = 'D';
    519523}
    520 elsif (defined ($opts{'print-cfgfile'})) {
     524elsif (defined ($opts{'print-datafile'})) {
    521525    $action = 'd';
    522526}
  • /trunk/scripts/samhainrc_update.sh

    r20 r30  
    1 #!/bin/bash
    2 # -----------------------------------------------------------------------------
    3 # @brief: update the kernel options in the samhain configuration
    4 #         file, after a new kernel has been compiled
    5 # @author: marc heisterkamp <marzheister@web.de>
    6 # -----------------------------------------------------------------------------
    7 
    8 SAMHAIN_CFG="/etc/samhainrc"
    9 
    10 BLUE="[34;01m"
    11 CYAN="[36;01m"
    12 GREEN="[32;01m"
    13 DARK_GREEN="[32m"
    14 RED="[31;01m"
    15 PURPLE="[35;01m"
    16 WHITE="[37;01m"
    17 DARK_GRAY="[30;01m"
    18 LIGHT_GRAY="[37m"
    19 YELLOW="[33;01m"
    20 BROWN="[33m"
    21 OFF="[0m"
    22 
    23 
    24 SYSTEM_MAP=""
    25 new_cfg=''
    26 scriptname="$0"
    27 
    28 # global variables for system adresses (extracted from System.map)
    29 SYS_CALL=''
    30 SYS_CALL_TABLE=''
    31 PROC_ROOT=''
    32 PROC_ROOT_IOPS=''
    33 PROC_ROOT_LOOKUP=''
    34 
    35 # Make sure the user has root permissions
    36 if [ $UID -ne 0 ] ; then
    37   echo "You must be root to run this script. Exiting."
    38   exit 1
     1#! /bin/sh
     2
     3# -----------------------------------------------------------------------
     4# The default configuration file
     5# -----------------------------------------------------------------------
     6
     7cfgfile="/etc/samhainrc"
     8
     9# -----------------------------------------------------------------------
     10# Be Bourne compatible
     11# -----------------------------------------------------------------------
     12
     13if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then
     14  emulate sh
     15  NULLCMD=:
     16elif test -n "${BASH_VERSION+set}" && (set -o posix) >/dev/null 2>&1; then
     17  set -o posix
    3918fi
    4019
    41 
    42 #------------------------------------------------------------------------------
    43 # usage
    44 #------------------------------------------------------------------------------
    45 function print_usage() {
    46 
    47   cat >&2 <<EOHELP
    48 
    49   update the samhainrc configuration file with new kernel system addresses
    50   (i.e: after kernel compilation) by extracting these from the new System.map
    51   file
    52 
    53   SYNOPSIS
    54      $scriptname [ ${GREEN}--help${OFF} ]
    55                            [ ${GREEN}--nocolor${OFF} ]
    56                            [ ${GREEN}--print-only${OFF} ] <System.map>
    57                            [ ${GREEN}--update${OFF} ]     <System.map>
    58 
    59   OPTIONS
    60      ${GREEN}-h${OFF} ${GREEN}--help${OFF}
    61         Show help.
    62 
    63      ${GREEN}--nocolor${OFF}
    64         Disable color hilighting for non ANSI-compatible terms.
    65 
    66      ${GREEN}-p${OFF} ${GREEN}--print-only${OFF} <System.map>
    67         Print the extracted system adresses and do not write them to the
    68         samhain configuration file.
    69 
    70      ${GREEN}-u${OFF} ${GREEN}--update${OFF} <System.map>
    71         Update the samhainrc configuration file with new kernel system
    72         addresses from the given System.map file
    73 
    74 EOHELP
    75  exit 0
    76 }
    77 
    78 
    79 #------------------------------------------------------------------------------
    80 # parses the command line options
    81 # param in: all parameters given to the script
    82 #------------------------------------------------------------------------------
    83 function parse_cmd_line() {
    84 
    85   # parse the command-line
    86   while [ -n "$1" ]; do
    87     case "$1" in
    88       --help|-h)
    89         print_usage
    90         ;;
    91       --nocolor|-n)
    92         unset DARK_GREEN GREEN RED BROWN LIGHT_GRAY WHITE OFF
    93         ;;
    94       --print-only|-p)
    95         shift
    96         SYSTEM_MAP="$1"
    97         get_system_addresses
    98         print_system_addresses
    99         break
    100         ;;
    101       --update|-u)
    102         shift
    103         SYSTEM_MAP="$1"
    104         get_system_addresses
    105         print_system_addresses
    106         replace_system_addresses
    107         ;;
    108       -*)
    109         echo "$scriptname: unknown option $1. Exiting" >&2
    110         exit 1
    111         ;;
    112     esac
    113     shift
    114   done
    115 }
    116 
    117 
    118 #------------------------------------------------------------------------------
    119 # extract system adresses from given System.map file and save to global
    120 # variables
    121 #------------------------------------------------------------------------------
    122 function get_system_addresses() {
    123 
    124   if [ -z "$SYSTEM_MAP" ] ; then
    125     echo
    126     echo "No System.map specified. Exiting" >&2
    127     echo
    128     exit 1
     20programname="$0"
     21sysmap=
     22
     23# -----------------------------------------------------------------------
     24# Print help
     25# -----------------------------------------------------------------------
     26
     27showhelp() {
     28    echo
     29    echo "$programname - update samhain config file after kernel update"
     30    echo
     31    echo "OPTIONS:"
     32    echo
     33    echo " -u|--update </path/to/System.map>"
     34    echo "         Update the configuration file with new"
     35    echo "         settings as taken from </path/to/System.map>"
     36    echo
     37    echo " -c|--config-file </path/to/config-file>"
     38    echo "         Specify the configuration file to update [${cfgfile}]"
     39    echo
     40    echo " -p|--print-only </path/to/System.map>"
     41    echo "         Print new settings, don't modify anything"
     42    echo
     43    echo " -h|--help"
     44    echo "         Print this help"
     45    echo
     46    echo " -n|--nocolor"
     47    echo "         (ignored, legacy support)"
     48    echo
     49}
     50
     51
     52# -----------------------------------------------------------------------
     53# Death strikes
     54# -----------------------------------------------------------------------
     55
     56die() {
     57    echo ${1+"$@"} >&2
     58    { (exit 1); exit 1; }
     59}
     60
     61# -----------------------------------------------------------------------
     62# Get new settings from </path/to/System.map>
     63# -----------------------------------------------------------------------
     64
     65system_call=
     66syscall_table=
     67proc_root=
     68proc_root_inode_operations=
     69proc_root_lookup=
     70
     71get_new_settings() {
     72
     73    if [ -z "$sysmap" ]; then
     74        die "No System.map specified"
     75    fi
     76    if [ -f "$sysmap" ]; then
     77        if [ -r "$sysmap" ]; then
     78            system_call=`egrep '[[:alnum:]]{8}[[:space:]]+[[:alpha:]]{1}[[:space:]]+system_call$' ${sysmap} | awk '{ print $1 }'`
     79            syscall_table=`egrep '[[:alnum:]]{8}[[:space:]]+[[:alpha:]]{1}[[:space:]]+sys_call_table$' ${sysmap} | awk '{ print $1 }'`
     80            proc_root=`egrep '[[:alnum:]]{8}[[:space:]]+[[:alpha:]]{1}[[:space:]]+proc_root$' ${sysmap} | awk '{ print $1 }'`
     81            proc_root_inode_operations=`egrep '[[:alnum:]]{8}[[:space:]]+[[:alpha:]]{1}[[:space:]]+proc_root_inode_operations$' ${sysmap} | awk '{ print $1 }'`
     82            proc_root_lookup=`egrep '[[:alnum:]]{8}[[:space:]]+[[:alpha:]]{1}[[:space:]]+proc_root_lookup$' ${sysmap} | awk '{ print $1 }'`
     83        else
     84            die "System.map ${sysmap} not readable"
     85        fi
     86    else
     87        die "System.map ${sysmap} not found"
     88    fi
     89    test -z "${system_call}" && die "system_call not found in ${cfgfile}"
     90    test -z "${syscall_table}" && die "sys_call_table not found in ${cfgfile}"
     91    test -z "${proc_root}" && die "proc_root not found in ${cfgfile}"
     92    test -z "${proc_root_inode_operations}" && die "proc_root_inode_operations not found in ${cfgfile}"
     93    test -z "${proc_root_lookup}" && die "proc_root_lookup not found in ${cfgfile}"
     94
     95}
     96
     97# -----------------------------------------------------------------------
     98# Print new settings
     99# -----------------------------------------------------------------------
     100
     101run_print() {
     102    get_new_settings
     103    echo
     104    echo "KernelSystemCall =     0x${system_call}"
     105    echo "KernelSyscallTable =   0x${syscall_table}"
     106    echo "KernelProcRoot =       0x${proc_root}"
     107    echo "KernelProcRootIops =   0x${proc_root_inode_operations}"
     108    echo "KernelProcRootLookup = 0x${proc_root_lookup}"
     109    echo
     110}
     111
     112# -----------------------------------------------------------------------
     113# Replace a setting
     114# -----------------------------------------------------------------------
     115
     116# set ignorecase
     117# search pattern
     118# delete current line
     119# insert
     120# single dot == end of insert text
     121# save and exit
     122
     123run_replace() {
     124    item="$1"
     125    address="$2"
     126    ex -s "$cfgfile" <<EOF
     127:set ic
     128:/^[[:blank:]]*$1[[:blank:]]*=
     129:d
     130:i
     131$item = $address
     132.
     133:x
     134EOF
     135}
     136
     137# -----------------------------------------------------------------------
     138# Add a setting
     139# -----------------------------------------------------------------------
     140
     141# set ignorecase
     142# search pattern ([Kernel] section)
     143# append (next line)
     144# single dot == end of insert text
     145# save and exit
     146
     147run_add() {
     148    item="$1"
     149    address="$2"
     150    ex -s "$cfgfile" <<EOF
     151:set ic
     152:/^[[:space:]]*\[Kernel\]
     153:a
     154$item = $address
     155.
     156:x
     157EOF
     158}
     159
     160# -----------------------------------------------------------------------
     161# Update with new settings
     162# -----------------------------------------------------------------------
     163
     164run_update() {
     165
     166    get_new_settings
     167
     168    if [ -z "$cfgfile" ]; then
     169        die "No configuration file specified"
     170    fi
     171    if [ ! -w "$cfgfile" ]; then
     172        die "Configuration file ${cfgfile} not writeable"
     173    fi
     174    egrep '^[[:space:]]*\[Kernel\]' "$cfgfile" >/dev/null
     175    if [ $? -ne 0 ]; then
     176        die "No [Kernel] section in configuration file $cfgfile"
     177    fi
     178
     179    cat "$cfgfile" | egrep -i 'KernelProcRootLookup' >/dev/null
     180    if [ $? -eq 0 ]; then
     181        run_replace 'KernelProcRootLookup' "0x${proc_root_lookup}"
     182    else
     183        run_add 'KernelProcRootLookup' "0x${proc_root_lookup}"
     184    fi
     185 
     186    cat "$cfgfile" | egrep -i 'KernelProcRootIops' >/dev/null
     187    if [ $? -eq 0 ]; then
     188        run_replace 'KernelProcRootIops' "0x${proc_root_inode_operations}"
     189    else
     190        run_add 'KernelProcRootIops' "0x${proc_root_inode_operations}"
     191    fi
     192
     193    cat "$cfgfile" | egrep -i 'KernelProcRoot[[:space:]]*=' >/dev/null
     194    if [ $? -eq 0 ]; then
     195        run_replace 'KernelProcRoot' "0x${proc_root}"
     196    else
     197        run_add 'KernelProcRoot' "0x${proc_root}"
     198    fi
     199
     200    cat "$cfgfile" | egrep -i 'KernelSyscallTable' >/dev/null
     201    if [ $? -eq 0 ]; then
     202        run_replace 'KernelSyscallTable' "0x${syscall_table}"
     203    else
     204        run_add 'KernelSyscallTable' "0x${syscall_table}"
     205    fi
     206
     207    cat "$cfgfile" | egrep -i 'KernelSystemCall' >/dev/null
     208    if [ $? -eq 0 ]; then
     209        run_replace 'KernelSystemCall' "0x${system_call}"
     210    else
     211        run_add 'KernelSystemCall' "0x${system_call}"
     212    fi
     213
     214}
     215
     216# -----------------------------------------------------------------------
     217# Parse command line
     218# -----------------------------------------------------------------------
     219
     220sysmap=
     221action=
     222
     223for option
     224do
     225
     226  # If the previous option needs an argument, assign it.
     227  #
     228  if test -n "$opt_prev"; then
     229    eval "$opt_prev=\$option"
     230    eval export "$opt_prev"
     231    opt_prev=
     232    continue
    129233  fi
    130234
    131   if [ ! -f "$SYSTEM_MAP" ] ; then
    132     echo
    133     echo "Could not find System.map: $SYSTEM_MAP. Exiting" >&2
    134     echo
    135     exit 1
    136   fi
    137 
    138   # 1. this is the address of system_call (grep system_call System.map)
    139   #    KernelSystemCall = 0xc0106cf8
    140   SYS_CALL="0x`grep system_call $SYSTEM_MAP | cut -d' ' -f1`"
    141 
    142   # 2. this is the address of sys_call_table (grep ' sys_call_table' System.map)
    143   #    KernelSyscallTable = 0xc01efb98
    144   SYS_CALL_TABLE="0x`grep sys_call_table $SYSTEM_MAP | cut -d' ' -f1`"
    145 
    146   # 3. this is the address of proc_root (grep ' proc_root$' System.map)
    147   #    KernelProcRoot = 0xc01efb98
    148   PROC_ROOT="0x`grep ' proc_root$' $SYSTEM_MAP | cut -d' ' -f1`"
    149 
    150   # 4. this is the address of proc_root_inode_operations
    151   #    (grep proc_root_inode_operations System.map)
    152   #    KernelProcRootIops = 0xc01efb98
    153   PROC_ROOT_IOPS="0x`grep proc_root_inode_operations $SYSTEM_MAP | cut -d' ' -f1`"
    154 
    155   # 5. this is the address of proc_root_lookup
    156   #    (grep proc_root_lookup System.map)
    157   #    KernelProcRootLookup = 0xc01efb98
    158   PROC_ROOT_LOOKUP="0x`grep proc_root_lookup $SYSTEM_MAP | cut -d' ' -f1`"
    159 }
    160 
    161 
    162 #------------------------------------------------------------------------------
    163 # extract system adresses from given System.map file and save to global
    164 # variables
    165 #------------------------------------------------------------------------------
    166 function replace_system_addresses() {
    167 
    168   if [ -z "$SAMHAIN_CFG" ] ; then
    169     echo "Could not find your samhainrc config file: $SAMHAIN_CFG. Exiting" >&2
    170     exit 1
    171   fi
    172 
    173   echo
    174   echo "Replacing current kernel system addresses in: $SAMHAIN_CFG"
    175 
    176   # 1. replace current 'KernelSystemCall' setting
    177   new_cfg=`sed -e "s/^\(KernelSystemCall[[:blank:]]*=\)[[:blank:]]*\(.*\)/\1 ${SYS_CALL}/" $SAMHAIN_CFG`
    178 
    179   # 2. replace current 'KernelSyscallTable' setting
    180   new_cfg=`echo "$new_cfg" | sed -e "s/^\(KernelSyscallTable[[:blank:]]*=\)[[:blank:]]*\(.*\)/\1 ${SYS_CALL_TABLE}/"`
    181 
    182   # 3. replace current 'KernelProcRoot' setting
    183   new_cfg=`echo "$new_cfg" | sed -e "s/^\(KernelProcRoot[[:blank:]]*=\)[[:blank:]]*\(.*\)/\1 ${PROC_ROOT}/"`
    184 
    185   # 4. replace current 'KernelProcRootIops' setting
    186   new_cfg=`echo "$new_cfg" | sed -e "s/^\(KernelProcRootIops[[:blank:]]*=\)[[:blank:]]*\(.*\)/\1 ${PROC_ROOT_IOPS}/"`
    187 
    188   # 5. replace current 'KernelSystemCall' setting
    189   new_cfg=`echo "$new_cfg" | sed -e "s/^\(KernelProcRootLookup[[:blank:]]*=\)[[:blank:]]*\(.*\)/\1 ${PROC_ROOT_LOOKUP}/"`
    190 
    191   echo "Backup old samhainrc $SAMHAIN_CFG to $SAMHAIN_CFG.bak"
    192 
    193   # backup old samhainrc config file
    194   mv "$SAMHAIN_CFG" "$SAMHAIN_CFG.bak"
    195 
    196   # write new samhainrc config file
    197   echo "$new_cfg" > "$SAMHAIN_CFG"
    198 
    199   echo "Successfully updated kernel system addresses."
    200   echo
    201 }
    202 
    203 
    204 #------------------------------------------------------------------------------
    205 # print samhain required system adresses
    206 #------------------------------------------------------------------------------
    207 function print_system_addresses() {
    208 
    209   echo
    210   echo "your kernel system addresses from: `basename $SYSTEM_MAP`"
    211   echo
    212   echo "  KernelSystemCall     = $SYS_CALL"
    213   echo "  KernelSyscallTable   = $SYS_CALL_TABLE"
    214   echo "  KernelProcRoot       = $PROC_ROOT"
    215   echo "  KernelProcRootIops   = $PROC_ROOT_IOPS"
    216   echo "  KernelProcRootLookup = $PROC_ROOT_LOOKUP"
    217   echo
    218 
    219 }
    220 
    221 if [ $# -eq 0 ] ; then
    222   print_usage
     235  case "$option" in
     236      -*=*)
     237          optarg=`echo "$option" | sed 's/[-_a-zA-Z0-9]*=//'`
     238          ;;
     239      *)
     240          optarg=
     241          ;;
     242  esac
     243
     244  case "$option" in
     245
     246      -h|--help)
     247          showhelp
     248          exit 0
     249          ;;
     250
     251      -n|--nocolor)
     252          ;;
     253
     254      -c|--config-file)
     255          opt_prev=cfgfile
     256          ;;
     257
     258      -c=* | --config-file=*)
     259          cfgfile="$optarg"
     260          ;;
     261
     262      -p|--print-only)
     263          opt_prev=sysmap
     264          action=p
     265          ;;
     266
     267
     268      -p=* | --print-only=*)
     269          sysmap="$optarg"
     270          action=p
     271          ;;
     272   
     273      -u|--update)
     274          opt_prev=sysmap
     275          action=u
     276          ;;
     277
     278      -u=* | --update=*)
     279          sysmap="$optarg"
     280          action=u
     281          ;;
     282
     283  esac
     284
     285done
     286
     287if [ x"$action" = xp ]; then
     288    run_print
     289    exit 0
    223290fi
    224 
    225 parse_cmd_line $*
    226 
    227 exit 0
     291if [ x"$action" = xu ]; then
     292    run_update
     293    exit 0
     294fi
     295
     296showhelp
     297exit 1
  • /trunk/src/make-tests.sh

    r20 r30  
    4949    CuSuiteDetails(suite, output);
    5050    if (suite->failCount > 0)
    51       fprintf(stderr, "%s\n", output->buffer);
     51      fprintf(stderr, "%s%c", output->buffer, 0x0A);
    5252    else
    53       fprintf(stdout, "%s\n", output->buffer);
     53      fprintf(stdout, "%s%c", output->buffer, 0x0A);
    5454    return suite->failCount;
    5555}
  • /trunk/src/samhain.c

    r20 r30  
    382382   */
    383383  (void) sl_strlcpy (sh.host.name,  _("localhost"),  SH_MINIBUF);
    384   sh.host.system[0]     = '\0';
     384  sh.host.system[0]     = '\0'; /* flawfinder: ignore *//* ff bug */
    385385  sh.host.release[0]    = '\0';
    386386  sh.host.machine[0]    = '\0';
     
