- Location:
- /trunk
- Files:
-
- 6 added
- 2 deleted
- 98 edited
-
COPYING (modified) (1 diff)
-
Makefile.in (modified) (4 diffs)
-
configure.ac (modified) (2 diffs)
-
depend.dep (modified) (1 diff)
-
depend.sum (modified) (1 diff)
-
deploy.sh.in (modified) (1 diff)
-
docs/Changelog (modified) (2 diffs)
-
docs/MANUAL-2_0.html.tar (deleted)
-
docs/MANUAL-2_0.ps (deleted)
-
docs/MANUAL-2_2.html.tar (added)
-
docs/MANUAL-2_2.pdf (added)
-
docs/README.UPGRADE (modified) (1 diff)
-
dsys/comBUILD (modified) (1 diff)
-
dsys/comCHECKSRC (modified) (1 diff)
-
dsys/comCLEAN (modified) (1 diff)
-
dsys/comDOWNLOAD (modified) (2 diffs)
-
dsys/comINSTALL (modified) (1 diff)
-
dsys/comUNINSTALL (modified) (1 diff)
-
dsys/funcBUILD (modified) (1 diff)
-
dsys/funcDB (modified) (1 diff)
-
dsys/funcDIALOG (modified) (1 diff)
-
dsys/funcEXE (modified) (1 diff)
-
dsys/funcINSTALL (modified) (1 diff)
-
dsys/funcPRINT (modified) (1 diff)
-
dsys/funcSETUP (modified) (1 diff)
-
dsys/initscript (modified) (1 diff)
-
dsys/postinstall (modified) (1 diff)
-
dsys/preinstall (modified) (1 diff)
-
include/samhain.h (modified) (2 diffs)
-
include/sh_calls.h (modified) (1 diff)
-
include/sh_database.h (modified) (1 diff)
-
include/sh_error.h (modified) (9 diffs)
-
include/sh_extern.h (modified) (4 diffs)
-
include/sh_files.h (modified) (5 diffs)
-
include/sh_forward.h (modified) (6 diffs)
-
include/sh_hash.h (modified) (1 diff)
-
include/sh_ignore.h (modified) (1 diff)
-
include/sh_mail.h (modified) (3 diffs)
-
include/sh_prelink.h (modified) (1 diff)
-
include/sh_prelude.h (modified) (2 diffs)
-
include/sh_tiger.h (modified) (1 diff)
-
include/sh_tools.h (modified) (3 diffs)
-
include/sh_unix.h (modified) (6 diffs)
-
include/sh_utils.h (modified) (2 diffs)
-
man/samhain.8 (modified) (2 diffs)
-
man/samhainrc.5 (modified) (4 diffs)
-
scripts/README (modified) (1 diff)
-
scripts/samhainadmin.pl.in (modified) (2 diffs)
-
scripts/samhainrc_update.sh (modified) (1 diff)
-
src/cutest_sh_unix.c (added)
-
src/cutest_sh_utils.c (added)
-
src/cutest_slib.c (added)
-
src/make-tests.sh (modified) (1 diff)
-
src/samhain.c (modified) (14 diffs)
-
src/samhain_setpwd.c (modified) (7 diffs)
-
src/sh_calls.c (modified) (1 diff)
-
src/sh_database.c (modified) (9 diffs)
-
src/sh_entropy.c (modified) (5 diffs)
-
src/sh_err_console.c (modified) (2 diffs)
-
src/sh_err_log.c (modified) (11 diffs)
-
src/sh_err_syslog.c (modified) (1 diff)
-
src/sh_error.c (modified) (17 diffs)
-
src/sh_extern.c (modified) (28 diffs)
-
src/sh_fifo.c (modified) (3 diffs)
-
src/sh_files.c (modified) (25 diffs)
-
src/sh_forward.c (modified) (25 diffs)
-
src/sh_getopt.c (modified) (7 diffs)
-
src/sh_gpg.c (modified) (3 diffs)
-
src/sh_hash.c (modified) (2 diffs)
-
src/sh_html.c (modified) (3 diffs)
-
src/sh_ignore.c (modified) (3 diffs)
-
src/sh_kern.c (modified) (1 diff)
-
src/sh_mail.c (modified) (20 diffs)
-
src/sh_mem.c (modified) (4 diffs)
-
src/sh_prelink.c (modified) (3 diffs)
-
src/sh_prelude.c (modified) (23 diffs)
-
src/sh_readconf.c (modified) (22 diffs)
-
src/sh_schedule.c (modified) (2 diffs)
-
src/sh_socket.c (modified) (7 diffs)
-
src/sh_srp.c (modified) (3 diffs)
-
src/sh_static.c (modified) (3 diffs)
-
src/sh_suidchk.c (modified) (13 diffs)
-
src/sh_tiger0.c (modified) (8 diffs)
-
src/sh_tools.c (modified) (15 diffs)
-
src/sh_unix.c (modified) (37 diffs)
-
src/sh_userfiles.c (modified) (2 diffs)
-
src/sh_utils.c (modified) (20 diffs)
-
src/sh_utmp.c (modified) (1 diff)
-
src/slib.c (modified) (13 diffs)
-
src/yulectl.c (modified) (5 diffs)
-
test/test.sh (modified) (13 diffs)
-
test/testcompile.sh (modified) (35 diffs)
-
test/testext.sh (modified) (3 diffs)
-
test/testhash.sh (modified) (1 diff)
-
test/testrc_2.in (modified) (1 diff)
-
test/testrun_1.sh (modified) (10 diffs)
-
test/testrun_1a.sh (modified) (1 diff)
-
test/testrun_1b.sh (modified) (3 diffs)
-
test/testrun_1c.sh (added)
-
test/testrun_2.sh (modified) (20 diffs)
-
test/testrun_2a.sh (modified) (12 diffs)
-
test/testrun_2b.sh (modified) (7 diffs)
-
test/testrun_2c.sh (modified) (2 diffs)
-
test/testrun_2d.sh (modified) (2 diffs)
-
test/testtimesrv.sh (modified) (4 diffs)
-
yulerc.template (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
-
/trunk/COPYING
r20 r30 131 131 132 132 (vi) Support for the MD5 hash algorithm is provided by code 133 from b eecrypt which is distributed under the LGPL.134 135 /*136 * md5.c137 *138 * MD5 hash function, code139 *140 * Copyright (c) 2000 Virtual Unlimited B.V.141 142 * Author: Bob Deblier <bob@virtualunlimited.com>143 *144 * This library is free software; you can redistribute it and/or145 * modify it under the terms of the GNU Lesser General Public146 * License as published by the Free Software Foundation; either147 * version 2.1 of the License, or (at your option) any later version.148 *149 * This library is distributed in the hope that it will be useful,150 * but WITHOUT ANY WARRANTY; without even the implied warranty of151 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU152 * Lesser General Public License for more details.153 *154 * You should have received a copy of the GNU Lesser General Public155 * License along with this library; if not, write to the Free Software156 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 157 * USA158 */ 133 from busybox which is distributed under the GPL. 134 135 /* md5.c - Functions to compute MD5 message digest of files or memory blocks 136 * according to the definition of MD5 in RFC 1321 from April 1992. 137 * Copyright (C) 1995, 1996 Free Software Foundation, Inc. 138 * 139 * NOTE: The canonical source of this file is maintained with the GNU C 140 * Library. Bugs can be reported to bug-glibc@prep.ai.mit.edu. 141 * 142 * This program is free software; you can redistribute it and/or modify it 143 * under the terms of the GNU General Public License as published by the 144 * Free Software Foundation; either version 2, or (at your option) any 145 * later version. 146 * 147 * This program is distributed in the hope that it will be useful, 148 * but WITHOUT ANY WARRANTY; without even the implied warranty of 149 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 150 * GNU General Public License for more details. 151 * 152 * You should have received a copy of the GNU General Public License 153 * along with this program; if not, write to the Free Software Foundation, 154 * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. 155 */ 156 157 /* Written by Ulrich Drepper <drepper@gnu.ai.mit.edu>, 1995. */ 158 159 159 160 160 (vi) Support for the SHA-1 hash algorithm is provided by code -
/trunk/Makefile.in
r20 r30 152 152 testtimesrv.sh \ 153 153 testext.sh testrc_1ext.in test_ext.c.in \ 154 testrun_1.sh testrun_1a.sh testrun_1b.sh testr c_1 \154 testrun_1.sh testrun_1a.sh testrun_1b.sh testrun_1c.sh testrc_1 \ 155 155 testrun_2.sh testrun_2a.sh testrun_2b.sh testrc_2.in \ 156 156 testrun_2c.sh testrun_2d.sh … … 793 793 echo $(top_srcdir)/docs/HOWTO-client+server.html >> debian/docs; \ 794 794 echo $(top_srcdir)/docs/HOWTO-samhain+GnuPG.html >> debian/docs; \ 795 echo $(top_srcdir)/docs/MANUAL-2_ 0.html.tar >> debian/docs; \796 echo $(top_srcdir)/docs/MANUAL-2_ 0.ps>> debian/docs; \795 echo $(top_srcdir)/docs/MANUAL-2_2.html.tar >> debian/docs; \ 796 echo $(top_srcdir)/docs/MANUAL-2_2.pdf >> debian/docs; \ 797 797 echo $(top_srcdir)/docs/README.gcc_bug >> debian/docs; \ 798 798 echo $(top_srcdir)/docs/README.LZO >> debian/docs; \ … … 1090 1090 1091 1091 CUTEST_SOURCES = $(srcsrc)/cutest_sh_tools.c \ 1092 $(srcsrc)/cutest_sh_utils.c \ 1093 $(srcsrc)/cutest_sh_unix.c \ 1094 $(srcsrc)/cutest_slib.c \ 1092 1095 $(srcsrc)/cutest_zAVLTree.c \ 1093 1096 $(srcsrc)/cutest_sh_tiger0.c 1094 1097 1095 CUTEST_OBJECTS = cutest_sh_tools.o cutest_zAVLTree.o cutest_sh_tiger0.o 1098 CUTEST_OBJECTS = cutest_sh_tools.o \ 1099 cutest_sh_utils.o \ 1100 cutest_sh_unix.o \ 1101 cutest_slib.o \ 1102 cutest_zAVLTree.o \ 1103 cutest_sh_tiger0.o 1096 1104 1097 1105 $(CUTEST_OBJECTS): $(CUTEST_SOURCES) … … 1601 1609 sh_err_console.o: $(srcsrc)/sh_err_console.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_utils.h 1602 1610 sh_err_syslog.o: $(srcsrc)/sh_err_syslog.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h 1603 sh_schedule.o: $(srcsrc)/sh_schedule.c Makefile config_xor.h $(srcinc)/s h_mem.h $(srcinc)/sh_schedule.h1611 sh_schedule.o: $(srcsrc)/sh_schedule.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_mem.h $(srcinc)/sh_schedule.h 1604 1612 bignum.o: $(srcsrc)/bignum.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/bignum.h 1605 1613 mkhdr.o: $(srcsrc)/mkhdr.c Makefile config.h -
/trunk/configure.ac
r20 r30 37 37 dnl start 38 38 dnl 39 AM_INIT_AUTOMAKE(samhain, 2.2.0rc 1)39 AM_INIT_AUTOMAKE(samhain, 2.2.0rc3) 40 40 AC_CANONICAL_HOST 41 41 … … 763 763 ;; 764 764 *) 765 AM_PATH_LIBPRELUDE([0.9. 0],765 AM_PATH_LIBPRELUDE([0.9.6], 766 766 [ 767 767 AC_DEFINE(HAVE_LIBPRELUDE,1,[Have libprelude]) -
/trunk/depend.dep
r20 r30 34 34 sh_err_console.o: $(srcsrc)/sh_err_console.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_utils.h 35 35 sh_err_syslog.o: $(srcsrc)/sh_err_syslog.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h 36 sh_schedule.o: $(srcsrc)/sh_schedule.c Makefile config_xor.h $(srcinc)/s h_mem.h $(srcinc)/sh_schedule.h36 sh_schedule.o: $(srcsrc)/sh_schedule.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_mem.h $(srcinc)/sh_schedule.h 37 37 bignum.o: $(srcsrc)/bignum.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/bignum.h 38 38 mkhdr.o: $(srcsrc)/mkhdr.c Makefile config.h -
/trunk/depend.sum
r20 r30 1 3476546078 1 2018699483 -
/trunk/deploy.sh.in
r20 r30 1 1 #! /bin/sh 2 3 # 4 # Copyright Rainer Wichmann (2005) 5 # 6 # License Information: 7 # This program is free software; you can redistribute it and/or modify 8 # it under the terms of the GNU General Public License as published by 9 # the Free Software Foundation; either version 2 of the License, or 10 # (at your option) any later version. 11 # 12 # This program is distributed in the hope that it will be useful, 13 # but WITHOUT ANY WARRANTY; without even the implied warranty of 14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 # GNU General Public License for more details. 16 # 17 # You should have received a copy of the GNU General Public License 18 # along with this program; if not, write to the Free Software 19 # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 20 # 2 21 3 22 #VERSION2.0 -
/trunk/docs/Changelog
r20 r30 1 1 2.2.0: 2 * patch by Jim Simmons for samhainadmin.pl.in 3 * fix testsuite portability problems 4 * fix md5 endianess problem detected on HP-UX 11i / PA-RISC 8700 5 * fix potential NULL dereference in sh_utmp_endutent() 6 * patch by Neil Gorsuch for suidchk.c (do not scan lustre, afs, mmfs) 7 * fix sh_ext_popen (OpenBSD needs non-null argv[0] in execve) 8 * fix make_tests.sh portability (echo '"\n"' does not work on OpenBSD) 9 * fix bug in sh_utils_obscurename (check isascii) 10 * scan h_aliases for FQDN if h_name is not 11 * add copyright/license info to test scripts 12 * add copyright/license info to deployment system scripts 13 * support server-to-server relay 14 * new CL option --server-port 15 * minor improvements in manual 16 * patch by Yoann Vandoorselaere for sh_prelude.c 17 * allow --longopt arg as well as --longopt=arg 18 * verify checksum of growing log files (up to previous size) 19 * rewrite of the test suite 2 20 * added a bit of unit testing 3 * improved the windows howto according to suggestions by4 Jorge Morgado5 21 * minor optimizations in various places 6 22 * optimized implementation of tiger checksum algorithm … … 15 31 * slib.c: remove fcntl's from sl_read_timeout (caller sets O_NONBLOCK), 16 32 add function sl_read_timeout_prep 33 34 2.1.3 (13-03-2006): 35 * fix compile problem in slib.c (reported by Lawrence Bowie) 36 * fix bug with combination of one-shot update mode and file check 37 schedule (reportedby Dan Track) 38 * improved the windows howto according to suggestions by 39 Jorge Morgado 40 * fix samhain_hide kernel module for new linux kernel versions 41 * fix minor problem with dead client detection (problem reported 42 by Michal Kustosik) 17 43 18 44 2.1.2 (10-01-2006): -
/trunk/docs/README.UPGRADE
r20 r30 1 2 since 2.2.0: server-to-server relay is possible 3 4 -- this implies that problems will arise if your server is misconfigured 5 to connect to itself (SetExportSeverity is explicitely set 6 to a threshold different from 'none', and the logserver is set to 7 localhost). The server may deadlock in this case. 8 9 10 1 11 since 2.1.0: update and daemon mode can be combined 2 12 -
/trunk/dsys/comBUILD
r20 r30 4 4 # 5 5 ######################################################################### 6 # 7 # Copyright Rainer Wichmann (2005) 8 # 9 # License Information: 10 # This program is free software; you can redistribute it and/or modify 11 # it under the terms of the GNU General Public License as published by 12 # the Free Software Foundation; either version 2 of the License, or 13 # (at your option) any later version. 14 # 15 # This program is distributed in the hope that it will be useful, 16 # but WITHOUT ANY WARRANTY; without even the implied warranty of 17 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 18 # GNU General Public License for more details. 19 # 20 # You should have received a copy of the GNU General Public License 21 # along with this program; if not, write to the Free Software 22 # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 23 # 6 24 7 25 commandBUILD() { -
/trunk/dsys/comCHECKSRC
r20 r30 4 4 # 5 5 ######################################################################### 6 # 7 # Copyright Rainer Wichmann (2005) 8 # 9 # License Information: 10 # This program is free software; you can redistribute it and/or modify 11 # it under the terms of the GNU General Public License as published by 12 # the Free Software Foundation; either version 2 of the License, or 13 # (at your option) any later version. 14 # 15 # This program is distributed in the hope that it will be useful, 16 # but WITHOUT ANY WARRANTY; without even the implied warranty of 17 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 18 # GNU General Public License for more details. 19 # 20 # You should have received a copy of the GNU General Public License 21 # along with this program; if not, write to the Free Software 22 # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 23 # 6 24 7 25 commandCHECKSRC() { -
/trunk/dsys/comCLEAN
r20 r30 4 4 # 5 5 ######################################################################### 6 # 7 # Copyright Rainer Wichmann (2005) 8 # 9 # License Information: 10 # This program is free software; you can redistribute it and/or modify 11 # it under the terms of the GNU General Public License as published by 12 # the Free Software Foundation; either version 2 of the License, or 13 # (at your option) any later version. 14 # 15 # This program is distributed in the hope that it will be useful, 16 # but WITHOUT ANY WARRANTY; without even the implied warranty of 17 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 18 # GNU General Public License for more details. 19 # 20 # You should have received a copy of the GNU General Public License 21 # along with this program; if not, write to the Free Software 22 # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 23 # 6 24 7 25 commandCLEAN() { -
/trunk/dsys/comDOWNLOAD
r20 r30 4 4 # 5 5 ######################################################################### 6 # 7 # Copyright Rainer Wichmann (2005) 8 # 9 # License Information: 10 # This program is free software; you can redistribute it and/or modify 11 # it under the terms of the GNU General Public License as published by 12 # the Free Software Foundation; either version 2 of the License, or 13 # (at your option) any later version. 14 # 15 # This program is distributed in the hope that it will be useful, 16 # but WITHOUT ANY WARRANTY; without even the implied warranty of 17 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 18 # GNU General Public License for more details. 19 # 20 # You should have received a copy of the GNU General Public License 21 # along with this program; if not, write to the Free Software 22 # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 23 # 6 24 7 25 commandDOWNLOAD() { … … 111 129 if test -z "$command" 112 130 then 113 printFATAL "No wget, curl, lynx, links, lwp-request, fetch in your \$PATH, cannot download"131 printFATAL "No wget, curl, lynx, links, lwp-request, fetch, fget in your \$PATH, cannot download" 114 132 fi 115 133 -
/trunk/dsys/comINSTALL
r20 r30 4 4 # 5 5 ######################################################################### 6 # 7 # Copyright Rainer Wichmann (2005) 8 # 9 # License Information: 10 # This program is free software; you can redistribute it and/or modify 11 # it under the terms of the GNU General Public License as published by 12 # the Free Software Foundation; either version 2 of the License, or 13 # (at your option) any later version. 14 # 15 # This program is distributed in the hope that it will be useful, 16 # but WITHOUT ANY WARRANTY; without even the implied warranty of 17 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 18 # GNU General Public License for more details. 19 # 20 # You should have received a copy of the GNU General Public License 21 # along with this program; if not, write to the Free Software 22 # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 23 # 6 24 7 25 commandINSTALL() { -
/trunk/dsys/comUNINSTALL
r20 r30 4 4 # 5 5 ######################################################################### 6 # 7 # Copyright Rainer Wichmann (2005) 8 # 9 # License Information: 10 # This program is free software; you can redistribute it and/or modify 11 # it under the terms of the GNU General Public License as published by 12 # the Free Software Foundation; either version 2 of the License, or 13 # (at your option) any later version. 14 # 15 # This program is distributed in the hope that it will be useful, 16 # but WITHOUT ANY WARRANTY; without even the implied warranty of 17 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 18 # GNU General Public License for more details. 19 # 20 # You should have received a copy of the GNU General Public License 21 # along with this program; if not, write to the Free Software 22 # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 23 # 6 24 7 25 commandUNINSTALL() { -
/trunk/dsys/funcBUILD
r20 r30 4 4 # 5 5 ######################################################################### 6 # 7 # Copyright Rainer Wichmann (2005) 8 # 9 # License Information: 10 # This program is free software; you can redistribute it and/or modify 11 # it under the terms of the GNU General Public License as published by 12 # the Free Software Foundation; either version 2 of the License, or 13 # (at your option) any later version. 14 # 15 # This program is distributed in the hope that it will be useful, 16 # but WITHOUT ANY WARRANTY; without even the implied warranty of 17 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 18 # GNU General Public License for more details. 19 # 20 # You should have received a copy of the GNU General Public License 21 # along with this program; if not, write to the Free Software 22 # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 23 # 6 24 7 25 #------------------------------------------------------------------------ -
/trunk/dsys/funcDB
r20 r30 4 4 # 5 5 ######################################################################### 6 # 7 # Copyright Rainer Wichmann (2005) 8 # 9 # License Information: 10 # This program is free software; you can redistribute it and/or modify 11 # it under the terms of the GNU General Public License as published by 12 # the Free Software Foundation; either version 2 of the License, or 13 # (at your option) any later version. 14 # 15 # This program is distributed in the hope that it will be useful, 16 # but WITHOUT ANY WARRANTY; without even the implied warranty of 17 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 18 # GNU General Public License for more details. 19 # 20 # You should have received a copy of the GNU General Public License 21 # along with this program; if not, write to the Free Software 22 # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 23 # 6 24 7 25 DBFTEST=0 -
/trunk/dsys/funcDIALOG
r20 r30 4 4 # 5 5 ######################################################################### 6 # 7 # Copyright Rainer Wichmann (2005) 8 # 9 # License Information: 10 # This program is free software; you can redistribute it and/or modify 11 # it under the terms of the GNU General Public License as published by 12 # the Free Software Foundation; either version 2 of the License, or 13 # (at your option) any later version. 14 # 15 # This program is distributed in the hope that it will be useful, 16 # but WITHOUT ANY WARRANTY; without even the implied warranty of 17 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 18 # GNU General Public License for more details. 19 # 20 # You should have received a copy of the GNU General Public License 21 # along with this program; if not, write to the Free Software 22 # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 23 # 6 24 7 25 # print without newline -
/trunk/dsys/funcEXE
r20 r30 4 4 # 5 5 ######################################################################### 6 # 7 # Copyright Rainer Wichmann (2005) 8 # 9 # License Information: 10 # This program is free software; you can redistribute it and/or modify 11 # it under the terms of the GNU General Public License as published by 12 # the Free Software Foundation; either version 2 of the License, or 13 # (at your option) any later version. 14 # 15 # This program is distributed in the hope that it will be useful, 16 # but WITHOUT ANY WARRANTY; without even the implied warranty of 17 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 18 # GNU General Public License for more details. 19 # 20 # You should have received a copy of the GNU General Public License 21 # along with this program; if not, write to the Free Software 22 # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 23 # 6 24 7 25 findEXE() { -
/trunk/dsys/funcINSTALL