    582582  skey->mailkey_old[0]  = '\0';
    583583  skey->mailkey_new[0]  = '\0';
    584   skey->crypt[0]        = '\0';
     584  skey->crypt[0]        = '\0'; /* flawfinder: ignore *//* ff bug */
    585585  skey->session[0]      = '\0';
    586586  skey->vernam[0]       = '\0';
     
    725725  char         exef[128];
    726726
     727  if (!pidlist)
     728    return NULL;
     729
    727730  for (i = 0; i < 65535; ++i) pidlist[i] = 0;
    728731  i = 0;
    729732
    730733  if (0 != stat(SH_INSTALL_PATH, &buf))
    731     return NULL;
     734    {
     735      free(pidlist);
     736      return NULL;
     737    }
    732738
    733739  ino = (long) buf.st_ino;
    734740   
    735741  if (NULL == (dp = opendir("/proc")))
    736     return NULL;
     742    {
     743      free(pidlist);
     744      return NULL;
     745    }
    737746  while (NULL != (d = readdir(dp)) && i < 65535)
    738747    {
     
    860869
    861870
    862   fullpath = malloc(strlen(SH_INSTALL_PATH)+1);
     871  fullpath = strdup (SH_INSTALL_PATH);
    863872  if (fullpath == NULL)
    864     { perror(_("malloc")); exit (1); }
    865   else
    866     strcpy(fullpath, SH_INSTALL_PATH);                 /* known to fit  */
    867 
    868   argp[0] = malloc(strlen(SH_INSTALL_PATH)+1);
     873    { perror(_("strdup")); exit (1); }
     874
     875  argp[0]  = strdup (SH_INSTALL_PATH);
    869876  if (argp[0] == NULL)
    870     { perror(_("malloc")); exit (1); }
    871   else
    872     strcpy(argp[0], SH_INSTALL_PATH);                  /* known to fit  */
    873 
     877    { perror(_("strdup")); exit (1); }
    874878
    875879  for (times = 1; times < 32; ++times)  argp[times] = NULL;
     
    879883  for (times = 2; times < res; ++times) 
    880884    {
    881       argp[times-1] = malloc(strlen(argv[times])+1);
     885      argp[times-1] = strdup (argv[times]);
    882886      if (argp[times-1] == NULL)
    883         { perror(_("malloc")); exit (1); }
    884       else
    885         strcpy(argp[times-1], argv[times]);              /* known to fit  */
     887        { perror(_("strdup")); exit (1); }
    886888    }
    887889
     
    903905            _exit(4);
    904906          }
    905         (void) execv(fullpath, argp);
     907        (void) execv(fullpath, argp); /* flawfinder: ignore *//* wtf? */
    906908        if (errno == EPERM)
    907909          _exit(4);
     
    941943      pidlist = procdirSamhain ();
    942944      if (pid == 0 && NULL == pidlist) /* pid file not found */
    943         return (0);
     945        {
     946          free(fullpath);
     947          return (0);
     948        }
    944949         
    945950      status = 0;
     
    956961            }
    957962        }
     963      free(fullpath);
    958964      if (status == 7)
    959965        return 0;
     
    992998        }
    993999    }
    994 
     1000  free(fullpath); /* silence smatch false positive */
    9951001  exit (1); /* no exit handler installed yet */
    9961002  /*@notreached@*/
     
    10221028/* Add a new schedule to the linked list of schedules
    10231029 */
    1024 static sh_schedule_t * sh_set_schedule_int (char * str,
     1030static sh_schedule_t * sh_set_schedule_int (const char * str,
    10251031                                            sh_schedule_t * FileSchedIn,
    10261032                                            /*@out@*/ int * status)
     
    10521058/* Add a new schedule to the linked list FileSchedOne
    10531059 */
    1054 int sh_set_schedule_one (char * str)
     1060int sh_set_schedule_one (const char * str)
    10551061{
    10561062  int status;
     
    10611067/* Add a new schedule to the linked list FileSchedTwo
    10621068 */
    1063 int sh_set_schedule_two (char * str)
     1069int sh_set_schedule_two (const char * str)
    10641070{
    10651071  int status;
     
    12141220  /* Save the timezone.
    12151221   */
    1216   if ((tzptr = getenv("TZ")) != NULL)
     1222  if (NULL != (tzptr = getenv("TZ"))) /* flawfinder: ignore */
    12171223    {
    12181224      tzlen       = strlen(tzptr);
    1219        sh.timezone = malloc (tzlen + 1);
    1220       if (sh.timezone != NULL)
    1221          (void) sl_strlcpy (sh.timezone, tzptr, tzlen + 1);
     1225      if (tzlen < 1024)
     1226        {
     1227          sh.timezone = malloc (tzlen + 1);
     1228          if (sh.timezone != NULL)
     1229            (void) sl_strlcpy (sh.timezone, tzptr, tzlen + 1);
     1230        }
     1231      else
     1232        sh.timezone = NULL;
    12221233    }
    12231234  else
     
    17841795      /* see whether its time to check files
    17851796       */
    1786       if      (sh.flag.checkSum == SH_CHECK_INIT)
     1797      if      (sh.flag.checkSum == SH_CHECK_INIT ||
     1798               (sh.flag.checkSum == SH_CHECK_CHECK &&
     1799                (sh.flag.isdaemon == S_FALSE && sh.flag.loop == S_FALSE)))
    17871800        {
    17881801          flag_check_1 = 1;
  • /trunk/src/samhain_setpwd.c

    r20 r30  
    11#include "config_xor.h"
    2 
    3 #ifdef HAVE_BROKEN_INCLUDES
    4 #define _ANSI_C_SOURCE
    5 #define _POSIX_SOURCE
    6 #endif
    72
    83#include <stdio.h>
     
    138#include <unistd.h>
    149#include <sys/types.h>
     10#include <sys/wait.h>
    1511#include <sys/stat.h>
    1612#include <fcntl.h>
     13#include <errno.h>
     14#include <sys/time.h>
    1715#include <time.h>
    1816
     17#if defined(HAVE_SCHED_H) && defined(HAVE_SCHED_YIELD)
     18#include <sched.h>
     19#endif
     20
     21#if defined(HAVE_INT_32)
     22typedef unsigned int UINT32;
     23#elif defined(HAVE_LONG_32)
     24typedef unsigned long UINT32;
     25#elif defined(HAVE_SHORT_32)
     26typedef unsigned short UINT32;
     27#endif
     28
     29#define TAUS_MAX 4294967295UL
     30
     31static UINT32 taus_state[3];
     32
     33static UINT32 taus_get ()
     34{
     35
     36#define TAUSWORTHE(s,a,b,c,d) ((s &c) <<d) ^ (((s <<a) ^s) >>b)
     37  taus_state[0] = TAUSWORTHE (taus_state[0], 13, 19, 4294967294UL, 12);
     38  taus_state[1] = TAUSWORTHE (taus_state[1],  2, 25, 4294967288UL,  4);
     39  taus_state[2] = TAUSWORTHE (taus_state[2],  3, 11, 4294967280UL, 17);
     40  return (taus_state[0] ^ taus_state[1] ^ taus_state[2]);
     41}
     42
     43static void taus_seed ()
     44{
     45  unsigned char buf[12];
     46  unsigned char buf2[12];
     47  unsigned char buf3[12];
     48  ssize_t count;
     49  size_t nbytes = sizeof(buf);
     50  size_t where  = 0;
     51
     52  struct timeval t1, t2;
     53  UINT32 delta, k[3];
     54  int i, j;
     55
     56  int fd = open ("/dev/urandom", O_RDONLY);
     57
     58  if (fd == -1)
     59    {
     60      gettimeofday(&t1, NULL);
     61      delta = t1.tv_usec;
     62      memcpy(&buf[0], &delta, 4);
     63      gettimeofday(&t1, NULL);
     64      delta = t1.tv_usec;
     65      memcpy(&buf[4], &delta, 4);
     66      gettimeofday(&t1, NULL);
     67      delta = t1.tv_usec;
     68      memcpy(&buf[8], &delta, 4);
     69      goto second;
     70    }
     71
     72  while (nbytes) {
     73    count = read(fd, &buf[where], nbytes);
     74    if (count == -1 && errno == EINTR)
     75      continue;
     76    where  += count;
     77    nbytes -= count;
     78  } while (count == -1 && errno == EINTR);
     79
     80  close(fd);
     81
     82 second:
     83  for (i = 0; i < 12; ++i)
     84    {
     85      gettimeofday(&t1, NULL);
     86      if (0 == fork())
     87        _exit(EXIT_SUCCESS);
     88      wait(NULL);
     89      gettimeofday(&t2, NULL);
     90      delta = t2.tv_usec - t1.tv_usec;
     91      buf2[i] = (unsigned char) delta;
     92    }
     93
     94  for (i = 0; i < 12; ++i)
     95    {
     96      gettimeofday(&t1, NULL);
     97      for (j = 0; j < 32768; ++j)
     98        {
     99          if (0 == kill (j,0))
     100            k[i % 3] ^= j;
     101        }
     102      gettimeofday(&t2, NULL);
     103      delta = t2.tv_usec - t1.tv_usec;
     104      buf3[i] ^= (unsigned char) delta;
     105    }
     106
     107  memcpy(&taus_state[0], &buf3[0], 4);
     108  memcpy(&taus_state[1], &buf3[4], 4);
     109  memcpy(&taus_state[2], &buf3[8], 4);
     110
     111  taus_state[0] ^= k[0];
     112  taus_state[1] ^= k[1];
     113  taus_state[2] ^= k[2];
     114 
     115  memcpy(&k[0], &buf2[0], 4);
     116  memcpy(&k[1], &buf2[4], 4);
     117  memcpy(&k[2], &buf2[8], 4);
     118
     119  taus_state[0] ^= k[0];
     120  taus_state[1] ^= k[1];
     121  taus_state[2] ^= k[2];
     122 
     123  memcpy(&k[0], &buf[0], 4);
     124  memcpy(&k[1], &buf[4], 4);
     125  memcpy(&k[2], &buf[8], 4);
     126
     127  taus_state[0] ^= k[0];
     128  taus_state[1] ^= k[1];
     129  taus_state[2] ^= k[2];
     130
     131  taus_state[0] |= (UINT32) 0x03;
     132  taus_state[1] |= (UINT32) 0x09;
     133  taus_state[2] |= (UINT32) 0x17;
     134}
    19135
    20136#ifdef SH_STEALTH
     
    112228
    113229  char * newn;
     230  size_t nlen;
    114231  int    oldf;
    115232  int    newf;
     
    196313  (void) umask (0);
    197314
    198   srand(time(NULL) ^ getpid());
     315  taus_seed();
    199316
    200317  bytecount = 0;
     
    206323  oldf = open(argv[1], O_RDONLY);
    207324
    208   newn = (char *) malloc (strlen(argv[1])+strlen(argv[2])+2);
    209   strcpy(newn, argv[1]);
    210   strcat(newn, ".");
    211   strcat(newn, argv[2]);
     325  nlen = strlen(argv[1])+strlen(argv[2])+2;
     326  newn = (char *) malloc (nlen);
     327  strncpy(newn, argv[1], nlen); newn[nlen-1] = '\0';
     328  strncat(newn, ".", nlen);     newn[nlen-1] = '\0';
     329  strncat(newn, argv[2], nlen); newn[nlen-1] = '\0';
    212330  newf = open(newn, O_WRONLY|O_CREAT|O_TRUNC, S_IRWXU);
    213331
     
    265383                      (unsigned char) *found_it);
    266384
    267               ccd = (unsigned char) (256.0 * rand()/(RAND_MAX+1.0));
     385              ccd = (unsigned char) (256.0 * (taus_get()/(TAUS_MAX+1.0)));
    268386              sprintf(&newpwd[i*2], _("%02x"),
    269387                      (unsigned char) ccd);
     
    340458                      (unsigned char) *found_it);
    341459
    342               ccd = (unsigned char) (256.0 * rand()/(RAND_MAX+1.0));
     460              ccd = (unsigned char) (256.0 * taus_get()/(TAUS_MAX+1.0));
    343461              sprintf(&newpwd[i*2], _("%02x"),
    344462                      (unsigned char) ccd);
  • /trunk/src/sh_calls.c

    r20 r30  
    8282/* Set aud functions
    8383 */
    84 int sh_aud_set_functions(char * str_s)
     84int sh_aud_set_functions(const char * str_s)
    8585{
    8686  int i = 0;
  • /trunk/src/sh_database.c

    r20 r30  
    4040#include "sh_error.h"
    4141#include "sh_utils.h"
    42 
    43 extern int safe_logger (int signal, int method, pid_t thepid);
    4442
    4543#undef  FIL__
     
    227225typedef unsigned char uint8;
    228226
    229 typedef struct
    230 {
    231         uint32 h[4];
    232         uint32 data[16];
    233         uint8  offset;
    234         uint32  nblocks;
    235         int  count;
     227typedef struct md5_ctx
     228{
     229  uint32 A;
     230  uint32 B;
     231  uint32 C;
     232  uint32 D;
     233
     234  uint32 total[2];
     235  uint32 buflen;
     236  char buffer[128];
    236237} md5Param;
    237 
    238238
    239239
     
    253253static int  sh_persistent_dbconn = S_TRUE;
    254254
    255 int sh_database_use_persistent (char * str)
     255int sh_database_use_persistent (const char * str)
    256256{
    257257  return sh_util_flagval (str, &sh_persistent_dbconn);
    258258}
    259259
    260 static int insert_value (char * ptr, char * str)
     260static int insert_value (char * ptr, const char * str)
    261261{
    262262  if (!ptr || !str)
     
    276276 
    277277
    278 int sh_database_set_database (char * str)
     278int sh_database_set_database (const char * str)
    279279{
    280280  return insert_value (db_name, str);
    281281}
    282 int sh_database_set_table (char * str)
     282int sh_database_set_table (const char * str)
    283283{
    284284  return insert_value (db_table, str);
    285285}
    286 int sh_database_set_host (char * str)
     286int sh_database_set_host (const char * str)
    287287{
    288288  return insert_value (db_host, str);
    289289}
    290 int sh_database_set_user (char * str)
     290int sh_database_set_user (const char * str)
    291291{
    292292  return insert_value (db_user, str);
    293293}
    294 int sh_database_set_password (char * str)
     294int sh_database_set_password (const char * str)
    295295{
    296296  return insert_value (db_password, str);
     
    568568 oracle_doconnect:
    569569
    570   if (!getenv("ORACLE_HOME"))
     570  if (!getenv("ORACLE_HOME")) /* flawfinder: ignore */
    571571    {
    572572      sh_error_handle((-1), FIL__, __LINE__, 0, MSG_E_SUBGEN,
     