r20 r30 4 4 # 5 5 ######################################################################### 6 # 7 # Copyright Rainer Wichmann (2005) 8 # 9 # License Information: 10 # This program is free software; you can redistribute it and/or modify 11 # it under the terms of the GNU General Public License as published by 12 # the Free Software Foundation; either version 2 of the License, or 13 # (at your option) any later version. 14 # 15 # This program is distributed in the hope that it will be useful, 16 # but WITHOUT ANY WARRANTY; without even the implied warranty of 17 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 18 # GNU General Public License for more details. 19 # 20 # You should have received a copy of the GNU General Public License 21 # along with this program; if not, write to the Free Software 22 # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 23 # 6 24 7 25 getconfopts () { -
/trunk/dsys/funcPRINT
r20 r30 4 4 # 5 5 ######################################################################### 6 # 7 # Copyright Rainer Wichmann (2005) 8 # 9 # License Information: 10 # This program is free software; you can redistribute it and/or modify 11 # it under the terms of the GNU General Public License as published by 12 # the Free Software Foundation; either version 2 of the License, or 13 # (at your option) any later version. 14 # 15 # This program is distributed in the hope that it will be useful, 16 # but WITHOUT ANY WARRANTY; without even the implied warranty of 17 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 18 # GNU General Public License for more details. 19 # 20 # You should have received a copy of the GNU General Public License 21 # along with this program; if not, write to the Free Software 22 # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 23 # 6 24 7 25 # Fatal error -
/trunk/dsys/funcSETUP
r20 r30 4 4 # 5 5 ######################################################################### 6 # 7 # Copyright Rainer Wichmann (2005) 8 # 9 # License Information: 10 # This program is free software; you can redistribute it and/or modify 11 # it under the terms of the GNU General Public License as published by 12 # the Free Software Foundation; either version 2 of the License, or 13 # (at your option) any later version. 14 # 15 # This program is distributed in the hope that it will be useful, 16 # but WITHOUT ANY WARRANTY; without even the implied warranty of 17 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 18 # GNU General Public License for more details. 19 # 20 # You should have received a copy of the GNU General Public License 21 # along with this program; if not, write to the Free Software 22 # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 23 # 6 24 7 25 # test setup -
/trunk/dsys/initscript
r20 r30 1 1 #! /bin/sh 2 3 # 4 # Copyright Rainer Wichmann (2005) 5 # 6 # License Information: 7 # This program is free software; you can redistribute it and/or modify 8 # it under the terms of the GNU General Public License as published by 9 # the Free Software Foundation; either version 2 of the License, or 10 # (at your option) any later version. 11 # 12 # This program is distributed in the hope that it will be useful, 13 # but WITHOUT ANY WARRANTY; without even the implied warranty of 14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 # GNU General Public License for more details. 16 # 17 # You should have received a copy of the GNU General Public License 18 # along with this program; if not, write to the Free Software 19 # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 20 # 2 21 3 22 startup=no -
/trunk/dsys/postinstall
r20 r30 1 1 #! /bin/sh 2 3 # 4 # Copyright Rainer Wichmann (2005) 5 # 6 # License Information: 7 # This program is free software; you can redistribute it and/or modify 8 # it under the terms of the GNU General Public License as published by 9 # the Free Software Foundation; either version 2 of the License, or 10 # (at your option) any later version. 11 # 12 # This program is distributed in the hope that it will be useful, 13 # but WITHOUT ANY WARRANTY; without even the implied warranty of 14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 # GNU General Public License for more details. 16 # 17 # You should have received a copy of the GNU General Public License 18 # along with this program; if not, write to the Free Software 19 # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 20 # 2 21 3 22 name=`./samhain-install.sh --print-config name` -
/trunk/dsys/preinstall
r20 r30 1 1 #! /bin/sh 2 # 3 # Copyright Rainer Wichmann (2005) 4 # 5 # License Information: 6 # This program is free software; you can redistribute it and/or modify 7 # it under the terms of the GNU General Public License as published by 8 # the Free Software Foundation; either version 2 of the License, or 9 # (at your option) any later version. 10 # 11 # This program is distributed in the hope that it will be useful, 12 # but WITHOUT ANY WARRANTY; without even the implied warranty of 13 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 # GNU General Public License for more details. 15 # 16 # You should have received a copy of the GNU General Public License 17 # along with this program; if not, write to the Free Software 18 # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 19 # 2 20 3 21 name=`./samhain-install.sh --print-config name` -
/trunk/include/samhain.h
r20 r30 138 138 SH_LEVEL_USER0 = 7, 139 139 SH_LEVEL_USER1 = 8, 140 SH_LEVEL_PRELINK = 9 140 SH_LEVEL_USER2 = 9, 141 SH_LEVEL_USER3 = 10, 142 SH_LEVEL_USER4 = 11, 143 SH_LEVEL_PRELINK = 12 141 144 }; 142 145 … … 290 293 /*@null@*/ extern sh_key_t *skey; 291 294 295 /************************************************** 296 * 297 * macros 298 * 299 **************************************************/ 300 301 /* signal-safe log function 302 */ 303 int safe_logger (int signal, int method, char * details); 304 void safe_fatal (int signal, int method, char * details, char *f, int l); 305 306 #define SH_VALIDATE_EQ(a,b) \ 307 do { \ 308 if ((a) != (b)) safe_fatal(0, 0, #a " != " #b, FIL__, __LINE__);\ 309 } while (0) 310 311 #define SH_VALIDATE_NE(a,b) \ 312 do { \ 313 if ((a) == (b)) safe_fatal(0, 0, #a " == " #b, FIL__, __LINE__);\ 314 } while (0) 292 315 293 316 #if defined(HAVE_MLOCK) && !defined(HAVE_BROKEN_MLOCK) -
/trunk/include/sh_calls.h
r20 r30 33 33 /* Set aud functions 34 34 */ 35 int sh_aud_set_functions(c har * str_s);35 int sh_aud_set_functions(const char * str_s); 36 36 37 37 -
/trunk/include/sh_database.h
r20 r30 5 5 int sh_database_insert (char * message); 6 6 7 int sh_database_use_persistent (c har * str);7 int sh_database_use_persistent (const char * str); 8 8 9 int sh_database_set_database (c har * str);10 int sh_database_set_table (c har * str);11 int sh_database_set_host (c har * str);12 int sh_database_set_user (c har * str);13 int sh_database_set_password (c har * str);14 int sh_database_add_to_hash (c har * str);15 int set_enter_wrapper (c har * str);9 int sh_database_set_database (const char * str); 10 int sh_database_set_table (const char * str); 11 int sh_database_set_host (const char * str); 12 int sh_database_set_user (const char * str); 13 int sh_database_set_password (const char * str); 14 int sh_database_add_to_hash (const char * str); 15 int set_enter_wrapper (const char * str); 16 16 #endif -
/trunk/include/sh_error.h
r20 r30 30 30 SH_ERR_T_START = 0, 31 31 32 /* 1- 9= SH_LEVEL_XXX */32 /* 1-13 = SH_LEVEL_XXX */ 33 33 34 34 SH_ERR_T_RO = SH_LEVEL_READONLY, … … 40 40 SH_ERR_T_USER0 = SH_LEVEL_USER0, 41 41 SH_ERR_T_USER1 = SH_LEVEL_USER1, 42 SH_ERR_T_USER2 = SH_LEVEL_USER2, 43 SH_ERR_T_USER3 = SH_LEVEL_USER3, 44 SH_ERR_T_USER4 = SH_LEVEL_USER4, 42 45 SH_ERR_T_PRELINK = SH_LEVEL_PRELINK, 43 46 44 SH_ERR_T_DIR = 1 0,45 SH_ERR_T_FILE = 1 1,46 SH_ERR_T_NAME = 1 2,47 SH_ERR_T_DIR = 13, 48 SH_ERR_T_FILE = 14, 49 SH_ERR_T_NAME = 15, 47 50 48 SH_ERR_T_END = 1 351 SH_ERR_T_END = 16 49 52 }; 50 53 … … 81 84 /* set mask for message class 82 85 */ 83 int sh_error_log_mask (c har * c);84 int sh_error_print_mask (c har * c);85 int sh_error_mail_mask (c har * c);86 int sh_error_export_mask (c har * c);87 int sh_error_syslog_mask (c har * c);88 int sh_error_external_mask (c har * c);89 int sh_error_database_mask (c har * c);90 int sh_error_prelude_mask (c har * c);86 int sh_error_log_mask (const char * c); 87 int sh_error_print_mask (const char * c); 88 int sh_error_mail_mask (const char * c); 89 int sh_error_export_mask (const char * c); 90 int sh_error_syslog_mask (const char * c); 91 int sh_error_external_mask (const char * c); 92 int sh_error_database_mask (const char * c); 93 int sh_error_prelude_mask (const char * c); 91 94 92 95 … … 99 102 #ifdef SH_WITH_SERVER 100 103 void sh_error_set_peer(const char * str); 101 int set_flag_sep_log (c har * str);104 int set_flag_sep_log (const char * str); 102 105 #endif 103 106 … … 108 111 /* convert a string to a numeric priority 109 112 */ 110 int sh_error_convert_level (c har * str_s);113 int sh_error_convert_level (const char * str_s); 111 114 112 115 /* only to stderr (GOOD/BAD) … … 116 119 /* set syslog facility 117 120 */ 118 int sh_log_set_facility (c har * c);121 int sh_log_set_facility (const char * c); 119 122 120 123 /* define message header 121 124 */ 122 int sh_error_ehead (/*@null@*/c har * s);125 int sh_error_ehead (/*@null@*/const char * s); 123 126 124 127 /* set level for error logging … … 128 131 /* set severity levels 129 132 */ 130 int sh_error_set_iv (int iv, c har * severity_s);133 int sh_error_set_iv (int iv, const char * severity_s); 131 134 132 135 /* set priorities … … 178 181 /* (re)set the console device(s) 179 182 */ 180 int sh_log_set_console (c har * address);183 int sh_log_set_console (const char * address); 181 184 void reset_count_dev_console(void); 182 185 … … 188 191 /* enable message queue 189 192 */ 190 int enable_msgq(c har * foo);193 int enable_msgq(const char * foo); 191 194 #endif 192 195 -
/trunk/include/sh_extern.h
r20 r30 43 43 * -- add CL argument, return # of arguments 44 44 */ 45 int sh_ext_tas_add_argv(sh_tas_t * tas, c har * val);45 int sh_ext_tas_add_argv(sh_tas_t * tas, const char * val); 46 46 /* 47 47 * -- remove last CL argument … … 51 51 * -- add environment variable, return # of variables 52 52 */ 53 int sh_ext_tas_add_envv(sh_tas_t * tas, c har * key,char * val);53 int sh_ext_tas_add_envv(sh_tas_t * tas, const char * key, const char * val); 54 54 /* 55 55 * -- set command 56 56 */ 57 void sh_ext_tas_command(sh_tas_t * tas, c har * command);57 void sh_ext_tas_command(sh_tas_t * tas, const char * command); 58 58 /* 59 59 * -- initialize task structure … … 71 71 * -- start a new external command, and add it to the list 72 72 */ 73 int sh_ext_setcommand(c har * cmd);73 int sh_ext_setcommand(const char * cmd); 74 74 75 75 /* … … 81 81 * -- set deadtime 82 82 */ 83 int sh_ext_deadtime (c har * str);83 int sh_ext_deadtime (const char * str); 84 84 85 85 /* 86 86 * -- add keywords to the OR filter 87 87 */ 88 int sh_ext_add_or (c har * str);88 int sh_ext_add_or (const char * str); 89 89 90 90 /* 91 91 * -- add keywords to the AND filter 92 92 */ 93 int sh_ext_add_and (c har * str);93 int sh_ext_add_and (const char * str); 94 94 95 95 /* 96 96 * -- add keywords to the NOT filter 97 97 */ 98 int sh_ext_add_not (c har * str);98 int sh_ext_add_not (const char * str); 99 99 100 100 /* 101 101 * -- add keywords to the CL argument list 102 102 */ 103 int sh_ext_add_argv (c har * str);103 int sh_ext_add_argv (const char * str); 104 104 105 105 /* 106 106 * -- add a path to the environment 107 107 */ 108 int sh_ext_add_default (c har * str);108 int sh_ext_add_default (const char * str); 109 109 110 110 /* 111 111 * -- add an environment variable 112 112 */ 113 int sh_ext_add_environ (c har * str);113 int sh_ext_add_environ (const char * str); 114 114 115 115 /* 116 116 * -- define type 117 117 */ 118 int sh_ext_type (c har * str);118 int sh_ext_type (const char * str); 119 119 120 120 /* 121 121 * -- define checksum 122 122 */ 123 int sh_ext_checksum (c har * str);123 int sh_ext_checksum (const char * str); 124 124 125 125 /* 126 126 * -- choose privileges 127 127 */ 128 int sh_ext_priv (c har * c);128 int sh_ext_priv (const char * c); 129 129 130 130 /* -
/trunk/include/sh_files.h
r20 r30 23 23 /* register exceptions to hardlink check 24 24 */ 25 int sh_files_hle_reg (c har * str);25 int sh_files_hle_reg (const char * str); 26 26 27 27 /* check the setup … … 35 35 /* activate hardlink check 36 36 */ 37 int sh_files_check_hardlinks (c har * opt);37 int sh_files_check_hardlinks (const char * opt); 38 38 39 39 /* set recursion depth … … 43 43 /* report only once 44 44 */ 45 int sh_files_reportonce(c har * c);45 int sh_files_reportonce(const char * c); 46 46 47 47 /* report full details 48 48 */ 49 int sh_files_fulldetail(c har * c);49 int sh_files_fulldetail(const char * c); 50 50 51 51 /* reset the 'checked' flag … … 67 67 /* push a directory on the stack USER0 68 68 */ 69 int sh_files_pushdir_user0 (c har * dirName);69 int sh_files_pushdir_user0 (const char * dirName); 70 70 71 71 /* push a directory on the stack USER1 72 72 */ 73 int sh_files_pushdir_user1 (char * dirName); 73 int sh_files_pushdir_user1 (const char * dirName); 74 75 /* push a directory on the stack USER2 76 */ 77 int sh_files_pushdir_user2 (const char * dirName); 78 79 /* push a directory on the stack USER3 80 */ 81 int sh_files_pushdir_user3 (const char * dirName); 82 83 /* push a directory on the stack USER4 84 */ 85 int sh_files_pushdir_user4 (const char * dirName); 74 86 75 87 /* push a directory on the stack PRELINK 76 88 */ 77 int sh_files_pushdir_prelink (c har * dirName);89 int sh_files_pushdir_prelink (const char * dirName); 78 90 79 91 /* push a directory on the stack ATTR 80 92 */ 81 int sh_files_pushdir_attr (c har * dirName);93 int sh_files_pushdir_attr (const char * dirName); 82 94 83 95 /* push a directory on the stack READONLY 84 96 */ 85 int sh_files_pushdir_ro (c har * dirName);97 int sh_files_pushdir_ro (const char * dirName); 86 98 87 99 /* push a directory on the stack LOGFILE 88 100 */ 89 int sh_files_pushdir_log (c har * dirName);101 int sh_files_pushdir_log (const char * dirName); 90 102 91 103 /* push a directory on the stack GROWING LOGFILE 92 104 */ 93 int sh_files_pushdir_glog (c har * dirName);105 int sh_files_pushdir_glog (const char * dirName); 94 106 95 107 /* push a directory on the stack IGNORE NONE 96 108 */ 97 int sh_files_pushdir_noig (c har * dirName);109 int sh_files_pushdir_noig (const char * dirName); 98 110 99 111 /* push a directory on the stack IGNORE ALL 100 112 */ 101 int sh_files_pushdir_allig (c har * dirName);113 int sh_files_pushdir_allig (const char * dirName); 102 114 103 115 104 116 /* push a file on the stack USER0 105 117 */ 106 int sh_files_pushfile_user0 (c har * dirName);118 int sh_files_pushfile_user0 (const char * dirName); 107 119 108 120 /* push a file on the stack USER1 109 121 */ 110 int sh_files_pushfile_user1 (char * dirName); 122 int sh_files_pushfile_user1 (const char * dirName); 123 124 /* push a file on the stack USER2 125 */ 126 int sh_files_pushfile_user2 (const char * dirName); 127 128 /* push a file on the stack USER3 129 */ 130 int sh_files_pushfile_user3 (const char * dirName); 131 132 /* push a file on the stack USER4 133 */ 134 int sh_files_pushfile_user4 (const char * dirName); 111 135 112 136 /* push a file on the stack PRELINK 113 137 */ 114 int sh_files_pushfile_prelink (c har * dirName);138 int sh_files_pushfile_prelink (const char * dirName); 115 139 116 140 /* push a file on the stack ATTR 117 141 */ 118 int sh_files_pushfile_attr (c har * dirName);142 int sh_files_pushfile_attr (const char * dirName); 119 143 120 144 /* push a file on the stack READONLY 121 145 */ 122 int sh_files_pushfile_ro (c har * dirName);146 int sh_files_pushfile_ro (const char * dirName); 123 147 124 148 /* push a file on the stack LOGFILE 125 149 */ 126 int sh_files_pushfile_log (c har * dirName);150 int sh_files_pushfile_log (const char * dirName); 127 151 128 152 /* push a file on the stack GROWING LOGFILE 129 153 */ 130 int sh_files_pushfile_glog (c har * dirName);154 int sh_files_pushfile_glog (const char * dirName); 131 155 132 156 /* push a file on the stack IGNORE NONE 133 157 */ 134 int sh_files_pushfile_noig (c har * dirName);158 int sh_files_pushfile_noig (const char * dirName); 135 159 136 160 /* push a file on the stack IGNORE ALL 137 161 */ 138 int sh_files_pushfile_allig (c har * dirName);162 int sh_files_pushfile_allig (const char * dirName); 139 163 140 164 … … 153 177 /* redefine policies 154 178 */ 155 int sh_files_redef_user0(char * str); 156 int sh_files_redef_user1(char * str); 157 int sh_files_redef_prelink(char * str); 158 int sh_files_redef_readonly(char * str); 159 int sh_files_redef_loggrow(char * str); 160 int sh_files_redef_logfiles(char * str); 161 int sh_files_redef_attributes(char * str); 162 int sh_files_redef_noignore(char * str); 163 int sh_files_redef_allignore(char * str); 179 int sh_files_redef_user0(const char * str); 180 int sh_files_redef_user1(const char * str); 181 int sh_files_redef_user2(const char * str); 182 int sh_files_redef_user3(const char * str); 183 int sh_files_redef_user4(const char * str); 184 int sh_files_redef_prelink(const char * str); 185 int sh_files_redef_readonly(const char * str); 186 int sh_files_redef_loggrow(const char * str); 187 int sh_files_redef_logfiles(const char * str); 188 int sh_files_redef_attributes(const char * str); 189 int sh_files_redef_noignore(const char * str); 190 int sh_files_redef_allignore(const char * str); 164 191 165 192 -
/trunk/include/sh_forward.h
r20 r30 32 32 /* set time limit 33 33 */ 34 int sh_forward_set_time_limit(c har * str);34 int sh_forward_set_time_limit(const char * str); 35 35 36 36 /* error level for lookup failure 37 37 */ 38 int sh_forward_lookup_level (c har * c);38 int sh_forward_lookup_level (const char * c); 39 39 40 40 /* create client entry for given password … … 42 42 int sh_forward_make_client (const char * str); 43 43 44 /* set port to which we connect 45 */ 46 int sh_forward_server_port (const char * str); 47 44 48 #ifdef SH_WITH_SERVER 45 49 46 50 #ifdef INET_SYSLOG 47 int set_syslog_active(c har * c);51 int set_syslog_active(const char * c); 48 52 #endif 49 53 … … 55 59 * and set by accept() 56 60 */ 57 int set_socket_peer (c har * c);61 int set_socket_peer (const char * c); 58 62 59 63 /* whether to use client severity 60 64 */ 61 int sh_forward_use_clt_sev (c har * c);65 int sh_forward_use_clt_sev (const char * c); 62 66 63 67 /* whether to use client class 64 68 */ 65 int sh_forward_use_clt_class (c har * c);69 int sh_forward_use_clt_class (const char * c); 66 70 67 71 /* server port 68 72 */ 69 int sh_forward_set_port(c har * c);73 int sh_forward_set_port(const char * c); 70 74 71 75 /* server interface 72 76 */ 73 int sh_forward_set_interface(c har * c);77 int sh_forward_set_interface(const char * c); 74 78 75 79 /* a wrapper function … … 79 83 /* register a client 80 84 */ 81 int sh_forward_register_client (c har * str);85 int sh_forward_register_client (const char * str); 82 86 83 87 /* start server … … 91 95 #endif 92 96 93 #if def SH_WITH_CLIENT97 #if defined(SH_WITH_CLIENT) || defined(SH_WITH_SERVER) 94 98 /* talk to server 95 99 */ 96 100 long sh_forward (char * errmsg); 97 101 102 /* set log server 103 */ 104 int sh_forward_setlogserver (const char * address); 105 void reset_count_dev_server(void); 106 #endif 107 108 #ifdef SH_WITH_CLIENT 98 109 99 110 /* request file from server. file may be "CONF" or "DATA". … … 101 112 long sh_forward_req_file (char * file); 102 113 103 /* set log server104 */105 int sh_forward_setlogserver (char * address);106 void reset_count_dev_server(void);107 108 114 #endif 109 115 -
/trunk/include/sh_hash.h
r20 r30 42 42 /* version string for database 43 43 */ 44 int sh_hash_version_string(c har * str);44 int sh_hash_version_string(const char * str); 45 45 46 46 /* List database content -
/trunk/include/sh_ignore.h
r20 r30 2 2 #define SH_IGNORE_H 3 3 4 int sh_ignore_add_del (c har * addpath);5 int sh_ignore_add_new (c har * addpath);4 int sh_ignore_add_del (const char * addpath); 5 int sh_ignore_add_new (const char * addpath); 6 6 7 7 int sh_ignore_chk_del (const char * chkpath); -
/trunk/include/sh_mail.h
r20 r30 26 26 /* set a relay server 27 27 */ 28 int sh_mail_set_relay (c har * str_s);28 int sh_mail_set_relay (const char * str_s); 29 29 30 30 /* send to all recpts. in one mail 31 31 */ 32 int sh_mail_setFlag (c har * str);32 int sh_mail_setFlag (const char * str); 33 33 34 34 /* set the subject string 35 35 */ 36 int set_mail_subject (c har * str);36 int set_mail_subject (const char * str); 37 37 38 38 /* test mailbox … … 44 44 #define SH_MAX_FAIL 48 45 45 46 int sh_mail_setNum (c har * str);46 int sh_mail_setNum (const char * str); 47 47 48 int sh_mail_setaddress (c har * address);48 int sh_mail_setaddress (const char * address); 49 49 void reset_count_dev_mail(void); 50 int sh_mail_setaddress_int (c har * address);50 int sh_mail_setaddress_int (const char * address); 51 51 52 52 /* call if not urgent … … 60 60 /* set sender of mail 61 61 */ 62 int sh_mail_set_sender (c har *str);62 int sh_mail_set_sender (const char *str); 63 63 64 int sh_mail_add_or (c har * str);65 int sh_mail_add_and (c har * str);66 int sh_mail_add_not (c har * str);64 int sh_mail_add_or (const char * str); 65 int sh_mail_add_and (const char * str); 66 int sh_mail_add_not (const char * str); 67 67 68 68 #endif -
/trunk/include/sh_prelink.h
r20 r30 14 14 /* configuration 15 15 */ 16 int sh_prelink_set_path (c har * str);17 int sh_prelink_set_hash (c har * str);16 int sh_prelink_set_path (const char * str); 17 int sh_prelink_set_hash (const char * str); 18 18 #endif -
/trunk/include/sh_prelude.h
r20 r30 6 6 int sh_prelude_init(); 7 7 8 int sh_prelude_set_profile(c har *arg);8 int sh_prelude_set_profile(const char *arg); 9 9 10 10 int sh_prelude_alert (int priority, int class, char * message, … … 13 13 /* map severity levels 14 14 */ 15 int sh_prelude_map_info (c har * str);16 int sh_prelude_map_low (c har * str);17 int sh_prelude_map_medium (c har * str);18 int sh_prelude_map_high (c har * str);15 int sh_prelude_map_info (const char * str); 16 int sh_prelude_map_low (const char * str); 17 int sh_prelude_map_medium (const char * str); 18 int sh_prelude_map_high (const char * str); 19 19 20 20 #endif -
/trunk/include/sh_tiger.h