    11941194        }
    11951195    }
    1196 #if 0
    1197   /* apparently slower, see gyule.7 */
    1198   len = (long) strlen(val);
    1199 
    1200   if ((val[0] != '\0') && (*size > 2))
    1201     {
    1202       if (flag == 1)
    1203         {
    1204           *end = ',';  ++end;
    1205           *end = '\''; ++end; (*size) -= 2;
    1206           *end = '\0';
    1207        
    1208           if ((long) *size > (len+2))
    1209             {
    1210               (void) sl_strlcat(end, val, (size_t) *size);
    1211               end   += len; (*size) -= len;
    1212               *end = '\''; ++end;  (*size) -= 1;
    1213             }
    1214           *end = '\0';
    1215         }
    1216       else
    1217         {
    1218           *end = ',';  ++end; (*size) -= 1;
    1219           *end = '\0';
    1220        
    1221           if ((long) *size > (len+1))
    1222             {
    1223               (void) sl_strlcat(end, val, (size_t) *size);
    1224               end   += len; (*size) -= len;
    1225             }
    1226           *end = '\0';
    1227         }
    1228     }
    1229 #endif
     1196
    12301197  return end;
    12311198}
     
    14821449}
    14831450
    1484 int sh_database_add_to_hash  (char * str)
     1451int sh_database_add_to_hash  (const char * str)
    14851452{
    14861453  int i;
     
    16921659static int enter_wrapper = 1;
    16931660
    1694 int set_enter_wrapper (char * str)
     1661int set_enter_wrapper (const char * str)
    16951662{
    16961663  return sh_util_flagval(str, &enter_wrapper);
    16971664}
    16981665
     1666/* recursively enter linked list of messages into database, last first
     1667 */
     1668int sh_database_insert_rec (dbins * curr, unsigned int depth)
     1669{
     1670  long    id = 0;
     1671  dbins * prev;
     1672
     1673  SL_ENTER(_("sh_database_insert_rec"));
     1674
     1675  if (curr->next)
     1676    {
     1677      prev = curr->next;
     1678      sl_strlcpy(prev->host, curr->host, 64);
     1679      id = sh_database_insert_rec (curr->next, (depth + 1));
     1680    }
     1681
     1682  if (id != 0)                       /* this is a server wrapper          */
     1683    {
     1684      if (enter_wrapper != 0)
     1685        {
     1686          id = sh_database_entry (curr, id);
     1687        }
     1688    }
     1689  else
     1690    {
     1691      /*
     1692       * id = -1 is the client message; log_ref will be NULL
     1693       */
     1694      if (depth > 0)                  /* this is a client message         */
     1695        id = sh_database_entry (curr, -1);
     1696      else                            /* this is a generic server message */
     1697        id = sh_database_entry (curr, 0);
     1698    }
     1699
     1700  SH_FREE(curr);
     1701
     1702  SL_RETURN(id, _("sh_database_insert"));
     1703}
     1704
    16991705int sh_database_insert (char * message)
    17001706{
    17011707  dbins * db_entry;
    1702   dbins * prev;
    1703   dbins * curr;
    1704   long    id = 0;
    1705 #ifdef HOST_SWITCH
    1706   char  * temp[64];
    1707 #endif
    17081708
    17091709  SL_ENTER(_("sh_database_insert"));
     
    17161716  (void) sh_database_parse (message, db_entry);
    17171717
    1718   /* Enter the list into the database. Actually, the list can only have
    1719    * two entries at most.
    1720    */
    1721   curr = db_entry;
    1722   if (curr->next)
    1723     {
    1724       prev = curr->next;
    1725 #ifdef HOST_SWITCH
    1726       strncpy(temp, prev->host,       64);
     1718  /* recursively enter the linked list into the database
     1719   */
     1720  (void) sh_database_insert_rec (db_entry, 0);
     1721
     1722  SL_RETURN(0, _("sh_database_insert"));
     1723}
     1724
    17271725#endif
    1728       strncpy(prev->host, curr->host, 64);
    1729 #ifdef HOST_SWITCH
    1730       strncpy(curr->host, temp,       64);
    1731 #endif
    1732       id = sh_database_entry (prev, -1);
    1733       SH_FREE(prev);
    1734     }
    1735 
    1736   if (id != 0)                       /* this is a server wrapper          */
    1737     {
    1738       if (enter_wrapper != 0)
    1739         (void) sh_database_entry (curr, id);
    1740     }
    1741   else                                /* this is a generic server message */
    1742     {
    1743       (void) sh_database_entry (curr, 0);
    1744     }
    1745   SH_FREE(curr);
    1746 
    1747   SL_RETURN(0, _("sh_database_insert"));
    1748 }
    1749 
    1750 #endif
  • /trunk/src/sh_entropy.c

    r20 r30  
    170170        memset( &addr, 0, sizeof(addr) );
    171171        addr.sun_family = AF_UNIX;
    172         strcpy( addr.sun_path, name );              /* known to fit  */
     172        sl_strlcpy( addr.sun_path, name, sizeof(addr.sun_path) );
    173173        addr_len = offsetof( struct sockaddr_un, sun_path )
    174174                   + strlen( addr.sun_path );
     
    478478static
    479479char   * com_path[] = {
     480  N_("/usr/bin/xpg4/"),
    480481  N_("/usr/ucb/"),
    481482  N_("/bin/"),
     
    570571  char * arg[4];
    571572  char * envp[2];
     573  size_t len;
    572574
    573575  SL_ENTER(_("sh_popen"));
     
    580582  if (sh.timezone != NULL)
    581583    {
    582       envp[0] = malloc (sl_strlen(sh.timezone) + 4);     /* free() ok     */
     584      len = sl_strlen(sh.timezone) + 4;
     585      envp[0] = malloc (len);     /* free() ok     */
    583586      if (envp[0] != NULL)
    584         sprintf (envp[0], "TZ=%s", sh.timezone);         /* known to fit  */
     587        sl_snprintf (envp[0], len, "TZ=%s", sh.timezone);
    585588      else
    586589        envp[0] = NULL;
     
    778781        sl_strlcat(combuf, _(source[i].command), 80);
    779782
     783        /* flawfinder: ignore */
    780784        if ( access (combuf, X_OK) == 0)
    781785          {
  • /trunk/src/sh_err_console.c

    r20 r30  
    112112/* Enable the message queue
    113113 */
    114 int enable_msgq(char * foo)
     114int enable_msgq(const char * foo)
    115115{
    116116  int i;
     
    234234/* ---- Set the console device. ----
    235235 */
    236 int sh_log_set_console (char * address)
     236int sh_log_set_console (const char * address)
    237237{
    238238  SL_ENTER(_("sh_log_set_console"));
  • /trunk/src/sh_err_log.c

    r20 r30  
    604604  char            sigkey_old[KEY_LEN+1];
    605605  char            sigkey_new[KEY_LEN+1];
    606   char            crypt[KEY_LEN+1];
     606  char            crypto[KEY_LEN+1];
    607607  struct  lfstc * next;
    608608} open_logfile;
     
    613613
    614614#ifdef SH_WITH_SERVER
    615 int set_flag_sep_log (char * str)
     615int set_flag_sep_log (const char * str)
    616616{
    617617  return sh_util_flagval(str, &flag_sep_log);
     
    642642  char               * sigkey_new;
    643643  char               * sigkey_old;
    644   char               * crypt;
     644  char               * crypto;
    645645
    646646  SL_ENTER(_("sh_log_file"));
     
    734734      memset(current->sigkey_old, (int)'\0', KEY_LEN+1);
    735735      memset(current->sigkey_new, (int)'\0', KEY_LEN+1);
    736       memset(current->crypt,      (int)'\0', KEY_LEN+1);
     736      memset(current->crypto,     (int)'\0', KEY_LEN+1);
    737737      current->next            = logfile_list;
    738738      logfile_list             = current;
     
    841841      sigkey_old = current->sigkey_old;
    842842      sigkey_new = current->sigkey_new;
    843       crypt      = current->crypt;
     843      crypto     = current->crypto;
    844844    }
    845845  else
     
    847847      sigkey_old = skey->sigkey_old;
    848848      sigkey_new = skey->sigkey_new;
    849       crypt      = skey->crypt;
     849      crypto     = skey->crypt;      /* flawfinder: ignore */
    850850    }
    851851
     
    869869      /* Copy it to 'crypt' for encryption.
    870870       */
    871       (void) sl_strlcpy(crypt, sigkey_new, KEY_LEN+1);
     871      (void) sl_strlcpy(crypto, sigkey_new, KEY_LEN+1);
    872872
    873873      /* Use message and compiled-in key to encrypt.
    874874       */
    875875      BREAKEXIT(sh_util_encode);
    876       sh_util_encode(crypt, log_msg.msg, 0, 'B');
     876      sh_util_encode(crypto, log_msg.msg, 0, 'B');
    877877
    878878      /* Send out the key.
     
    900900
    901901      sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_START_KEY_MAIL,
    902                        sh.prg_name, crypt,
    903                        crypt, log_msg.timestamp);
     902                       sh.prg_name, crypto,
     903                       crypto, log_msg.timestamp);
    904904
    905905      /* send to other allowed channels
     
    913913
    914914      sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_START_KEY,
    915                        sh.prg_name, crypt);
     915                       sh.prg_name, crypto);
    916916
    917917      /* Cleanup.
     
    926926
    927927
    928       memset (crypt, (int) '\0', KEY_LEN);
     928      memset (crypto, (int) '\0', KEY_LEN);
    929929      sh.flag.log_start    = S_FALSE; 
    930930      current->log_start   = S_FALSE;
     
    949949  (void) sl_strlcpy (sigkey_old, sigkey_new, KEY_LEN+1);
    950950
    951   /*@-bufferoverflowhigh -usedef@*/
     951  /*@-usedef@*/
    952952#ifdef SH_USE_XML
    953953  if (log_msg.timestamp[0] != '\0')
    954     sprintf(log_msg.sig,                            /* known to fit  */
     954    sl_snprintf(log_msg.sig, sizeof(log_msg.sig),
    955955#ifdef FIX_XML
    956             _("\n<sig>%s%s</sig></log>\n"),          /* <sig> FIX XML */
    957 #else
    958             _("\nsig>%s%s</sig></log>\n"),          /* <sig> FIX XML */
    959 #endif
    960             log_msg.signature, log_msg.timestamp);
     956                _("\n<sig>%s%s</sig></log>\n"),          /* <sig> FIX XML */
     957#else
     958                _("\nsig>%s%s</sig></log>\n"),          /* <sig> FIX XML */
     959#endif
     960                log_msg.signature, log_msg.timestamp);
    961961  else
    962     sprintf(log_msg.sig,                            /* known to fit  */
     962    sl_snprintf(log_msg.sig, sizeof(log_msg.sig),
    963963#ifdef FIX_XML
    964             _("\n<sig>%s</sig></log>\n"),            /* <sig> FIX XML */
    965 #else
    966             _("\nsig>%s</sig></log>\n"),            /* <sig> FIX XML */
    967 #endif
    968             log_msg.signature);
    969   /*@+bufferoverflowhigh +usedef@*/
     964                _("\n<sig>%s</sig></log>\n"),            /* <sig> FIX XML */
     965#else
     966                _("\nsig>%s</sig></log>\n"),            /* <sig> FIX XML */
     967#endif
     968                log_msg.signature);
     969  /*@+usedef@*/
    970970
    971971#ifdef SH_STEALTH
  • /trunk/src/sh_err_syslog.c

    r20 r30  
    110110/* set syslog facility
    111111 */
    112 int  sh_log_set_facility (char * c)
     112int  sh_log_set_facility (const char * c)
    113113{
    114114  int loop = 0;
  • /trunk/src/sh_error.c

    r20 r30  
    102102/* convert a string to a numeric priority
    103103 */
    104 int sh_error_convert_level (char * str_s);
     104int sh_error_convert_level (const char * str_s);
    105105
    106106static int  IsInitialized = BAD;
     
    219219}
    220220
    221 static int sh_error_set_classmask (/*@notnull@*/char * c, int * facility_mask)
     221static int sh_error_set_classmask (const char * str, int * facility_mask)
    222222{
    223223  char * p;
     
    225225  unsigned int    i;
    226226  size_t len;
     227  char * c;
    227228
    228229  SL_ENTER(_("sh_error_set_classmask"));
    229230 
    230   if (c == NULL)
     231  if (str == NULL)
    231232    SL_RETURN( -1, _("sh_error_set_classmask"));
    232233
     
    234235    (void) sh_error_init();
    235236
    236   if (c[0] == (char) 34)
    237     ++c;
    238   len = strlen(c);
     237  if (str[0] == (char) 34)
     238    ++str;
     239  len = strlen(str);
     240
     241  c = SH_ALLOC(len+1);
     242  sl_strlcpy(c, str, len+1);
     243
    239244  if (c[len-1] == (char) 34)
    240245    c[len-1] = '\0';
     
    273278  } while (p);
    274279
     280  SH_FREE(c);
    275281  SL_RETURN( 0, _("sh_error_set_classmask"));
    276282}
    277283
    278 int sh_error_log_mask (char * c)
     284int sh_error_log_mask (const char * c)
    279285{
    280286  return (sh_error_set_classmask(c, &(errFlags.log_class)));
    281287}
    282 int sh_error_mail_mask (char * c)
     288int sh_error_mail_mask (const char * c)
    283289{
    284290  return (sh_error_set_classmask(c, &(errFlags.mail_class)));
    285291}
    286 int sh_error_print_mask (char * c)
     292int sh_error_print_mask (const char * c)
    287293{
    288294  return (sh_error_set_classmask(c, &(errFlags.print_class)));
    289295}
    290 int sh_error_export_mask (char * c)
     296int sh_error_export_mask (const char * c)
    291297{
    292298  return (sh_error_set_classmask(c, &(errFlags.export_class)));
    293299}
    294 int sh_error_syslog_mask (char * c)
     300int sh_error_syslog_mask (const char * c)
    295301{
    296302  return (sh_error_set_classmask(c, &(errFlags.syslog_class)));
    297303}
    298 int sh_error_external_mask (char * c)
     304int sh_error_external_mask (const char * c)
    299305{
    300306  return (sh_error_set_classmask(c, &(errFlags.external_class)));
    301307}
    302 int sh_error_database_mask (char * c)
     308int sh_error_database_mask (const char * c)
    303309{
    304310  return (sh_error_set_classmask(c, &(errFlags.database_class)));
    305311}
    306 int sh_error_prelude_mask (char * c)
     312int sh_error_prelude_mask (const char * c)
    307313{
    308314  return (sh_error_set_classmask(c, &(errFlags.prelude_class)));
     
    446452};
    447453
    448 int sh_error_convert_level (char * str_s)
     454int sh_error_convert_level (const char * str_s)
    449455{
    450456  int i;
     
    472478/* --- Set severity levels. ---
    473479 */
    474 int sh_error_set_iv (int iv, char *  str_s)
     480int sh_error_set_iv (int iv, const char *  str_s)
    475481{
    476482  int level = (-1);
     
    633639}
    634640
    635 #ifdef SH_WITH_CLIENT
     641#if defined(SH_WITH_CLIENT) || defined(SH_WITH_SERVER)
    636642/* set severity for TCP export
    637643 */
     
    837843#endif
    838844
    839 #ifdef SH_WITH_CLIENT
     845#if defined(SH_WITH_CLIENT) || defined(SH_WITH_SERVER)
    840846  char   * ex_msg;
    841847#endif
     
    856862  static int syslog_block = 0;
    857863  static int log_block    = 0;
    858 #if defined(SH_WITH_CLIENT)
     864#if defined(SH_WITH_CLIENT) || defined(SH_WITH_SERVER)
    859865  static int export_block = 0;
    860866#endif
     
    920926    severity = sev;
    921927
     928  /* these are messages from remote sources
     929   */
    922930  if ((severity  & SH_ERR_INET) != 0)
    923931    {
     
    933941       ( (errFlags.sysloglevel  & severity    ) == 0 ||
    934942         (errFlags.syslog_class & (1 << class)) == 0 )     &&
    935 #ifdef SH_WITH_CLIENT
     943#if defined(SH_WITH_CLIENT) || defined(SH_WITH_CLIENT)
    936944       ( (errFlags.exportlevel  & severity    ) == 0 ||
    937945         (errFlags.export_class & (1 << class)) == 0 )     &&
     
    952960         (errFlags.mail_class    & (1 << class)) == 0 )
    953961#ifdef SH_WITH_SERVER
    954       && (flag_inet == S_FALSE)
     962       && (flag_inet == S_FALSE) /* still log messages from remote sources */
    955963#endif
    956964       )
     
    11131121       * to log server
    11141122       ****************************************************/
    1115 #ifdef SH_WITH_CLIENT
     1123#if defined(SH_WITH_CLIENT) || defined(SH_WITH_SERVER)
    11161124      /* Export by TCP.
    11171125       */
    1118       if ((errFlags.exportlevel  & severity  )   != 0 &&
    1119           (errFlags.export_class & (1 << class)) != 0 &&
    1120           (errFlags.exportlevel  & SH_ERR_NOT)   == 0 &&
    1121           class != AUD                                &&
    1122           sh.flag.isserver != GOOD                    &&
    1123           (flag_inet == S_FALSE) ) /* don't log inet to export */
     1126
     1127      if ( ((errFlags.exportlevel  & severity  )   != 0 &&
     1128            (errFlags.export_class & (1 << class)) != 0 &&
     1129            (errFlags.exportlevel  & SH_ERR_NOT)   == 0 &&
     1130            class != AUD                               )
     1131#ifdef SH_WITH_SERVER
     1132           || (flag_inet == S_TRUE) /* always log inet to export */
     1133#endif
     1134          /* sh.flag.isserver != GOOD                    && */
     1135          /* (flag_inet == S_FALSE) */ /* don't log inet to export */
     1136           )
    11241137        {
    11251138          if (export_block == 0)
    11261139            {
    11271140              int retval;
     1141              size_t ex_len;
    11281142
    11291143              /* will truncate to 65280 bytes
    11301144               */
    11311145              export_block = 1;
    1132               ex_msg = SH_ALLOC (64 + sl_strlen(lmsg->msg) + 1);
    1133               /*@-bufferoverflowhigh@*/
    1134               sprintf(ex_msg, _("%d?%u?%s"),             /* known to fit  */
    1135                            severity, class, lmsg->msg);
    1136               /*@-bufferoverflowhigh@*/
     1146              ex_len = 64 + sl_strlen(lmsg->msg) + 1;
     1147              ex_msg = SH_ALLOC (ex_len);
     1148
     1149              sl_snprintf(ex_msg, ex_len, _("%d?%u?%s"),
     1150                      severity, class, lmsg->msg);
    11371151              retval = sh_forward (ex_msg);
    11381152              SH_FREE(ex_msg);
     