r20 r30 22 22 /* NEW Thu Oct 18 19:59:08 CEST 2001 23 23 */ 24 int sh_tiger_hashtype (c har * c);24 int sh_tiger_hashtype (const char * c); 25 25 char * sh_tiger_generic_hash (char * filename, TigerType what, 26 26 UINT64 Length, int timeout); -
/trunk/include/sh_tools.h
r20 r30 53 53 54 54 55 #if defined (SH_WITH_CLIENT) 55 #if defined (SH_WITH_CLIENT) || defined(SH_WITH_SERVER) 56 56 57 57 unsigned long write_port (int sockfd, char *buf, unsigned long nbytes, … … 65 65 unsigned long * length, char * u); 66 66 67 68 SL_TICKET open_tmp (void); 69 int close_tmp (SL_TICKET fd); 70 int rewind_tmp (SL_TICKET fd); 67 /* 68 SL_TICKET open_tmp (void); 69 int close_tmp (SL_TICKET fd); 70 int rewind_tmp (SL_TICKET fd); 71 */ 71 72 72 73 void sh_tools_server_cmd(const char * srvcmd); … … 78 79 #endif 79 80 81 #if defined(SH_WITH_CLIENT) || defined(SH_WITH_SERVER) || defined(SH_STEALTH) || defined(WITH_GPG) || defined(WITH_PGP) 82 SL_TICKET open_tmp (void); 83 int close_tmp (SL_TICKET fd); 84 int rewind_tmp (SL_TICKET fd); 85 #endif 80 86 81 87 #endif -
/trunk/include/sh_unix.h
r20 r30 99 99 extern unsigned long mask_USER0; 100 100 extern unsigned long mask_USER1; 101 extern unsigned long mask_USER2; 102 extern unsigned long mask_USER3; 103 extern unsigned long mask_USER4; 101 104 /* like READONLY, but without MTM,CTM,SIZ,INO, abd with PREL) 102 105 */ … … 141 144 int sh_unix_munlock(void * addr, size_t len); 142 145 int sh_unix_count_mlock(); 146 /* public for unit tests */ 147 int sh_unix_pagesize(); 148 unsigned long sh_unix_lookup_page(void * in_addr, size_t len, int * num_pages); 143 149 144 150 /* chroot directory … … 148 154 /* whether to use localtime for file timesatams in logs 149 155 */ 150 int sh_unix_uselocaltime (c har * c);156 int sh_unix_uselocaltime (const char * c); 151 157 152 158 /* set I/O limit 153 159 */ 154 int sh_unix_set_io_limit (c har * c);160 int sh_unix_set_io_limit (const char * c); 155 161 void sh_unix_io_pause (); 156 162 … … 199 205 /* checksum of own binary 200 206 */ 201 int sh_unix_self_hash (c har * c);207 int sh_unix_self_hash (const char * c); 202 208 203 209 /* return BAD on failure … … 207 213 /* add a trusted user to the list 208 214 */ 209 int tf_add_trusted_user(c har *);215 int tf_add_trusted_user(const char *); 210 216 211 217 /* check a file … … 224 230 /* set the timeserver address 225 231 */ 226 int sh_unix_settimeserver (c har * address);232 int sh_unix_settimeserver (const char * address); 227 233 void reset_count_dev_time(void); 228 234 -
/trunk/include/sh_utils.h
r20 r30 65 65 /* set signature type HASH-TIGER/HMAC-TIGER 66 66 */ 67 int sh_util_sigtype (c har * c);67 int sh_util_sigtype (const char * c); 68 68 69 69 /* compute a signature … … 83 83 /* don't log output files 84 84 */ 85 int sh_util_hidesetup(c har * c);85 int sh_util_hidesetup(const char * c); 86 86 87 87 /* exceptions to obscure name check 88 88 */ 89 int sh_util_obscure_ok (c har * str);89 int sh_util_obscure_ok (const char * str); 90 90 91 91 /* read a hexchar -
/trunk/man/samhain.8
r20 r30 48 48 .SS "MISCELLANEOUS" 49 49 .PP 50 51 .B samhain 52 .RI \-\-server\-port= portnumber 50 53 51 54 .B samhain … … 300 303 .SS "MISCELLANEOUS OPTIONS" 301 304 .PP 305 306 .B samhain 307 .RI \-\-server\-port= portnumber 308 309 Choose the port on the server host to which the client will connect. 302 310 303 311 .B samhain -
/trunk/man/samhainrc.5
r20 r30 96 96 .TP 97 97 .I "[User1]" 98 .TP 99 .I "[User2]" 100 .TP 101 .I "[User3]" 102 .TP 103 .I "[User4]" 98 104 These are reserved for user-defined policies. 99 105 .TP … … 172 178 .br 173 179 .BI SeverityUser0= val, 180 .br 181 .BI SeverityUser1= val, 182 .br 183 .BI SeverityUser2= val, 184 .br 185 .BI SeverityUser3= val, 174 186 and 175 187 .br 176 .BI SeverityUser 1= val188 .BI SeverityUser4= val 177 189 define the error levels for failures to verify the integrity of 178 190 files/directories of the respective types. I.e. if such a file shows … … 514 526 sets the hostname for the log server. 515 527 .br 528 .BI SetServerPort= portnumber 529 sets the port on the server to connect to. 530 .br 516 531 .BI SetDatabasePath= AUTO|/path 517 532 Path to database (AUTO to tack hostname on compiled-in path). … … 547 562 .BI RedefUser1= +/-XXX,+/-YYY,... 548 563 Add or subtract tests XXX from the User1 policy. 564 .br 565 .BI RedefUser2= +/-XXX,+/-YYY,... 566 Add or subtract tests XXX from the User2 policy. 567 .br 568 .BI RedefUser3= +/-XXX,+/-YYY,... 569 Add or subtract tests XXX from the User3 policy. 570 .br 571 .BI RedefUser4= +/-XXX,+/-YYY,... 572 Add or subtract tests XXX from the User4 policy. 549 573 .TP 550 574 .B Server Only -
/trunk/scripts/README
r20 r30 40 40 This script will do this automatically. Run 'samhainrc_update.sh -h' 41 41 for usage instructions. You may need to change the location of the 42 samhainrc file by editing the line ' SAMHAIN_CFG="/etc/samhainrc"'42 samhainrc file by editing the line 'cfgfile="/etc/samhainrc"' 43 43 at the beginning of the script. 44 44 -
/trunk/scripts/samhainadmin.pl.in
r20 r30 29 29 use Fcntl qw(:DEFAULT :flock); 30 30 31 # Do I/O to the data file in binary mode (so it 32 # wouldn't complain about invalid UTF-8 characters). 33 use bytes; 34 31 35 File::Temp->safe_level( File::Temp::HIGH ); 32 36 … … 515 519 $action = 'f'; 516 520 } 517 elsif (defined ($opts{'create- cfgfile'})) {521 elsif (defined ($opts{'create-datafile'})) { 518 522 $action = 'D'; 519 523 } 520 elsif (defined ($opts{'print- cfgfile'})) {524 elsif (defined ($opts{'print-datafile'})) { 521 525 $action = 'd'; 522 526 } -
/trunk/scripts/samhainrc_update.sh
r20 r30 1 #!/bin/bash 2 # ----------------------------------------------------------------------------- 3 # @brief: update the kernel options in the samhain configuration 4 # file, after a new kernel has been compiled 5 # @author: marc heisterkamp <marzheister@web.de> 6 # ----------------------------------------------------------------------------- 7 8 SAMHAIN_CFG="/etc/samhainrc" 9 10 BLUE="[34;01m" 11 CYAN="[36;01m" 12 GREEN="[32;01m" 13 DARK_GREEN="[32m" 14 RED="[31;01m" 15 PURPLE="[35;01m" 16 WHITE="[37;01m" 17 DARK_GRAY="[30;01m" 18 LIGHT_GRAY="[37m" 19 YELLOW="[33;01m" 20 BROWN="[33m" 21 OFF="[0m" 22 23 24 SYSTEM_MAP="" 25 new_cfg='' 26 scriptname="$0" 27 28 # global variables for system adresses (extracted from System.map) 29 SYS_CALL='' 30 SYS_CALL_TABLE='' 31 PROC_ROOT='' 32 PROC_ROOT_IOPS='' 33 PROC_ROOT_LOOKUP='' 34 35 # Make sure the user has root permissions 36 if [ $UID -ne 0 ] ; then 37 echo "You must be root to run this script. Exiting." 38 exit 1 1 #! /bin/sh 2 3 # ----------------------------------------------------------------------- 4 # The default configuration file 5 # ----------------------------------------------------------------------- 6 7 cfgfile="/etc/samhainrc" 8 9 # ----------------------------------------------------------------------- 10 # Be Bourne compatible 11 # ----------------------------------------------------------------------- 12 13 if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then 14 emulate sh 15 NULLCMD=: 16 elif test -n "${BASH_VERSION+set}" && (set -o posix) >/dev/null 2>&1; then 17 set -o posix 39 18 fi 40 19 41 42 #------------------------------------------------------------------------------ 43 # usage 44 #------------------------------------------------------------------------------ 45 function print_usage() { 46 47 cat >&2 <<EOHELP 48 49 update the samhainrc configuration file with new kernel system addresses 50 (i.e: after kernel compilation) by extracting these from the new System.map 51 file 52 53 SYNOPSIS 54 $scriptname [ ${GREEN}--help${OFF} ] 55 [ ${GREEN}--nocolor${OFF} ] 56 [ ${GREEN}--print-only${OFF} ] <System.map> 57 [ ${GREEN}--update${OFF} ] <System.map> 58 59 OPTIONS 60 ${GREEN}-h${OFF} ${GREEN}--help${OFF} 61 Show help. 62 63 ${GREEN}--nocolor${OFF} 64 Disable color hilighting for non ANSI-compatible terms. 65 66 ${GREEN}-p${OFF} ${GREEN}--print-only${OFF} <System.map> 67 Print the extracted system adresses and do not write them to the 68 samhain configuration file. 69 70 ${GREEN}-u${OFF} ${GREEN}--update${OFF} <System.map> 71 Update the samhainrc configuration file with new kernel system 72 addresses from the given System.map file 73 74 EOHELP 75 exit 0 76 } 77 78 79 #------------------------------------------------------------------------------ 80 # parses the command line options 81 # param in: all parameters given to the script 82 #------------------------------------------------------------------------------ 83 function parse_cmd_line() { 84 85 # parse the command-line 86 while [ -n "$1" ]; do 87 case "$1" in 88 --help|-h) 89 print_usage 90 ;; 91 --nocolor|-n) 92 unset DARK_GREEN GREEN RED BROWN LIGHT_GRAY WHITE OFF 93 ;; 94 --print-only|-p) 95 shift 96 SYSTEM_MAP="$1" 97 get_system_addresses 98 print_system_addresses 99 break 100 ;; 101 --update|-u) 102 shift 103 SYSTEM_MAP="$1" 104 get_system_addresses 105 print_system_addresses 106 replace_system_addresses 107 ;; 108 -*) 109 echo "$scriptname: unknown option $1. Exiting" >&2 110 exit 1 111 ;; 112 esac 113 shift 114 done 115 } 116 117 118 #------------------------------------------------------------------------------ 119 # extract system adresses from given System.map file and save to global 120 # variables 121 #------------------------------------------------------------------------------ 122 function get_system_addresses() { 123 124 if [ -z "$SYSTEM_MAP" ] ; then 125 echo 126 echo "No System.map specified. Exiting" >&2 127 echo 128 exit 1 20 programname="$0" 21 sysmap= 22 23 # ----------------------------------------------------------------------- 24 # Print help 25 # ----------------------------------------------------------------------- 26 27 showhelp() { 28 echo 29 echo "$programname - update samhain config file after kernel update" 30 echo 31 echo "OPTIONS:" 32 echo 33 echo " -u|--update </path/to/System.map>" 34 echo " Update the configuration file with new" 35 echo " settings as taken from </path/to/System.map>" 36 echo 37 echo " -c|--config-file </path/to/config-file>" 38 echo " Specify the configuration file to update [${cfgfile}]" 39 echo 40 echo " -p|--print-only </path/to/System.map>" 41 echo " Print new settings, don't modify anything" 42 echo 43 echo " -h|--help" 44 echo " Print this help" 45 echo 46 echo " -n|--nocolor" 47 echo " (ignored, legacy support)" 48 echo 49 } 50 51 52 # ----------------------------------------------------------------------- 53 # Death strikes 54 # ----------------------------------------------------------------------- 55 56 die() { 57 echo ${1+"$@"} >&2 58 { (exit 1); exit 1; } 59 } 60 61 # ----------------------------------------------------------------------- 62 # Get new settings from </path/to/System.map> 63 # ----------------------------------------------------------------------- 64 65 system_call= 66 syscall_table= 67 proc_root= 68 proc_root_inode_operations= 69 proc_root_lookup= 70 71 get_new_settings() { 72 73 if [ -z "$sysmap" ]; then 74 die "No System.map specified" 75 fi 76 if [ -f "$sysmap" ]; then 77 if [ -r "$sysmap" ]; then 78 system_call=`egrep '[[:alnum:]]{8}[[:space:]]+[[:alpha:]]{1}[[:space:]]+system_call$' ${sysmap} | awk '{ print $1 }'` 79 syscall_table=`egrep '[[:alnum:]]{8}[[:space:]]+[[:alpha:]]{1}[[:space:]]+sys_call_table$' ${sysmap} | awk '{ print $1 }'` 80 proc_root=`egrep '[[:alnum:]]{8}[[:space:]]+[[:alpha:]]{1}[[:space:]]+proc_root$' ${sysmap} | awk '{ print $1 }'` 81 proc_root_inode_operations=`egrep '[[:alnum:]]{8}[[:space:]]+[[:alpha:]]{1}[[:space:]]+proc_root_inode_operations$' ${sysmap} | awk '{ print $1 }'` 82 proc_root_lookup=`egrep '[[:alnum:]]{8}[[:space:]]+[[:alpha:]]{1}[[:space:]]+proc_root_lookup$' ${sysmap} | awk '{ print $1 }'` 83 else 84 die "System.map ${sysmap} not readable" 85 fi 86 else 87 die "System.map ${sysmap} not found" 88 fi 89 test -z "${system_call}" && die "system_call not found in ${cfgfile}" 90 test -z "${syscall_table}" && die "sys_call_table not found in ${cfgfile}" 91 test -z "${proc_root}" && die "proc_root not found in ${cfgfile}" 92 test -z "${proc_root_inode_operations}" && die "proc_root_inode_operations not found in ${cfgfile}" 93 test -z "${proc_root_lookup}" && die "proc_root_lookup not found in ${cfgfile}" 94 95 } 96 97 # ----------------------------------------------------------------------- 98 # Print new settings 99 # ----------------------------------------------------------------------- 100 101 run_print() { 102 get_new_settings 103 echo 104 echo "KernelSystemCall = 0x${system_call}" 105 echo "KernelSyscallTable = 0x${syscall_table}" 106 echo "KernelProcRoot = 0x${proc_root}" 107 echo "KernelProcRootIops = 0x${proc_root_inode_operations}" 108 echo "KernelProcRootLookup = 0x${proc_root_lookup}" 109 echo 110 } 111 112 # ----------------------------------------------------------------------- 113 # Replace a setting 114 # ----------------------------------------------------------------------- 115 116 # set ignorecase 117 # search pattern 118 # delete current line 119 # insert 120 # single dot == end of insert text 121 # save and exit 122 123 run_replace() { 124 item="$1" 125 address="$2" 126 ex -s "$cfgfile" <<EOF 127 :set ic 128 :/^[[:blank:]]*$1[[:blank:]]*= 129 :d 130 :i 131 $item = $address 132 . 133 :x 134 EOF 135 } 136 137 # ----------------------------------------------------------------------- 138 # Add a setting 139 # ----------------------------------------------------------------------- 140 141 # set ignorecase 142 # search pattern ([Kernel] section) 143 # append (next line) 144 # single dot == end of insert text 145 # save and exit 146 147 run_add() { 148 item="$1" 149 address="$2" 150 ex -s "$cfgfile" <<EOF 151 :set ic 152 :/^[[:space:]]*\[Kernel\] 153 :a 154 $item = $address 155 . 156 :x 157 EOF 158 } 159 160 # ----------------------------------------------------------------------- 161 # Update with new settings 162 # ----------------------------------------------------------------------- 163 164 run_update() { 165 166 get_new_settings 167 168 if [ -z "$cfgfile" ]; then 169 die "No configuration file specified" 170 fi 171 if [ ! -w "$cfgfile" ]; then 172 die "Configuration file ${cfgfile} not writeable" 173 fi 174 egrep '^[[:space:]]*\[Kernel\]' "$cfgfile" >/dev/null 175 if [ $? -ne 0 ]; then 176 die "No [Kernel] section in configuration file $cfgfile" 177 fi 178 179 cat "$cfgfile" | egrep -i 'KernelProcRootLookup' >/dev/null 180 if [ $? -eq 0 ]; then 181 run_replace 'KernelProcRootLookup' "0x${proc_root_lookup}" 182 else 183 run_add 'KernelProcRootLookup' "0x${proc_root_lookup}" 184 fi 185 186 cat "$cfgfile" | egrep -i 'KernelProcRootIops' >/dev/null 187 if [ $? -eq 0 ]; then 188 run_replace 'KernelProcRootIops' "0x${proc_root_inode_operations}" 189 else 190 run_add 'KernelProcRootIops' "0x${proc_root_inode_operations}" 191 fi 192 193 cat "$cfgfile" | egrep -i 'KernelProcRoot[[:space:]]*=' >/dev/null 194 if [ $? -eq 0 ]; then 195 run_replace 'KernelProcRoot' "0x${proc_root}" 196 else 197 run_add 'KernelProcRoot' "0x${proc_root}" 198 fi 199 200 cat "$cfgfile" | egrep -i 'KernelSyscallTable' >/dev/null 201 if [ $? -eq 0 ]; then 202 run_replace 'KernelSyscallTable' "0x${syscall_table}" 203 else 204 run_add 'KernelSyscallTable' "0x${syscall_table}" 205 fi 206 207 cat "$cfgfile" | egrep -i 'KernelSystemCall' >/dev/null 208 if [ $? -eq 0 ]; then 209 run_replace 'KernelSystemCall' "0x${system_call}" 210 else 211 run_add 'KernelSystemCall' "0x${system_call}" 212 fi 213 214 } 215 216 # ----------------------------------------------------------------------- 217 # Parse command line 218 # ----------------------------------------------------------------------- 219 220 sysmap= 221 action= 222 223 for option 224 do 225 226 # If the previous option needs an argument, assign it. 227 # 228 if test -n "$opt_prev"; then 229 eval "$opt_prev=\$option" 230 eval export "$opt_prev" 231 opt_prev= 232 continue 129 233 fi 130 234 131 if [ ! -f "$SYSTEM_MAP" ] ; then 132 echo 133 echo "Could not find System.map: $SYSTEM_MAP. Exiting" >&2 134 echo 135 exit 1 136 fi 137 138 # 1. this is the address of system_call (grep system_call System.map) 139 # KernelSystemCall = 0xc0106cf8 140 SYS_CALL="0x`grep system_call $SYSTEM_MAP | cut -d' ' -f1`" 141 142 # 2. this is the address of sys_call_table (grep ' sys_call_table' System.map) 143 # KernelSyscallTable = 0xc01efb98 144 SYS_CALL_TABLE="0x`grep sys_call_table $SYSTEM_MAP | cut -d' ' -f1`" 145 146 # 3. this is the address of proc_root (grep ' proc_root$' System.map) 147 # KernelProcRoot = 0xc01efb98 148 PROC_ROOT="0x`grep ' proc_root$' $SYSTEM_MAP | cut -d' ' -f1`" 149 150 # 4. this is the address of proc_root_inode_operations 151 # (grep proc_root_inode_operations System.map) 152 # KernelProcRootIops = 0xc01efb98 153 PROC_ROOT_IOPS="0x`grep proc_root_inode_operations $SYSTEM_MAP | cut -d' ' -f1`" 154 155 # 5. this is the address of proc_root_lookup 156 # (grep proc_root_lookup System.map) 157 # KernelProcRootLookup = 0xc01efb98 158 PROC_ROOT_LOOKUP="0x`grep proc_root_lookup $SYSTEM_MAP | cut -d' ' -f1`" 159 } 160 161 162 #------------------------------------------------------------------------------ 163 # extract system adresses from given System.map file and save to global 164 # variables 165 #------------------------------------------------------------------------------ 166 function replace_system_addresses() { 167 168 if [ -z "$SAMHAIN_CFG" ] ; then 169 echo "Could not find your samhainrc config file: $SAMHAIN_CFG. Exiting" >&2 170 exit 1 171 fi 172 173 echo 174 echo "Replacing current kernel system addresses in: $SAMHAIN_CFG" 175 176 # 1. replace current 'KernelSystemCall' setting 177 new_cfg=`sed -e "s/^\(KernelSystemCall[[:blank:]]*=\)[[:blank:]]*\(.*\)/\1 ${SYS_CALL}/" $SAMHAIN_CFG` 178 179 # 2. replace current 'KernelSyscallTable' setting 180 new_cfg=`echo "$new_cfg" | sed -e "s/^\(KernelSyscallTable[[:blank:]]*=\)[[:blank:]]*\(.*\)/\1 ${SYS_CALL_TABLE}/"` 181 182 # 3. replace current 'KernelProcRoot' setting 183 new_cfg=`echo "$new_cfg" | sed -e "s/^\(KernelProcRoot[[:blank:]]*=\)[[:blank:]]*\(.*\)/\1 ${PROC_ROOT}/"` 184 185 # 4. replace current 'KernelProcRootIops' setting 186 new_cfg=`echo "$new_cfg" | sed -e "s/^\(KernelProcRootIops[[:blank:]]*=\)[[:blank:]]*\(.*\)/\1 ${PROC_ROOT_IOPS}/"` 187 188 # 5. replace current 'KernelSystemCall' setting 189 new_cfg=`echo "$new_cfg" | sed -e "s/^\(KernelProcRootLookup[[:blank:]]*=\)[[:blank:]]*\(.*\)/\1 ${PROC_ROOT_LOOKUP}/"` 190 191 echo "Backup old samhainrc $SAMHAIN_CFG to $SAMHAIN_CFG.bak" 192 193 # backup old samhainrc config file 194 mv "$SAMHAIN_CFG" "$SAMHAIN_CFG.bak" 195 196 # write new samhainrc config file 197 echo "$new_cfg" > "$SAMHAIN_CFG" 198 199 echo "Successfully updated kernel system addresses." 200 echo 201 } 202 203 204 #------------------------------------------------------------------------------ 205 # print samhain required system adresses 206 #------------------------------------------------------------------------------ 207 function print_system_addresses() { 208 209 echo 210 echo "your kernel system addresses from: `basename $SYSTEM_MAP`" 211 echo 212 echo " KernelSystemCall = $SYS_CALL" 213 echo " KernelSyscallTable = $SYS_CALL_TABLE" 214 echo " KernelProcRoot = $PROC_ROOT" 215 echo " KernelProcRootIops = $PROC_ROOT_IOPS" 216 echo " KernelProcRootLookup = $PROC_ROOT_LOOKUP" 217 echo 218 219 } 220 221 if [ $# -eq 0 ] ; then 222 print_usage 235 case "$option" in 236 -*=*) 237 optarg=`echo "$option" | sed 's/[-_a-zA-Z0-9]*=//'` 238 ;; 239 *) 240 optarg= 241 ;; 242 esac 243 244 case "$option" in 245 246 -h|--help) 247 showhelp 248 exit 0 249 ;; 250 251 -n|--nocolor) 252 ;; 253 254 -c|--config-file) 255 opt_prev=cfgfile 256 ;; 257 258 -c=* | --config-file=*) 259 cfgfile="$optarg" 260 ;; 261 262 -p|--print-only) 263 opt_prev=sysmap 264 action=p 265 ;; 266 267 268 -p=* | --print-only=*) 269 sysmap="$optarg" 270 action=p 271 ;; 272 273 -u|--update) 274 opt_prev=sysmap 275 action=u 276 ;; 277 278 -u=* | --update=*) 279 sysmap="$optarg" 280 action=u 281 ;; 282 283 esac 284 285 done 286 287 if [ x"$action" = xp ]; then 288 run_print 289 exit 0 223 290 fi 224 225 parse_cmd_line $* 226 227 exit 0 291 if [ x"$action" = xu ]; then 292 run_update 293 exit 0 294 fi 295 296 showhelp 297 exit 1 -
/trunk/src/make-tests.sh
r20 r30 49 49 CuSuiteDetails(suite, output); 50 50 if (suite->failCount > 0) 51 fprintf(stderr, "%s \n", output->buffer);51 fprintf(stderr, "%s%c", output->buffer, 0x0A); 52 52 else 53 fprintf(stdout, "%s \n", output->buffer);53 fprintf(stdout, "%s%c", output->buffer, 0x0A); 54 54 return suite->failCount; 55 55 } -
/trunk/src/samhain.c