    13061320/* allocate space for user-defined message header
    13071321 */
    1308 int sh_error_ehead (/*@null@*/char * str_s)
     1322int sh_error_ehead (/*@null@*/const char * str_s)
    13091323{
    13101324  size_t size;
    1311   char * s;
     1325  const char * s;
    13121326
    13131327  SL_ENTER(_("sh_error_ehead"));
     
    13241338 
    13251339  size = /*@i@*/strlen(s);
    1326   if (/*@i@*/s[size-1] == (char) 34) --size;
     1340  if (/*@i@*/s[size-1] == (char) 34) --size; /* truncate */
    13271341
    13281342  if (ehead_format != NULL)
     
    14821496      len      = sl_strlen(lmsg->msg);
    14831497      /*@i@*/required = sl_vsnprintf(&(lmsg->msg[len]),
    1484                               (lmsg->msg_len - len), lmsg->format, vl);
     1498                                     (lmsg->msg_len - len), lmsg->format, vl);
    14851499      if ( (required + len) > (lmsg->msg_len - 4) )
    14861500        {
  • /trunk/src/sh_extern.c

    r20 r30  
    115115  FILE * outf = NULL;
    116116  char * envp[1];
    117   char * argp[1];
     117  char * argp[2];
    118118
    119119  char * errfile;
     
    133133   *         needs a valid *envp[] with envp[0] = NULL;
    134134   *         and similarly for argp
     135   * OpenBSD finally needs non-null argp[0] ...
    135136   */
     137  argp[0] = task->command;
     138  argp[1] = NULL;
    136139  envp[0] = NULL;
    137   argp[0] = NULL;
    138140
    139141  /*
     
    364366             
    365367              PDBGC(5);
    366               sprintf(pname, _("/proc/self/fd/%d"),      /* known to fit  */
    367                            pfd);
    368               if (access(pname, R_OK|X_OK) == 0)
     368              sl_snprintf(pname, sizeof(pname), _("/proc/self/fd/%d"), pfd);
     369              if (access(pname, R_OK|X_OK) == 0) /* flawfinder: ignore */
    369370                {
    370371                  PDBGC(6);
     
    402403           * --  execute path if executable
    403404           */
    404           if (0 == access(task->command, R_OK|X_OK))
     405          if (0 == access(task->command, R_OK|X_OK)) /* flawfinder: ignore */
    405406            {
    406407              PDBGC(5);
     
    544545              task->exit_status = WEXITSTATUS(task->exit_status);
    545546              if ((flag_err_debug == SL_TRUE) || (task->exit_status != 0))
    546                 sprintf(infomsg,                         /* known to fit  */
    547                         _("Subprocess exited normally with status %d"),
    548                         task->exit_status);
     547                sl_snprintf(infomsg, sizeof(infomsg),
     548                            _("Subprocess exited normally with status %d"),
     549                            task->exit_status);
    549550            }
    550551          else if (WIFSIGNALED(task->exit_status) != 0)
    551552            {
    552               sprintf(infomsg,                           /* known to fit  */
    553                       _("Subprocess terminated by signal %d"),
    554                       WTERMSIG(task->exit_status));
     553              sl_snprintf(infomsg, sizeof(infomsg),
     554                          _("Subprocess terminated by signal %d"),
     555                          WTERMSIG(task->exit_status));
    555556              task->exit_status = EXIT_FAILURE;
    556557            }
    557558          else if (WIFSTOPPED(task->exit_status) != 0)
    558559            {
    559               sprintf(infomsg,                           /* known to fit  */
    560                       _("Subprocess stopped by signal %d, killing"),
    561                       WSTOPSIG(task->exit_status));
     560              sl_snprintf(infomsg, sizeof(infomsg),
     561                          _("Subprocess stopped by signal %d, killing"),
     562                          WSTOPSIG(task->exit_status));
    562563              task->exit_status = EXIT_FAILURE;
    563564              (void) aud_kill (FIL__, __LINE__, task->pid, 9);
     
    567568          else
    568569            {
    569               sprintf(infomsg,                           /* known to fit  */
    570                       _("Subprocess exit status unknown"));
     570              sl_snprintf(infomsg, sizeof(infomsg),
     571                          _("Subprocess exit status unknown"));
    571572              task->exit_status = EXIT_FAILURE;
    572573            }
     
    581582            }
    582583          (void) aud_kill (FIL__, __LINE__, task->pid, 9);
    583           sprintf(infomsg,                               /* known to fit  */
    584                   _("Subprocess not yet exited, killing"));
     584          sl_snprintf(infomsg, sizeof(infomsg),
     585                      _("Subprocess not yet exited, killing"));
    585586          task->exit_status = EXIT_FAILURE;
    586587          (void) waitpid (task->pid, NULL, 0);
     
    588589      else
    589590        {
    590           sprintf(infomsg,                               /* known to fit  */
    591                   _("Waitpid returned error %d\n"), errno);
     591          sl_snprintf(infomsg, sizeof(infomsg),
     592                      _("Waitpid returned error %d\n"), errno);
    592593          task->exit_status = EXIT_FAILURE;
    593594        }
     
    646647
    647648
    648 int sh_ext_tas_add_envv(sh_tas_t * tas, char * key, char * val)
     649int sh_ext_tas_add_envv(sh_tas_t * tas, const char * key, const char * val)
    649650{
    650651  size_t sk = 0, sv = 0;
     
    697698}
    698699
    699 int sh_ext_tas_add_argv(sh_tas_t * tas, char * val)
     700int sh_ext_tas_add_argv(sh_tas_t * tas, const char * val)
    700701{
    701702  size_t sv = 0;
     
    722723}
    723724
    724 void sh_ext_tas_command(sh_tas_t * tas, char * command)
     725void sh_ext_tas_command(sh_tas_t * tas, const char * command)
    725726{
    726727  size_t len = sl_strlen(command);
     
    842843
    843844static
    844 int sh_ext_add_envv(char * key, char * val)
     845int sh_ext_add_envv(const char * key, const char * val)
    845846{
    846847  SL_ENTER(_("sh_ext_add_envv"));
     
    861862
    862863static
    863 int sh_ext_init(char * command)
     864int sh_ext_init(const char * command)
    864865{
    865866  sh_com_t * retval;
     
    896897
    897898static
    898 int sh_ext_uid (char * user, /*@out@*/uid_t * uid, /*@out@*/gid_t * gid)
     899int sh_ext_uid (const char * user, /*@out@*/uid_t * uid, /*@out@*/gid_t * gid)
    899900{
    900901  struct passwd * tempres;
     
    922923
    923924static
    924 int sh_ext_add (char * argstring, int * ntok, char * stok[])
     925int sh_ext_add (const char * argstring, int * ntok, char * stok[])
    925926{
    926927  int    i = 0;
    927928  size_t s;
    928929  char * p;
     930  char * new;
     931  size_t len;
    929932
    930933  SL_ENTER(_("sh_ext_add"));
     
    935938    }
    936939
     940  len = strlen(argstring) + 1;
     941  new = SH_ALLOC(len);
     942  sl_strlcpy(new, argstring, len);
     943
    937944  do
    938945    {
    939946      if (i == 0)
    940         p = strtok (argstring, ", \t");
     947        p = strtok (new, ", \t");
    941948      else
    942949        p = strtok (NULL, ", \t");
     
    957964
    958965  *ntok = i;
     966  SH_FREE(new);
    959967
    960968  SL_RETURN (0, _("sh_ext_add"));
     
    971979 * -- start a new external command, and add it to the list
    972980 */
    973 int sh_ext_setcommand(char * cmd)
     981int sh_ext_setcommand(const char * cmd)
    974982{
    975983  int i;
     
    10181026 * -- add keywords to the OR filter
    10191027 */
    1020 int sh_ext_add_or (char * str)
     1028int sh_ext_add_or (const char * str)
    10211029{
    10221030  if (ext_coms == NULL || ext_failed == (-1))
     
    10281036 * -- add keywords to the AND filter
    10291037 */
    1030 int sh_ext_add_and (char * str)
     1038int sh_ext_add_and (const char * str)
    10311039{
    10321040  if (ext_coms == NULL || ext_failed == (-1))
     
    10381046 * -- add keywords to the NOT filter
    10391047 */
    1040 int sh_ext_add_not (char * str)
     1048int sh_ext_add_not (const char * str)
    10411049{
    10421050  if (ext_coms == NULL || ext_failed == (-1))
     
    10481056 * -- add keywords to the CL argument list
    10491057 */
    1050 int sh_ext_add_argv (char * str)
     1058int sh_ext_add_argv (const char * str)
    10511059{
    10521060  if (ext_coms == NULL || ext_failed == (-1))
     
    10581066 * -- add a path to the environment
    10591067 */
    1060 int sh_ext_add_default (char * dummy)
    1061 {
    1062   /* while this assignment looks ridiculous, it is here to avoid
    1063    * an 'unused parameter' warning
    1064    */
    1065   char * p = (dummy == NULL ? dummy : NULL);
     1068int sh_ext_add_default (const char * dummy)
     1069{
     1070  (void) dummy;
     1071  char * p = NULL;
    10661072  int    i;
    10671073
     
    10841090 * -- add an environment variable
    10851091 */
    1086 int sh_ext_add_environ (char * str)
     1092int sh_ext_add_environ (const char * str)
    10871093{
    10881094  int i;
     
    10951101 * -- set deadtime
    10961102 */
    1097 int sh_ext_deadtime (char * str)
     1103int sh_ext_deadtime (const char * str)
    10981104{
    10991105  long    deadtime = 0;
     
    11191125 * -- define type
    11201126 */
    1121 int sh_ext_type (char * str)
     1127int sh_ext_type (const char * str)
    11221128{
    11231129  SL_ENTER(_("sh_ext_type"));
     
    11541160 * -- define checksum
    11551161 */
    1156 int sh_ext_checksum (char * str)
     1162int sh_ext_checksum (const char * str)
    11571163{
    11581164  SL_ENTER(_("sh_ext_checksum"));
     
    11751181 * -- choose privileges
    11761182 */
    1177 int sh_ext_priv (char * c)
     1183int sh_ext_priv (const char * c)
    11781184{
    11791185
  • /trunk/src/sh_fifo.c

    r20 r30  
    8787    }
    8888
    89   strcpy (item->data, indat);                   /* known to fit  */
     89  sl_strlcpy (item->data, indat, len+1);
    9090  item->data[len] = '\0';
    9191
     
    143143    }
    144144
    145   strcpy (item->data, indat);                          /* known to fit  */
     145  sl_strlcpy (item->data, indat, len+1);
    146146  item->data[len] = '\0';
    147147
     
    195195  len         = sl_strlen(getit->data);
    196196  retval      = SH_ALLOC(len+1);
    197   strcpy (retval, getit->data);                        /* known to fit  */
    198   retval[len] = '\0';
     197  sl_strlcpy (retval, getit->data, len+1);
    199198 
    200199  memset(getit->data, 0, len);
  • /trunk/src/sh_files.c

    r20 r30  
    7272#define FIL__  _("sh_files.c")
    7373
    74 extern int safe_logger (int signal, int method, pid_t thepid);
    75 
    7674extern int flag_err_debug;
    7775extern int flag_err_info;
    7876
    79 int sh_files_reportonce(char * c)
     77int sh_files_reportonce(const char * c)
    8078{
    8179  int i;
     
    8684}
    8785   
    88 int sh_files_fulldetail(char * c)
     86int sh_files_fulldetail(const char * c)
    8987{
    9088  int i;
     
    156154static int        sh_files_fullpath  (char * testdir, char * d_name,
    157155                                      char * statpath);
    158 static int        sh_files_pushdir   (int class, char * str_s);
    159 static int        sh_files_pushfile  (int class, char * str_s);
     156static int        sh_files_pushdir   (int class, const char * str_s);
     157static int        sh_files_pushfile  (int class, const char * str_s);
    160158static int        sh_files_checkdir  (int class, int rdepth, char * dirName,
    161159                                      char * relativeName);
     
    446444
    447445
    448 int sh_files_pushfile_prelink (char * str_s)
     446int sh_files_pushfile_prelink (const char * str_s)
    449447{
    450448  return (sh_files_pushfile (SH_LEVEL_PRELINK, str_s));
    451449}
    452450
    453 int sh_files_pushfile_user0 (char * str_s)
     451int sh_files_pushfile_user0 (const char * str_s)
    454452{
    455453  return (sh_files_pushfile (SH_LEVEL_USER0, str_s));
    456454}
    457455
    458 
    459 int sh_files_pushfile_user1 (char * str_s)
     456int sh_files_pushfile_user1 (const char * str_s)
    460457{
    461458  return (sh_files_pushfile (SH_LEVEL_USER1, str_s));
    462459}
    463460
    464 
    465 int sh_files_pushfile_ro (char * str_s)
     461int sh_files_pushfile_user2 (const char * str_s)
     462{
     463  return (sh_files_pushfile (SH_LEVEL_USER2, str_s));
     464}
     465
     466int sh_files_pushfile_user3 (const char * str_s)
     467{
     468  return (sh_files_pushfile (SH_LEVEL_USER3, str_s));
     469}
     470
     471int sh_files_pushfile_user4 (const char * str_s)
     472{
     473  return (sh_files_pushfile (SH_LEVEL_USER4, str_s));
     474}
     475
     476
     477int sh_files_pushfile_ro (const char * str_s)
    466478{
    467479  return (sh_files_pushfile (SH_LEVEL_READONLY, str_s));
    468480}
    469481
    470 int sh_files_pushfile_attr (char * str_s)
     482int sh_files_pushfile_attr (const char * str_s)
    471483{
    472484  return (sh_files_pushfile (SH_LEVEL_ATTRIBUTES, str_s));
    473485}
    474486
    475 int sh_files_pushfile_log (char * str_s)
     487int sh_files_pushfile_log (const char * str_s)
    476488{
    477489  return (sh_files_pushfile (SH_LEVEL_LOGFILES, str_s));
    478490}
    479491
    480 int sh_files_pushfile_glog (char * str_s)
     492int sh_files_pushfile_glog (const char * str_s)
    481493{
    482494  return (sh_files_pushfile (SH_LEVEL_LOGGROW, str_s));
    483495}
    484496
    485 int sh_files_pushfile_noig (char * str_s)
     497int sh_files_pushfile_noig (const char * str_s)
    486498{
    487499  return (sh_files_pushfile (SH_LEVEL_NOIGNORE, str_s));
    488500}
    489501
    490 int sh_files_pushfile_allig (char * str_s)
     502int sh_files_pushfile_allig (const char * str_s)
    491503{
    492504  return (sh_files_pushfile (SH_LEVEL_ALLIGNORE, str_s));
     
    511523/* set mask(class)
    512524 */
    513 static int sh_files_parse_mask (unsigned long * mask, char * str)
     525static int sh_files_parse_mask (unsigned long * mask, const char * str)
    514526{
    515527  int l, i = 0, act = 0, k = 0;
     
    602614}
    603615
    604 int sh_files_redef_prelink(char * str)
     616int sh_files_redef_prelink(const char * str)
    605617{
    606618  return (sh_files_parse_mask(&mask_PRELINK, str));
    607619}
    608 int sh_files_redef_user0(char * str)
     620int sh_files_redef_user0(const char * str)
    609621{
    610622  return (sh_files_parse_mask(&mask_USER0, str));
    611623}
    612 int sh_files_redef_user1(char * str)
     624int sh_files_redef_user1(const char * str)
    613625{
    614626  return (sh_files_parse_mask(&mask_USER1, str));
    615627}
    616 int sh_files_redef_readonly(char * str)
     628int sh_files_redef_user2(const char * str)
     629{
     630  return (sh_files_parse_mask(&mask_USER2, str));
     631}
     632int sh_files_redef_user3(const char * str)
     633{
     634  return (sh_files_parse_mask(&mask_USER3, str));
     635}
     636int sh_files_redef_user4(const char * str)
     637{
     638  return (sh_files_parse_mask(&mask_USER4, str));
     639}
     640int sh_files_redef_readonly(const char * str)
    617641{
    618642  return (sh_files_parse_mask(&mask_READONLY, str));
    619643}
    620 int sh_files_redef_loggrow(char * str)
     644int sh_files_redef_loggrow(const char * str)
    621645{
    622646  return (sh_files_parse_mask(&mask_LOGGROW, str));
    623647}
    624 int sh_files_redef_logfiles(char * str)
     648int sh_files_redef_logfiles(const char * str)
    625649{
    626650  return (sh_files_parse_mask(&mask_LOGFILES, str));
    627651}
    628 int sh_files_redef_attributes(char * str)
     652int sh_files_redef_attributes(const char * str)
    629653{
    630654  return (sh_files_parse_mask(&mask_ATTRIBUTES, str));
    631655}
    632 int sh_files_redef_noignore(char * str)
     656int sh_files_redef_noignore(const char * str)
    633657{
    634658  return (sh_files_parse_mask(&mask_NOIGNORE, str));
    635659}
    636 int sh_files_redef_allignore(char * str)
     660int sh_files_redef_allignore(const char * str)
    637661{
    638662  return (sh_files_parse_mask(&mask_ALLIGNORE, str));
     
    659683    case SH_LEVEL_USER1:
    660684      return (unsigned long) mask_USER1;
     685    case SH_LEVEL_USER2:
     686      return (unsigned long) mask_USER2;
     687    case SH_LEVEL_USER3:
     688      return (unsigned long) mask_USER3;
     689    case SH_LEVEL_USER4:
     690      return (unsigned long) mask_USER4;
    661691    case SH_LEVEL_PRELINK:
    662692      return (unsigned long) mask_PRELINK;
     
    725755      if (zfileList == NULL)
    726756        {
    727           (void) safe_logger (0, 0, getpid());
     757          (void) safe_logger (0, 0, NULL);
    728758          aud__exit(FIL__, __LINE__, EXIT_FAILURE);
    729759        }
     
    734764  if (-1 == ret)
    735765    {
    736       (void) safe_logger (0, 0, getpid());
     766      (void) safe_logger (0, 0, NULL);
    737767      aud__exit(FIL__, __LINE__, EXIT_FAILURE);
    738768    }
     
    745775
    746776
    747 static int sh_files_pushfile (int class, char * str_s)
    748 {
     777static int sh_files_pushfile (int class, const char * str_s)
     778{
     779  int     len;
    749780  char  * tmp;
    750   int     len;
     781  char  * p;
    751782#ifdef HAVE_GLOB_H
    752   glob_t  pglob;
    753783  int     globstatus = -1;
    754784  unsigned int     gloop;
     785  glob_t  pglob;
    755786#endif
    756787
     
    808839       * special case of the root directory.
    809840       */
    810       if (str_s[len-1] == '/' && len > 1)
     841      p = sh_util_strdup (str_s);
     842      if (p[len-1] == '/' && len > 1)
    811843        {
    812           str_s[len-1] = '\0';
     844          p[len-1] = '\0';
    813845          --len;
    814846        }
     
    817849
    818850#ifdef HAVE_GLOB_H
    819   if (0 == sh_files_has_metachar(str_s))
    820     {
    821       sh_files_push_file_int (class, str_s, len);
     851  if (0 == sh_files_has_metachar(p))
     852    {
     853      sh_files_push_file_int (class, p, len);
    822854    }
    823855  else
    824856    {
    825857      pglob.gl_offs = 0;
    826       globstatus    = glob (str_s, 0, sh_files_globerr, &pglob);
     858      globstatus    = glob (p, 0, sh_files_globerr, &pglob);
    827859
    828860      if (globstatus == 0 && pglob.gl_pathc > 0)
     
    834866      else
    835867        {
    836           tmp = sh_util_safe_name (str_s);
     868          tmp = sh_util_safe_name (p);
    837869
    838870          if (pglob.gl_pathc == 0
     
    869901
    870902#else
    871   sh_files_push_file_int (class, str_s, len);
    872 #endif
    873 
     903  sh_files_push_file_int (class, p, len);
     904#endif
     905
     906  SH_FREE(p);
    874907  SL_RETURN((0),_("sh_files_pushfile"));
    875908}
     
    10281061}
    10291062
    1030 int sh_files_pushdir_prelink (char * str_s)
     1063int sh_files_pushdir_prelink (const char * str_s)
    10311064{
    10321065  return (sh_files_pushdir (SH_LEVEL_PRELINK, str_s));
    10331066}
    10341067
    1035 int sh_files_pushdir_user0 (char * str_s)
     1068int sh_files_pushdir_user0 (const char * str_s)
    10361069{
    10371070  return (sh_files_pushdir (SH_LEVEL_USER0, str_s));
    10381071}
    10391072
    1040 int sh_files_pushdir_user1 (char * str_s)
     1073int sh_files_pushdir_user1 (const char * str_s)
    10411074{
    10421075  return (sh_files_pushdir (SH_LEVEL_USER1, str_s));
    10431076}
    10441077
    1045 int sh_files_pushdir_attr (char * str_s)
     1078int sh_files_pushdir_user2 (const char * str_s)
     1079{
     1080  return (sh_files_pushdir (SH_LEVEL_USER2, str_s));
     1081}
     1082
     1083int sh_files_pushdir_user3 (const char * str_s)
     1084{
     1085  return (sh_files_pushdir (SH_LEVEL_USER3, str_s));
     1086}
     1087
     1088int sh_files_pushdir_user4 (const char * str_s)
     1089{
     1090  return (sh_files_pushdir (SH_LEVEL_USER4, str_s));
     1091}
     1092
     1093int sh_files_pushdir_attr (const char * str_s)
    10461094{
    10471095  return (sh_files_pushdir (SH_LEVEL_ATTRIBUTES, str_s));
    10481096}
    10491097
    1050 int sh_files_pushdir_ro (char * str_s)
     1098int sh_files_pushdir_ro (const char * str_s)
    10511099{
    10521100  return (sh_files_pushdir (SH_LEVEL_READONLY, str_s));
    10531101}
    10541102
    1055 int sh_files_pushdir_log (char * str_s)
     1103int sh_files_pushdir_log (const char * str_s)
    10561104{
    10571105  return (sh_files_pushdir (SH_LEVEL_LOGFILES, str_s));
    10581106}
    10591107
    1060 int sh_files_pushdir_glog (char * str_s)
     1108int sh_files_pushdir_glog (const char * str_s)
    10611109{
    10621110  return (sh_files_pushdir (SH_LEVEL_LOGGROW, str_s));
    10631111}
    10641112
    1065 int sh_files_pushdir_noig (char * str_s)
     1113int sh_files_pushdir_noig (const char * str_s)
    10661114{
    10671115  return (sh_files_pushdir (SH_LEVEL_NOIGNORE, str_s));
    10681116}
    10691117
    1070 int sh_files_pushdir_allig (char * str_s)
     1118int sh_files_pushdir_allig (const char * str_s)
    10711119{
    10721120  return (sh_files_pushdir (SH_LEVEL_ALLIGNORE, str_s));
     
    11201168      if (tree == NULL)
    11211169        {
    1122           (void) safe_logger (0, 0, getpid());
     1170          (void) safe_logger (0, 0, NULL);
    11231171          aud__exit(FIL__, __LINE__, EXIT_FAILURE);
    11241172        }
     
    11331181  if (-1 == ret)
    11341182    {
    1135       (void) safe_logger (0, 0, getpid());
     1183      (void) safe_logger (0, 0, NULL);
    11361184      aud__exit(FIL__, __LINE__, EXIT_FAILURE);
    11371185    }
     
    11431191}
    11441192
    1145 static int sh_files_pushdir (int class, char * str_s)
     1193static int sh_files_pushdir (int class, const char * str_s)
    11461194{
    11471195  char  * tmp;
     
    11491197  int     rdepth = 0;
    11501198  char  * tail = NULL;
     1199  char  * p;
    11511200
    11521201#ifdef HAVE_GLOB_H
     
    11661215    SL_RETURN((-1), _("sh_files_pushdir"));
    11671216 
    1168 
    1169   if (str_s[0] != '/')
    1170     {
    1171       rdepth = strtol(str_s, &tail, 10);
    1172       if (tail == str_s)
    1173         SL_RETURN((-1), _("sh_files_pushdir"));
     1217  p = sh_util_strdup (str_s);
     1218
     1219  if (p[0] != '/')
     1220    {
     1221      rdepth = strtol(p, &tail, 10);
     1222      if (tail == p)
     1223        {
     1224          SH_FREE(p);
     1225          SL_RETURN((-1), _("sh_files_pushdir"));
     1226        }
    11741227    }
    11751228  else
    1176     tail   = str_s;
     1229    tail   = p;
    11771230 
    11781231
    1179   if (rdepth < (-1) || tail == str_s || rdepth > 99)
     1232  if (rdepth < (-1) || tail == p || rdepth > 99)
    11801233    rdepth = (-2);
    11811234
     
    11881241                       tmp);
    11891242      SH_FREE(tmp);
     1243      SH_FREE(p);
    11901244      SL_RETURN((-1), _("sh_files_pushdir"));
    11911245    }
    11921246  else if (len < 1)
    11931247    {
     1248      SH_FREE(p);
    11941249      SL_RETURN((-1), _("sh_files_pushdir"));
    11951250    }
     
    12001255                       tmp);
    12011256      SH_FREE(tmp);
     1257      SH_FREE(p);
    12021258      SL_RETURN((-1), _("sh_files_pushdir"));
    12031259    }
     
    12681324#endif
    12691325
     1326  SH_FREE(p);
    12701327  SL_RETURN((0), _("sh_files_pushdir"));
    12711328
     
    13221379/* Simply sets our boolean as to whether this check is active
    13231380 */
    1324 int sh_files_check_hardlinks (char * opt)
     1381int sh_files_check_hardlinks (const char * opt)
    13251382{
    13261383  int i;
     
    13381395static struct sh_hle_struct * sh_hl_exc = NULL;
    13391396
    1340 int sh_files_hle_reg (char * str)
     1397int sh_files_hle_reg (const char * str)
    13411398{
    13421399  long   offset;
  • /trunk/src/sh_forward.c

    r20 r30  
    335335#endif
    336336
    337 #ifdef SH_WITH_CLIENT
     337#if defined(SH_WITH_CLIENT) || defined(SH_WITH_SERVER)
    338338
    339339static int count_dev_server = 0;
     
    345345}
    346346
    347 int sh_forward_setlogserver (char * address)
     347int sh_forward_setlogserver (const char * address)
    348348{
    349349  SL_ENTER(_("sh_forward_setlogserver"));
     
    708708static long sh_forward_try (char * errmsg);
    709709
     710static unsigned int ServerPort = SH_DEFAULT_PORT;
     711
     712int sh_forward_server_port (const char * str)
     713{
     714  unsigned long l;
     715  char * endptr;
     716
     717  SL_ENTER(_("sh_forward_server_port"));
     718
     719  l = strtoul (str, &endptr, 0);
     720  if (l > 65535 || endptr == str)
     721    {
     722      SL_RETURN (-1, _("sh_forward_server_port"));
     723    }
     724  ServerPort = (unsigned int) l;
     725  SL_RETURN (0, _("sh_forward_server_port"));
     726}
    710727
    711728long sh_forward (char * errmsg)
     
    880897
    881898  sockfd = connect_port_2 (sh.srvexport.name, sh.srvexport.alt,
    882                            SH_DEFAULT_PORT,
     899                           ServerPort,
    883900                           error_call, &error_num, error_msg, 256);
    884901
     
    14411458                                                flag_err,
    14421459                                                MSG_TCP_NOCONF);
    1443                               } else {
     1460                              }
     1461#ifdef SH_WITH_CLIENT
     1462                              else {
    14441463                                sh_socket_server_cmd(buffer);
    14451464                              }
     1465#endif
    14461466                              flag_err = 0;
    14471467
     
    19111931
    19121932
    1913 int sh_forward_use_clt_class (char * c)
     1933int sh_forward_use_clt_class (const char * c)
    19141934{
    19151935  int i;
     
    19191939}
    19201940
    1921 int sh_forward_use_clt_sev (char * c)
     1941int sh_forward_use_clt_sev (const char * c)
    19221942{
    19231943  int i;
     
    19501970}
    19511971
    1952 extern int safe_logger (int signal, int method, pid_t thepid);
    1953 
    1954 int sh_forward_register_client (char * str)
     1972
     1973int sh_forward_register_client (const char * str)
    19551974{
    19561975  client_t   * newclt;
    19571976  client_t   * testclt;
    19581977
    1959   char      * ptr;
     1978  const char * ptr;
    19601979  int          sepnum = 0;
    19611980  int          sep[2];
     
    19801999      if (all_clients == NULL)
    19812000        {
    1982           (void) safe_logger (0, 0, getpid());
     2001          (void) safe_logger (0, 0, NULL);
    19832002          aud__exit(FIL__, __LINE__, EXIT_FAILURE);
    19842003        }
     
    20122031        newclt->status_arr[i] = CLT_INACTIVE;
    20132032      sl_strlcpy(newclt->timestamp[CLT_INACTIVE],   sh_unix_time(0), TIM_MAX);
     2033      /* truncate */
    20142034      sl_strlcpy(newclt->hostname,  &str[0],        sep[0]+1);
     2035      /* truncate */
    20152036      sl_strlcpy(newclt->salt,      &str[sep[0]+1], sep[1]-sep[0]);
    20162037      sl_strlcpy(newclt->verifier,  &str[sep[1]+1], sl_strlen(str)-sep[1]+1);
     
    23862407
    23872408#if defined(WITH_EXTERNAL)
    2388   sprintf(msg, _("%s %s %s"),                       /* known to fit  */
    2389           conn->hostname,
    2390           conn->timestamp[status],
    2391           _(clt_stat[status]));
     2409  sl_snprintf(msg, sizeof(msg), _("%s %s %s"),
     2410              conn->hostname, conn->timestamp[status], _(clt_stat[status]));
    23922411  sh_ext_execute('s', 'r', 'v', msg, 0);
    23932412#endif
     
    23982417static time_t time_client_limit = 86400;
    23992418
    2400 int sh_forward_set_time_limit (char * c)
     2419int sh_forward_set_time_limit (const char * c)
    24012420{
    24022421  long val;
     
    24482467static int lookup_err = SH_ERR_SEVERE;
    24492468
    2450 int sh_forward_lookup_level (char * c)
     2469int sh_forward_lookup_level (const char * c)
    24512470{
    24522471  int ci =  sh_error_convert_level (c);
     
    26032622static int UseSocketPeer = S_FALSE;
    26042623
    2605 int set_socket_peer (char * c)
     2624int set_socket_peer (const char * c)
    26062625{
    26072626  return sh_util_flagval(c, &UseSocketPeer);
     
    27312750  char       hash[SH_MAXMSGLEN + KEY_LEN + KEY_LEN + 1];
    27322751  char     * buffer;
    2733   long       len;
    27342752
    27352753  int        clt_sev;
     
    27372755
    27382756  UINT32     ticks;
     2757  size_t     len;
    27392758  int        i;
    27402759  char     * test;
     
    28212840                    sh_error_handle((-1), FIL__, __LINE__, 0, MSG_TCP_FAUTH,
    28222841                                    &(conn->buf[KEY_LEN]));
    2823                   strcpy(conn->buf,                      /* known to fit  */
    2824                          &(conn->buf[KEY_LEN]));
     2842                  len = sl_strlen(&(conn->buf[KEY_LEN])) + 1;
     2843                  /* &(conn->buf[KEY_LEN]) is hostname         */
     2844                  /* may overlap, thus only memmove is correct */
     2845                  memmove(conn->buf, &(conn->buf[KEY_LEN]), len);
    28252846                  this_client->session_key[0]    = '\0';
    28262847                  this_client->session_key_timer = (time_t) 1;
     
    28352856                  conn->K = NULL;
    28362857                }
    2837               i = sl_strlen(&(conn->buf[KEY_LEN])) + KEY_LEN + 1;
    2838               conn->K = SH_ALLOC(i);
     2858              len = sl_strlen(&(conn->buf[KEY_LEN])) + KEY_LEN + 1;
     2859              conn->K = SH_ALLOC(len);
    28392860
    28402861              sl_strlcpy (conn->K,
     
    29142935              conn->A = SH_ALLOC(3*KEY_LEN+1);
    29152936              sl_strlcpy (conn->A, conn->K, KEY_LEN+1);
    2916               sl_strlcat(conn->A, conn->buf, /* ignore remainder */
     2937              sl_strlcat(conn->A, conn->buf, /* truncate */
    29172938                         2*KEY_LEN+1);
    29182939              sl_strlcat(conn->A, conn->client_entry->session_key,
     
    32783299                    sh_error_handle((-1), FIL__, __LINE__, 0, MSG_TCP_FAUTH,
    32793300                                    &(conn->buf[KEY_LEN]));
    3280                   strcpy(conn->buf,                      /* known to fit  */
    3281                          &(conn->buf[KEY_LEN]));
     3301                  len = sl_strlen(&(conn->buf[KEY_LEN])) + 1;
     3302                  /* &(conn->buf[KEY_LEN]) is hostname         */
     3303                  /* may overlap, thus only memmove is correct */
     3304                  memmove(conn->buf, &(conn->buf[KEY_LEN]), len);
    32823305                  this_client->session_key[0]    = '\0';
    32833306                  this_client->session_key_timer = (time_t) 1;
     
    32933316                  conn->K = NULL;
    32943317                }
    3295               i = sl_strlen(&(conn->buf[KEY_LEN])) + KEY_LEN + 1;
    3296               conn->K = SH_ALLOC(i);
     3318              len = sl_strlen(&(conn->buf[KEY_LEN])) + KEY_LEN + 1;
     3319              conn->K = SH_ALLOC(len);
    32973320
    32983321              sl_strlcpy (conn->K,
     
    46004623static unsigned int server_port = SH_DEFAULT_PORT;
    46014624
    4602 int sh_forward_set_port (char * str)
     4625int sh_forward_set_port (const char * str)
    46034626{
    46044627  int retval = 0;
    46054628  unsigned long   i;
    4606   char * endptr = str;
     4629  char * endptr;
    46074630 
    46084631  SL_ENTER(_("sh_forward_set_port"));
     