r20 r30 382 382 */ 383 383 (void) sl_strlcpy (sh.host.name, _("localhost"), SH_MINIBUF); 384 sh.host.system[0] = '\0'; 384 sh.host.system[0] = '\0'; /* flawfinder: ignore *//* ff bug */ 385 385 sh.host.release[0] = '\0'; 386 386 sh.host.machine[0] = '\0'; … … 582 582 skey->mailkey_old[0] = '\0'; 583 583 skey->mailkey_new[0] = '\0'; 584 skey->crypt[0] = '\0'; 584 skey->crypt[0] = '\0'; /* flawfinder: ignore *//* ff bug */ 585 585 skey->session[0] = '\0'; 586 586 skey->vernam[0] = '\0'; … … 725 725 char exef[128]; 726 726 727 if (!pidlist) 728 return NULL; 729 727 730 for (i = 0; i < 65535; ++i) pidlist[i] = 0; 728 731 i = 0; 729 732 730 733 if (0 != stat(SH_INSTALL_PATH, &buf)) 731 return NULL; 734 { 735 free(pidlist); 736 return NULL; 737 } 732 738 733 739 ino = (long) buf.st_ino; 734 740 735 741 if (NULL == (dp = opendir("/proc"))) 736 return NULL; 742 { 743 free(pidlist); 744 return NULL; 745 } 737 746 while (NULL != (d = readdir(dp)) && i < 65535) 738 747 { … … 860 869 861 870 862 fullpath = malloc(strlen(SH_INSTALL_PATH)+1);871 fullpath = strdup (SH_INSTALL_PATH); 863 872 if (fullpath == NULL) 864 { perror(_("malloc")); exit (1); } 865 else 866 strcpy(fullpath, SH_INSTALL_PATH); /* known to fit */ 867 868 argp[0] = malloc(strlen(SH_INSTALL_PATH)+1); 873 { perror(_("strdup")); exit (1); } 874 875 argp[0] = strdup (SH_INSTALL_PATH); 869 876 if (argp[0] == NULL) 870 { perror(_("malloc")); exit (1); } 871 else 872 strcpy(argp[0], SH_INSTALL_PATH); /* known to fit */ 873 877 { perror(_("strdup")); exit (1); } 874 878 875 879 for (times = 1; times < 32; ++times) argp[times] = NULL; … … 879 883 for (times = 2; times < res; ++times) 880 884 { 881 argp[times-1] = malloc(strlen(argv[times])+1);885 argp[times-1] = strdup (argv[times]); 882 886 if (argp[times-1] == NULL) 883 { perror(_("malloc")); exit (1); } 884 else 885 strcpy(argp[times-1], argv[times]); /* known to fit */ 887 { perror(_("strdup")); exit (1); } 886 888 } 887 889 … … 903 905 _exit(4); 904 906 } 905 (void) execv(fullpath, argp); 907 (void) execv(fullpath, argp); /* flawfinder: ignore *//* wtf? */ 906 908 if (errno == EPERM) 907 909 _exit(4); … … 941 943 pidlist = procdirSamhain (); 942 944 if (pid == 0 && NULL == pidlist) /* pid file not found */ 943 return (0); 945 { 946 free(fullpath); 947 return (0); 948 } 944 949 945 950 status = 0; … … 956 961 } 957 962 } 963 free(fullpath); 958 964 if (status == 7) 959 965 return 0; … … 992 998 } 993 999 } 994 1000 free(fullpath); /* silence smatch false positive */ 995 1001 exit (1); /* no exit handler installed yet */ 996 1002 /*@notreached@*/ … … 1022 1028 /* Add a new schedule to the linked list of schedules 1023 1029 */ 1024 static sh_schedule_t * sh_set_schedule_int (c har * str,1030 static sh_schedule_t * sh_set_schedule_int (const char * str, 1025 1031 sh_schedule_t * FileSchedIn, 1026 1032 /*@out@*/ int * status) … … 1052 1058 /* Add a new schedule to the linked list FileSchedOne 1053 1059 */ 1054 int sh_set_schedule_one (c har * str)1060 int sh_set_schedule_one (const char * str) 1055 1061 { 1056 1062 int status; … … 1061 1067 /* Add a new schedule to the linked list FileSchedTwo 1062 1068 */ 1063 int sh_set_schedule_two (c har * str)1069 int sh_set_schedule_two (const char * str) 1064 1070 { 1065 1071 int status; … … 1214 1220 /* Save the timezone. 1215 1221 */ 1216 if ( (tzptr = getenv("TZ")) != NULL)1222 if (NULL != (tzptr = getenv("TZ"))) /* flawfinder: ignore */ 1217 1223 { 1218 1224 tzlen = strlen(tzptr); 1219 sh.timezone = malloc (tzlen + 1); 1220 if (sh.timezone != NULL) 1221 (void) sl_strlcpy (sh.timezone, tzptr, tzlen + 1); 1225 if (tzlen < 1024) 1226 { 1227 sh.timezone = malloc (tzlen + 1); 1228 if (sh.timezone != NULL) 1229 (void) sl_strlcpy (sh.timezone, tzptr, tzlen + 1); 1230 } 1231 else 1232 sh.timezone = NULL; 1222 1233 } 1223 1234 else … … 1784 1795 /* see whether its time to check files 1785 1796 */ 1786 if (sh.flag.checkSum == SH_CHECK_INIT) 1797 if (sh.flag.checkSum == SH_CHECK_INIT || 1798 (sh.flag.checkSum == SH_CHECK_CHECK && 1799 (sh.flag.isdaemon == S_FALSE && sh.flag.loop == S_FALSE))) 1787 1800 { 1788 1801 flag_check_1 = 1; -
/trunk/src/samhain_setpwd.c
r20 r30 1 1 #include "config_xor.h" 2 3 #ifdef HAVE_BROKEN_INCLUDES4 #define _ANSI_C_SOURCE5 #define _POSIX_SOURCE6 #endif7 2 8 3 #include <stdio.h> … … 13 8 #include <unistd.h> 14 9 #include <sys/types.h> 10 #include <sys/wait.h> 15 11 #include <sys/stat.h> 16 12 #include <fcntl.h> 13 #include <errno.h> 14 #include <sys/time.h> 17 15 #include <time.h> 18 16 17 #if defined(HAVE_SCHED_H) && defined(HAVE_SCHED_YIELD) 18 #include <sched.h> 19 #endif 20 21 #if defined(HAVE_INT_32) 22 typedef unsigned int UINT32; 23 #elif defined(HAVE_LONG_32) 24 typedef unsigned long UINT32; 25 #elif defined(HAVE_SHORT_32) 26 typedef unsigned short UINT32; 27 #endif 28 29 #define TAUS_MAX 4294967295UL 30 31 static UINT32 taus_state[3]; 32 33 static UINT32 taus_get () 34 { 35 36 #define TAUSWORTHE(s,a,b,c,d) ((s &c) <<d) ^ (((s <<a) ^s) >>b) 37 taus_state[0] = TAUSWORTHE (taus_state[0], 13, 19, 4294967294UL, 12); 38 taus_state[1] = TAUSWORTHE (taus_state[1], 2, 25, 4294967288UL, 4); 39 taus_state[2] = TAUSWORTHE (taus_state[2], 3, 11, 4294967280UL, 17); 40 return (taus_state[0] ^ taus_state[1] ^ taus_state[2]); 41 } 42 43 static void taus_seed () 44 { 45 unsigned char buf[12]; 46 unsigned char buf2[12]; 47 unsigned char buf3[12]; 48 ssize_t count; 49 size_t nbytes = sizeof(buf); 50 size_t where = 0; 51 52 struct timeval t1, t2; 53 UINT32 delta, k[3]; 54 int i, j; 55 56 int fd = open ("/dev/urandom", O_RDONLY); 57 58 if (fd == -1) 59 { 60 gettimeofday(&t1, NULL); 61 delta = t1.tv_usec; 62 memcpy(&buf[0], &delta, 4); 63 gettimeofday(&t1, NULL); 64 delta = t1.tv_usec; 65 memcpy(&buf[4], &delta, 4); 66 gettimeofday(&t1, NULL); 67 delta = t1.tv_usec; 68 memcpy(&buf[8], &delta, 4); 69 goto second; 70 } 71 72 while (nbytes) { 73 count = read(fd, &buf[where], nbytes); 74 if (count == -1 && errno == EINTR) 75 continue; 76 where += count; 77 nbytes -= count; 78 } while (count == -1 && errno == EINTR); 79 80 close(fd); 81 82 second: 83 for (i = 0; i < 12; ++i) 84 { 85 gettimeofday(&t1, NULL); 86 if (0 == fork()) 87 _exit(EXIT_SUCCESS); 88 wait(NULL); 89 gettimeofday(&t2, NULL); 90 delta = t2.tv_usec - t1.tv_usec; 91 buf2[i] = (unsigned char) delta; 92 } 93 94 for (i = 0; i < 12; ++i) 95 { 96 gettimeofday(&t1, NULL); 97 for (j = 0; j < 32768; ++j) 98 { 99 if (0 == kill (j,0)) 100 k[i % 3] ^= j; 101 } 102 gettimeofday(&t2, NULL); 103 delta = t2.tv_usec - t1.tv_usec; 104 buf3[i] ^= (unsigned char) delta; 105 } 106 107 memcpy(&taus_state[0], &buf3[0], 4); 108 memcpy(&taus_state[1], &buf3[4], 4); 109 memcpy(&taus_state[2], &buf3[8], 4); 110 111 taus_state[0] ^= k[0]; 112 taus_state[1] ^= k[1]; 113 taus_state[2] ^= k[2]; 114 115 memcpy(&k[0], &buf2[0], 4); 116 memcpy(&k[1], &buf2[4], 4); 117 memcpy(&k[2], &buf2[8], 4); 118 119 taus_state[0] ^= k[0]; 120 taus_state[1] ^= k[1]; 121 taus_state[2] ^= k[2]; 122 123 memcpy(&k[0], &buf[0], 4); 124 memcpy(&k[1], &buf[4], 4); 125 memcpy(&k[2], &buf[8], 4); 126 127 taus_state[0] ^= k[0]; 128 taus_state[1] ^= k[1]; 129 taus_state[2] ^= k[2]; 130 131 taus_state[0] |= (UINT32) 0x03; 132 taus_state[1] |= (UINT32) 0x09; 133 taus_state[2] |= (UINT32) 0x17; 134 } 19 135 20 136 #ifdef SH_STEALTH … … 112 228 113 229 char * newn; 230 size_t nlen; 114 231 int oldf; 115 232 int newf; … … 196 313 (void) umask (0); 197 314 198 srand(time(NULL) ^ getpid());315 taus_seed(); 199 316 200 317 bytecount = 0; … … 206 323 oldf = open(argv[1], O_RDONLY); 207 324 208 newn = (char *) malloc (strlen(argv[1])+strlen(argv[2])+2); 209 strcpy(newn, argv[1]); 210 strcat(newn, "."); 211 strcat(newn, argv[2]); 325 nlen = strlen(argv[1])+strlen(argv[2])+2; 326 newn = (char *) malloc (nlen); 327 strncpy(newn, argv[1], nlen); newn[nlen-1] = '\0'; 328 strncat(newn, ".", nlen); newn[nlen-1] = '\0'; 329 strncat(newn, argv[2], nlen); newn[nlen-1] = '\0'; 212 330 newf = open(newn, O_WRONLY|O_CREAT|O_TRUNC, S_IRWXU); 213 331 … … 265 383 (unsigned char) *found_it); 266 384 267 ccd = (unsigned char) (256.0 * rand()/(RAND_MAX+1.0));385 ccd = (unsigned char) (256.0 * (taus_get()/(TAUS_MAX+1.0))); 268 386 sprintf(&newpwd[i*2], _("%02x"), 269 387 (unsigned char) ccd); … … 340 458 (unsigned char) *found_it); 341 459 342 ccd = (unsigned char) (256.0 * rand()/(RAND_MAX+1.0));460 ccd = (unsigned char) (256.0 * taus_get()/(TAUS_MAX+1.0)); 343 461 sprintf(&newpwd[i*2], _("%02x"), 344 462 (unsigned char) ccd); -
/trunk/src/sh_calls.c
r20 r30 82 82 /* Set aud functions 83 83 */ 84 int sh_aud_set_functions(c har * str_s)84 int sh_aud_set_functions(const char * str_s) 85 85 { 86 86 int i = 0; -
/trunk/src/sh_database.c
r20 r30 40 40 #include "sh_error.h" 41 41 #include "sh_utils.h" 42 43 extern int safe_logger (int signal, int method, pid_t thepid);44 42 45 43 #undef FIL__ … … 227 225 typedef unsigned char uint8; 228 226 229 typedef struct 230 { 231 uint32 h[4]; 232 uint32 data[16]; 233 uint8 offset; 234 uint32 nblocks; 235 int count; 227 typedef struct md5_ctx 228 { 229 uint32 A; 230 uint32 B; 231 uint32 C; 232 uint32 D; 233 234 uint32 total[2]; 235 uint32 buflen; 236 char buffer[128]; 236 237 } md5Param; 237 238 238 239 239 … … 253 253 static int sh_persistent_dbconn = S_TRUE; 254 254 255 int sh_database_use_persistent (c har * str)255 int sh_database_use_persistent (const char * str) 256 256 { 257 257 return sh_util_flagval (str, &sh_persistent_dbconn); 258 258 } 259 259 260 static int insert_value (char * ptr, c har * str)260 static int insert_value (char * ptr, const char * str) 261 261 { 262 262 if (!ptr || !str) … … 276 276 277 277 278 int sh_database_set_database (c har * str)278 int sh_database_set_database (const char * str) 279 279 { 280 280 return insert_value (db_name, str); 281 281 } 282 int sh_database_set_table (c har * str)282 int sh_database_set_table (const char * str) 283 283 { 284 284 return insert_value (db_table, str); 285 285 } 286 int sh_database_set_host (c har * str)286 int sh_database_set_host (const char * str) 287 287 { 288 288 return insert_value (db_host, str); 289 289 } 290 int sh_database_set_user (c har * str)290 int sh_database_set_user (const char * str) 291 291 { 292 292 return insert_value (db_user, str); 293 293 } 294 int sh_database_set_password (c har * str)294 int sh_database_set_password (const char * str) 295 295 { 296 296 return insert_value (db_password, str); … … 568 568 oracle_doconnect: 569 569 570 if (!getenv("ORACLE_HOME")) 570 if (!getenv("ORACLE_HOME")) /* flawfinder: ignore */ 571 571 { 572 572 sh_error_handle((-1), FIL__, __LINE__, 0, MSG_E_SUBGEN, … … 1194 1194 } 1195 1195 } 1196 #if 0 1197 /* apparently slower, see gyule.7 */ 1198 len = (long) strlen(val); 1199 1200 if ((val[0] != '\0') && (*size > 2)) 1201 { 1202 if (flag == 1) 1203 { 1204 *end = ','; ++end; 1205 *end = '\''; ++end; (*size) -= 2; 1206 *end = '\0'; 1207 1208 if ((long) *size > (len+2)) 1209 { 1210 (void) sl_strlcat(end, val, (size_t) *size); 1211 end += len; (*size) -= len; 1212 *end = '\''; ++end; (*size) -= 1; 1213 } 1214 *end = '\0'; 1215 } 1216 else 1217 { 1218 *end = ','; ++end; (*size) -= 1; 1219 *end = '\0'; 1220 1221 if ((long) *size > (len+1)) 1222 { 1223 (void) sl_strlcat(end, val, (size_t) *size); 1224 end += len; (*size) -= len; 1225 } 1226 *end = '\0'; 1227 } 1228 } 1229 #endif 1196 1230 1197 return end; 1231 1198 } … … 1482 1449 } 1483 1450 1484 int sh_database_add_to_hash (c har * str)1451 int sh_database_add_to_hash (const char * str) 1485 1452 { 1486 1453 int i; … … 1692 1659 static int enter_wrapper = 1; 1693 1660 1694 int set_enter_wrapper (c har * str)1661 int set_enter_wrapper (const char * str) 1695 1662 { 1696 1663 return sh_util_flagval(str, &enter_wrapper); 1697 1664 } 1698 1665 1666 /* recursively enter linked list of messages into database, last first 1667 */ 1668 int sh_database_insert_rec (dbins * curr, unsigned int depth) 1669 { 1670 long id = 0; 1671 dbins * prev; 1672 1673 SL_ENTER(_("sh_database_insert_rec")); 1674 1675 if (curr->next) 1676 { 1677 prev = curr->next; 1678 sl_strlcpy(prev->host, curr->host, 64); 1679 id = sh_database_insert_rec (curr->next, (depth + 1)); 1680 } 1681 1682 if (id != 0) /* this is a server wrapper */ 1683 { 1684 if (enter_wrapper != 0) 1685 { 1686 id = sh_database_entry (curr, id); 1687 } 1688 } 1689 else 1690 { 1691 /* 1692 * id = -1 is the client message; log_ref will be NULL 1693 */ 1694 if (depth > 0) /* this is a client message */ 1695 id = sh_database_entry (curr, -1); 1696 else /* this is a generic server message */ 1697 id = sh_database_entry (curr, 0); 1698 } 1699 1700 SH_FREE(curr); 1701 1702 SL_RETURN(id, _("sh_database_insert")); 1703 } 1704 1699 1705 int sh_database_insert (char * message) 1700 1706 { 1701 1707 dbins * db_entry; 1702 dbins * prev;1703 dbins * curr;1704 long id = 0;1705 #ifdef HOST_SWITCH1706 char * temp[64];1707 #endif1708 1708 1709 1709 SL_ENTER(_("sh_database_insert")); … … 1716 1716 (void) sh_database_parse (message, db_entry); 1717 1717 1718 /* Enter the list into the database. Actually, the list can only have 1719 * two entries at most. 1720 */ 1721 curr = db_entry; 1722 if (curr->next) 1723 { 1724 prev = curr->next; 1725 #ifdef HOST_SWITCH 1726 strncpy(temp, prev->host, 64); 1718 /* recursively enter the linked list into the database 1719 */ 1720 (void) sh_database_insert_rec (db_entry, 0); 1721 1722 SL_RETURN(0, _("sh_database_insert")); 1723 } 1724 1727 1725 #endif 1728 strncpy(prev->host, curr->host, 64);1729 #ifdef HOST_SWITCH1730 strncpy(curr->host, temp, 64);1731 #endif1732 id = sh_database_entry (prev, -1);1733 SH_FREE(prev);1734 }1735 1736 if (id != 0) /* this is a server wrapper */1737 {1738 if (enter_wrapper != 0)1739 (void) sh_database_entry (curr, id);1740 }1741 else /* this is a generic server message */1742 {1743 (void) sh_database_entry (curr, 0);1744 }1745 SH_FREE(curr);1746 1747 SL_RETURN(0, _("sh_database_insert"));1748 }1749 1750 #endif -
/trunk/src/sh_entropy.c
r20 r30 170 170 memset( &addr, 0, sizeof(addr) ); 171 171 addr.sun_family = AF_UNIX; 172 s trcpy( addr.sun_path, name ); /* known to fit */172 sl_strlcpy( addr.sun_path, name, sizeof(addr.sun_path) ); 173 173 addr_len = offsetof( struct sockaddr_un, sun_path ) 174 174 + strlen( addr.sun_path ); … … 478 478 static 479 479 char * com_path[] = { 480 N_("/usr/bin/xpg4/"), 480 481 N_("/usr/ucb/"), 481 482 N_("/bin/"), … … 570 571 char * arg[4]; 571 572 char * envp[2]; 573 size_t len; 572 574 573 575 SL_ENTER(_("sh_popen")); … … 580 582 if (sh.timezone != NULL) 581 583 { 582 envp[0] = malloc (sl_strlen(sh.timezone) + 4); /* free() ok */ 584 len = sl_strlen(sh.timezone) + 4; 585 envp[0] = malloc (len); /* free() ok */ 583 586 if (envp[0] != NULL) 584 s printf (envp[0], "TZ=%s", sh.timezone); /* known to fit */587 sl_snprintf (envp[0], len, "TZ=%s", sh.timezone); 585 588 else 586 589 envp[0] = NULL; … … 778 781 sl_strlcat(combuf, _(source[i].command), 80); 779 782 783 /* flawfinder: ignore */ 780 784 if ( access (combuf, X_OK) == 0) 781 785 { -
/trunk/src/sh_err_console.c
r20 r30 112 112 /* Enable the message queue 113 113 */ 114 int enable_msgq(c har * foo)114 int enable_msgq(const char * foo) 115 115 { 116 116 int i; … … 234 234 /* ---- Set the console device. ---- 235 235 */ 236 int sh_log_set_console (c har * address)236 int sh_log_set_console (const char * address) 237 237 { 238 238 SL_ENTER(_("sh_log_set_console")); -
/trunk/src/sh_err_log.c
r20 r30 604 604 char sigkey_old[KEY_LEN+1]; 605 605 char sigkey_new[KEY_LEN+1]; 606 char crypt [KEY_LEN+1];606 char crypto[KEY_LEN+1]; 607 607 struct lfstc * next; 608 608 } open_logfile; … … 613 613 614 614 #ifdef SH_WITH_SERVER 615 int set_flag_sep_log (c har * str)615 int set_flag_sep_log (const char * str) 616 616 { 617 617 return sh_util_flagval(str, &flag_sep_log); … … 642 642 char * sigkey_new; 643 643 char * sigkey_old; 644 char * crypt ;644 char * crypto; 645 645 646 646 SL_ENTER(_("sh_log_file")); … … 734 734 memset(current->sigkey_old, (int)'\0', KEY_LEN+1); 735 735 memset(current->sigkey_new, (int)'\0', KEY_LEN+1); 736 memset(current->crypt ,(int)'\0', KEY_LEN+1);736 memset(current->crypto, (int)'\0', KEY_LEN+1); 737 737 current->next = logfile_list; 738 738 logfile_list = current; … … 841 841 sigkey_old = current->sigkey_old; 842 842 sigkey_new = current->sigkey_new; 843 crypt = current->crypt;843 crypto = current->crypto; 844 844 } 845 845 else … … 847 847 sigkey_old = skey->sigkey_old; 848 848 sigkey_new = skey->sigkey_new; 849 crypt = skey->crypt;849 crypto = skey->crypt; /* flawfinder: ignore */ 850 850 } 851 851 … … 869 869 /* Copy it to 'crypt' for encryption. 870 870 */ 871 (void) sl_strlcpy(crypt , sigkey_new, KEY_LEN+1);871 (void) sl_strlcpy(crypto, sigkey_new, KEY_LEN+1); 872 872 873 873 /* Use message and compiled-in key to encrypt. 874 874 */ 875 875 BREAKEXIT(sh_util_encode); 876 sh_util_encode(crypt , log_msg.msg, 0, 'B');876 sh_util_encode(crypto, log_msg.msg, 0, 'B'); 877 877 878 878 /* Send out the key. … … 900 900 901 901 sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_START_KEY_MAIL, 902 sh.prg_name, crypt ,903 crypt , log_msg.timestamp);902 sh.prg_name, crypto, 903 crypto, log_msg.timestamp); 904 904 905 905 /* send to other allowed channels … … 913 913 914 914 sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_START_KEY, 915 sh.prg_name, crypt );915 sh.prg_name, crypto); 916 916 917 917 /* Cleanup. … … 926 926 927 927 928 memset (crypt , (int) '\0', KEY_LEN);928 memset (crypto, (int) '\0', KEY_LEN); 929 929 sh.flag.log_start = S_FALSE; 930 930 current->log_start = S_FALSE; … … 949 949 (void) sl_strlcpy (sigkey_old, sigkey_new, KEY_LEN+1); 950 950 951 /*@- bufferoverflowhigh -usedef@*/951 /*@-usedef@*/ 952 952 #ifdef SH_USE_XML 953 953 if (log_msg.timestamp[0] != '\0') 954 s printf(log_msg.sig, /* known to fit */954 sl_snprintf(log_msg.sig, sizeof(log_msg.sig), 955 955 #ifdef FIX_XML 956 957 #else 958 959 #endif 960 956 _("\n<sig>%s%s</sig></log>\n"), /* <sig> FIX XML */ 957 #else 958 _("\nsig>%s%s</sig></log>\n"), /* <sig> FIX XML */ 959 #endif 960 log_msg.signature, log_msg.timestamp); 961 961 else 962 s printf(log_msg.sig, /* known to fit */962 sl_snprintf(log_msg.sig, sizeof(log_msg.sig), 963 963 #ifdef FIX_XML 964 965 #else 966 967 #endif 968 969 /*@+ bufferoverflowhigh +usedef@*/964 _("\n<sig>%s</sig></log>\n"), /* <sig> FIX XML */ 965 #else 966 _("\nsig>%s</sig></log>\n"), /* <sig> FIX XML */ 967 #endif 968 log_msg.signature); 969 /*@+usedef@*/ 970 970 971 971 #ifdef SH_STEALTH -
/trunk/src/sh_err_syslog.c
r20 r30 110 110 /* set syslog facility 111 111 */ 112 int sh_log_set_facility (c har * c)112 int sh_log_set_facility (const char * c) 113 113 { 114 114 int loop = 0; -
/trunk/src/sh_error.c
r20 r30 102 102 /* convert a string to a numeric priority 103 103 */ 104 int sh_error_convert_level (c har * str_s);104 int sh_error_convert_level (const char * str_s); 105 105 106 106 static int IsInitialized = BAD; … … 219 219 } 220 220 221 static int sh_error_set_classmask ( /*@notnull@*/char * c, int * facility_mask)221 static int sh_error_set_classmask (const char * str, int * facility_mask) 222 222 { 223 223 char * p; … … 225 225 unsigned int i; 226 226 size_t len; 227 char * c; 227 228 228 229 SL_ENTER(_("sh_error_set_classmask")); 229 230 230 if ( c== NULL)231 if (str == NULL) 231 232 SL_RETURN( -1, _("sh_error_set_classmask")); 232 233 … … 234 235 (void) sh_error_init(); 235 236 236 if (c[0] == (char) 34) 237 ++c; 238 len = strlen(c); 237 if (str[0] == (char) 34) 238 ++str; 239 len = strlen(str); 240 241 c = SH_ALLOC(len+1); 242 sl_strlcpy(c, str, len+1); 243 239 244 if (c[len-1] == (char) 34) 240 245 c[len-1] = '\0'; … … 273 278 } while (p); 274 279 280 SH_FREE(c); 275 281 SL_RETURN( 0, _("sh_error_set_classmask")); 276 282 } 277 283 278 int sh_error_log_mask (c har * c)284 int sh_error_log_mask (const char * c) 279 285 { 280 286 return (sh_error_set_classmask(c, &(errFlags.log_class))); 281 287 } 282 int sh_error_mail_mask (c har * c)288 int sh_error_mail_mask (const char * c) 283 289 { 284 290 return (sh_error_set_classmask(c, &(errFlags.mail_class))); 285 291 } 286 int sh_error_print_mask (c har * c)292 int sh_error_print_mask (const char * c) 287 293 { 288 294 return (sh_error_set_classmask(c, &(errFlags.print_class))); 289 295 } 290 int sh_error_export_mask (c har * c)296 int sh_error_export_mask (const char * c) 291 297 { 292 298 return (sh_error_set_classmask(c, &(errFlags.export_class))); 293 299 } 294 int sh_error_syslog_mask (c har * c)300 int sh_error_syslog_mask (const char * c) 295 301 { 296 302 return (sh_error_set_classmask(c, &(errFlags.syslog_class))); 297 303 } 298 int sh_error_external_mask (c har * c)304 int sh_error_external_mask (const char * c) 299 305 { 300 306 return (sh_error_set_classmask(c, &(errFlags.external_class))); 301 307 } 302 int sh_error_database_mask (c har * c)308 int sh_error_database_mask (const char * c) 303 309 { 304 310 return (sh_error_set_classmask(c, &(errFlags.database_class))); 305 311 } 306 int sh_error_prelude_mask (c har * c)312 int sh_error_prelude_mask (const char * c) 307 313 { 308 314 return (sh_error_set_classmask(c, &(errFlags.prelude_class))); … … 446 452 }; 447 453 448 int sh_error_convert_level (c har * str_s)454 int sh_error_convert_level (const char * str_s) 449 455 { 450 456 int i; … … 472 478 /* --- Set severity levels. --- 473 479 */ 474 int sh_error_set_iv (int iv, c har * str_s)480 int sh_error_set_iv (int iv, const char * str_s) 475 481 { 476 482 int level = (-1); … … 633 639 } 634 640 635 #if def SH_WITH_CLIENT641 #if defined(SH_WITH_CLIENT) || defined(SH_WITH_SERVER) 636 642 /* set severity for TCP export 637 643 */ … … 837 843 #endif 838 844 839 #if def SH_WITH_CLIENT845 #if defined(SH_WITH_CLIENT) || defined(SH_WITH_SERVER) 840 846 char * ex_msg; 841 847 #endif … … 856 862 static int syslog_block = 0; 857 863 static int log_block = 0; 858 #if defined(SH_WITH_CLIENT) 864 #if defined(SH_WITH_CLIENT) || defined(SH_WITH_SERVER) 859 865 static int export_block = 0; 860 866 #endif … … 920 926 severity = sev; 921 927 928 /* these are messages from remote sources 929 */ 922 930 if ((severity & SH_ERR_INET) != 0) 923 931 { … … 933 941 ( (errFlags.sysloglevel & severity ) == 0 || 934 942 (errFlags.syslog_class & (1 << class)) == 0 ) && 935 #if def SH_WITH_CLIENT943 #if defined(SH_WITH_CLIENT) || defined(SH_WITH_CLIENT) 936 944 ( (errFlags.exportlevel & severity ) == 0 || 937 945 (errFlags.export_class & (1 << class)) == 0 ) && … … 952 960 (errFlags.mail_class & (1 << class)) == 0 ) 953 961 #ifdef SH_WITH_SERVER 954 && (flag_inet == S_FALSE)962 && (flag_inet == S_FALSE) /* still log messages from remote sources */ 955 963 #endif 956 964 ) … … 1113 1121 * to log server 1114 1122 ****************************************************/ 1115 #if def SH_WITH_CLIENT1123 #if defined(SH_WITH_CLIENT) || defined(SH_WITH_SERVER) 1116 1124 /* Export by TCP. 1117 1125 */ 1118 if ((errFlags.exportlevel & severity ) != 0 && 1119 (errFlags.export_class & (1 << class)) != 0 && 1120 (errFlags.exportlevel & SH_ERR_NOT) == 0 && 1121 class != AUD && 1122 sh.flag.isserver != GOOD && 1123 (flag_inet == S_FALSE) ) /* don't log inet to export */ 1126 1127 if ( ((errFlags.exportlevel & severity ) != 0 && 1128 (errFlags.export_class & (1 << class)) != 0 && 1129 (errFlags.exportlevel & SH_ERR_NOT) == 0 && 1130 class != AUD ) 1131 #ifdef SH_WITH_SERVER 1132 || (flag_inet == S_TRUE) /* always log inet to export */ 1133 #endif 1134 /* sh.flag.isserver != GOOD && */ 1135 /* (flag_inet == S_FALSE) */ /* don't log inet to export */ 1136 ) 1124 1137 { 1125 1138 if (export_block == 0) 1126 1139 { 1127 1140 int retval; 1141 size_t ex_len; 1128 1142 1129 1143 /* will truncate to 65280 bytes 1130 1144 */ 1131 1145 export_block = 1; 1132 ex_ msg = SH_ALLOC (64 + sl_strlen(lmsg->msg) + 1);1133 /*@-bufferoverflowhigh@*/1134 sprintf(ex_msg, _("%d?%u?%s"), /* known to fit */ 1135 severity, class, lmsg->msg);1136 /*@-bufferoverflowhigh@*/1146 ex_len = 64 + sl_strlen(lmsg->msg) + 1; 1147 ex_msg = SH_ALLOC (ex_len); 1148 1149 sl_snprintf(ex_msg, ex_len, _("%d?%u?%s"), 1150 severity, class, lmsg->msg); 1137 1151 retval = sh_forward (ex_msg); 1138 1152 SH_FREE(ex_msg); … … 1306 1320 /* allocate space for user-defined message header 1307 1321 */ 1308 int sh_error_ehead (/*@null@*/c har * str_s)1322 int sh_error_ehead (/*@null@*/const char * str_s) 1309 1323 { 1310 1324 size_t size; 1311 c har * s;1325 const char * s; 1312 1326 1313 1327 SL_ENTER(_("sh_error_ehead")); … … 1324 1338 1325 1339 size = /*@i@*/strlen(s); 1326 if (/*@i@*/s[size-1] == (char) 34) --size; 1340 if (/*@i@*/s[size-1] == (char) 34) --size; /* truncate */ 1327 1341 1328 1342 if (ehead_format != NULL) … … 1482 1496 len = sl_strlen(lmsg->msg); 1483 1497 /*@i@*/required = sl_vsnprintf(&(lmsg->msg[len]), 1484 1498 (lmsg->msg_len - len), lmsg->format, vl); 1485 1499 if ( (required + len) > (lmsg->msg_len - 4) ) 1486 1500 { -