    46214644static int            use_server_interface = 0;
    46224645
    4623 int sh_forward_set_interface (char * str)
     4646int sh_forward_set_interface (const char * str)
    46244647{
    46254648  if (0 == strcmp(str, _("INADDR_ANY")))
     
    48144837   */
    48154838  new_act.sa_handler = SIG_IGN;
     4839  sigemptyset( &new_act.sa_mask );         /* set an empty mask       */
     4840  new_act.sa_flags = 0;                    /* init sa_flags           */
    48164841  retry_sigaction (FIL__, __LINE__, SIGPIPE, &new_act, &old_act);
    48174842
     
    55715596}
    55725597
    5573 int set_syslog_active(char * c)
     5598int set_syslog_active(const char * c)
    55745599{
    55755600  return sh_util_flagval(c, &enable_syslog_socket);
  • /trunk/src/sh_getopt.c

    r20 r30  
    8080    sh_util_set_interactive },
    8181#endif
     82#if defined(SH_WITH_SERVER) || defined(SH_WITH_CLIENT)
     83  { N_("server-port"), 
     84    '-',
     85    N_("Set the server port to connect to"), 
     86    HAS_ARG_YES,
     87    sh_forward_server_port },
     88#endif
    8289#ifdef SH_WITH_SERVER
    8390  { N_("server"), 
     
    112119    HAS_ARG_YES,
    113120    sh_calls_set_bind_addr },
    114 #ifdef SH_WITH_CLIENT
     121#if defined(SH_WITH_SERVER) || defined(SH_WITH_CLIENT)
    115122  { N_("set-export-severity"), 
    116123    'e',
     
    391398    if (op_table[i].hasArg == HAS_ARG_NO) {
    392399      if (sl_strlen(op_table[i].longopt) < 10)
    393         strcpy(fmt,_("%c%c%c        --%-s,\t\t\t %s\n"));/* known to fit  */
     400        sl_strlcpy(fmt,_("%c%c%c        --%-s,\t\t\t %s\n"), sizeof(fmt));
    394401      else if (sl_strlen(op_table[i].longopt) < 17)
    395         strcpy(fmt, _("%c%c%c        --%-s,\t\t %s\n")); /* known to fit  */
     402        sl_strlcpy(fmt, _("%c%c%c        --%-s,\t\t %s\n"), sizeof(fmt));
    396403      else
    397         strcpy(fmt, _("%c%c%c        --%-s,\t %s\n"));   /* known to fit  */
    398       /*@-formatconst@*/
    399       fprintf (stdout,
    400                fmt,
     404        sl_strlcpy(fmt, _("%c%c%c        --%-s,\t %s\n"), sizeof(fmt));
     405      /* flawfinder: ignore */
     406      fprintf (stdout, fmt,
    401407               (op_table[i].shortopt == '-') ? ' ' : '-',
    402408               (op_table[i].shortopt == '-') ? ' ' : op_table[i].shortopt,
     
    404410               _(op_table[i].longopt),
    405411               _(op_table[i].usage));
    406       /*@+formatconst@*/
    407412    } else {
    408413      if (sl_strlen(op_table[i].longopt) < 12)
    409         strcpy(fmt,                                      /* known to fit  */
    410                _("%c%c %s  --%-s=<arg>,\t\t %s\n")); 
     414        sl_strlcpy(fmt, _("%c%c %s  --%-s=<arg>,\t\t %s\n"), sizeof(fmt)); 
    411415      else
    412         strcpy(fmt,                                      /* known to fit  */
    413                _("%c%c %s  --%-s=<arg>,\t %s\n"));   
    414       /*@-formatconst@*/
    415       fprintf (stdout,
    416                fmt,
     416        sl_strlcpy(fmt, _("%c%c %s  --%-s=<arg>,\t %s\n"), sizeof(fmt));   
     417      /* flawfinder: ignore */
     418      fprintf (stdout, fmt,
    417419               (op_table[i].shortopt == '-') ? ' ' : '-',
    418420               (op_table[i].shortopt == '-') ? ' ' : op_table[i].shortopt,
     
    420422               _(op_table[i].longopt),
    421423               _(op_table[i].usage));
    422       /*@+formatconst@*/
    423424    }
    424425  }
     
    560561          for (i = 0; op_table[i].longopt != NULL; ++i)
    561562            {
    562      
     563
    563564              if (sl_strncmp(_(op_table[i].longopt),
    564565                             &argv[1][2],
     
    568569                  if ( op_table[i].hasArg == HAS_ARG_YES )
    569570                    {
    570                       if ( (theequal = strchr(argv[1], '=')) == NULL)
     571                      theequal = strchr(argv[1], '=');
     572                      if (theequal == NULL)
    571573                        {
    572574                          if (argc < 3)
  • /trunk/src/sh_gpg.c

    r20 r30  
    209209  FILE * outf = NULL;
    210210  char * envp[2];
     211  size_t len;
    211212  char   path[256];
    212213  char   cc1[32];
     
    370371  if (sh.effective.home != NULL)
    371372    {
    372       envp[0] = malloc (sl_strlen(sh.effective.home) + 6); /* free() ok   */
     373      len = sl_strlen(sh.effective.home) + 6;
     374      envp[0] = malloc (len); /* free() ok   */
    373375      if (envp[0] != NULL)
    374         sprintf (envp[0], "HOME=%s",                     /* known to fit  */
    375                  sh.effective.home);
     376        sl_snprintf (envp[0], len, "HOME=%s", sh.effective.home);
    376377      envp[1] = NULL;
    377378    }
     
    486487
    487488      pfd = get_the_fd(checkfd);
    488       sprintf(pname, _("/proc/self/fd/%d"),             /* known to fit  */
    489                    pfd);
    490       if (0 == access(pname, R_OK|X_OK))
     489      sl_snprintf(pname, sizeof(pname), _("/proc/self/fd/%d"), pfd);
     490      if (0 == access(pname, R_OK|X_OK))               /* flawfinder: ignore */
     491
    491492        {
    492493          fcntl  (pfd, F_SETFD, FD_CLOEXEC);
  • /trunk/src/sh_hash.c

    r20 r30  
    297297    N_("[User0]"),
    298298    N_("[User1]"),
     299    N_("[User2]"),
     300    N_("[User3]"),
     301    N_("[User4]"),
    299302    N_("[Prelink]"),
    300303    NULL
     
    12681271}
    12691272
    1270 int sh_hash_version_string(char * str)
     1273int sh_hash_version_string(const char * str)
    12711274{
    12721275  int i;
  • /trunk/src/sh_html.c

    r20 r30  
    296296            {
    297297              entry_orig = realloc(entry_orig,           /* free() ok     */
    298                                    entry_size + line_size);
     298                                   entry_size + line_size + 1);
    299299              if (entry_orig) { add_size = line_size; }
    300300            }
     
    302302            {
    303303              entry_orig = malloc(line_size + 1);        /* free() ok     */
    304               if (entry_orig) { entry_orig[0] = '\0'; add_size = line_size + 1; }
     304              if (entry_orig) { entry_orig[0] = '\0'; add_size = line_size; }
    305305            }
    306306          if (!entry_orig)
     
    311311            }
    312312
    313           strcat(&entry_orig[entry_size], line);         /* known to fit  */
     313          sl_strlcat(&entry_orig[entry_size], line, line_size + 1);
    314314          entry_size += add_size;
     315          SH_VALIDATE_EQ(entry_orig[entry_size], '\0');
    315316        }
    316317      sl_close(fd);
  • /trunk/src/sh_ignore.c

    r20 r30  
    5353
    5454static struct sh_ignore_list * sh_ignore_add_int(struct sh_ignore_list * list,
    55                                                  char * addpath)
     55                                                 const char * addpath)
    5656{
    5757  struct sh_ignore_list * new;
     
    9696}
    9797
    98 int sh_ignore_add_del (char * addpath)
     98int sh_ignore_add_del (const char * addpath)
    9999{
    100100  if ((addpath == NULL) || (addpath[0] != '/'))
     
    106106}
    107107
    108 int sh_ignore_add_new (char * addpath)
     108int sh_ignore_add_new (const char * addpath)
    109109{
    110110  if ((addpath == NULL) || (addpath[0] != '/'))
  • /trunk/src/sh_kern.c

    r20 r30  
    431431  int (*rename) (int *, int *,
    432432                 int *, int *);
     433  /* flawfinder: ignore */
    433434  int (*readlink) (int *, char *,int);
    434435  int (*follow_link) (int *, int *);
  • /trunk/src/sh_mail.c

    r20 r30  
    271271
    272272static
    273 int sh_filter_filteradd (char * argstring, sh_filter_type * filter, int ftype)
     273int sh_filter_filteradd (const char * argstring,
     274                         sh_filter_type * filter, int ftype)
    274275{
    275276  int     i = 0;
     
    372373 */
    373374static
    374 int sh_filter_filter (char * message, sh_filter_type * filter)
     375int sh_filter_filter (const char * message, sh_filter_type * filter)
    375376{
    376377  int i;
     
    432433 * -- add keywords to the OR filter
    433434 */
    434 int sh_mail_add_or (char * str)
     435int sh_mail_add_or (const char * str)
    435436{
    436437  return (sh_filter_filteradd (str, &(mail_filter), SH_FILT_OR));
     
    440441 * -- add keywords to the AND filter
    441442 */
    442 int sh_mail_add_and (char * str)
     443int sh_mail_add_and (const char * str)
    443444{
    444445  return (sh_filter_filteradd (str, &(mail_filter), SH_FILT_AND));
     
    448449 * -- add keywords to the NOT filter
    449450 */
    450 int sh_mail_add_not (char * str)
     451int sh_mail_add_not (const char * str)
    451452{
    452453  return (sh_filter_filteradd (str, &(mail_filter), SH_FILT_NOT));
     
    473474}
    474475
    475 int sh_mail_setaddress (char * address)
     476int sh_mail_setaddress (const char * address)
    476477{
    477478  char     *     p;
     
    523524}
    524525
    525 int sh_mail_setaddress_int (char * address)
     526int sh_mail_setaddress_int (const char * address)
    526527{
    527528  int i;
     
    533534}
    534535
    535 int sh_mail_setNum (char * str)
     536int sh_mail_setNum (const char * str)
    536537{
    537538  int i = atoi (str);
     
    549550static int all_in_one = S_FALSE;
    550551
    551 int sh_mail_setFlag (char * str)
     552int sh_mail_setFlag (const char * str)
    552553{
    553554  int i;
     
    559560static char * mail_subject = NULL;
    560561
    561 int set_mail_subject (char * str)
     562int set_mail_subject (const char * str)
    562563{
    563564  SL_ENTER(_("set_mail_subject"));
     
    10061007        /* reveal first signature key
    10071008         */
    1008         (void) sl_strlcpy(skey->crypt, skey->mailkey_new, KEY_LEN+1);
     1009        /* flawfinder: ignore */
     1010        (void) sl_strlcpy(skey->crypt, skey->mailkey_new, KEY_LEN+1);
    10091011
    10101012        BREAKEXIT(sh_util_encode);
     1013        /* flawfinder: ignore */
    10111014        sh_util_encode(skey->crypt, bufcompress, 0, 'A');
    10121015
     1016        /* flawfinder: ignore */
    10131017        (void) sl_strlcat (mailMsg, skey->crypt, msgbufsize);
     1018        /* flawfinder: ignore */
    10141019        memset (skey->crypt, 0, KEY_LEN);
    10151020        isfirst = 0;
     
    10211026    (void) sl_strlcpy (skey->mailkey_old, skey->mailkey_new, KEY_LEN+1);
    10221027
    1023     /*@-bufferoverflowhigh@*/
    1024     sprintf(subject, _("%06d %010ld::%s\r\n"),         /* known to fit  */
    1025             mailcount, (long) id_audit, sh.host.name);
    1026     /*@+bufferoverflowhigh@*/
     1028    sl_snprintf(subject, sizeof(subject), _("%06d %010ld::%s\r\n"),
     1029                mailcount, (long) id_audit, sh.host.name);
    10271030
    10281031    (void) sl_strlcat (mailMsg, subject, msgbufsize);
     
    12221225static char * relay_host = NULL;
    12231226
    1224 int sh_mail_set_relay (char * str_s)
     1227int sh_mail_set_relay (const char * str_s)
    12251228{
    12261229  size_t i = 0;
     
    12511254static char * mail_sender = NULL;
    12521255
    1253 int sh_mail_set_sender (char *str)
     1256int sh_mail_set_sender (const char *str)
    12541257{
    12551258  if (mail_sender != NULL)
     
    17351738      if (g != 1)
    17361739        {
    1737           /*@-bufferoverflowhigh@*/
    1738           sprintf(errmsg,                              /* known to fit  */
    1739                   _("Bad response (%d), expected %d"), rcode, code);
    1740           /*@+bufferoverflowhigh@*/
     1740          sl_snprintf(errmsg, sizeof(errmsg),
     1741                      _("Bad response (%d), expected %d"), rcode, code);
     1742
    17411743          sh_error_handle((-1), FIL__, __LINE__, 0, MSG_E_NET,
    17421744                          errmsg, _("sh_mail_wait"),
     
    18831885  int  ret, length, status;
    18841886  mx * result;
     1887  size_t len;
    18851888
    18861889  typedef union
     
    20652068       */
    20662069      result[count].pref = pref;
    2067       result[count].address = SH_ALLOC (strlen (expanded) + 1);
    2068       strcpy (result[count].address, expanded);        /* known to fit  */
     2070      len = strlen (expanded) + 1;
     2071      result[count].address = SH_ALLOC (len);
     2072      sl_strlcpy (result[count].address, expanded, len);
    20692073    }
    20702074  while (ret > 0 && comp_dn < eom && count);
     
    21012105  mx     * result;
    21022106  dnsrep * retval;
    2103   char     errmsg[128];
     2107  char     errmsg[128];
     2108  size_t   len;
    21042109
    21052110  SL_ENTER(_("return_mx"));
     
    21282133                           _("get_mx"));
    21292134#else
     2135          /* flawfinder: ignore *//* test code only */
    21302136          strcpy  (errmsg,                               /* known to fit  */
    21312137                   _("No MX record for domain "));
     
    21552161      result->pref  = 0;
    21562162      /*@-type@*/
    2157       result->address = SH_ALLOC (strlen (host->h_name) + 1);
    2158       strcpy (result->address, host->h_name);          /* known to fit  */
     2163      len = strlen (host->h_name) + 1;
     2164      result->address = SH_ALLOC (len);
     2165      sl_strlcpy (result->address, host->h_name, len);
    21592166      /*@+type@*/
    21602167      SL_RETURN (retval, _("return_mx"));
  • /trunk/src/sh_mem.c

    r20 r30  
    3939#include "sh_mem.h"
    4040
    41 extern int safe_logger (int signal, int method, pid_t thepid);
     41extern int safe_logger (int signal, int method, char * details);
    4242
    4343#undef  FIL__
     
    228228        {
    229229          eblock = 1;
    230           (void) safe_logger (0, 0, getpid());
     230          (void) safe_logger (0, 0, NULL);
    231231          /*
    232232          sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_E_MMEM,
     
    320320        {
    321321          eblock = 1;
    322           (void) safe_logger(0, 0, getpid());
     322          (void) safe_logger(0, 0, NULL);
    323323          /*
    324324          sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_E_MMEM,
     
    456456        {
    457457          eblock = 1;
    458           (void) safe_logger(0, 0, getpid());
     458          (void) safe_logger(0, 0, NULL);
    459459          /*
    460460          sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_E_MMEM);
  • /trunk/src/sh_prelink.c

    r20 r30  
    3838static char * prelink_hash = NULL;
    3939
    40 int sh_prelink_set_path (char * str)
     40int sh_prelink_set_path (const char * str)
    4141{
    4242  size_t len;
     
    5555}
    5656
    57 int sh_prelink_set_hash (char * str)
     57int sh_prelink_set_hash (const char * str)
    5858{
    5959  size_t len;
     
    245245  sl_read_timeout_prep (task.pipeTI);
    246246
    247   strcpy(file_hash,                        /* known to fit */
    248          sh_tiger_generic_hash (path, TIGER_FD, 0, alert_timeout));
     247  sl_strlcpy(file_hash,
     248             sh_tiger_generic_hash (path, TIGER_FD, 0, alert_timeout),
     249             KEY_LEN+1);
    249250
    250251  /* restore old signal handler
  • /trunk/src/sh_prelude.c

    r20 r30  
    133133}
    134134
    135 static int set_prelude_severity_int (char * str, int prelude_sev)
    136 {
    137         char * p = strtok (str, ", \t");
    138 
     135static int set_prelude_severity_int (const char * str, int prelude_sev)
     136{
     137        char * p;
     138        char * dup = strdup (str);
     139
     140        if (!dup)
     141                return -1;
     142
     143        p = strtok (dup, ", \t");
    139144        if (p) {
    140145                do {
     
    155160                        else if (0 == strcmp (p, _("info")))
    156161                                clear_and_set (prelude_sev, SH_ERR_INFO);
    157                         else
     162                        else {
     163                                free (dup);
    158164                                return -1;
     165                        }
    159166                        p = strtok (NULL, ", \t");
    160167                } while (p);
    161168        }
     169        free(dup);
    162170        return 0;
    163171}
    164172
    165 int sh_prelude_map_info (char * str)
     173int sh_prelude_map_info (const char * str)
    166174{
    167175        return (set_prelude_severity_int(str,(int)IDMEF_IMPACT_SEVERITY_INFO));
    168176}
    169 int sh_prelude_map_low (char * str)
     177int sh_prelude_map_low (const char * str)
    170178{
    171179        return (set_prelude_severity_int(str,(int)IDMEF_IMPACT_SEVERITY_LOW));
    172180}
    173 int sh_prelude_map_medium (char * str)
     181int sh_prelude_map_medium (const char * str)
    174182{
    175183        return (set_prelude_severity_int(str,(int)IDMEF_IMPACT_SEVERITY_MEDIUM));
    176184}
    177 int sh_prelude_map_high (char * str)
     185int sh_prelude_map_high (const char * str)
    178186{
    179187        return (set_prelude_severity_int(str,(int)IDMEF_IMPACT_SEVERITY_HIGH));
     
    300308}
    301309
     310/* flawfinder: ignore *//* is part of name, not access() */
    302311static void get_access_info(idmef_file_access_t *access, char * mode, int pos, int mpos)
    303312{
     
    308317        do {
    309318                if ( mode[pos] == 'r' ) {
    310                         ret = idmef_file_access_new_permission(access, &str, -1);
     319                        /* flawfinder: ignore *//* is part of name, not access() */
     320                        ret = idmef_file_access_new_permission(access, &str, IDMEF_LIST_APPEND);
    311321                        if ( ret < 0 )
    312322                                return;
     
    315325                }
    316326                else if ( mode[pos] == 'w' ) {
    317                         ret = idmef_file_access_new_permission(access, &str, -1);
     327                        /* flawfinder: ignore *//* is part of name, not access() */
     328                        ret = idmef_file_access_new_permission(access, &str, IDMEF_LIST_APPEND);
    318329                        if ( ret < 0 )
    319330                                return;
     
    322333                }
    323334                else if ( mode[pos] == 'x' || mode[pos] == 's' || mode[pos] == 't') {
    324                         ret = idmef_file_access_new_permission(access, &str, -1);
     335                        /* flawfinder: ignore *//* is part of name, not access() */
     336                        ret = idmef_file_access_new_permission(access, &str, IDMEF_LIST_APPEND);
    325337                        if ( ret < 0 )
    326338                                return;
     
    340352
    341353        if ( got == 0 ) {
    342                 ret = idmef_file_access_new_permission(access, &str, -1);
     354                /* flawfinder: ignore *//* is part of name, not access() */
     355                ret = idmef_file_access_new_permission(access, &str, IDMEF_LIST_APPEND);
    343356                if ( ret < 0 )
    344357                        return;
     
    360373        prelude_string_t *str;
    361374        idmef_checksum_t *checksum;
    362         idmef_file_access_t *access;
     375        idmef_file_access_t *access; /* flawfinder: ignore */
    363376        idmef_user_id_t *userid;
    364377        const char *suffix = (category == IDMEF_FILE_CATEGORY_CURRENT) ? "_new" : "_old";
    365378        char *mode = NULL;
    366379               
    367         ret = idmef_target_new_file(target, &file, -1);
     380        ret = idmef_target_new_file(target, &file, IDMEF_LIST_APPEND);
    368381        if ( ret < 0  )
    369382                return;
     
    429442        ptr = get_value(msg, _("chksum"), suffix);
    430443        if ( ptr ) {
    431                 ret = idmef_file_new_checksum(file, &checksum, 0);
     444                ret = idmef_file_new_checksum(file, &checksum, IDMEF_LIST_APPEND);
    432445                if ( ret < 0 )
    433446                        return;
     
    459472        mode = get_value(msg, _("mode"), suffix);
    460473        if ( mode ) {
    461                 ret = idmef_file_new_file_access(file, &access, -1);
    462                 if ( ret < 0 )
    463                         return;
    464 
     474                /* flawfinder: ignore *//* is part of name, not access() */
     475                ret = idmef_file_new_file_access(file, &access, IDMEF_LIST_APPEND);
     476                if ( ret < 0 )
     477                        return;
     478
     479                /* flawfinder: ignore *//* is part of name, not access() */
    465480                ret = idmef_file_access_new_user_id(access, &userid);
    466481                if ( ret < 0 )
     
    468483                idmef_user_id_set_type(userid, IDMEF_USER_ID_TYPE_OTHER_PRIVS);
    469484
     485                /* flawfinder: ignore *//* is part of name, not access() */
    470486                get_access_info ( access, mode, 7, 9 );
    471487        }
     
    475491                struct passwd *pw;
    476492               
    477                 ret = idmef_file_new_file_access(file, &access, 0);
    478                 if ( ret < 0 )
    479                         return;
    480 
     493                /* flawfinder: ignore *//* is part of name, not access() */
     494                ret = idmef_file_new_file_access(file, &access, IDMEF_LIST_APPEND);
     495                if ( ret < 0 )
     496                        return;
     497
     498                /* flawfinder: ignore *//* is part of name, not access() */
    481499                ret = idmef_file_access_new_user_id(access, &userid);
    482500                if ( ret < 0 )
     
    497515
    498516                if ( mode ) {
     517                        /* flawfinder: ignore *//* is part of name, not access() */
    499518                        get_access_info ( access, mode, 1, 3 );
    500519                }
     
    505524                struct group *gr;
    506525               
    507                 ret = idmef_file_new_file_access(file, &access, -1);
    508                 if ( ret < 0 )
    509                         return;
    510 
     526                /* flawfinder: ignore *//* is part of name, not access() */
     527                ret = idmef_file_new_file_access(file, &access, IDMEF_LIST_APPEND);
     528                if ( ret < 0 )
     529                        return;
     530
     531                /* flawfinder: ignore *//* is part of name, not access() */
    511532                ret = idmef_file_access_new_user_id(access, &userid);
    512533                if ( ret < 0 )
     
    527548
    528549                if ( mode ) {
    529                         get_access_info ( access, mode, 4, 6 );
     550                        get_access_info ( access, mode, 4, 6 ); /* flawfinder: ignore */
    530551                }
    531552        }
     
    629650        if ( ptr ) {
    630651                if ( ! source ) {
    631                         ret = idmef_alert_new_source(alert, &source, -1);
     652                        ret = idmef_alert_new_source(alert, &source, IDMEF_LIST_APPEND);
    632653                        if ( ret < 0 ) {
    633654                                free(ptr);
     
    642663                }
    643664               
    644                 ret = idmef_node_new_address(node, &address, -1);
     665                ret = idmef_node_new_address(node, &address, IDMEF_LIST_APPEND);
    645666                if ( ret < 0 ) {
    646667                        free(ptr);
     
    663684                else {
    664685                        if ( ! source ) {
    665                                 ret = idmef_alert_new_source(alert, &source, -1);
     686                                ret = idmef_alert_new_source(alert, &source, IDMEF_LIST_APPEND);
    666687                                if ( ret < 0 ) {
    667688                                        free(ptr);
     
    696717                idmef_user_set_category(user, IDMEF_USER_CATEGORY_OS_DEVICE);
    697718               
    698                 ret = idmef_user_new_user_id(user, &user_id, -1);
     719                ret = idmef_user_new_user_id(user, &user_id, IDMEF_LIST_APPEND);
    699720                if ( ret < 0 ) {
    700721                        free(ptr);
     
    770791                goto err;
    771792
    772         idmef_alert_set_analyzer(alert, idmef_analyzer_ref(prelude_client_get_analyzer(client)), 0);
     793        idmef_alert_set_analyzer(alert, idmef_analyzer_ref(prelude_client_get_analyzer(client)), IDMEF_LIST_PREPEND);
    773794       
    774795        ret = idmef_time_new_from_gettimeofday(&time);
     
    786807                goto err;
    787808       
    788         ret = idmef_alert_new_target(alert, &target, -1);
     809        ret = idmef_alert_new_target(alert, &target, IDMEF_LIST_APPEND);
    789810        if ( ret < 0 )
    790811                goto err;
     
    844865        idmef_confidence_set_rating(confidence, IDMEF_CONFIDENCE_RATING_HIGH);
    845866       
    846         ret = idmef_alert_new_additional_data(alert, &data, -1);
     867        ret = idmef_alert_new_additional_data(alert, &data, IDMEF_LIST_APPEND);
    847868        if ( ret < 0 )
    848869                goto err;
     
    890911
    891912
    892 int sh_prelude_set_profile(char *arg)
     913int sh_prelude_set_profile(const char *arg)
    893914{
    894915        if ( profile ) {
  • /trunk/src/sh_readconf.c

    r20 r30  
    5252#endif
    5353
    54 extern int set_reverse_lookup (char * c);
     54extern int set_reverse_lookup (const char * c);
    5555
    5656#undef  FIL__
     
    6969  SH_SECTION_USER0,
    7070  SH_SECTION_USER1,
     71  SH_SECTION_USER2,
     72  SH_SECTION_USER3,
     73  SH_SECTION_USER4,
    7174  SH_SECTION_PRELINK,
    7275#if defined (SH_WITH_MAIL)
     
    108111  { N_("[User0]"),            SH_SECTION_USER0},
    109112  { N_("[User1]"),            SH_SECTION_USER1},
     113  { N_("[User2]"),            SH_SECTION_USER2},
     114  { N_("[User3]"),            SH_SECTION_USER3},
     115  { N_("[User4]"),            SH_SECTION_USER4},
    110116  { N_("[Prelink]"),          SH_SECTION_PRELINK},
    111117#ifdef WITH_EXTERNAL
     
    282288  /* The system type, release, and machine.
    283289   */
    284   sprintf(myident, _("%s:%s:%s"),                  /* known to fit  */
    285           sh.host.system, sh.host.release, sh.host.machine);
     290  sl_snprintf(myident, sizeof(myident), _("%s:%s:%s"), 
     291              sh.host.system, /* flawfinder: ignore */
     292              sh.host.release, sh.host.machine);
    286293
    287294
     
    580587}
    581588
    582 int sh_readconf_set_path (char * which, char * what)
     589int sh_readconf_set_path (char * which, const char * what)
    583590{
    584591  int len;
     
    621628}
    622629
    623 int sh_readconf_set_database_path (char * what)
     630int sh_readconf_set_database_path (const char * what)
    624631{
    625632  return (sh_readconf_set_path(sh.data.path, what));
    626633}
    627634
    628 int sh_readconf_set_logfile_path (char * what)
     635int sh_readconf_set_logfile_path (const char * what)
    629636{
    630637  return (sh_readconf_set_path(sh.srvlog.name, what));
    631638}
    632639
    633 int sh_readconf_set_lockfile_path (char * what)
     640int sh_readconf_set_lockfile_path (const char * what)
    634641{
    635642  return( sh_readconf_set_path(sh.srvlog.alt, what));
     
    645652 
    646653   
    647 int sh_readconf_setTime (char * str, ShTimerItem what)
     654int sh_readconf_setTime (const char * str, ShTimerItem what)
    648655{
    649656  unsigned long i = atoi (str);
     
    674681}
    675682
    676 int sh_readconf_setMailtime (char * c)
     683int sh_readconf_setMailtime (const char * c)
    677684{
    678685  return sh_readconf_setTime (c, SET_MAILTIME);
    679686}
    680687
    681 int sh_readconf_setFiletime (char * c)
     688int sh_readconf_setFiletime (const char * c)
    682689{
    683690  return sh_readconf_setTime (c, SET_FILETIME);
    684691}
    685692
    686 int sh_readconf_set_nice (char * c)
     693int sh_readconf_set_nice (const char * c)
    687694{
    688695  long val;
     
    704711
    705712#ifdef FANCY_LIBCAP
    706 int sh_readconf_setCaps(char * c)
     713int sh_readconf_setCaps(const char * c)
    707714{
    708715  int i;
     
    718725  ShSectionType   section;
    719726  ShSectionType   alt_section;
    720   int (*func)(char * opt);
     727  int (*func)(const char * opt);
    721728} cfg_options;
    722729
    723730#if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE)
    724 extern int sh_set_schedule_one(char * str);
    725 extern int sh_set_schedule_two(char * str);
     731extern int sh_set_schedule_one(const char * str);
     732extern int sh_set_schedule_two(const char * str);
    726733#endif
    727734#if defined (SH_WITH_SERVER)
    728 extern int sh_socket_use (char * c);
    729 extern int sh_socket_uid (char * c);
    730 extern int sh_socket_password (char * c);
    731 #endif
    732 
    733 /* Yes, this isn't very elegant ;)
    734  */
    735 #if defined(WITH_EXTERNAL)
    736 int sh_error_set_external_wrap (char * str) {
    737   return sh_error_set_external ((const char *) str);
    738 }
    739 #endif
    740 #if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE)
    741 int sh_files_setrecursion_wrap (char * str) {
    742   return sh_files_setrecursion ((const char *) str);
    743 }
    744 int sh_util_setchecksum_wrap (char * str) {
    745   return sh_util_setchecksum ((const char *) str);
    746 }
    747 #endif
    748 int sh_util_setlooptime_wrap (char * str) {
    749   return sh_util_setlooptime ((const char *) str);
    750 }
    751 #ifdef SH_WITH_MAIL
    752 int sh_error_setseverity_wrap (char * str) {
    753   return sh_error_setseverity ((const char *) str);
    754 }
    755 #endif
    756 int sh_calls_set_bind_addr_wrap (char * str) {
    757   return sh_calls_set_bind_addr ((const char *) str);
    758 }
    759 int sh_unix_setdeamon_wrap (char * str) {
    760   return sh_unix_setdeamon ((const char *) str);
    761 }
    762 int sh_error_setprint_wrap (char * str) {
    763   return sh_error_setprint ((const char *) str);
    764 }
    765 int sh_error_setlog_wrap (char * str) {
    766   return sh_error_setlog ((const char *) str);
    767 }
    768 int sh_error_set_syslog_wrap (char * str) {
    769   return sh_error_set_syslog ((const char *) str);
    770 }
    771 #ifdef HAVE_LIBPRELUDE
    772 int sh_error_set_prelude_wrap (char * str) {
    773   return sh_error_set_prelude ((const char *) str);
    774 }
    775 #endif
    776 #ifdef SH_WITH_CLIENT
    777 int sh_error_setexport_wrap (char * str) {
    778   return sh_error_setexport ((const char *) str);
    779 }
    780 #endif
    781 #ifdef SH_WITH_SERVER
    782 int sh_forward_set_strip_wrap (char * str) {
    783   return sh_forward_set_strip ((const char *) str);
    784 }
    785 int sh_unix_set_chroot_wrap (char * str) {
    786   return sh_unix_set_chroot ((const char *) str);
    787 }
    788 #endif
    789 #if defined(WITH_DATABASE)
    790 int sh_error_set_database_wrap (char * str) {
    791   return sh_error_set_database ((const char *) str);
    792 }
    793 #endif
    794  
     735extern int sh_socket_use (const char * c);
     736extern int sh_socket_uid (const char * c);
     737extern int sh_socket_password (const char * c);
     738#endif
     739
    795740cfg_options ext_table[] = {
    796741#if defined(WITH_EXTERNAL)
     
    818763    sh_ext_add_or },
    819764  { N_("externalseverity"),SH_SECTION_LOG,      SH_SECTION_EXTERNAL, 
    820     sh_error_set_external_wrap },
     765    sh_error_set_external },
    821766  { N_("externalclass"),   SH_SECTION_LOG,      SH_SECTION_EXTERNAL, 
    822767    sh_error_external_mask },
     
    845790    set_enter_wrapper },
    846791#endif
     792
    847793
    848794#if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE)
     
    880826  { N_("file"),           SH_SECTION_USER1,      SH_SECTION_NONE,
    881827    sh_files_pushfile_user1 },
     828  { N_("dir"),            SH_SECTION_USER2,      SH_SECTION_NONE,
     829    sh_files_pushdir_user2 },
     830  { N_("file"),           SH_SECTION_USER2,      SH_SECTION_NONE,
     831    sh_files_pushfile_user2 },
     832  { N_("dir"),            SH_SECTION_USER3,      SH_SECTION_NONE,
     833    sh_files_pushdir_user3 },
     834  { N_("file"),           SH_SECTION_USER3,      SH_SECTION_NONE,
     835    sh_files_pushfile_user3 },
     836  { N_("dir"),            SH_SECTION_USER4,      SH_SECTION_NONE,
     837    sh_files_pushdir_user4 },
     838  { N_("file"),           SH_SECTION_USER4,      SH_SECTION_NONE,
     839    sh_files_pushfile_user4 },
    882840  { N_("dir"),            SH_SECTION_PRELINK,    SH_SECTION_NONE,
    883841    sh_files_pushdir_prelink },
     
    902860    sh_util_obscure_ok },
    903861  { N_("setrecursionlevel"),  SH_SECTION_MISC,   SH_SECTION_NONE,
    904     sh_files_setrecursion_wrap },
     862    sh_files_setrecursion },
    905863  { N_("checksumtest"),       SH_SECTION_MISC,   SH_SECTION_NONE,
    906     sh_util_setchecksum_wrap },
     864    sh_util_setchecksum },
    907865  { N_("reportonlyonce"),     SH_SECTION_MISC,   SH_SECTION_NONE,
    908866    sh_files_reportonce },
     