/trunk/src/sh_extern.c
r20 r30 115 115 FILE * outf = NULL; 116 116 char * envp[1]; 117 char * argp[ 1];117 char * argp[2]; 118 118 119 119 char * errfile; … … 133 133 * needs a valid *envp[] with envp[0] = NULL; 134 134 * and similarly for argp 135 * OpenBSD finally needs non-null argp[0] ... 135 136 */ 137 argp[0] = task->command; 138 argp[1] = NULL; 136 139 envp[0] = NULL; 137 argp[0] = NULL;138 140 139 141 /* … … 364 366 365 367 PDBGC(5); 366 sprintf(pname, _("/proc/self/fd/%d"), /* known to fit */ 367 pfd); 368 if (access(pname, R_OK|X_OK) == 0) 368 sl_snprintf(pname, sizeof(pname), _("/proc/self/fd/%d"), pfd); 369 if (access(pname, R_OK|X_OK) == 0) /* flawfinder: ignore */ 369 370 { 370 371 PDBGC(6); … … 402 403 * -- execute path if executable 403 404 */ 404 if (0 == access(task->command, R_OK|X_OK)) 405 if (0 == access(task->command, R_OK|X_OK)) /* flawfinder: ignore */ 405 406 { 406 407 PDBGC(5); … … 544 545 task->exit_status = WEXITSTATUS(task->exit_status); 545 546 if ((flag_err_debug == SL_TRUE) || (task->exit_status != 0)) 546 s printf(infomsg, /* known to fit */547 _("Subprocess exited normally with status %d"),548 task->exit_status);547 sl_snprintf(infomsg, sizeof(infomsg), 548 _("Subprocess exited normally with status %d"), 549 task->exit_status); 549 550 } 550 551 else if (WIFSIGNALED(task->exit_status) != 0) 551 552 { 552 s printf(infomsg, /* known to fit */553 554 553 sl_snprintf(infomsg, sizeof(infomsg), 554 _("Subprocess terminated by signal %d"), 555 WTERMSIG(task->exit_status)); 555 556 task->exit_status = EXIT_FAILURE; 556 557 } 557 558 else if (WIFSTOPPED(task->exit_status) != 0) 558 559 { 559 s printf(infomsg, /* known to fit */560 561 560 sl_snprintf(infomsg, sizeof(infomsg), 561 _("Subprocess stopped by signal %d, killing"), 562 WSTOPSIG(task->exit_status)); 562 563 task->exit_status = EXIT_FAILURE; 563 564 (void) aud_kill (FIL__, __LINE__, task->pid, 9); … … 567 568 else 568 569 { 569 s printf(infomsg, /* known to fit */570 570 sl_snprintf(infomsg, sizeof(infomsg), 571 _("Subprocess exit status unknown")); 571 572 task->exit_status = EXIT_FAILURE; 572 573 } … … 581 582 } 582 583 (void) aud_kill (FIL__, __LINE__, task->pid, 9); 583 s printf(infomsg, /* known to fit */584 _("Subprocess not yet exited, killing"));584 sl_snprintf(infomsg, sizeof(infomsg), 585 _("Subprocess not yet exited, killing")); 585 586 task->exit_status = EXIT_FAILURE; 586 587 (void) waitpid (task->pid, NULL, 0); … … 588 589 else 589 590 { 590 s printf(infomsg, /* known to fit */591 _("Waitpid returned error %d\n"), errno);591 sl_snprintf(infomsg, sizeof(infomsg), 592 _("Waitpid returned error %d\n"), errno); 592 593 task->exit_status = EXIT_FAILURE; 593 594 } … … 646 647 647 648 648 int sh_ext_tas_add_envv(sh_tas_t * tas, c har * key,char * val)649 int sh_ext_tas_add_envv(sh_tas_t * tas, const char * key, const char * val) 649 650 { 650 651 size_t sk = 0, sv = 0; … … 697 698 } 698 699 699 int sh_ext_tas_add_argv(sh_tas_t * tas, c har * val)700 int sh_ext_tas_add_argv(sh_tas_t * tas, const char * val) 700 701 { 701 702 size_t sv = 0; … … 722 723 } 723 724 724 void sh_ext_tas_command(sh_tas_t * tas, c har * command)725 void sh_ext_tas_command(sh_tas_t * tas, const char * command) 725 726 { 726 727 size_t len = sl_strlen(command); … … 842 843 843 844 static 844 int sh_ext_add_envv(c har * key,char * val)845 int sh_ext_add_envv(const char * key, const char * val) 845 846 { 846 847 SL_ENTER(_("sh_ext_add_envv")); … … 861 862 862 863 static 863 int sh_ext_init(c har * command)864 int sh_ext_init(const char * command) 864 865 { 865 866 sh_com_t * retval; … … 896 897 897 898 static 898 int sh_ext_uid (c har * user, /*@out@*/uid_t * uid, /*@out@*/gid_t * gid)899 int sh_ext_uid (const char * user, /*@out@*/uid_t * uid, /*@out@*/gid_t * gid) 899 900 { 900 901 struct passwd * tempres; … … 922 923 923 924 static 924 int sh_ext_add (c har * argstring, int * ntok, char * stok[])925 int sh_ext_add (const char * argstring, int * ntok, char * stok[]) 925 926 { 926 927 int i = 0; 927 928 size_t s; 928 929 char * p; 930 char * new; 931 size_t len; 929 932 930 933 SL_ENTER(_("sh_ext_add")); … … 935 938 } 936 939 940 len = strlen(argstring) + 1; 941 new = SH_ALLOC(len); 942 sl_strlcpy(new, argstring, len); 943 937 944 do 938 945 { 939 946 if (i == 0) 940 p = strtok ( argstring, ", \t");947 p = strtok (new, ", \t"); 941 948 else 942 949 p = strtok (NULL, ", \t"); … … 957 964 958 965 *ntok = i; 966 SH_FREE(new); 959 967 960 968 SL_RETURN (0, _("sh_ext_add")); … … 971 979 * -- start a new external command, and add it to the list 972 980 */ 973 int sh_ext_setcommand(c har * cmd)981 int sh_ext_setcommand(const char * cmd) 974 982 { 975 983 int i; … … 1018 1026 * -- add keywords to the OR filter 1019 1027 */ 1020 int sh_ext_add_or (c har * str)1028 int sh_ext_add_or (const char * str) 1021 1029 { 1022 1030 if (ext_coms == NULL || ext_failed == (-1)) … … 1028 1036 * -- add keywords to the AND filter 1029 1037 */ 1030 int sh_ext_add_and (c har * str)1038 int sh_ext_add_and (const char * str) 1031 1039 { 1032 1040 if (ext_coms == NULL || ext_failed == (-1)) … … 1038 1046 * -- add keywords to the NOT filter 1039 1047 */ 1040 int sh_ext_add_not (c har * str)1048 int sh_ext_add_not (const char * str) 1041 1049 { 1042 1050 if (ext_coms == NULL || ext_failed == (-1)) … … 1048 1056 * -- add keywords to the CL argument list 1049 1057 */ 1050 int sh_ext_add_argv (c har * str)1058 int sh_ext_add_argv (const char * str) 1051 1059 { 1052 1060 if (ext_coms == NULL || ext_failed == (-1)) … … 1058 1066 * -- add a path to the environment 1059 1067 */ 1060 int sh_ext_add_default (char * dummy) 1061 { 1062 /* while this assignment looks ridiculous, it is here to avoid 1063 * an 'unused parameter' warning 1064 */ 1065 char * p = (dummy == NULL ? dummy : NULL); 1068 int sh_ext_add_default (const char * dummy) 1069 { 1070 (void) dummy; 1071 char * p = NULL; 1066 1072 int i; 1067 1073 … … 1084 1090 * -- add an environment variable 1085 1091 */ 1086 int sh_ext_add_environ (c har * str)1092 int sh_ext_add_environ (const char * str) 1087 1093 { 1088 1094 int i; … … 1095 1101 * -- set deadtime 1096 1102 */ 1097 int sh_ext_deadtime (c har * str)1103 int sh_ext_deadtime (const char * str) 1098 1104 { 1099 1105 long deadtime = 0; … … 1119 1125 * -- define type 1120 1126 */ 1121 int sh_ext_type (c har * str)1127 int sh_ext_type (const char * str) 1122 1128 { 1123 1129 SL_ENTER(_("sh_ext_type")); … … 1154 1160 * -- define checksum 1155 1161 */ 1156 int sh_ext_checksum (c har * str)1162 int sh_ext_checksum (const char * str) 1157 1163 { 1158 1164 SL_ENTER(_("sh_ext_checksum")); … … 1175 1181 * -- choose privileges 1176 1182 */ 1177 int sh_ext_priv (c har * c)1183 int sh_ext_priv (const char * c) 1178 1184 { 1179 1185 -
/trunk/src/sh_fifo.c
r20 r30 87 87 } 88 88 89 s trcpy (item->data, indat); /* known to fit */89 sl_strlcpy (item->data, indat, len+1); 90 90 item->data[len] = '\0'; 91 91 … … 143 143 } 144 144 145 s trcpy (item->data, indat); /* known to fit */145 sl_strlcpy (item->data, indat, len+1); 146 146 item->data[len] = '\0'; 147 147 … … 195 195 len = sl_strlen(getit->data); 196 196 retval = SH_ALLOC(len+1); 197 strcpy (retval, getit->data); /* known to fit */ 198 retval[len] = '\0'; 197 sl_strlcpy (retval, getit->data, len+1); 199 198 200 199 memset(getit->data, 0, len); -
/trunk/src/sh_files.c
r20 r30 72 72 #define FIL__ _("sh_files.c") 73 73 74 extern int safe_logger (int signal, int method, pid_t thepid);75 76 74 extern int flag_err_debug; 77 75 extern int flag_err_info; 78 76 79 int sh_files_reportonce(c har * c)77 int sh_files_reportonce(const char * c) 80 78 { 81 79 int i; … … 86 84 } 87 85 88 int sh_files_fulldetail(c har * c)86 int sh_files_fulldetail(const char * c) 89 87 { 90 88 int i; … … 156 154 static int sh_files_fullpath (char * testdir, char * d_name, 157 155 char * statpath); 158 static int sh_files_pushdir (int class, c har * str_s);159 static int sh_files_pushfile (int class, c har * str_s);156 static int sh_files_pushdir (int class, const char * str_s); 157 static int sh_files_pushfile (int class, const char * str_s); 160 158 static int sh_files_checkdir (int class, int rdepth, char * dirName, 161 159 char * relativeName); … … 446 444 447 445 448 int sh_files_pushfile_prelink (c har * str_s)446 int sh_files_pushfile_prelink (const char * str_s) 449 447 { 450 448 return (sh_files_pushfile (SH_LEVEL_PRELINK, str_s)); 451 449 } 452 450 453 int sh_files_pushfile_user0 (c har * str_s)451 int sh_files_pushfile_user0 (const char * str_s) 454 452 { 455 453 return (sh_files_pushfile (SH_LEVEL_USER0, str_s)); 456 454 } 457 455 458 459 int sh_files_pushfile_user1 (char * str_s) 456 int sh_files_pushfile_user1 (const char * str_s) 460 457 { 461 458 return (sh_files_pushfile (SH_LEVEL_USER1, str_s)); 462 459 } 463 460 464 465 int sh_files_pushfile_ro (char * str_s) 461 int sh_files_pushfile_user2 (const char * str_s) 462 { 463 return (sh_files_pushfile (SH_LEVEL_USER2, str_s)); 464 } 465 466 int sh_files_pushfile_user3 (const char * str_s) 467 { 468 return (sh_files_pushfile (SH_LEVEL_USER3, str_s)); 469 } 470 471 int sh_files_pushfile_user4 (const char * str_s) 472 { 473 return (sh_files_pushfile (SH_LEVEL_USER4, str_s)); 474 } 475 476 477 int sh_files_pushfile_ro (const char * str_s) 466 478 { 467 479 return (sh_files_pushfile (SH_LEVEL_READONLY, str_s)); 468 480 } 469 481 470 int sh_files_pushfile_attr (c har * str_s)482 int sh_files_pushfile_attr (const char * str_s) 471 483 { 472 484 return (sh_files_pushfile (SH_LEVEL_ATTRIBUTES, str_s)); 473 485 } 474 486 475 int sh_files_pushfile_log (c har * str_s)487 int sh_files_pushfile_log (const char * str_s) 476 488 { 477 489 return (sh_files_pushfile (SH_LEVEL_LOGFILES, str_s)); 478 490 } 479 491 480 int sh_files_pushfile_glog (c har * str_s)492 int sh_files_pushfile_glog (const char * str_s) 481 493 { 482 494 return (sh_files_pushfile (SH_LEVEL_LOGGROW, str_s)); 483 495 } 484 496 485 int sh_files_pushfile_noig (c har * str_s)497 int sh_files_pushfile_noig (const char * str_s) 486 498 { 487 499 return (sh_files_pushfile (SH_LEVEL_NOIGNORE, str_s)); 488 500 } 489 501 490 int sh_files_pushfile_allig (c har * str_s)502 int sh_files_pushfile_allig (const char * str_s) 491 503 { 492 504 return (sh_files_pushfile (SH_LEVEL_ALLIGNORE, str_s)); … … 511 523 /* set mask(class) 512 524 */ 513 static int sh_files_parse_mask (unsigned long * mask, c har * str)525 static int sh_files_parse_mask (unsigned long * mask, const char * str) 514 526 { 515 527 int l, i = 0, act = 0, k = 0; … … 602 614 } 603 615 604 int sh_files_redef_prelink(c har * str)616 int sh_files_redef_prelink(const char * str) 605 617 { 606 618 return (sh_files_parse_mask(&mask_PRELINK, str)); 607 619 } 608 int sh_files_redef_user0(c har * str)620 int sh_files_redef_user0(const char * str) 609 621 { 610 622 return (sh_files_parse_mask(&mask_USER0, str)); 611 623 } 612 int sh_files_redef_user1(c har * str)624 int sh_files_redef_user1(const char * str) 613 625 { 614 626 return (sh_files_parse_mask(&mask_USER1, str)); 615 627 } 616 int sh_files_redef_readonly(char * str) 628 int sh_files_redef_user2(const char * str) 629 { 630 return (sh_files_parse_mask(&mask_USER2, str)); 631 } 632 int sh_files_redef_user3(const char * str) 633 { 634 return (sh_files_parse_mask(&mask_USER3, str)); 635 } 636 int sh_files_redef_user4(const char * str) 637 { 638 return (sh_files_parse_mask(&mask_USER4, str)); 639 } 640 int sh_files_redef_readonly(const char * str) 617 641 { 618 642 return (sh_files_parse_mask(&mask_READONLY, str)); 619 643 } 620 int sh_files_redef_loggrow(c har * str)644 int sh_files_redef_loggrow(const char * str) 621 645 { 622 646 return (sh_files_parse_mask(&mask_LOGGROW, str)); 623 647 } 624 int sh_files_redef_logfiles(c har * str)648 int sh_files_redef_logfiles(const char * str) 625 649 { 626 650 return (sh_files_parse_mask(&mask_LOGFILES, str)); 627 651 } 628 int sh_files_redef_attributes(c har * str)652 int sh_files_redef_attributes(const char * str) 629 653 { 630 654 return (sh_files_parse_mask(&mask_ATTRIBUTES, str)); 631 655 } 632 int sh_files_redef_noignore(c har * str)656 int sh_files_redef_noignore(const char * str) 633 657 { 634 658 return (sh_files_parse_mask(&mask_NOIGNORE, str)); 635 659 } 636 int sh_files_redef_allignore(c har * str)660 int sh_files_redef_allignore(const char * str) 637 661 { 638 662 return (sh_files_parse_mask(&mask_ALLIGNORE, str)); … … 659 683 case SH_LEVEL_USER1: 660 684 return (unsigned long) mask_USER1; 685 case SH_LEVEL_USER2: 686 return (unsigned long) mask_USER2; 687 case SH_LEVEL_USER3: 688 return (unsigned long) mask_USER3; 689 case SH_LEVEL_USER4: 690 return (unsigned long) mask_USER4; 661 691 case SH_LEVEL_PRELINK: 662 692 return (unsigned long) mask_PRELINK; … … 725 755 if (zfileList == NULL) 726 756 { 727 (void) safe_logger (0, 0, getpid());757 (void) safe_logger (0, 0, NULL); 728 758 aud__exit(FIL__, __LINE__, EXIT_FAILURE); 729 759 } … … 734 764 if (-1 == ret) 735 765 { 736 (void) safe_logger (0, 0, getpid());766 (void) safe_logger (0, 0, NULL); 737 767 aud__exit(FIL__, __LINE__, EXIT_FAILURE); 738 768 } … … 745 775 746 776 747 static int sh_files_pushfile (int class, char * str_s) 748 { 777 static int sh_files_pushfile (int class, const char * str_s) 778 { 779 int len; 749 780 char * tmp; 750 int len;781 char * p; 751 782 #ifdef HAVE_GLOB_H 752 glob_t pglob;753 783 int globstatus = -1; 754 784 unsigned int gloop; 785 glob_t pglob; 755 786 #endif 756 787 … … 808 839 * special case of the root directory. 809 840 */ 810 if (str_s[len-1] == '/' && len > 1) 841 p = sh_util_strdup (str_s); 842 if (p[len-1] == '/' && len > 1) 811 843 { 812 str_s[len-1] = '\0';844 p[len-1] = '\0'; 813 845 --len; 814 846 } … … 817 849 818 850 #ifdef HAVE_GLOB_H 819 if (0 == sh_files_has_metachar( str_s))820 { 821 sh_files_push_file_int (class, str_s, len);851 if (0 == sh_files_has_metachar(p)) 852 { 853 sh_files_push_file_int (class, p, len); 822 854 } 823 855 else 824 856 { 825 857 pglob.gl_offs = 0; 826 globstatus = glob ( str_s, 0, sh_files_globerr, &pglob);858 globstatus = glob (p, 0, sh_files_globerr, &pglob); 827 859 828 860 if (globstatus == 0 && pglob.gl_pathc > 0) … … 834 866 else 835 867 { 836 tmp = sh_util_safe_name ( str_s);868 tmp = sh_util_safe_name (p); 837 869 838 870 if (pglob.gl_pathc == 0 … … 869 901 870 902 #else 871 sh_files_push_file_int (class, str_s, len); 872 #endif 873 903 sh_files_push_file_int (class, p, len); 904 #endif 905 906 SH_FREE(p); 874 907 SL_RETURN((0),_("sh_files_pushfile")); 875 908 } … … 1028 1061 } 1029 1062 1030 int sh_files_pushdir_prelink (c har * str_s)1063 int sh_files_pushdir_prelink (const char * str_s) 1031 1064 { 1032 1065 return (sh_files_pushdir (SH_LEVEL_PRELINK, str_s)); 1033 1066 } 1034 1067 1035 int sh_files_pushdir_user0 (c har * str_s)1068 int sh_files_pushdir_user0 (const char * str_s) 1036 1069 { 1037 1070 return (sh_files_pushdir (SH_LEVEL_USER0, str_s)); 1038 1071 } 1039 1072 1040 int sh_files_pushdir_user1 (c har * str_s)1073 int sh_files_pushdir_user1 (const char * str_s) 1041 1074 { 1042 1075 return (sh_files_pushdir (SH_LEVEL_USER1, str_s)); 1043 1076 } 1044 1077 1045 int sh_files_pushdir_attr (char * str_s) 1078 int sh_files_pushdir_user2 (const char * str_s) 1079 { 1080 return (sh_files_pushdir (SH_LEVEL_USER2, str_s)); 1081 } 1082 1083 int sh_files_pushdir_user3 (const char * str_s) 1084 { 1085 return (sh_files_pushdir (SH_LEVEL_USER3, str_s)); 1086 } 1087 1088 int sh_files_pushdir_user4 (const char * str_s) 1089 { 1090 return (sh_files_pushdir (SH_LEVEL_USER4, str_s)); 1091 } 1092 1093 int sh_files_pushdir_attr (const char * str_s) 1046 1094 { 1047 1095 return (sh_files_pushdir (SH_LEVEL_ATTRIBUTES, str_s)); 1048 1096 } 1049 1097 1050 int sh_files_pushdir_ro (c har * str_s)1098 int sh_files_pushdir_ro (const char * str_s) 1051 1099 { 1052 1100 return (sh_files_pushdir (SH_LEVEL_READONLY, str_s)); 1053 1101 } 1054 1102 1055 int sh_files_pushdir_log (c har * str_s)1103 int sh_files_pushdir_log (const char * str_s) 1056 1104 { 1057 1105 return (sh_files_pushdir (SH_LEVEL_LOGFILES, str_s)); 1058 1106 } 1059 1107 1060 int sh_files_pushdir_glog (c har * str_s)1108 int sh_files_pushdir_glog (const char * str_s) 1061 1109 { 1062 1110 return (sh_files_pushdir (SH_LEVEL_LOGGROW, str_s)); 1063 1111 } 1064 1112 1065 int sh_files_pushdir_noig (c har * str_s)1113 int sh_files_pushdir_noig (const char * str_s) 1066 1114 { 1067 1115 return (sh_files_pushdir (SH_LEVEL_NOIGNORE, str_s)); 1068 1116 } 1069 1117 1070 int sh_files_pushdir_allig (c har * str_s)1118 int sh_files_pushdir_allig (const char * str_s) 1071 1119 { 1072 1120 return (sh_files_pushdir (SH_LEVEL_ALLIGNORE, str_s)); … … 1120 1168 if (tree == NULL) 1121 1169 { 1122 (void) safe_logger (0, 0, getpid());1170 (void) safe_logger (0, 0, NULL); 1123 1171 aud__exit(FIL__, __LINE__, EXIT_FAILURE); 1124 1172 } … … 1133 1181 if (-1 == ret) 1134 1182 { 1135 (void) safe_logger (0, 0, getpid());1183 (void) safe_logger (0, 0, NULL); 1136 1184 aud__exit(FIL__, __LINE__, EXIT_FAILURE); 1137 1185 } … … 1143 1191 } 1144 1192 1145 static int sh_files_pushdir (int class, c har * str_s)1193 static int sh_files_pushdir (int class, const char * str_s) 1146 1194 { 1147 1195 char * tmp; … … 1149 1197 int rdepth = 0; 1150 1198 char * tail = NULL; 1199 char * p; 1151 1200 1152 1201 #ifdef HAVE_GLOB_H … … 1166 1215 SL_RETURN((-1), _("sh_files_pushdir")); 1167 1216 1168 1169 if (str_s[0] != '/') 1170 { 1171 rdepth = strtol(str_s, &tail, 10); 1172 if (tail == str_s) 1173 SL_RETURN((-1), _("sh_files_pushdir")); 1217 p = sh_util_strdup (str_s); 1218 1219 if (p[0] != '/') 1220 { 1221 rdepth = strtol(p, &tail, 10); 1222 if (tail == p) 1223 { 1224 SH_FREE(p); 1225 SL_RETURN((-1), _("sh_files_pushdir")); 1226 } 1174 1227 } 1175 1228 else 1176 tail = str_s;1229 tail = p; 1177 1230 1178 1231 1179 if (rdepth < (-1) || tail == str_s|| rdepth > 99)1232 if (rdepth < (-1) || tail == p || rdepth > 99) 1180 1233 rdepth = (-2); 1181 1234 … … 1188 1241 tmp); 1189 1242 SH_FREE(tmp); 1243 SH_FREE(p); 1190 1244 SL_RETURN((-1), _("sh_files_pushdir")); 1191 1245 } 1192 1246 else if (len < 1) 1193 1247 { 1248 SH_FREE(p); 1194 1249 SL_RETURN((-1), _("sh_files_pushdir")); 1195 1250 } … … 1200 1255 tmp); 1201 1256 SH_FREE(tmp); 1257 SH_FREE(p); 1202 1258 SL_RETURN((-1), _("sh_files_pushdir")); 1203 1259 } … … 1268 1324 #endif 1269 1325 1326 SH_FREE(p); 1270 1327 SL_RETURN((0), _("sh_files_pushdir")); 1271 1328 } … … 1322 1379 /* Simply sets our boolean as to whether this check is active 1323 1380 */ 1324 int sh_files_check_hardlinks (c har * opt)1381 int sh_files_check_hardlinks (const char * opt) 1325 1382 { 1326 1383 int i; … … 1338 1395 static struct sh_hle_struct * sh_hl_exc = NULL; 1339 1396 1340 int sh_files_hle_reg (c har * str)1397 int sh_files_hle_reg (const char * str) 1341 1398 { 1342 1399 long offset; -
/trunk/src/sh_forward.c
r20 r30 335 335 #endif 336 336 337 #if def SH_WITH_CLIENT337 #if defined(SH_WITH_CLIENT) || defined(SH_WITH_SERVER) 338 338 339 339 static int count_dev_server = 0; … … 345 345 } 346 346 347 int sh_forward_setlogserver (c har * address)347 int sh_forward_setlogserver (const char * address) 348 348 { 349 349 SL_ENTER(_("sh_forward_setlogserver")); … … 708 708 static long sh_forward_try (char * errmsg); 709 709 710 static unsigned int ServerPort = SH_DEFAULT_PORT; 711 712 int sh_forward_server_port (const char * str) 713 { 714 unsigned long l; 715 char * endptr; 716 717 SL_ENTER(_("sh_forward_server_port")); 718 719 l = strtoul (str, &endptr, 0); 720 if (l > 65535 || endptr == str) 721 { 722 SL_RETURN (-1, _("sh_forward_server_port")); 723 } 724 ServerPort = (unsigned int) l; 725 SL_RETURN (0, _("sh_forward_server_port")); 726 } 710 727 711 728 long sh_forward (char * errmsg) … … 880 897 881 898 sockfd = connect_port_2 (sh.srvexport.name, sh.srvexport.alt, 882 S H_DEFAULT_PORT,899 ServerPort, 883 900 error_call, &error_num, error_msg, 256); 884 901 … … 1441 1458 flag_err, 1442 1459 MSG_TCP_NOCONF); 1443 } else { 1460 } 1461 #ifdef SH_WITH_CLIENT 1462 else { 1444 1463 sh_socket_server_cmd(buffer); 1445 1464 } 1465 #endif 1446 1466 flag_err = 0; 1447 1467 … … 1911 1931 1912 1932 1913 int sh_forward_use_clt_class (c har * c)1933 int sh_forward_use_clt_class (const char * c) 1914 1934 { 1915 1935 int i; … … 1919 1939 } 1920 1940 1921 int sh_forward_use_clt_sev (c har * c)1941 int sh_forward_use_clt_sev (const char * c) 1922 1942 { 1923 1943 int i; … … 1950 1970 } 1951 1971 1952 extern int safe_logger (int signal, int method, pid_t thepid); 1953 1954 int sh_forward_register_client (char * str) 1972 1973 int sh_forward_register_client (const char * str) 1955 1974 { 1956 1975 client_t * newclt; 1957 1976 client_t * testclt; 1958 1977 1959 c har* ptr;1978 const char * ptr; 1960 1979 int sepnum = 0; 1961 1980 int sep[2]; … … 1980 1999 if (all_clients == NULL) 1981 2000 { 1982 (void) safe_logger (0, 0, getpid());2001 (void) safe_logger (0, 0, NULL); 1983 2002 aud__exit(FIL__, __LINE__, EXIT_FAILURE); 1984 2003 } … … 2012 2031 newclt->status_arr[i] = CLT_INACTIVE; 2013 2032 sl_strlcpy(newclt->timestamp[CLT_INACTIVE], sh_unix_time(0), TIM_MAX); 2033 /* truncate */ 2014 2034 sl_strlcpy(newclt->hostname, &str[0], sep[0]+1); 2035 /* truncate */ 2015 2036 sl_strlcpy(newclt->salt, &str[sep[0]+1], sep[1]-sep[0]); 2016 2037 sl_strlcpy(newclt->verifier, &str[sep[1]+1], sl_strlen(str)-sep[1]+1); … … 2386 2407 2387 2408 #if defined(WITH_EXTERNAL) 2388 sprintf(msg, _("%s %s %s"), /* known to fit */ 2389 conn->hostname, 2390 conn->timestamp[status], 2391 _(clt_stat[status])); 2409 sl_snprintf(msg, sizeof(msg), _("%s %s %s"), 2410 conn->hostname, conn->timestamp[status], _(clt_stat[status])); 2392 2411 sh_ext_execute('s', 'r', 'v', msg, 0); 2393 2412 #endif … … 2398 2417 static time_t time_client_limit = 86400; 2399 2418 2400 int sh_forward_set_time_limit (c har * c)2419 int sh_forward_set_time_limit (const char * c) 2401 2420 { 2402 2421 long val; … … 2448 2467 static int lookup_err = SH_ERR_SEVERE; 2449 2468 2450 int sh_forward_lookup_level (c har * c)2469 int sh_forward_lookup_level (const char * c) 2451 2470 { 2452 2471 int ci = sh_error_convert_level (c); … … 2603 2622 static int UseSocketPeer = S_FALSE; 2604 2623 2605 int set_socket_peer (c har * c)2624 int set_socket_peer (const char * c) 2606 2625 { 2607 2626 return sh_util_flagval(c, &UseSocketPeer); … … 2731 2750 char hash[SH_MAXMSGLEN + KEY_LEN + KEY_LEN + 1]; 2732 2751 char * buffer; 2733 long len;2734 2752 2735 2753 int clt_sev; … … 2737 2755 2738 2756 UINT32 ticks; 2757 size_t len; 2739 2758 int i; 2740 2759 char * test; … … 2821 2840 sh_error_handle((-1), FIL__, __LINE__, 0, MSG_TCP_FAUTH, 2822 2841 &(conn->buf[KEY_LEN])); 2823 strcpy(conn->buf, /* known to fit */ 2824 &(conn->buf[KEY_LEN])); 2842 len = sl_strlen(&(conn->buf[KEY_LEN])) + 1; 2843 /* &(conn->buf[KEY_LEN]) is hostname */ 2844 /* may overlap, thus only memmove is correct */ 2845 memmove(conn->buf, &(conn->buf[KEY_LEN]), len); 2825 2846 this_client->session_key[0] = '\0'; 2826 2847 this_client->session_key_timer = (time_t) 1; … … 2835 2856 conn->K = NULL; 2836 2857 } 2837 i= sl_strlen(&(conn->buf[KEY_LEN])) + KEY_LEN + 1;2838 conn->K = SH_ALLOC( i);2858 len = sl_strlen(&(conn->buf[KEY_LEN])) + KEY_LEN + 1; 2859 conn->K = SH_ALLOC(len); 2839 2860 2840 2861 sl_strlcpy (conn->K, … … 2914 2935 conn->A = SH_ALLOC(3*KEY_LEN+1); 2915 2936 sl_strlcpy (conn->A, conn->K, KEY_LEN+1); 2916 sl_strlcat(conn->A, conn->buf, /* ignore remainder*/2937 sl_strlcat(conn->A, conn->buf, /* truncate */ 2917 2938 2*KEY_LEN+1); 2918 2939 sl_strlcat(conn->A, conn->client_entry->session_key, … … 3278 3299 sh_error_handle((-1), FIL__, __LINE__, 0, MSG_TCP_FAUTH, 3279 3300 &(conn->buf[KEY_LEN])); 3280 strcpy(conn->buf, /* known to fit */ 3281 &(conn->buf[KEY_LEN])); 3301 len = sl_strlen(&(conn->buf[KEY_LEN])) + 1; 3302 /* &(conn->buf[KEY_LEN]) is hostname */ 3303 /* may overlap, thus only memmove is correct */ 3304 memmove(conn->buf, &(conn->buf[KEY_LEN]), len); 3282 3305 this_client->session_key[0] = '\0'; 3283 3306 this_client->session_key_timer = (time_t) 1; … … 3293 3316 conn->K = NULL; 3294 3317 } 3295 i= sl_strlen(&(conn->buf[KEY_LEN])) + KEY_LEN + 1;3296 conn->K = SH_ALLOC( i);3318 len = sl_strlen(&(conn->buf[KEY_LEN])) + KEY_LEN + 1; 3319 conn->K = SH_ALLOC(len); 3297 3320 3298 3321 sl_strlcpy (conn->K, … … 4600 4623 static unsigned int server_port = SH_DEFAULT_PORT; 4601 4624 4602 int sh_forward_set_port (c har * str)4625 int sh_forward_set_port (const char * str) 4603 4626 { 4604 4627 int retval = 0; 4605 4628 unsigned long i; 4606 char * endptr = str;4629 char * endptr; 4607 4630 4608 4631 SL_ENTER(_("sh_forward_set_port")); … … 4621 4644 static int use_server_interface = 0; 4622 4645 4623 int sh_forward_set_interface (c har * str)4646 int sh_forward_set_interface (const char * str) 4624 4647 { 4625 4648 if (0 == strcmp(str, _("INADDR_ANY"))) … … 4814 4837 */ 4815 4838 new_act.sa_handler = SIG_IGN; 4839 sigemptyset( &new_act.sa_mask ); /* set an empty mask */ 4840 new_act.sa_flags = 0; /* init sa_flags */ 4816 4841 retry_sigaction (FIL__, __LINE__, SIGPIPE, &new_act, &old_act); 4817 4842 … … 5571 5596 } 5572 5597 5573 int set_syslog_active(c har * c)5598 int set_syslog_active(const char * c) 5574 5599 { 5575 5600 return sh_util_flagval(c, &enable_syslog_socket); -
/trunk/src/sh_getopt.c
r20 r30 80 80 sh_util_set_interactive }, 81 81 #endif 82 #if defined(SH_WITH_SERVER) || defined(SH_WITH_CLIENT) 83 { N_("server-port"), 84 '-', 85 N_("Set the server port to connect to"), 86 HAS_ARG_YES, 87 sh_forward_server_port }, 88 #endif 82 89 #ifdef SH_WITH_SERVER 83 90 { N_("server"), … … 112 119 HAS_ARG_YES, 113 120 sh_calls_set_bind_addr }, 114 #if def SH_WITH_CLIENT121 #if defined(SH_WITH_SERVER) || defined(SH_WITH_CLIENT) 115 122 { N_("set-export-severity"), 116 123 'e', … … 391 398 if (op_table[i].hasArg == HAS_ARG_NO) { 392 399 if (sl_strlen(op_table[i].longopt) < 10) 393 s trcpy(fmt,_("%c%c%c --%-s,\t\t\t %s\n"));/* known to fit */400 sl_strlcpy(fmt,_("%c%c%c --%-s,\t\t\t %s\n"), sizeof(fmt)); 394 401 else if (sl_strlen(op_table[i].longopt) < 17) 395 s trcpy(fmt, _("%c%c%c --%-s,\t\t %s\n")); /* known to fit */402 sl_strlcpy(fmt, _("%c%c%c --%-s,\t\t %s\n"), sizeof(fmt)); 396 403 else 397 strcpy(fmt, _("%c%c%c --%-s,\t %s\n")); /* known to fit */ 398 /*@-formatconst@*/ 399 fprintf (stdout, 400 fmt, 404 sl_strlcpy(fmt, _("%c%c%c --%-s,\t %s\n"), sizeof(fmt)); 405 /* flawfinder: ignore */ 406 fprintf (stdout, fmt, 401 407 (op_table[i].shortopt == '-') ? ' ' : '-', 402 408 (op_table[i].shortopt == '-') ? ' ' : op_table[i].shortopt, … … 404 410 _(op_table[i].longopt), 405 411 _(op_table[i].usage)); 406 /*@+formatconst@*/407 412 } else { 408 413 if (sl_strlen(op_table[i].longopt) < 12) 409 strcpy(fmt, /* known to fit */ 410 _("%c%c %s --%-s=<arg>,\t\t %s\n")); 414 sl_strlcpy(fmt, _("%c%c %s --%-s=<arg>,\t\t %s\n"), sizeof(fmt)); 411 415 else 412 strcpy(fmt, /* known to fit */ 413 _("%c%c %s --%-s=<arg>,\t %s\n")); 414 /*@-formatconst@*/ 415 fprintf (stdout, 416 fmt, 416 sl_strlcpy(fmt, _("%c%c %s --%-s=<arg>,\t %s\n"), sizeof(fmt)); 417 /* flawfinder: ignore */ 418 fprintf (stdout, fmt, 417 419 (op_table[i].shortopt == '-') ? ' ' : '-', 418 420 (op_table[i].shortopt == '-') ? ' ' : op_table[i].shortopt, … … 420 422 _(op_table[i].longopt), 421 423 _(op_table[i].usage)); 422 /*@+formatconst@*/423 424 } 424 425 } … … 560 561 for (i = 0; op_table[i].longopt != NULL; ++i) 561 562 { 562 563 563 564 if (sl_strncmp(_(op_table[i].longopt), 564 565 &argv[1][2], … … 568 569 if ( op_table[i].hasArg == HAS_ARG_YES ) 569 570 { 570 if ( (theequal = strchr(argv[1], '=')) == NULL) 571 theequal = strchr(argv[1], '='); 572 if (theequal == NULL) 571 573 { 572 574 if (argc < 3) -
/trunk/src/sh_gpg.c
r20 r30 209 209 FILE * outf = NULL; 210 210 char * envp[2]; 211 size_t len; 211 212 char path[256]; 212 213 char cc1[32]; … … 370 371 if (sh.effective.home != NULL) 371 372 { 372 envp[0] = malloc (sl_strlen(sh.effective.home) + 6); /* free() ok */ 373 len = sl_strlen(sh.effective.home) + 6; 374 envp[0] = malloc (len); /* free() ok */ 373 375 if (envp[0] != NULL) 374 sprintf (envp[0], "HOME=%s", /* known to fit */ 375 sh.effective.home); 376 sl_snprintf (envp[0], len, "HOME=%s", sh.effective.home); 376 377 envp[1] = NULL; 377 378 } … … 486 487 487 488 pfd = get_the_fd(checkfd); 488 s printf(pname, _("/proc/self/fd/%d"), /* known to fit */489 pfd); 490 if (0 == access(pname, R_OK|X_OK)) 489 sl_snprintf(pname, sizeof(pname), _("/proc/self/fd/%d"), pfd); 490 if (0 == access(pname, R_OK|X_OK)) /* flawfinder: ignore */ 491 491 492 { 492 493 fcntl (pfd, F_SETFD, FD_CLOEXEC); -
/trunk/src/sh_hash.c
r20 r30 297 297 N_("[User0]"), 298 298 N_("[User1]"), 299 N_("[User2]"), 300 N_("[User3]"), 301 N_("[User4]"), 299 302 N_("[Prelink]"), 300 303 NULL … … 1268 1271 } 1269 1272 1270 int sh_hash_version_string(c har * str)1273 int sh_hash_version_string(const char * str) 1271 1274 { 1272 1275 int i; -
/trunk/src/sh_html.c
r20 r30 296 296 { 297 297 entry_orig = realloc(entry_orig, /* free() ok */ 298 entry_size + line_size );298 entry_size + line_size + 1); 299 299 if (entry_orig) { add_size = line_size; } 300 300 } … … 302 302 { 303 303 entry_orig = malloc(line_size + 1); /* free() ok */ 304 if (entry_orig) { entry_orig[0] = '\0'; add_size = line_size + 1; }304 if (entry_orig) { entry_orig[0] = '\0'; add_size = line_size; } 305 305 } 306 306 if (!entry_orig) … … 311 311 } 312 312 313 s trcat(&entry_orig[entry_size], line); /* known to fit */313 sl_strlcat(&entry_orig[entry_size], line, line_size + 1); 314 314 entry_size += add_size; 315 SH_VALIDATE_EQ(entry_orig[entry_size], '\0'); 315 316 } 316 317 sl_close(fd); -
/trunk/src/sh_ignore.c
r20 r30 53 53 54 54 static struct sh_ignore_list * sh_ignore_add_int(struct sh_ignore_list * list, 55 c har * addpath)55 const char * addpath) 56 56 { 57 57 struct sh_ignore_list * new; … … 96 96 } 97 97 98 int sh_ignore_add_del (c har * addpath)98 int sh_ignore_add_del (const char * addpath) 99 99 { 100 100 if ((addpath == NULL) || (addpath[0] != '/')) … … 106 106 } 107 107 108 int sh_ignore_add_new (c har * addpath)108 int sh_ignore_add_new (const char * addpath) 109 109 { 110 110 if ((addpath == NULL) || (addpath[0] != '/')) -
/trunk/src/sh_kern.c
r20 r30 431 431 int (*rename) (int *, int *, 432 432 int *, int *); 433 /* flawfinder: ignore */ 433 434 int (*readlink) (int *, char *,int); 434 435 int (*follow_link) (int *, int *); -
/trunk/src/sh_mail.c
r20 r30 271 271 272 272 static 273 int sh_filter_filteradd (char * argstring, sh_filter_type * filter, int ftype) 273 int sh_filter_filteradd (const char * argstring, 274 sh_filter_type * filter, int ftype) 274 275 { 275 276 int i = 0; … … 372 373 */ 373 374 static 374 int sh_filter_filter (c har * message, sh_filter_type * filter)375 int sh_filter_filter (const char * message, sh_filter_type * filter) 375 376 { 376 377 int i; … … 432 433 * -- add keywords to the OR filter 433 434 */ 434 int sh_mail_add_or (c har * str)435 int sh_mail_add_or (const char * str) 435 436 { 436 437 return (sh_filter_filteradd (str, &(mail_filter), SH_FILT_OR)); … … 440 441 * -- add keywords to the AND filter 441 442 */ 442 int sh_mail_add_and (c har * str)443 int sh_mail_add_and (const char * str) 443 444 { 444 445 return (sh_filter_filteradd (str, &(mail_filter), SH_FILT_AND)); … … 448 449 * -- add keywords to the NOT filter 449 450 */ 450 int sh_mail_add_not (c har * str)451 int sh_mail_add_not (const char * str) 451 452 { 452 453 return (sh_filter_filteradd (str, &(mail_filter), SH_FILT_NOT)); … … 473 474 } 474 475 475 int sh_mail_setaddress (c har * address)476 int sh_mail_setaddress (const char * address) 476 477 { 477 478 char * p; … … 523 524 } 524 525 525 int sh_mail_setaddress_int (c har * address)526 int sh_mail_setaddress_int (const char * address) 526 527 { 527 528 int i; … … 533 534 } 534 535 535 int sh_mail_setNum (c har * str)536 int sh_mail_setNum (const char * str) 536 537 { 537 538 int i = atoi (str); … … 549 550 static int all_in_one = S_FALSE; 550 551 551 int sh_mail_setFlag (c har * str)552 int sh_mail_setFlag (const char * str) 552 553 { 553 554 int i; … … 559 560 static char * mail_subject = NULL; 560 561 561 int set_mail_subject (c har * str)562 int set_mail_subject (const char * str) 562 563 { 563 564 SL_ENTER(_("set_mail_subject")); … … 1006 1007 /* reveal first signature key 1007 1008 */ 1008 (void) sl_strlcpy(skey->crypt, skey->mailkey_new, KEY_LEN+1); 1009 /* flawfinder: ignore */ 1010 (void) sl_strlcpy(skey->crypt, skey->mailkey_new, KEY_LEN+1); 1009 1011 1010 1012 BREAKEXIT(sh_util_encode); 1013 /* flawfinder: ignore */ 1011 1014 sh_util_encode(skey->crypt, bufcompress, 0, 'A'); 1012 1015 1016 /* flawfinder: ignore */ 1013 1017 (void) sl_strlcat (mailMsg, skey->crypt, msgbufsize); 1018 /* flawfinder: ignore */ 1014 1019 memset (skey->crypt, 0, KEY_LEN); 1015 1020 isfirst = 0; … … 1021 1026 (void) sl_strlcpy (skey->mailkey_old, skey->mailkey_new, KEY_LEN+1); 1022 1027 1023 /*@-bufferoverflowhigh@*/ 1024 sprintf(subject, _("%06d %010ld::%s\r\n"), /* known to fit */ 1025 mailcount, (long) id_audit, sh.host.name); 1026 /*@+bufferoverflowhigh@*/ 1028 sl_snprintf(subject, sizeof(subject), _("%06d %010ld::%s\r\n"), 1029 mailcount, (long) id_audit, sh.host.name); 1027 1030 1028 1031 (void) sl_strlcat (mailMsg, subject, msgbufsize); … … 1222 1225 static char * relay_host = NULL; 1223 1226 1224 int sh_mail_set_relay (c har * str_s)1227 int sh_mail_set_relay (const char * str_s) 1225 1228 { 1226 1229 size_t i = 0; … … 1251 1254 static char * mail_sender = NULL; 1252 1255 1253 int sh_mail_set_sender (c har *str)1256 int sh_mail_set_sender (const char *str) 1254 1257 { 1255 1258 if (mail_sender != NULL) … … 1735 1738 if (g != 1) 1736 1739 { 1737 /*@-bufferoverflowhigh@*/ 1738 sprintf(errmsg, /* known to fit */ 1739 _("Bad response (%d), expected %d"), rcode, code); 1740 /*@+bufferoverflowhigh@*/ 1740 sl_snprintf(errmsg, sizeof(errmsg), 1741 _("Bad response (%d), expected %d"), rcode, code); 1742 1741 1743 sh_error_handle((-1), FIL__, __LINE__, 0, MSG_E_NET, 1742 1744 errmsg, _("sh_mail_wait"), … … 1883 1885 int ret, length, status; 1884 1886 mx * result; 1887 size_t len; 1885 1888 1886 1889 typedef union … … 2065 2068 */ 2066 2069 result[count].pref = pref; 2067 result[count].address = SH_ALLOC (strlen (expanded) + 1); 2068 strcpy (result[count].address, expanded); /* known to fit */ 2070 len = strlen (expanded) + 1; 2071 result[count].address = SH_ALLOC (len); 2072 sl_strlcpy (result[count].address, expanded, len); 2069 2073 } 2070 2074 while (ret > 0 && comp_dn < eom && count); … … 2101 2105 mx * result; 2102 2106 dnsrep * retval; 2103 char errmsg[128]; 2107 char errmsg[128]; 2108 size_t len; 2104 2109 2105 2110 SL_ENTER(_("return_mx")); … … 2128 2133 _("get_mx")); 2129 2134 #else 2135 /* flawfinder: ignore *//* test code only */ 2130 2136 strcpy (errmsg, /* known to fit */ 2131 2137 _("No MX record for domain ")); … … 2155 2161 result->pref = 0; 2156 2162 /*@-type@*/ 2157 result->address = SH_ALLOC (strlen (host->h_name) + 1); 2158 strcpy (result->address, host->h_name); /* known to fit */ 2163 len = strlen (host->h_name) + 1; 2164 result->address = SH_ALLOC (len); 2165 sl_strlcpy (result->address, host->h_name, len); 2159 2166 /*@+type@*/ 2160 2167 SL_RETURN (retval, _("return_mx")); -
/trunk/src/sh_mem.c
r20 r30 39 39 #include "sh_mem.h" 40 40 41 extern int safe_logger (int signal, int method, pid_t thepid);41 extern int safe_logger (int signal, int method, char * details); 42 42 43 43 #undef FIL__ … … 228 228 { 229 229 eblock = 1; 230 (void) safe_logger (0, 0, getpid());230 (void) safe_logger (0, 0, NULL); 231 231 /* 232 232 sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_E_MMEM, … … 320 320 { 321 321 eblock = 1; 322 (void) safe_logger(0, 0, getpid());322 (void) safe_logger(0, 0, NULL); 323 323 /* 324 324 sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_E_MMEM, … … 456 456 { 457 457 eblock = 1; 458 (void) safe_logger(0, 0, getpid());458 (void) safe_logger(0, 0, NULL); 459 459 /* 460 460 sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_E_MMEM); -
/trunk/src/sh_prelink.c
r20 r30 38 38 static char * prelink_hash = NULL; 39 39 40 int sh_prelink_set_path (c har * str)40 int sh_prelink_set_path (const char * str) 41 41 { 42 42 size_t len; … … 55 55 } 56 56 57 int sh_prelink_set_hash (c har * str)57 int sh_prelink_set_hash (const char * str) 58 58 { 59 59 size_t len; … … 245 245 sl_read_timeout_prep (task.pipeTI); 246 246 247 strcpy(file_hash, /* known to fit */ 248 sh_tiger_generic_hash (path, TIGER_FD, 0, alert_timeout)); 247 sl_strlcpy(file_hash, 248 sh_tiger_generic_hash (path, TIGER_FD, 0, alert_timeout), 249 KEY_LEN+1); 249 250 250 251 /* restore old signal handler -
/trunk/src/sh_prelude.c
r20 r30 133 133 } 134 134 135 static int set_prelude_severity_int (char * str, int prelude_sev) 136 { 137 char * p = strtok (str, ", \t"); 138 135 static int set_prelude_severity_int (const char * str, int prelude_sev) 136 { 137 char * p; 138 char * dup = strdup (str); 139 140 if (!dup) 141 return -1; 142 143 p = strtok (dup, ", \t"); 139 144 if (p) { 140 145 do { … … 155 160 else if (0 == strcmp (p, _("info"))) 156 161 clear_and_set (prelude_sev, SH_ERR_INFO); 157 else 162 else { 163 free (dup); 158 164 return -1; 165 } 159 166 p = strtok (NULL, ", \t"); 160 167 } while (p); 161 168 } 169 free(dup); 162 170 return 0; 163 171 } 164 172 165 int sh_prelude_map_info (c har * str)173 int sh_prelude_map_info (const char * str) 166 174 { 167 175 return (set_prelude_severity_int(str,(int)IDMEF_IMPACT_SEVERITY_INFO)); 168 176 } 169 int sh_prelude_map_low (c har * str)177 int sh_prelude_map_low (const char * str) 170 178 { 171 179 return (set_prelude_severity_int(str,(int)IDMEF_IMPACT_SEVERITY_LOW)); 172 180 } 173 int sh_prelude_map_medium (c har * str)181 int sh_prelude_map_medium (const char * str) 174 182 { 175 183 return (set_prelude_severity_int(str,(int)IDMEF_IMPACT_SEVERITY_MEDIUM)); 176 184 } 177 int sh_prelude_map_high (c har * str)185 int sh_prelude_map_high (const char * str) 178 186 { 179 187 return (set_prelude_severity_int(str,(int)IDMEF_IMPACT_SEVERITY_HIGH)); … … 300 308 } 301 309 310 /* flawfinder: ignore *//* is part of name, not access() */ 302 311 static void get_access_info(idmef_file_access_t *access, char * mode, int pos, int mpos) 303 312 { … … 308 317 do { 309 318 if ( mode[pos] == 'r' ) { 310 ret = idmef_file_access_new_permission(access, &str, -1); 319 /* flawfinder: ignore *//* is part of name, not access() */ 320 ret = idmef_file_access_new_permission(access, &str, IDMEF_LIST_APPEND); 311 321 if ( ret < 0 ) 312 322 return; … … 315 325 } 316 326 else if ( mode[pos] == 'w' ) { 317 ret = idmef_file_access_new_permission(access, &str, -1); 327 /* flawfinder: ignore *//* is part of name, not access() */ 328 ret = idmef_file_access_new_permission(access, &str, IDMEF_LIST_APPEND); 318 329 if ( ret < 0 ) 319 330 return; … … 322 333 } 323 334 else if ( mode[pos] == 'x' || mode[pos] == 's' || mode[pos] == 't') { 324 ret = idmef_file_access_new_permission(access, &str, -1); 335 /* flawfinder: ignore *//* is part of name, not access() */ 336 ret = idmef_file_access_new_permission(access, &str, IDMEF_LIST_APPEND); 325 337 if ( ret < 0 ) 326 338 return; … … 340 352 341 353 if ( got == 0 ) { 342 ret = idmef_file_access_new_permission(access, &str, -1); 354 /* flawfinder: ignore *//* is part of name, not access() */ 355 ret = idmef_file_access_new_permission(access, &str, IDMEF_LIST_APPEND); 343 356 if ( ret < 0 ) 344 357 return; … … 360 373 prelude_string_t *str; 361 374 idmef_checksum_t *checksum; 362 idmef_file_access_t *access; 375 idmef_file_access_t *access; /* flawfinder: ignore */ 363 376 idmef_user_id_t *userid; 364 377 const char *suffix = (category == IDMEF_FILE_CATEGORY_CURRENT) ? "_new" : "_old"; 365 378 char *mode = NULL; 366 379 367 ret = idmef_target_new_file(target, &file, -1);380 ret = idmef_target_new_file(target, &file, IDMEF_LIST_APPEND); 368 381 if ( ret < 0 ) 369 382 return; … … 429 442 ptr = get_value(msg, _("chksum"), suffix); 430 443 if ( ptr ) { 431 ret = idmef_file_new_checksum(file, &checksum, 0);444 ret = idmef_file_new_checksum(file, &checksum, IDMEF_LIST_APPEND); 432 445 if ( ret < 0 ) 433 446 return; … … 459 472 mode = get_value(msg, _("mode"), suffix); 460 473 if ( mode ) { 461 ret = idmef_file_new_file_access(file, &access, -1); 462 if ( ret < 0 ) 463 return; 464 474 /* flawfinder: ignore *//* is part of name, not access() */ 475 ret = idmef_file_new_file_access(file, &access, IDMEF_LIST_APPEND); 476 if ( ret < 0 ) 477 return; 478 479 /* flawfinder: ignore *//* is part of name, not access() */ 465 480 ret = idmef_file_access_new_user_id(access, &userid); 466 481 if ( ret < 0 ) … … 468 483 idmef_user_id_set_type(userid, IDMEF_USER_ID_TYPE_OTHER_PRIVS); 469 484 485 /* flawfinder: ignore *//* is part of name, not access() */ 470 486 get_access_info ( access, mode, 7, 9 ); 471 487 } … … 475 491 struct passwd *pw; 476 492 477 ret = idmef_file_new_file_access(file, &access, 0); 478 if ( ret < 0 ) 479 return; 480 493 /* flawfinder: ignore *//* is part of name, not access() */ 494 ret = idmef_file_new_file_access(file, &access, IDMEF_LIST_APPEND); 495 if ( ret < 0 ) 496 return; 497 498 /* flawfinder: ignore *//* is part of name, not access() */ 481 499 ret = idmef_file_access_new_user_id(access, &userid); 482 500 if ( ret < 0 ) … … 497 515 498 516 if ( mode ) { 517 /* flawfinder: ignore *//* is part of name, not access() */ 499 518 get_access_info ( access, mode, 1, 3 ); 500 519 } … … 505 524 struct group *gr; 506 525 507 ret = idmef_file_new_file_access(file, &access, -1); 508 if ( ret < 0 ) 509 return; 510 526 /* flawfinder: ignore *//* is part of name, not access() */ 527 ret = idmef_file_new_file_access(file, &access, IDMEF_LIST_APPEND); 528 if ( ret < 0 ) 529 return; 530 531 /* flawfinder: ignore *//* is part of name, not access() */ 511 532 ret = idmef_file_access_new_user_id(access, &userid); 512 533 if ( ret < 0 ) … … 527 548 528 549 if ( mode ) { 529 get_access_info ( access, mode, 4, 6 ); 550 get_access_info ( access, mode, 4, 6 ); /* flawfinder: ignore */ 530 551 } 531 552 } … … 629 650 if ( ptr ) { 630 651 if ( ! source ) { 631 ret = idmef_alert_new_source(alert, &source, -1);652 ret = idmef_alert_new_source(alert, &source, IDMEF_LIST_APPEND); 632 653 if ( ret < 0 ) { 633 654 free(ptr); … … 642 663 } 643 664 644 ret = idmef_node_new_address(node, &address, -1);665 ret = idmef_node_new_address(node, &address, IDMEF_LIST_APPEND); 645 666 if ( ret < 0 ) { 646 667 free(ptr); … … 663 684 else { 664 685 if ( ! source ) { 665 ret = idmef_alert_new_source(alert, &source, -1);686 ret = idmef_alert_new_source(alert, &source, IDMEF_LIST_APPEND); 666 687 if ( ret < 0 ) { 667 688 free(ptr); … … 696 717 idmef_user_set_category(user, IDMEF_USER_CATEGORY_OS_DEVICE); 697 718 698 ret = idmef_user_new_user_id(user, &user_id, -1);719 ret = idmef_user_new_user_id(user, &user_id, IDMEF_LIST_APPEND); 699 720 if ( ret < 0 ) { 700 721 free(ptr); … … 770 791 goto err; 771 792 772 idmef_alert_set_analyzer(alert, idmef_analyzer_ref(prelude_client_get_analyzer(client)), 0);793 idmef_alert_set_analyzer(alert, idmef_analyzer_ref(prelude_client_get_analyzer(client)), IDMEF_LIST_PREPEND); 773 794 774 795 ret = idmef_time_new_from_gettimeofday(&time); … … 786 807 goto err; 787 808 788 ret = idmef_alert_new_target(alert, &target, -1);809 ret = idmef_alert_new_target(alert, &target, IDMEF_LIST_APPEND); 789 810 if ( ret < 0 ) 790 811 goto err; … … 844 865 idmef_confidence_set_rating(confidence, IDMEF_CONFIDENCE_RATING_HIGH); 845 866 846 ret = idmef_alert_new_additional_data(alert, &data, -1);867 ret = idmef_alert_new_additional_data(alert, &data, IDMEF_LIST_APPEND); 847 868 if ( ret < 0 ) 848 869 goto err; … … 890 911 891 912 892 int sh_prelude_set_profile(c har *arg)913 int sh_prelude_set_profile(const char *arg) 893 914 { 894 915 if ( profile ) { -
/trunk/src/sh_readconf.c