    953911    sh_files_redef_user1 },
    954912
     913  { N_("redefuser2"),           SH_SECTION_MISC,   SH_SECTION_NONE,
     914    sh_files_redef_user2 },
     915
     916  { N_("redefuser3"),           SH_SECTION_MISC,   SH_SECTION_NONE,
     917    sh_files_redef_user3 },
     918
     919  { N_("redefuser4"),           SH_SECTION_MISC,   SH_SECTION_NONE,
     920    sh_files_redef_user4 },
     921
    955922  { N_("redefprelink"),         SH_SECTION_MISC,   SH_SECTION_NONE,
    956923    sh_files_redef_prelink },
     
    961928  { N_("setprelinkchecksum"),   SH_SECTION_MISC,   SH_SECTION_NONE,
    962929    sh_prelink_set_hash },
     930
    963931  /* client or standalone
    964932   */
     
    977945    sh_socket_password },
    978946  { N_("setstripdomain"),      SH_SECTION_SRV,  SH_SECTION_MISC,
    979     sh_forward_set_strip_wrap },
     947    sh_forward_set_strip },
    980948  { N_("useseparatelogs"),     SH_SECTION_SRV,  SH_SECTION_MISC,
    981949    set_flag_sep_log },
    982950  { N_("setchrootdir"),        SH_SECTION_SRV,  SH_SECTION_MISC,
    983     sh_unix_set_chroot_wrap },
     951    sh_unix_set_chroot },
    984952  { N_("setclienttimelimit"),  SH_SECTION_SRV,  SH_SECTION_MISC,
    985953    sh_forward_set_time_limit },
     
    1000968#endif
    1001969
    1002 #ifdef SH_WITH_CLIENT
     970#if defined(SH_WITH_CLIENT) || defined(SH_WITH_SERVER)
    1003971  { N_("exportseverity"),      SH_SECTION_LOG,  SH_SECTION_NONE,
    1004     sh_error_setexport_wrap },
     972    sh_error_setexport },
    1005973  { N_("exportclass"),         SH_SECTION_LOG,  SH_SECTION_NONE,
    1006974    sh_error_export_mask },
     975#if defined(SH_WITH_SERVER)
     976  { N_("setlogserver"),        SH_SECTION_SRV,  SH_SECTION_MISC,
     977    sh_forward_setlogserver },
     978#else
    1007979  { N_("setlogserver"),        SH_SECTION_CLT,  SH_SECTION_MISC,
    1008980    sh_forward_setlogserver },
     981#endif
    1009982#endif
    1010983  { N_("setfilechecktime"),  SH_SECTION_MISC,   SH_SECTION_NONE,
    1011984    sh_readconf_setFiletime },
    1012985  { N_("setlooptime"),     SH_SECTION_MISC,  SH_SECTION_NONE,
    1013     sh_util_setlooptime_wrap },
     986    sh_util_setlooptime },
    1014987
    1015988#ifdef SH_WITH_MAIL
    1016989  { N_("mailseverity"),      SH_SECTION_LOG,   SH_SECTION_NONE,
    1017     sh_error_setseverity_wrap },
     990    sh_error_setseverity },
    1018991  { N_("mailclass"),         SH_SECTION_LOG,   SH_SECTION_NONE,
    1019992    sh_error_mail_mask },
     
    10401013#endif
    10411014  { N_("setbindaddress"),    SH_SECTION_MISC,  SH_SECTION_NONE,
    1042     sh_calls_set_bind_addr_wrap },
     1015    sh_calls_set_bind_addr },
    10431016  { N_("daemon"),            SH_SECTION_MISC,  SH_SECTION_NONE,
    1044     sh_unix_setdeamon_wrap },
     1017    sh_unix_setdeamon },
    10451018  { N_("samhainpath"),       SH_SECTION_MISC,  SH_SECTION_NONE,
    10461019    sh_unix_self_hash },
     
    10511024
    10521025  { N_("printseverity"),     SH_SECTION_LOG,   SH_SECTION_NONE,
    1053     sh_error_setprint_wrap },
     1026    sh_error_setprint },
    10541027  { N_("printclass"),        SH_SECTION_LOG,   SH_SECTION_NONE,
    10551028    sh_error_print_mask },
    10561029
    10571030  { N_("logseverity"),       SH_SECTION_LOG,   SH_SECTION_NONE,
    1058     sh_error_setlog_wrap },
     1031    sh_error_setlog },
    10591032  { N_("logclass"),          SH_SECTION_LOG,   SH_SECTION_NONE,
    10601033    sh_error_log_mask },
    10611034
    10621035  { N_("syslogseverity"),    SH_SECTION_LOG,   SH_SECTION_NONE,
    1063     sh_error_set_syslog_wrap },
     1036    sh_error_set_syslog },
    10641037  { N_("syslogclass"),       SH_SECTION_LOG,   SH_SECTION_NONE,
    10651038    sh_error_syslog_mask },
    10661039#ifdef HAVE_LIBPRELUDE
    10671040  { N_("preludeseverity"),   SH_SECTION_LOG,   SH_SECTION_NONE,
    1068     sh_error_set_prelude_wrap },
     1041    sh_error_set_prelude },
    10691042  { N_("preludeclass"),      SH_SECTION_LOG,   SH_SECTION_NONE,
    10701043    sh_error_prelude_mask },
     
    11471120    N_("severityuser0"),
    11481121    N_("severityuser1"),
     1122    N_("severityuser2"),
     1123    N_("severityuser3"),
     1124    N_("severityuser4"),
    11491125    N_("severityprelink"),
    11501126    NULL
     
    11631139    SH_ERR_T_USER0,       
    11641140    SH_ERR_T_USER1,       
     1141    SH_ERR_T_USER2,       
     1142    SH_ERR_T_USER3,       
     1143    SH_ERR_T_USER4,       
    11651144    SH_ERR_T_PRELINK,       
    11661145  };
  • /trunk/src/sh_schedule.c

    r20 r30  
    5353#endif
    5454
     55#include "samhain.h"
    5556#include "sh_mem.h"
    5657
     
    318319  char * copy;
    319320  int    i = 0;
     321  size_t len;
    320322
    321323  if (!ssched || !isched)
    322324    return -1;
    323325
     326  len = strlen(ssched)+1;
    324327#ifdef TESTONLY
    325   copy = malloc(strlen(ssched)+1);                 /* testonly code */
    326 #else
    327   copy = SH_ALLOC(strlen(ssched)+1);
    328 #endif
    329   strcpy(copy, ssched);                            /* known to fit  */
     328  copy = malloc(len);                 /* testonly code */
     329#else
     330  copy = SH_ALLOC(len);
     331#endif
     332  sl_strlcpy(copy, ssched, len);
    330333
    331334  p = strtok(copy, " \t"); /* parse crontab-style schedule */
  • /trunk/src/sh_socket.c

    r20 r30  
    244244}
    245245
    246 int sh_socket_use (char * c)
     246int sh_socket_use (const char * c)
    247247{
    248248  return sh_util_flagval(c, &sh_socket_flaguse);
     
    289289#endif
    290290
    291 int sh_socket_uid (char * c)
     291int sh_socket_uid (const char * c)
    292292{
    293293  uid_t val = (uid_t) strtol (c, (char **)NULL, 10);
     
    301301}
    302302
    303 int sh_socket_password (char * c)
     303int sh_socket_password (const char * c)
    304304{
    305305#if defined(NEED_PASSWORD_AUTH)
     
    378378
    379379  name.sun_family = AF_FILE;
    380   strcpy (name.sun_path, sh_sockname);
     380  sl_strlcpy (name.sun_path, sh_sockname, sizeof(name.sun_path));
    381381
    382382  size = (offsetof (struct sockaddr_un, sun_path)
     
    878878
    879879  new = SH_ALLOC(sizeof(struct socket_cmd));
    880   strcpy (new->cmd, in->cmd);
    881   strcpy (new->clt, in->clt);
    882   strcpy (new->cti, sh_unix_time(0));
     880  sl_strlcpy (new->cmd, in->cmd, sizeof(new->cmd));
     881  sl_strlcpy (new->clt, in->clt, sizeof(new->clt));
     882  sl_strlcpy (new->cti, sh_unix_time(0), sizeof(new->cti));
    883883  new->next = cmdlist;
    884884  cmdlist   = new;
     
    896896      if (0 == sl_strcmp(new->clt, client_name))
    897897        {
    898           strcpy (new->cmd, in->cmd);
    899           strcpy (new->clt, in->clt);
    900           strcpy (new->cti, sh_unix_time(0));
     898          sl_strlcpy (new->cmd, in->cmd, sizeof(new->cmd));
     899          sl_strlcpy (new->clt, in->clt, sizeof(new->clt));
     900          sl_strlcpy (new->cti, sh_unix_time(0), sizeof(new->cti));
    901901          return;
    902902        }
     
    905905
    906906  new = SH_ALLOC(sizeof(struct socket_cmd));
    907   strcpy (new->cmd, in->cmd);
    908   strcpy (new->clt, in->clt);
    909   strcpy (new->cti, sh_unix_time(0));
     907  sl_strlcpy (new->cmd, in->cmd, sizeof(new->cmd));
     908  sl_strlcpy (new->clt, in->clt, sizeof(new->clt));
     909  sl_strlcpy (new->cti, sh_unix_time(0), sizeof(new->cti));
    910910  new->next = runlist;
    911911  runlist   = new;
  • /trunk/src/sh_srp.c

    r20 r30  
    121121        }
    122122      siz_str_internal = size;
    123       strcpy (get_str_internal, str);                   /* known to fit  */
     123      sl_strlcpy (get_str_internal, str, siz_str_internal);
    124124      for (i = 0; i < (size-1); ++i)
    125125        if (get_str_internal[i] >= 'a' && get_str_internal[i] <= 'f' )
     
    384384}
    385385
    386 #ifdef SH_WITH_CLIENT
     386#if defined(SH_WITH_CLIENT) || defined(SH_WITH_SERVER)
    387387 
    388388
     
    489489 
    490490 
    491 #ifdef SH_WITH_CLIENT
     491#if defined(SH_WITH_CLIENT) || defined(SH_WITH_SERVER)
    492492 
    493493char * sh_srp_S_c (char * u_str, char * B_str)
  • /trunk/src/sh_static.c

    r20 r30  
    5959#endif
    6060
     61extern  int sl_strlcpy(char * dst, /*@null@*/const char * src, size_t siz);
     62extern  int sl_strlcat(char * dst, /*@null@*/const char * src, size_t siz);
    6163
    6264
     
    884886
    885887#ifdef DEBUG
     888/* flawfinder: ignore *//* definition of debug macro */
    886889#define DPRINTF(X,args...) fprintf(stderr, X, ##args)
    887890#else
     
    11941197                        goto fail;
    11951198
    1196                 strncpy(lookup,name,MAXDNAME);
     1199                sl_strlcpy(lookup,name,MAXDNAME);
    11971200                BIGLOCK;
    11981201                if (variant < __searchdomains && strchr(lookup, '.') == NULL)
    11991202                {
    1200                     strncat(lookup,".", MAXDNAME);
    1201                     strncat(lookup,__searchdomain[variant], MAXDNAME);
     1203                    sl_strlcat(lookup,".", MAXDNAME);
     1204                    sl_strlcat(lookup,__searchdomain[variant], MAXDNAME);
    12021205                }
    12031206                BIGUNLOCK;
  • /trunk/src/sh_suidchk.c

    r20 r30  
    415415  long            sl_status = SL_ENONE;
    416416  struct stat     fileInfo;
     417  struct stat     fileInfo_F;
     418  int             file_d;
    417419
    418420  file_type       theFile;
    419421  char            fileHash[2*(KEY_LEN + 1)];
     422
     423  mode_t          umask_old;
     424  int             cperm_status;
    420425
    421426  SL_ENTER(_("sh_suidchk_check_internal"));
     
    519524               */
    520525              fs = filesystem_type (tmpcat, tmpcat, &buf);
    521               if (fs != NULL &&
     526              if (fs != NULL
     527#ifndef SH_SUIDTESTDIR
     528                  &&
     529                  0 != strncmp (_("afs"),     fs, 3) &&
     530                  0 != strncmp (_("devfs"),   fs, 5) &&
     531                  0 != strncmp (_("iso9660"), fs, 7) &&
     532                  0 != strncmp (_("lustre"),  fs, 6) &&
     533                  0 != strncmp (_("mmfs"),    fs, 4) &&
     534                  0 != strncmp (_("msdos"),   fs, 5) &&
    522535                  0 != strncmp (_("nfs"),     fs, 3) &&
     536                  0 != strncmp (_("nosuid"),  fs, 6) &&
    523537                  0 != strncmp (_("proc"),    fs, 4) &&
    524                   0 != strncmp (_("iso9660"), fs, 7) &&
    525                   0 != strncmp (_("vfat"),    fs, 4) &&
    526                   0 != strncmp (_("msdos"),   fs, 5) &&
    527                   0 != strncmp (_("devfs"),   fs, 5) &&
    528                   0 != strncmp (_("nosuid"),  fs, 6)
     538                  0 != strncmp (_("vfat"),    fs, 4)
     539#endif
    529540                  )
    530541                {
     
    666677                                    break;
    667678                                  case SH_Q_CHANGEPERM:
     679                                    cperm_status = 0;
     680                                    file_d = -1;
    668681                                    if (retry_lstat(FIL__, __LINE__, tmpcat, &fileInfo) == -1)
    669682                                      {
     
    677690                                                         tmp );
    678691                                        SH_FREE(msg);
     692                                        cperm_status = -1;
    679693                                      }
    680                                     else
     694
     695                                    if (cperm_status == 0)
    681696                                      {
    682697                                        if (0 != (caperr = sl_get_cap_qdel()))
     
    686701                                                            sh_error_message (caperr),
    687702                                                            _("sl_get_cap_qdel"));
     703                                            cperm_status = -1;
    688704                                          }
    689 
    690                                         if ((fileInfo.st_mode & S_ISUID) > 0)
    691                                           fileInfo.st_mode -= S_ISUID;
    692                                         if ((fileInfo.st_mode & S_ISGID) > 0)
    693                                           fileInfo.st_mode -= S_ISGID;
    694                                         if (chmod(tmpcat, fileInfo.st_mode) == -1)
     705                                      }
     706
     707                                    if (cperm_status == 0)
     708                                      {
     709                                        file_d = aud_open (FIL__, __LINE__, SL_YESPRIV,
     710                                                           tmpcat, O_RDONLY, 0);
     711                                        if (-1 == file_d)
     712                                          {
     713                                            status = errno;
     714                                            msg = SH_ALLOC(SH_BUFSIZE);
     715                                            (void) sl_snprintf(msg, SH_BUFSIZE, _("I/O error.  errno = %ld"), status);
     716                                            sh_error_handle (ShSuidchkSeverity,
     717                                                             FIL__, __LINE__,
     718                                                             status,
     719                                                             MSG_SUID_QREPORT, msg,
     720                                                             tmp );
     721                                            SH_FREE(msg);
     722                                            cperm_status = -1;
     723                                          }
     724                                      }
     725
     726                                    if (cperm_status == 0)
     727                                      {
     728                                        if (retry_fstat(FIL__, __LINE__, file_d, &fileInfo_F) == -1)
     729                                          {
     730                                            status = errno;
     731                                            msg = SH_ALLOC(SH_BUFSIZE);
     732                                            (void) sl_snprintf(msg, SH_BUFSIZE,
     733                                                               _("I/O error.  errno = %ld"), status);
     734                                            sh_error_handle (ShSuidchkSeverity,
     735                                                             FIL__, __LINE__,
     736                                                             status,
     737                                                             MSG_SUID_QREPORT, msg,
     738                                                             tmp );
     739                                            SH_FREE(msg);
     740                                            cperm_status = -1;
     741                                          }
     742                                      }
     743
     744                                    if (cperm_status == 0)
     745                                      {
     746                                        if (fileInfo_F.st_ino  != fileInfo.st_ino ||
     747                                            fileInfo_F.st_dev  != fileInfo.st_dev ||
     748                                            fileInfo_F.st_mode != fileInfo.st_mode)
     749                                          {
     750                                            status = errno;
     751                                            msg = SH_ALLOC(SH_BUFSIZE);
     752                                            (void) sl_snprintf(msg, SH_BUFSIZE,
     753                                                               _("Race detected.  errno = %ld"), status);
     754                                            sh_error_handle (ShSuidchkSeverity,
     755                                                             FIL__, __LINE__,
     756                                                             status,
     757                                                             MSG_SUID_QREPORT, msg,
     758                                                             tmp );
     759                                            SH_FREE(msg);
     760                                            cperm_status = -1;
     761                                          }
     762                                      }
     763
     764                                    if ((fileInfo.st_mode & S_ISUID) > 0)
     765                                      fileInfo.st_mode -= S_ISUID;
     766                                    if ((fileInfo.st_mode & S_ISGID) > 0)
     767                                      fileInfo.st_mode -= S_ISGID;
     768
     769                                    if (cperm_status == 0)
     770                                      {
     771                                        if (fchmod(file_d, fileInfo.st_mode) == -1)
    695772                                          {
    696773                                            status = errno;
     
    713790                                                             tmp );
    714791                                          }
    715                                         if (0 != (caperr = sl_drop_cap_qdel()))
     792                                      }
     793
     794                                    if (0 != (caperr = sl_drop_cap_qdel()))
     795                                      {
     796                                        sh_error_handle((-1), FIL__, __LINE__,
     797                                                        caperr, MSG_E_SUBGEN,
     798                                                        sh_error_message (caperr),
     799                                                        _("sl_drop_cap_qdel"));
     800                                      }
     801
     802                                    if (file_d != -1)
     803                                      {
     804        &