r20 r30 52 52 #endif 53 53 54 extern int set_reverse_lookup (c har * c);54 extern int set_reverse_lookup (const char * c); 55 55 56 56 #undef FIL__ … … 69 69 SH_SECTION_USER0, 70 70 SH_SECTION_USER1, 71 SH_SECTION_USER2, 72 SH_SECTION_USER3, 73 SH_SECTION_USER4, 71 74 SH_SECTION_PRELINK, 72 75 #if defined (SH_WITH_MAIL) … … 108 111 { N_("[User0]"), SH_SECTION_USER0}, 109 112 { N_("[User1]"), SH_SECTION_USER1}, 113 { N_("[User2]"), SH_SECTION_USER2}, 114 { N_("[User3]"), SH_SECTION_USER3}, 115 { N_("[User4]"), SH_SECTION_USER4}, 110 116 { N_("[Prelink]"), SH_SECTION_PRELINK}, 111 117 #ifdef WITH_EXTERNAL … … 282 288 /* The system type, release, and machine. 283 289 */ 284 sprintf(myident, _("%s:%s:%s"), /* known to fit */ 285 sh.host.system, sh.host.release, sh.host.machine); 290 sl_snprintf(myident, sizeof(myident), _("%s:%s:%s"), 291 sh.host.system, /* flawfinder: ignore */ 292 sh.host.release, sh.host.machine); 286 293 287 294 … … 580 587 } 581 588 582 int sh_readconf_set_path (char * which, c har * what)589 int sh_readconf_set_path (char * which, const char * what) 583 590 { 584 591 int len; … … 621 628 } 622 629 623 int sh_readconf_set_database_path (c har * what)630 int sh_readconf_set_database_path (const char * what) 624 631 { 625 632 return (sh_readconf_set_path(sh.data.path, what)); 626 633 } 627 634 628 int sh_readconf_set_logfile_path (c har * what)635 int sh_readconf_set_logfile_path (const char * what) 629 636 { 630 637 return (sh_readconf_set_path(sh.srvlog.name, what)); 631 638 } 632 639 633 int sh_readconf_set_lockfile_path (c har * what)640 int sh_readconf_set_lockfile_path (const char * what) 634 641 { 635 642 return( sh_readconf_set_path(sh.srvlog.alt, what)); … … 645 652 646 653 647 int sh_readconf_setTime (c har * str, ShTimerItem what)654 int sh_readconf_setTime (const char * str, ShTimerItem what) 648 655 { 649 656 unsigned long i = atoi (str); … … 674 681 } 675 682 676 int sh_readconf_setMailtime (c har * c)683 int sh_readconf_setMailtime (const char * c) 677 684 { 678 685 return sh_readconf_setTime (c, SET_MAILTIME); 679 686 } 680 687 681 int sh_readconf_setFiletime (c har * c)688 int sh_readconf_setFiletime (const char * c) 682 689 { 683 690 return sh_readconf_setTime (c, SET_FILETIME); 684 691 } 685 692 686 int sh_readconf_set_nice (c har * c)693 int sh_readconf_set_nice (const char * c) 687 694 { 688 695 long val; … … 704 711 705 712 #ifdef FANCY_LIBCAP 706 int sh_readconf_setCaps(c har * c)713 int sh_readconf_setCaps(const char * c) 707 714 { 708 715 int i; … … 718 725 ShSectionType section; 719 726 ShSectionType alt_section; 720 int (*func)(c har * opt);727 int (*func)(const char * opt); 721 728 } cfg_options; 722 729 723 730 #if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) 724 extern int sh_set_schedule_one(c har * str);725 extern int sh_set_schedule_two(c har * str);731 extern int sh_set_schedule_one(const char * str); 732 extern int sh_set_schedule_two(const char * str); 726 733 #endif 727 734 #if defined (SH_WITH_SERVER) 728 extern int sh_socket_use (char * c); 729 extern int sh_socket_uid (char * c); 730 extern int sh_socket_password (char * c); 731 #endif 732 733 /* Yes, this isn't very elegant ;) 734 */ 735 #if defined(WITH_EXTERNAL) 736 int sh_error_set_external_wrap (char * str) { 737 return sh_error_set_external ((const char *) str); 738 } 739 #endif 740 #if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) 741 int sh_files_setrecursion_wrap (char * str) { 742 return sh_files_setrecursion ((const char *) str); 743 } 744 int sh_util_setchecksum_wrap (char * str) { 745 return sh_util_setchecksum ((const char *) str); 746 } 747 #endif 748 int sh_util_setlooptime_wrap (char * str) { 749 return sh_util_setlooptime ((const char *) str); 750 } 751 #ifdef SH_WITH_MAIL 752 int sh_error_setseverity_wrap (char * str) { 753 return sh_error_setseverity ((const char *) str); 754 } 755 #endif 756 int sh_calls_set_bind_addr_wrap (char * str) { 757 return sh_calls_set_bind_addr ((const char *) str); 758 } 759 int sh_unix_setdeamon_wrap (char * str) { 760 return sh_unix_setdeamon ((const char *) str); 761 } 762 int sh_error_setprint_wrap (char * str) { 763 return sh_error_setprint ((const char *) str); 764 } 765 int sh_error_setlog_wrap (char * str) { 766 return sh_error_setlog ((const char *) str); 767 } 768 int sh_error_set_syslog_wrap (char * str) { 769 return sh_error_set_syslog ((const char *) str); 770 } 771 #ifdef HAVE_LIBPRELUDE 772 int sh_error_set_prelude_wrap (char * str) { 773 return sh_error_set_prelude ((const char *) str); 774 } 775 #endif 776 #ifdef SH_WITH_CLIENT 777 int sh_error_setexport_wrap (char * str) { 778 return sh_error_setexport ((const char *) str); 779 } 780 #endif 781 #ifdef SH_WITH_SERVER 782 int sh_forward_set_strip_wrap (char * str) { 783 return sh_forward_set_strip ((const char *) str); 784 } 785 int sh_unix_set_chroot_wrap (char * str) { 786 return sh_unix_set_chroot ((const char *) str); 787 } 788 #endif 789 #if defined(WITH_DATABASE) 790 int sh_error_set_database_wrap (char * str) { 791 return sh_error_set_database ((const char *) str); 792 } 793 #endif 794 735 extern int sh_socket_use (const char * c); 736 extern int sh_socket_uid (const char * c); 737 extern int sh_socket_password (const char * c); 738 #endif 739 795 740 cfg_options ext_table[] = { 796 741 #if defined(WITH_EXTERNAL) … … 818 763 sh_ext_add_or }, 819 764 { N_("externalseverity"),SH_SECTION_LOG, SH_SECTION_EXTERNAL, 820 sh_error_set_external _wrap},765 sh_error_set_external }, 821 766 { N_("externalclass"), SH_SECTION_LOG, SH_SECTION_EXTERNAL, 822 767 sh_error_external_mask }, … … 845 790 set_enter_wrapper }, 846 791 #endif 792 847 793 848 794 #if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) … … 880 826 { N_("file"), SH_SECTION_USER1, SH_SECTION_NONE, 881 827 sh_files_pushfile_user1 }, 828 { N_("dir"), SH_SECTION_USER2, SH_SECTION_NONE, 829 sh_files_pushdir_user2 }, 830 { N_("file"), SH_SECTION_USER2, SH_SECTION_NONE, 831 sh_files_pushfile_user2 }, 832 { N_("dir"), SH_SECTION_USER3, SH_SECTION_NONE, 833 sh_files_pushdir_user3 }, 834 { N_("file"), SH_SECTION_USER3, SH_SECTION_NONE, 835 sh_files_pushfile_user3 }, 836 { N_("dir"), SH_SECTION_USER4, SH_SECTION_NONE, 837 sh_files_pushdir_user4 }, 838 { N_("file"), SH_SECTION_USER4, SH_SECTION_NONE, 839 sh_files_pushfile_user4 }, 882 840 { N_("dir"), SH_SECTION_PRELINK, SH_SECTION_NONE, 883 841 sh_files_pushdir_prelink }, … … 902 860 sh_util_obscure_ok }, 903 861 { N_("setrecursionlevel"), SH_SECTION_MISC, SH_SECTION_NONE, 904 sh_files_setrecursion _wrap},862 sh_files_setrecursion }, 905 863 { N_("checksumtest"), SH_SECTION_MISC, SH_SECTION_NONE, 906 sh_util_setchecksum _wrap},864 sh_util_setchecksum }, 907 865 { N_("reportonlyonce"), SH_SECTION_MISC, SH_SECTION_NONE, 908 866 sh_files_reportonce }, … … 953 911 sh_files_redef_user1 }, 954 912 913 { N_("redefuser2"), SH_SECTION_MISC, SH_SECTION_NONE, 914 sh_files_redef_user2 }, 915 916 { N_("redefuser3"), SH_SECTION_MISC, SH_SECTION_NONE, 917 sh_files_redef_user3 }, 918 919 { N_("redefuser4"), SH_SECTION_MISC, SH_SECTION_NONE, 920 sh_files_redef_user4 }, 921 955 922 { N_("redefprelink"), SH_SECTION_MISC, SH_SECTION_NONE, 956 923 sh_files_redef_prelink }, … … 961 928 { N_("setprelinkchecksum"), SH_SECTION_MISC, SH_SECTION_NONE, 962 929 sh_prelink_set_hash }, 930 963 931 /* client or standalone 964 932 */ … … 977 945 sh_socket_password }, 978 946 { N_("setstripdomain"), SH_SECTION_SRV, SH_SECTION_MISC, 979 sh_forward_set_strip _wrap},947 sh_forward_set_strip }, 980 948 { N_("useseparatelogs"), SH_SECTION_SRV, SH_SECTION_MISC, 981 949 set_flag_sep_log }, 982 950 { N_("setchrootdir"), SH_SECTION_SRV, SH_SECTION_MISC, 983 sh_unix_set_chroot _wrap},951 sh_unix_set_chroot }, 984 952 { N_("setclienttimelimit"), SH_SECTION_SRV, SH_SECTION_MISC, 985 953 sh_forward_set_time_limit }, … … 1000 968 #endif 1001 969 1002 #if def SH_WITH_CLIENT970 #if defined(SH_WITH_CLIENT) || defined(SH_WITH_SERVER) 1003 971 { N_("exportseverity"), SH_SECTION_LOG, SH_SECTION_NONE, 1004 sh_error_setexport _wrap},972 sh_error_setexport }, 1005 973 { N_("exportclass"), SH_SECTION_LOG, SH_SECTION_NONE, 1006 974 sh_error_export_mask }, 975 #if defined(SH_WITH_SERVER) 976 { N_("setlogserver"), SH_SECTION_SRV, SH_SECTION_MISC, 977 sh_forward_setlogserver }, 978 #else 1007 979 { N_("setlogserver"), SH_SECTION_CLT, SH_SECTION_MISC, 1008 980 sh_forward_setlogserver }, 981 #endif 1009 982 #endif 1010 983 { N_("setfilechecktime"), SH_SECTION_MISC, SH_SECTION_NONE, 1011 984 sh_readconf_setFiletime }, 1012 985 { N_("setlooptime"), SH_SECTION_MISC, SH_SECTION_NONE, 1013 sh_util_setlooptime _wrap},986 sh_util_setlooptime }, 1014 987 1015 988 #ifdef SH_WITH_MAIL 1016 989 { N_("mailseverity"), SH_SECTION_LOG, SH_SECTION_NONE, 1017 sh_error_setseverity _wrap},990 sh_error_setseverity }, 1018 991 { N_("mailclass"), SH_SECTION_LOG, SH_SECTION_NONE, 1019 992 sh_error_mail_mask }, … … 1040 1013 #endif 1041 1014 { N_("setbindaddress"), SH_SECTION_MISC, SH_SECTION_NONE, 1042 sh_calls_set_bind_addr _wrap},1015 sh_calls_set_bind_addr }, 1043 1016 { N_("daemon"), SH_SECTION_MISC, SH_SECTION_NONE, 1044 sh_unix_setdeamon _wrap},1017 sh_unix_setdeamon }, 1045 1018 { N_("samhainpath"), SH_SECTION_MISC, SH_SECTION_NONE, 1046 1019 sh_unix_self_hash }, … … 1051 1024 1052 1025 { N_("printseverity"), SH_SECTION_LOG, SH_SECTION_NONE, 1053 sh_error_setprint _wrap},1026 sh_error_setprint }, 1054 1027 { N_("printclass"), SH_SECTION_LOG, SH_SECTION_NONE, 1055 1028 sh_error_print_mask }, 1056 1029 1057 1030 { N_("logseverity"), SH_SECTION_LOG, SH_SECTION_NONE, 1058 sh_error_setlog _wrap},1031 sh_error_setlog }, 1059 1032 { N_("logclass"), SH_SECTION_LOG, SH_SECTION_NONE, 1060 1033 sh_error_log_mask }, 1061 1034 1062 1035 { N_("syslogseverity"), SH_SECTION_LOG, SH_SECTION_NONE, 1063 sh_error_set_syslog _wrap},1036 sh_error_set_syslog }, 1064 1037 { N_("syslogclass"), SH_SECTION_LOG, SH_SECTION_NONE, 1065 1038 sh_error_syslog_mask }, 1066 1039 #ifdef HAVE_LIBPRELUDE 1067 1040 { N_("preludeseverity"), SH_SECTION_LOG, SH_SECTION_NONE, 1068 sh_error_set_prelude _wrap},1041 sh_error_set_prelude }, 1069 1042 { N_("preludeclass"), SH_SECTION_LOG, SH_SECTION_NONE, 1070 1043 sh_error_prelude_mask }, … … 1147 1120 N_("severityuser0"), 1148 1121 N_("severityuser1"), 1122 N_("severityuser2"), 1123 N_("severityuser3"), 1124 N_("severityuser4"), 1149 1125 N_("severityprelink"), 1150 1126 NULL … … 1163 1139 SH_ERR_T_USER0, 1164 1140 SH_ERR_T_USER1, 1141 SH_ERR_T_USER2, 1142 SH_ERR_T_USER3, 1143 SH_ERR_T_USER4, 1165 1144 SH_ERR_T_PRELINK, 1166 1145 }; -
/trunk/src/sh_schedule.c
r20 r30 53 53 #endif 54 54 55 #include "samhain.h" 55 56 #include "sh_mem.h" 56 57 … … 318 319 char * copy; 319 320 int i = 0; 321 size_t len; 320 322 321 323 if (!ssched || !isched) 322 324 return -1; 323 325 326 len = strlen(ssched)+1; 324 327 #ifdef TESTONLY 325 copy = malloc( strlen(ssched)+1); /* testonly code */326 #else 327 copy = SH_ALLOC( strlen(ssched)+1);328 #endif 329 s trcpy(copy, ssched); /* known to fit */328 copy = malloc(len); /* testonly code */ 329 #else 330 copy = SH_ALLOC(len); 331 #endif 332 sl_strlcpy(copy, ssched, len); 330 333 331 334 p = strtok(copy, " \t"); /* parse crontab-style schedule */ -
/trunk/src/sh_socket.c
r20 r30 244 244 } 245 245 246 int sh_socket_use (c har * c)246 int sh_socket_use (const char * c) 247 247 { 248 248 return sh_util_flagval(c, &sh_socket_flaguse); … … 289 289 #endif 290 290 291 int sh_socket_uid (c har * c)291 int sh_socket_uid (const char * c) 292 292 { 293 293 uid_t val = (uid_t) strtol (c, (char **)NULL, 10); … … 301 301 } 302 302 303 int sh_socket_password (c har * c)303 int sh_socket_password (const char * c) 304 304 { 305 305 #if defined(NEED_PASSWORD_AUTH) … … 378 378 379 379 name.sun_family = AF_FILE; 380 s trcpy (name.sun_path, sh_sockname);380 sl_strlcpy (name.sun_path, sh_sockname, sizeof(name.sun_path)); 381 381 382 382 size = (offsetof (struct sockaddr_un, sun_path) … … 878 878 879 879 new = SH_ALLOC(sizeof(struct socket_cmd)); 880 s trcpy (new->cmd, in->cmd);881 s trcpy (new->clt, in->clt);882 s trcpy (new->cti, sh_unix_time(0));880 sl_strlcpy (new->cmd, in->cmd, sizeof(new->cmd)); 881 sl_strlcpy (new->clt, in->clt, sizeof(new->clt)); 882 sl_strlcpy (new->cti, sh_unix_time(0), sizeof(new->cti)); 883 883 new->next = cmdlist; 884 884 cmdlist = new; … … 896 896 if (0 == sl_strcmp(new->clt, client_name)) 897 897 { 898 s trcpy (new->cmd, in->cmd);899 s trcpy (new->clt, in->clt);900 s trcpy (new->cti, sh_unix_time(0));898 sl_strlcpy (new->cmd, in->cmd, sizeof(new->cmd)); 899 sl_strlcpy (new->clt, in->clt, sizeof(new->clt)); 900 sl_strlcpy (new->cti, sh_unix_time(0), sizeof(new->cti)); 901 901 return; 902 902 } … … 905 905 906 906 new = SH_ALLOC(sizeof(struct socket_cmd)); 907 s trcpy (new->cmd, in->cmd);908 s trcpy (new->clt, in->clt);909 s trcpy (new->cti, sh_unix_time(0));907 sl_strlcpy (new->cmd, in->cmd, sizeof(new->cmd)); 908 sl_strlcpy (new->clt, in->clt, sizeof(new->clt)); 909 sl_strlcpy (new->cti, sh_unix_time(0), sizeof(new->cti)); 910 910 new->next = runlist; 911 911 runlist = new; -
/trunk/src/sh_srp.c
r20 r30 121 121 } 122 122 siz_str_internal = size; 123 s trcpy (get_str_internal, str); /* known to fit */123 sl_strlcpy (get_str_internal, str, siz_str_internal); 124 124 for (i = 0; i < (size-1); ++i) 125 125 if (get_str_internal[i] >= 'a' && get_str_internal[i] <= 'f' ) … … 384 384 } 385 385 386 #if def SH_WITH_CLIENT386 #if defined(SH_WITH_CLIENT) || defined(SH_WITH_SERVER) 387 387 388 388 … … 489 489 490 490 491 #if def SH_WITH_CLIENT491 #if defined(SH_WITH_CLIENT) || defined(SH_WITH_SERVER) 492 492 493 493 char * sh_srp_S_c (char * u_str, char * B_str) -
/trunk/src/sh_static.c
r20 r30 59 59 #endif 60 60 61 extern int sl_strlcpy(char * dst, /*@null@*/const char * src, size_t siz); 62 extern int sl_strlcat(char * dst, /*@null@*/const char * src, size_t siz); 61 63 62 64 … … 884 886 885 887 #ifdef DEBUG 888 /* flawfinder: ignore *//* definition of debug macro */ 886 889 #define DPRINTF(X,args...) fprintf(stderr, X, ##args) 887 890 #else … … 1194 1197 goto fail; 1195 1198 1196 s trncpy(lookup,name,MAXDNAME);1199 sl_strlcpy(lookup,name,MAXDNAME); 1197 1200 BIGLOCK; 1198 1201 if (variant < __searchdomains && strchr(lookup, '.') == NULL) 1199 1202 { 1200 s trncat(lookup,".", MAXDNAME);1201 s trncat(lookup,__searchdomain[variant], MAXDNAME);1203 sl_strlcat(lookup,".", MAXDNAME); 1204 sl_strlcat(lookup,__searchdomain[variant], MAXDNAME); 1202 1205 } 1203 1206 BIGUNLOCK; -
/trunk/src/sh_suidchk.c
r20 r30 415 415 long sl_status = SL_ENONE; 416 416 struct stat fileInfo; 417 struct stat fileInfo_F; 418 int file_d; 417 419 418 420 file_type theFile; 419 421 char fileHash[2*(KEY_LEN + 1)]; 422 423 mode_t umask_old; 424 int cperm_status; 420 425 421 426 SL_ENTER(_("sh_suidchk_check_internal")); … … 519 524 */ 520 525 fs = filesystem_type (tmpcat, tmpcat, &buf); 521 if (fs != NULL && 526 if (fs != NULL 527 #ifndef SH_SUIDTESTDIR 528 && 529 0 != strncmp (_("afs"), fs, 3) && 530 0 != strncmp (_("devfs"), fs, 5) && 531 0 != strncmp (_("iso9660"), fs, 7) && 532 0 != strncmp (_("lustre"), fs, 6) && 533 0 != strncmp (_("mmfs"), fs, 4) && 534 0 != strncmp (_("msdos"), fs, 5) && 522 535 0 != strncmp (_("nfs"), fs, 3) && 536 0 != strncmp (_("nosuid"), fs, 6) && 523 537 0 != strncmp (_("proc"), fs, 4) && 524 0 != strncmp (_("iso9660"), fs, 7) && 525 0 != strncmp (_("vfat"), fs, 4) && 526 0 != strncmp (_("msdos"), fs, 5) && 527 0 != strncmp (_("devfs"), fs, 5) && 528 0 != strncmp (_("nosuid"), fs, 6) 538 0 != strncmp (_("vfat"), fs, 4) 539 #endif 529 540 ) 530 541 { … … 666 677 break; 667 678 case SH_Q_CHANGEPERM: 679 cperm_status = 0; 680 file_d = -1; 668 681 if (retry_lstat(FIL__, __LINE__, tmpcat, &fileInfo) == -1) 669 682 { … … 677 690 tmp ); 678 691 SH_FREE(msg); 692 cperm_status = -1; 679 693 } 680 else 694 695 if (cperm_status == 0) 681 696 { 682 697 if (0 != (caperr = sl_get_cap_qdel())) … … 686 701 sh_error_message (caperr), 687 702 _("sl_get_cap_qdel")); 703 cperm_status = -1; 688 704 } 689 690 if ((fileInfo.st_mode & S_ISUID) > 0) 691 fileInfo.st_mode -= S_ISUID; 692 if ((fileInfo.st_mode & S_ISGID) > 0) 693 fileInfo.st_mode -= S_ISGID; 694 if (chmod(tmpcat, fileInfo.st_mode) == -1) 705 } 706 707 if (cperm_status == 0) 708 { 709 file_d = aud_open (FIL__, __LINE__, SL_YESPRIV, 710 tmpcat, O_RDONLY, 0); 711 if (-1 == file_d) 712 { 713 status = errno; 714 msg = SH_ALLOC(SH_BUFSIZE); 715 (void) sl_snprintf(msg, SH_BUFSIZE, _("I/O error. errno = %ld"), status); 716 sh_error_handle (ShSuidchkSeverity, 717 FIL__, __LINE__, 718 status, 719 MSG_SUID_QREPORT, msg, 720 tmp ); 721 SH_FREE(msg); 722 cperm_status = -1; 723 } 724 } 725 726 if (cperm_status == 0) 727 { 728 if (retry_fstat(FIL__, __LINE__, file_d, &fileInfo_F) == -1) 729 { 730 status = errno; 731 msg = SH_ALLOC(SH_BUFSIZE); 732 (void) sl_snprintf(msg, SH_BUFSIZE, 733 _("I/O error. errno = %ld"), status); 734 sh_error_handle (ShSuidchkSeverity, 735 FIL__, __LINE__, 736 status, 737 MSG_SUID_QREPORT, msg, 738 tmp ); 739 SH_FREE(msg); 740 cperm_status = -1; 741 } 742 } 743 744 if (cperm_status == 0) 745 { 746 if (fileInfo_F.st_ino != fileInfo.st_ino || 747 fileInfo_F.st_dev != fileInfo.st_dev || 748 fileInfo_F.st_mode != fileInfo.st_mode) 749 { 750 status = errno; 751 msg = SH_ALLOC(SH_BUFSIZE); 752 (void) sl_snprintf(msg, SH_BUFSIZE, 753 _("Race detected. errno = %ld"), status); 754 sh_error_handle (ShSuidchkSeverity, 755 FIL__, __LINE__, 756 status, 757 MSG_SUID_QREPORT, msg, 758 tmp ); 759 SH_FREE(msg); 760 cperm_status = -1; 761 } 762 } 763 764 if ((fileInfo.st_mode & S_ISUID) > 0) 765 fileInfo.st_mode -= S_ISUID; 766 if ((fileInfo.st_mode & S_ISGID) > 0) 767 fileInfo.st_mode -= S_ISGID; 768 769 if (cperm_status == 0) 770 { 771 if (fchmod(file_d, fileInfo.st_mode) == -1) 695 772 { 696 773 status = errno; … … 713 790 tmp ); 714 791 } 715 if (0 != (caperr = sl_drop_cap_qdel())) 792 } 793 794 if (0 != (caperr = sl_drop_cap_qdel())) 795 { 796 sh_error_handle((-1), FIL__, __LINE__, 797 caperr, MSG_E_SUBGEN, 798 sh_error_message (caperr), 799 _("sl_drop_cap_qdel")); 800 } 801 802 if (file_d != -1) 803 { 804 do { 805 status = close (file_d); 806 } while (status == -1 && errno == EINTR); 807 808 if (-1 == status) 716 809 { 717 sh_error_handle((-1), FIL__, __LINE__, 718 caperr, MSG_E_SUBGEN, 719 sh_error_message (caperr), 720 _("sl_drop_cap_qdel")); 810 status = errno; 811 msg = SH_ALLOC(SH_BUFSIZE); 812 (void) sl_snprintf(msg, SH_BUFSIZE, 813 _("I/O error. errno = %ld"), status); 814 sh_error_handle (ShSuidchkSeverity, 815 FIL__, __LINE__, 816 status, 817 MSG_SUID_QREPORT, msg, 818 tmp ); 819 SH_FREE(msg); 820 cperm_status = -1; 721 821 } 722 822 } … … 725 825 dir = SH_ALLOC(PATH_MAX+1); 726 826 (void) sl_strlcpy (dir, DEFAULT_QDIR, PATH_MAX+1); 727 if ( access (dir, F_OK) != 0)827 if (retry_stat (FIL__, __LINE__, dir, &fileInfo) != 0) 728 828 { 729 829 status = errno; 730 830 msg = SH_ALLOC(SH_BUFSIZE); 731 (void) sl_snprintf(msg, SH_BUFSIZE, _("Problem quarantining file. File NOT quarantined. errno = %ld ( access)"), status);831 (void) sl_snprintf(msg, SH_BUFSIZE, _("Problem quarantining file. File NOT quarantined. errno = %ld (stat)"), status); 732 832 sh_error_handle (ShSuidchkSeverity, 733 833 FIL__, __LINE__, … … 815 915 DEFAULT_QDIR, 816 916 basename(theFile.fullpath)); 917 /* 918 * avoid chmod by setting umask 919 */ 920 umask_old = umask (0077); 817 921 filePtr = fopen (filetmp, "w+"); 818 922 /*@-usedef@*/ … … 828 932 } 829 933 /*@+usedef@*/ 934 umask (umask_old); 830 935 831 936 sh_error_handle (ShSuidchkSeverity, … … 834 939 _("Quarantine method applied"), 835 940 tmp ); 836 if (chmod(filetmp, S_IRUSR | S_IWUSR) == -1)837 {838 status = errno;839 msg = SH_ALLOC(SH_BUFSIZE);840 (void) sl_snprintf(msg, SH_BUFSIZE, _("Problem setting permissions on quarantined file. errno = %ld"), status);841 sh_error_handle (ShSuidchkSeverity,842 FIL__,__LINE__,843 status, MSG_SUID_QREPORT,844 msg, tmp );845 SH_FREE(msg);846 }847 941 } 848 942 SH_FREE(filetmp); … … 976 1070 FileLimTotal = 0; 977 1071 1072 #ifdef SH_SUIDTESTDIR 1073 status = sh_suidchk_check_internal (SH_SUIDTESTDIR); 1074 #else 978 1075 status = sh_suidchk_check_internal ("/"); 1076 #endif 979 1077 980 1078 sh_error_handle ((-1), FIL__, __LINE__, EINVAL, MSG_SUID_SUMMARY, … … 1169 1267 long val; 1170 1268 int ret = 0; 1269 struct stat buf; 1171 1270 1172 1271 SL_ENTER(_("sh_suidchk_set_qmethod")); … … 1190 1289 break; 1191 1290 case SH_Q_MOVE: 1192 if ( access (DEFAULT_QDIR, F_OK) != 0)1291 if (retry_stat (FIL__, __LINE__, DEFAULT_QDIR, &buf) != 0) 1193 1292 { 1194 1293 if (mkdir (DEFAULT_QDIR, 0750) == -1) -
/trunk/src/sh_tiger0.c
r20 r30 404 404 #ifdef USE_MD5 405 405 /*@-type@*/ 406 /************************************************************************ 406 /* md5.c - Functions to compute MD5 message digest of files or memory blocks 407 * according to the definition of MD5 in RFC 1321 from April 1992. 408 * Copyright (C) 1995, 1996 Free Software Foundation, Inc. 407 409 * 408 * md5.h - Declaration of functions and data types used for MD5 sum409 * computing library functions.410 * NOTE: The canonical source of this file is maintained with the GNU C 411 * Library. Bugs can be reported to bug-glibc@prep.ai.mit.edu. 410 412 * 411 ************************************************************************/ 412 413 /* Written Bob Deblier <bob@virtualunlimited.com> */ 413 * This program is free software; you can redistribute it and/or modify it 414 * under the terms of the GNU General Public License as published by the 415 * Free Software Foundation; either version 2, or (at your option) any 416 * later version. 417 * 418 * This program is distributed in the hope that it will be useful, 419 * but WITHOUT ANY WARRANTY; without even the implied warranty of 420 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 421 * GNU General Public License for more details. 422 * 423 * You should have received a copy of the GNU General Public License 424 * along with this program; if not, write to the Free Software Foundation, 425 * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. 426 */ 427 428 /* Written by Ulrich Drepper <drepper@gnu.ai.mit.edu>, 1995. */ 429 414 430 /* Hacked to work with samhain by R. Wichmann */ 415 /* Need for 64bit type removed, fix for Mac OS X compiler */ 416 417 typedef sh_word32 uint32; 418 typedef unsigned char uint8; 419 420 421 431 432 typedef UINT32 md5_uint32; 422 433 423 434 424 435 /* Structure to save state of computation between the single steps. */ 425 typedef struct 426 { 427 uint32 h[4]; 428 uint32 data[16]; 429 uint8 offset; 430 uint32 nblocks; 431 int count; 436 typedef struct md5_ctx 437 { 438 md5_uint32 A; 439 md5_uint32 B; 440 md5_uint32 C; 441 md5_uint32 D; 442 443 md5_uint32 total[2]; 444 md5_uint32 buflen; 445 char buffer[128]; 432 446 } md5Param; 433 447 434 static uint32 md5hinit[4] = { 0x67452301, 0xefcdab89, 0x98badcfe, 0x10325476 }; 448 /* 449 * The following three functions are build up the low level used in 450 * the functions `md5_stream' and `md5_buffer'. 451 */ 452 453 /* Initialize structure containing state of computation. 454 (RFC 1321, 3.3: Step 3) */ 455 static void md5_init_ctx (struct md5_ctx *ctx); 456 457 /* Starting with the result of former calls of this function (or the 458 initialization function update the context for the next LEN bytes 459 starting at BUFFER. 460 It is necessary that LEN is a multiple of 64!!! */ 461 static void md5_process_block (const void *buffer, size_t len, 462 struct md5_ctx *ctx); 463 464 /* Starting with the result of former calls of this function (or the 465 initialization function update the context for the next LEN bytes 466 starting at BUFFER. 467 It is NOT required that LEN is a multiple of 64. */ 468 static void md5_process_bytes (const void *buffer, size_t len, 469 struct md5_ctx *ctx); 470 471 /* Process the remaining bytes in the buffer and put result from CTX 472 in first 16 bytes following RESBUF. The result is always in little 473 endian byte order, so that a byte-wise output yields to the wanted 474 ASCII representation of the message digest. 475 476 IMPORTANT: On some systems it is required that RESBUF is correctly 477 aligned for a 32 bits value. */ 478 static void *md5_finish_ctx (struct md5_ctx *ctx, void *resbuf); 479 480 481 /* Put result from CTX in first 16 bytes following RESBUF. The result is 482 always in little endian byte order, so that a byte-wise output yields 483 to the wanted ASCII representation of the message digest. 484 485 IMPORTANT: On some systems it is required that RESBUF is correctly 486 aligned for a 32 bits value. */ 487 static void *md5_read_ctx (const struct md5_ctx *ctx, void *resbuf); 488 489 #if WORDS_BIGENDIAN 490 static md5_uint32 swapu32(md5_uint32 n) 491 { 492 return ( ((n & 0xffU) << 24) | 493 ((n & 0xff00U) << 8) | 494 ((n & 0xff0000U) >> 8) | 495 ((n & 0xff000000U) >> 24) ); 496 } 497 #define SWAP(n) swapu32(n) 498 #else 499 #define SWAP(n) (n) 500 #endif 501 502 /* This array contains the bytes used to pad the buffer to the next 503 64-byte boundary. (RFC 1321, 3.1: Step 1) */ 504 static const unsigned char fillbuf[64] = { 0x80, 0 /* , 0, 0, ... */ }; 505 506 /* Initialize structure containing state of computation. 507 (RFC 1321, 3.3: Step 3) */ 508 static void md5_init_ctx(struct md5_ctx *ctx) 509 { 510 ctx->A = 0x67452301; 511 ctx->B = 0xefcdab89; 512 ctx->C = 0x98badcfe; 513 ctx->D = 0x10325476; 514 515 ctx->total[0] = ctx->total[1] = 0; 516 ctx->buflen = 0; 517 } 518 519 /* Put result from CTX in first 16 bytes following RESBUF. The result 520 must be in little endian byte order. 521 522 IMPORTANT: On some systems it is required that RESBUF is correctly 523 aligned for a 32 bits value. */ 524 static void *md5_read_ctx(const struct md5_ctx *ctx, void *resbuf) 525 { 526 ((md5_uint32 *) resbuf)[0] = SWAP(ctx->A); 527 ((md5_uint32 *) resbuf)[1] = SWAP(ctx->B); 528 ((md5_uint32 *) resbuf)[2] = SWAP(ctx->C); 529 ((md5_uint32 *) resbuf)[3] = SWAP(ctx->D); 530 531 return resbuf; 532 } 533 534 /* Process the remaining bytes in the internal buffer and the usual 535 prolog according to the standard and write the result to RESBUF. 536 537 IMPORTANT: On some systems it is required that RESBUF is correctly 538 aligned for a 32 bits value. */ 539 static void *md5_finish_ctx(struct md5_ctx *ctx, void *resbuf) 540 { 541 /* Take yet unprocessed bytes into account. */ 542 md5_uint32 bytes = ctx->buflen; 543 size_t pad; 544 545 /* Now count remaining bytes. */ 546 ctx->total[0] += bytes; 547 if (ctx->total[0] < bytes) 548 ++ctx->total[1]; 549 550 pad = bytes >= 56 ? 64 + 56 - bytes : 56 - bytes; 551 memcpy(&ctx->buffer[bytes], fillbuf, pad); 552 553 /* Put the 64-bit file length in *bits* at the end of the buffer. */ 554 *(md5_uint32 *) & ctx->buffer[bytes + pad] = SWAP(ctx->total[0] << 3); 555 *(md5_uint32 *) & ctx->buffer[bytes + pad + 4] = 556 SWAP((ctx->total[1] << 3) | (ctx->total[0] >> 29)); 557 558 /* Process last bytes. */ 559 md5_process_block(ctx->buffer, bytes + pad + 8, ctx); 560 561 return md5_read_ctx(ctx, resbuf); 562 } 563 564 /* Compute MD5 message digest for LEN bytes beginning at BUFFER. The 565 result is always in little endian byte order, so that a byte-wise 566 output yields to the wanted ASCII representation of the message 567 digest. */ 568 void *md5_buffer(const char *buffer, size_t len, void *resblock) 569 { 570 struct md5_ctx ctx; 571 572 /* Initialize the computation context. */ 573 md5_init_ctx(&ctx); 574 575 /* Process whole buffer but last len % 64 bytes. */ 576 md5_process_bytes(buffer, len, &ctx); 577 578 /* Put result in desired memory area. */ 579 return md5_finish_ctx(&ctx, resblock); 580 } 581 582 static void md5_process_bytes(const void *buffer, size_t len, struct md5_ctx *ctx) 583 { 584 /* When we already have some bits in our internal buffer concatenate 585 both inputs first. */ 586 if (ctx->buflen != 0) { 587 size_t left_over = ctx->buflen; 588 size_t add = 128 - left_over > len ? len : 128 - left_over; 589 590 memcpy(&ctx->buffer[left_over], buffer, add); 591 ctx->buflen += add; 592 593 if (left_over + add > 64) { 594 md5_process_block(ctx->buffer, (left_over + add) & ~63, ctx); 595 /* The regions in the following copy operation cannot overlap. */ 596 memcpy(ctx->buffer, &ctx->buffer[(left_over + add) & ~63], 597 (left_over + add) & 63); 598 ctx->buflen = (left_over + add) & 63; 599 } 600 601 buffer = (const char *) buffer + add; 602 len -= add; 603 } 604 605 /* Process available complete blocks. */ 606 if (len > 64) { 607 md5_process_block(buffer, len & ~63, ctx); 608 buffer = (const char *) buffer + (len & ~63); 609 len &= 63; 610 } 611 612 /* Move remaining bytes in internal buffer. */ 613 if (len > 0) { 614 memcpy(ctx->buffer, buffer, len); 615 ctx->buflen = len; 616 } 617 } 618 619 /* These are the four functions used in the four steps of the MD5 algorithm 620 and defined in the RFC 1321. The first function is a little bit optimized 621 (as found in Colin Plumbs public domain implementation). */ 622 /* #define FF(b, c, d) ((b & c) | (~b & d)) */ 623 #define FF(b, c, d) (d ^ (b & (c ^ d))) 624 #define FG(b, c, d) FF (d, b, c) 625 #define FH(b, c, d) (b ^ c ^ d) 626 #define FI(b, c, d) (c ^ (b | ~d)) 627 628 /* Process LEN bytes of BUFFER, accumulating context into CTX. 629 It is assumed that LEN % 64 == 0. */ 630 static void md5_process_block(const void *buffer, size_t len, struct md5_ctx *ctx) 631 { 632 md5_uint32 correct_words[16]; 633 const md5_uint32 *words = buffer; 634 size_t nwords = len / sizeof(md5_uint32); 635 const md5_uint32 *endp = words + nwords; 636 md5_uint32 A = ctx->A; 637 md5_uint32 B = ctx->B; 638 md5_uint32 C = ctx->C; 639 md5_uint32 D = ctx->D; 640 641 /* First increment the byte count. RFC 1321 specifies the possible 642 length of the file up to 2^64 bits. Here we only compute the 643 number of bytes. Do a double word increment. */ 644 ctx->total[0] += len; 645 if (ctx->total[0] < len) 646 ++ctx->total[1]; 647 648 /* Process all bytes in the buffer with 64 bytes in each round of 649 the loop. */ 650 while (words < endp) { 651 md5_uint32 *cwp = correct_words; 652 md5_uint32 A_save = A; 653 md5_uint32 B_save = B; 654 md5_uint32 C_save = C; 655 md5_uint32 D_save = D; 656 657 /* First round: using the given function, the context and a constant 658 the next context is computed. Because the algorithms processing 659 unit is a 32-bit word and it is determined to work on words in 660 little endian byte order we perhaps have to change the byte order 661 before the computation. To reduce the work for the next steps 662 we store the swapped words in the array CORRECT_WORDS. */ 663 664 #define OP(a, b, c, d, s, T) \ 665 do \ 666 { \ 667 a += FF (b, c, d) + (*cwp++ = SWAP (*words)) + T; \ 668 ++words; \ 669 CYCLIC (a, s); \ 670 a += b; \ 671 } \ 672 while (0) 673 674 /* It is unfortunate that C does not provide an operator for 675 cyclic rotation. Hope the C compiler is smart enough. */ 676 #define CYCLIC(w, s) (w = (w << s) | (w >> (32 - s))) 677 678 /* Before we start, one word to the strange constants. 679 They are defined in RFC 1321 as 680 681 T[i] = (int) (4294967296.0 * fabs (sin (i))), i=1..64 682 */ 683 684 /* Round 1. */ 685 OP(A, B, C, D, 7, 0xd76aa478); 686 OP(D, A, B, C, 12, 0xe8c7b756); 687 OP(C, D, A, B, 17, 0x242070db); 688 OP(B, C, D, A, 22, 0xc1bdceee); 689 OP(A, B, C, D, 7, 0xf57c0faf); 690 OP(D, A, B, C, 12, 0x4787c62a); 691 OP(C, D, A, B, 17, 0xa8304613); 692 OP(B, C, D, A, 22, 0xfd469501); 693 OP(A, B, C, D, 7, 0x698098d8); 694 OP(D, A, B, C, 12, 0x8b44f7af); 695 OP(C, D, A, B, 17, 0xffff5bb1); 696 OP(B, C, D, A, 22, 0x895cd7be); 697 OP(A, B, C, D, 7, 0x6b901122); 698 OP(D, A, B, C, 12, 0xfd987193); 699 OP(C, D, A, B, 17, 0xa679438e); 700 OP(B, C, D, A, 22, 0x49b40821); 701 /* For the second to fourth round we have the possibly swapped words 702 in CORRECT_WORDS. Redefine the macro to take an additional first 703 argument specifying the function to use. */ 704 #undef OP 705 #define OP(f, a, b, c, d, k, s, T) \ 706 do \ 707 { \ 708 a += f (b, c, d) + correct_words[k] + T; \ 709 CYCLIC (a, s); \ 710 a += b; \ 711 } \ 712 while (0) 713 714 /* Round 2. */ 715 OP(FG, A, B, C, D, 1, 5, 0xf61e2562); 716 OP(FG, D, A, B, C, 6, 9, 0xc040b340); 717 OP(FG, C, D, A, B, 11, 14, 0x265e5a51); 718 OP(FG, B, C, D, A, 0, 20, 0xe9b6c7aa); 719 OP(FG, A, B, C, D, 5, 5, 0xd62f105d); 720 OP(FG, D, A, B, C, 10, 9, 0x02441453); 721 OP(FG, C, D, A, B, 15, 14, 0xd8a1e681); 722 OP(FG, B, C, D, A, 4, 20, 0xe7d3fbc8); 723 OP(FG, A, B, C, D, 9, 5, 0x21e1cde6); 724 OP(FG, D, A, B, C, 14, 9, 0xc33707d6); 725 OP(FG, C, D, A, B, 3, 14, 0xf4d50d87); 726 OP(FG, B, C, D, A, 8, 20, 0x455a14ed); 727 OP(FG, A, B, C, D, 13, 5, 0xa9e3e905); 728 OP(FG, D, A, B, C, 2, 9, 0xfcefa3f8); 729 OP(FG, C, D, A, B, 7, 14, 0x676f02d9); 730 OP(FG, B, C, D, A, 12, 20, 0x8d2a4c8a); 731 732 /* Round 3. */ 733 OP(FH, A, B, C, D, 5, 4, 0xfffa3942); 734 OP(FH, D, A, B, C, 8, 11, 0x8771f681); 735 OP(FH, C, D, A, B, 11, 16, 0x6d9d6122); 736 OP(FH, B, C, D, A, 14, 23, 0xfde5380c); 737 OP(FH, A, B, C, D, 1, 4, 0xa4beea44); 738 OP(FH, D, A, B, C, 4, 11, 0x4bdecfa9); 739 OP(FH, C, D, A, B, 7, 16, 0xf6bb4b60); 740 OP(FH, B, C, D, A, 10, 23, 0xbebfbc70); 741 OP(FH, A, B, C, D, 13, 4, 0x289b7ec6); 742 OP(FH, D, A, B, C, 0, 11, 0xeaa127fa); 743 OP(FH, C, D, A, B, 3, 16, 0xd4ef3085); 744 OP(FH, B, C, D, A, 6, 23, 0x04881d05); 745 OP(FH, A, B, C, D, 9, 4, 0xd9d4d039); 746 OP(FH, D, A, B, C, 12, 11, 0xe6db99e5); 747 OP(FH, C, D, A, B, 15, 16, 0x1fa27cf8); 748 OP(FH, B, C, D, A, 2, 23, 0xc4ac5665); 749 750 /* Round 4. */ 751 OP(FI, A, B, C, D, 0, 6, 0xf4292244); 752 OP(FI, D, A, B, C, 7, 10, 0x432aff97); 753 OP(FI, C, D, A, B, 14, 15, 0xab9423a7); 754 OP(FI, B, C, D, A, 5, 21, 0xfc93a039); 755 OP(FI, A, B, C, D, 12, 6, 0x655b59c3); 756 OP(FI, D, A, B, C, 3, 10, 0x8f0ccc92); 757 OP(FI, C, D, A, B, 10, 15, 0xffeff47d); 758 OP(FI, B, C, D, A, 1, 21, 0x85845dd1); 759 OP(FI, A, B, C, D, 8, 6, 0x6fa87e4f); 760 OP(FI, D, A, B, C, 15, 10, 0xfe2ce6e0); 761 OP(FI, C, D, A, B, 6, 15, 0xa3014314); 762 OP(FI, B, C, D, A, 13, 21, 0x4e0811a1); 763 OP(FI, A, B, C, D, 4, 6, 0xf7537e82); 764 OP(FI, D, A, B, C, 11, 10, 0xbd3af235); 765 OP(FI, C, D, A, B, 2, 15, 0x2ad7d2bb); 766 OP(FI, B, C, D, A, 9, 21, 0xeb86d391); 767 768 /* Add the starting values of the context. */ 769 A += A_save; 770 B += B_save; 771 C += C_save; 772 D += D_save; 773 } 774 775 /* Put checksum in context given as argument. */ 776 ctx->A = A; 777 ctx->B = B; 778 ctx->C = C; 779 ctx->D = D; 780 } 781 782 783 /*---------------------------------------------------------------------------- 784 *--------end of md5.c 785 *----------------------------------------------------------------------------*/ 435 786 436 787 … … 438 789 { 439 790 unsigned int i; 440 memcpy(p->h, md5hinit, 16); 791 792 md5_init_ctx(p); 441 793 442 794 for (i = 0; i < 16; i += 8) 443 795 { 444 p-> data[i] = 0x00;445 p-> data[i+1] = 0x00;446 p-> data[i+2] = 0x00;447 p-> data[i+3] = 0x00;448 p-> data[i+4] = 0x00;449 p-> data[i+5] = 0x00;450 p-> data[i+6] = 0x00;451 p-> data[i+7] = 0x00;796 p->buffer[i] = 0x00; 797 p->buffer[i+1] = 0x00; 798 p->buffer[i+2] = 0x00; 799 p->buffer[i+3] = 0x00; 800 p->buffer[i+4] = 0x00; 801 p->buffer[i+5] = 0x00; 802 p->buffer[i+6] = 0x00; 803 p->buffer[i+7] = 0x00; 452 804 } 453 805 454 /* memset(p->data, 0x00, 64); */455 p->offset = (uint8) 0;456 p->nblocks = 0;457 806 return 0; 458 807 } 459 808 460 #if defined(__GNUC__) && defined(__i386__)461 static inline UINT32462 ROTL32( UINT32 x, int s)463 {464 __asm__("roll %%cl,%0"465 :"=r" (x)466 :"0" (x),"c" (s));467 return x;468 }469 #else470 #define ROTL32(x, s) (((x) << (s)) | ((x) >> (32 - (s))))471 #endif472 473 474 #define FF(a, b, c, d, w, s, t) \475 a += ((b&(c^d))^d) + w + t; \476 a = ROTL32(a, s); \477 a += b;478 479 #define GG(a, b, c, d, w, s, t) \480 a += ((d&(b^c))^c) + w + t; \481 a = ROTL32(a, s); \482 a += b;483 484 #define HH(a, b, c, d, w, s, t) \485 a += (b^c^d) + w + t; \486 a = ROTL32(a, s); \487 a += b;488 489 #define II(a, b, c, d, w, s, t) \490 a += (c^(b|~d)) + w + t; \491 a = ROTL32(a, s); \492 a += b;493 494 #if WORDS_BIGENDIAN495 uint32 swapu32(uint32 n)496 {497 return ( ((n & 0xffU) << 24) |498 ((n & 0xff00U) << 8) |499 ((n & 0xff0000U) >> 8) |500 ((n & 0xff000000U) >> 24) );501 }502 #endif503 504 static505 void md5Process(md5Param* p)506 {507 register uint32 a,b,c,d;508 register uint32* w;509 #if WORDS_BIGENDIAN510 register sh_byte t;511 #endif512 513 w = p->data;514 #if WORDS_BIGENDIAN515 t = 16;516 while (t--)517 {518 register uint32 temp = swapu32(*w);519 *(w++) = temp;520 }521 w = p->data;522 #endif523 524 a = p->h[0]; b = p->h[1]; c = p->h[2]; d = p->h[3];525 526 FF(a, b, c, d, (*w++), 7, 0xd76aa478);527 FF(d, a, b, c, (*w++), 12, 0xe8c7b756);528 FF(c, d, a, b, (*w++), 17, 0x242070db);529 FF(b, c, d, a, (*w++), 22, 0xc1bdceee);530 FF(a, b, c, d, (*w++), 7, 0xf57c0faf);531 FF(d, a, b, c, (*w++), 12, 0x4787c62a);532 FF(c, d, a, b, (*w++), 17, 0xa8304613);533 FF(b, c, d, a, (*w++), 22, 0xfd469501);534 FF(a, b, c, d, (*w++), 7, 0x698098d8);535 FF(d, a, b, c, (*w++), 12, 0x8b44f7af);536 FF(c, d, a, b, (*w++), 17, 0xffff5bb1);537 FF(b, c, d, a, (*w++), 22, 0x895cd7be);538 FF(a, b, c, d, (*w++), 7, 0x6b901122);539 FF(d, a, b, c, (*w++), 12, 0xfd987193);540 FF(c, d, a, b, (*w++), 17, 0xa679438e);541 FF(b, c, d, a, (*w++), 22, 0x49b40821);542 543 w = p->data;544 545 GG(a, b, c, d, w[ 1], 5, 0xf61e2562);546 GG(d, a, b, c, w[ 6], 9, 0xc040b340);547 GG(c, d, a, b, w[11], 14, 0x265e5a51);548 GG(b, c, d, a, w[ 0], 20, 0xe9b6c7aa);549 GG(a, b, c, d, w[ 5], 5, 0xd62f105d);550 GG(d, a, b, c, w[10], 9, 0x02441453);551 GG(c, d, a, b, w[15], 14, 0xd8a1e681);552 GG(b, c, d, a, w[ 4], 20, 0xe7d3fbc8);553 GG(a, b, c, d, w[ 9], 5, 0x21e1cde6);554 GG(d, a, b, c, w[14], 9, 0xc33707d6);555 GG(c, d, a, b, w[ 3], 14, 0xf4d50d87);556 GG(b, c, d, a, w[ 8], 20, 0x455a14ed);557 GG(a, b, c, d, w[13], 5, 0xa9e3e905);558 GG(d, a, b, c, w[ 2], 9, 0xfcefa3f8);559 GG(c, d, a, b, w[ 7], 14, 0x676f02d9);560 GG(b, c, d, a, w[12], 20, 0x8d2a4c8a);561 562 HH(a, b, c, d, w[ 5], 4, 0xfffa3942);563 HH(d, a, b, c, w[ 8], 11, 0x8771f681);564 HH(c, d, a, b, w[11], 16, 0x6d9d6122);565 HH(b, c, d, a, w[14], 23, 0xfde5380c);566 HH(a, b, c, d, w[ 1], 4, 0xa4beea44);567 HH(d, a, b, c, w[ 4], 11, 0x4bdecfa9);568 HH(c, d, a, b, w[ 7], 16, 0xf6bb4b60);569 HH(b, c, d, a, w[10], 23, 0xbebfbc70);570 HH(a, b, c, d, w[13], 4, 0x289b7ec6);571 HH(d, a, b, c, w[ 0], 11, 0xeaa127fa);572 HH(c, d, a, b, w[ 3], 16, 0xd4ef3085);573 HH(b, c, d, a, w[ 6], 23, 0x04881d05);574 HH(a, b, c, d, w[ 9], 4, 0xd9d4d039);575 HH(d, a, b, c, w[12], 11, 0xe6db99e5);576 HH(c, d, a, b, w[15], 16, 0x1fa27cf8);577 HH(b, c, d, a, w[ 2], 23, 0xc4ac5665);578 579 II(a, b, c, d, w[ 0], 6, 0xf4292244);580 II(d, a, b, c, w[ 7], 10, 0x432aff97);581 II(c, d, a, b, w[14], 15, 0xab9423a7);582 II(b, c, d, a, w[ 5], 21, 0xfc93a039);583 II(a, b, c, d, w[12], 6, 0x655b59c3);584 II(d, a, b, c, w[ 3], 10, 0x8f0ccc92);585 II(c, d, a, b, w[10], 15, 0xffeff47d);586 II(b, c, d, a, w[ 1], 21, 0x85845dd1);587 II(a, b, c, d, w[ 8], 6, 0x6fa87e4f);588 II(d, a, b, c, w[15], 10, 0xfe2ce6e0);589 II(c, d, a, b, w[ 6], 15, 0xa3014314);590 II(b, c, d, a, w[13], 21, 0x4e0811a1);591 II(a, b, c, d, w[ 4], 6, 0xf7537e82);592 II(d, a, b, c, w[11], 10, 0xbd3af235);593 II(c, d, a, b, w[ 2], 15, 0x2ad7d2bb);594 II(b, c, d, a, w[ 9], 21, 0xeb86d391);595 596 p->h[0] += a;597 p->h[1] += b;598 p->h[2] += c;599 p->h[3] += d;600 }601 602 809 int md5Update(md5Param* p, const sh_byte* data, int size) 603 810 { 604 register int proclength; 605 606 while (size > 0) 607 { 608 proclength = (((int)p->offset + size) > 64) ? 609 (64 - (int)p->offset) : size; 610 memcpy(((sh_byte *) p->data) + p->offset, data, (size_t) proclength); 611 size -= proclength; 612 data += proclength; 613 p->offset += proclength; 614 615 if (p->offset == (uint8) 64) 616 { 617 md5Process(p); 618 p->offset = (uint8) 0; 619 p->nblocks++; 620 } 621 } 622 return 0; 623 } 624 625 static void md5Finish(md5Param* p) 626 { 627 uint32 t, msb, lsb; 628 uint8 * pp; 629 register uint8 *ptr; 630 631 msb = 0; 632 t = p->nblocks; 633 if( (lsb = t << 6) < t ) /* multiply by 64 to make a byte count */ 634 msb++; 635 msb += t >> 26; 636 t = lsb; 637 if( (lsb = t + (uint32)p->offset) < t ) /* add the count */ 638 msb++; 639 t = lsb; 640 if( (lsb = t << 3) < t ) /* multiply by 8 to make a bit count */ 641 msb++; 642 msb += t >> 29; 643 644 ptr = ((uint8 *) p->data) + p->offset++; 645 646 647 *(ptr++) = (uint8) 0x80; 648 649 if (p->offset > (uint8)56) 650 { 651 while (p->offset++ < 64) 652 *(ptr++) = 0; 653 654 md5Process(p); 655 p->offset = 0; 656 } 657 658 ptr = ((uint8 *) p->data) + p->offset; 659 while (p->offset++ < 56) 660 *(ptr++) = 0; 661 662 /* append the 64 bit count */ 663 *(ptr++) = lsb ; 664 *(ptr++) = lsb >> 8; 665 *(ptr++) = lsb >> 16; 666 *(ptr++) = lsb >> 24; 667 *(ptr++) = msb ; 668 *(ptr++) = msb >> 8; 669 *(ptr++) = msb >> 16; 670 *(ptr++) = msb >> 24; 671 672 md5Process(p); 673 674 pp = (uint8 *) p->data; 675 #ifdef WORDS_BIGENDIAN 676 #define X(a) do { *pp++ = (*p).a; *pp++ = (*p).a >> 8; \ 677 *pp++ = (*p).a >> 16; *pp++ = (*p).a >> 24; } while(0) 678 #else /* little endian */ 679 /*#define X(a) do { *(uint32*)p = p->##a ; p += 4; } while(0)*/ 680 /* Unixware's cpp doesn't like the above construct so we do it his way: 681 * (reported by Allan Clark) */ 682 #define X(a) do { *(uint32*)pp = (*p).a ; pp += 4; } while(0) 683 #endif 684 X(h[0]); 685 X(h[1]); 686 X(h[2]); 687 X(h[3]); 688 #undef X 689 690 p->offset = 0; 691 } 692 693 int md5Digest(md5Param* p, uint32* data) 694 { 695 md5Finish(p); 696 memcpy(data, p->h, 16); 811 md5_process_bytes(data, size, p); 812 return 0; 813 } 814 815 static void md5Finish(md5Param* p, void *resblock) 816 { 817 (void) md5_finish_ctx(p, resblock); 818 } 819 820 int md5Digest(md5Param* p, md5_uint32* data) 821 { 822 md5Finish(p, data); 697 823 (void) md5Reset(p); 698 824 return 0; 699 825 } 700 826 /*@+type@*/ 827 701 828 702 829 /* Compute MD5 message digest for bytes read from STREAM. The … … 708 835 /* Important: BLOCKSIZE must be a multiple of 64. */ 709 836 static const int BLOCKSIZE = 8192; 710 md5Paramctx;837 struct md5_ctx ctx; 711 838 char buffer[8264]; /* BLOCKSIZE + 72 AIX compiler chokes */ 712 off_t sum = 0; 839 size_t sum; 840 713 841 SL_TICKET fd; 714 842 char * tmp; … … 797 925 BLOCKSIZE % 64 == 0 798 926 */ 799 (void) md5Update(&ctx, (sh_byte*) buffer, BLOCKSIZE);927 md5_process_block(buffer, BLOCKSIZE, &ctx); 800 928 sh.statistics.bytes_hashed += BLOCKSIZE; 801 929 … … 816 944 if (sum > 0) 817 945 { 818 (void) md5Update(&ctx, (sh_byte*) buffer, (int) sum);946 md5_process_bytes(buffer, sum, &ctx); 819 947 sh.statistics.bytes_hashed += BLOCKSIZE; 820 948 } … … 1392 1520 } 1393 1521 1394 int sh_tiger_hashtype (c har * c)1522 int sh_tiger_hashtype (const char * c) 1395 1523 { 1396 1524 SL_ENTER( _("sh_tiger_hashtype")); … … 1460 1588 if (res != NULL) 1461 1589 { 1462 /*@-bufferoverflowhigh -formatconst@*/1463 1590 #if defined(TIGER_64_BIT) 1464 sprintf(out, /* known to fit */ 1465 MYFORMAT, 1466 (sh_word32)(res[0]>>32), 1467 (sh_word32)(res[0]), 1468 (sh_word32)(res[1]>>32), 1469 (sh_word32)(res[1]), 1470 (sh_word32)(res[2]>>32), 1471 (sh_word32)(res[2]) ); 1591 sl_snprintf(out, 1592 sizeof(out), 1593 MYFORMAT, 1594 (sh_word32)(res[0]>>32), 1595 (sh_word32)(res[0]), 1596 (sh_word32)(res[1]>>32), 1597 (sh_word32)(res[1]), 1598 (sh_word32)(res[2]>>32), 1599 (sh_word32)(res[2]) ); 1472 1600 #else 1473 s printf(out, /* known to fit */1474 MYFORMAT,1475 (sh_word32)(res[1]),1476 (sh_word32)(res[0]),1477 (sh_word32)(res[3]),1478 (sh_word32)(res[2]),1479 (sh_word32)(res[5]),1480 (sh_word32)(res[4]) );1481 #endif 1482 /*@+bufferoverflowhigh@*/ 1483 out[ KEY_LEN] = '\0';1601 sl_snprintf(out, 1602 sizeof(out), 1603 MYFORMAT, 1604 (sh_word32)(res[1]), 1605 (sh_word32)(res[0]), 1606 (sh_word32)(res[3]), 1607 (sh_word32)(res[2]), 1608 (sh_word32)(res[5]), 1609 (sh_word32)(res[4]) ); 1610 #endif 1611 out[sizeof(out)-1] = '\0'; 1484 1612 SL_RETURN( out, _("sh_tiger_hash_internal")); 1485 1613 … … 1507 1635 if (res != NULL) 1508 1636 { 1509 /*@-bufferoverflowhigh -formatconst@*/1510 1637 #if defined(TIGER_64_BIT) 1511 sprintf(outhash, /* known to fit */ 1512 GPGFORMAT, 1513 (sh_word32)(res[0]>>32), 1514 (sh_word32)(res[0]), 1515 (sh_word32)(res[1]>>32), 1516 (sh_word32)(res[1]), 1517 (sh_word32)(res[2]>>32), 1518 (sh_word32)(res[2]) ); 1638 sl_snprintf(outhash, 1639 sizeof(outhash), 1640 GPGFORMAT, 1641 (sh_word32)(res[0]>>32), 1642 (sh_word32)(res[0]), 1643 (sh_word32)(res[1]>>32), 1644 (sh_word32)(res[1]), 1645 (sh_word32)(res[2]>>32), 1646 (sh_word32)(res[2]) ); 1519 1647 #else 1520 s printf(outhash, /* known to fit */1521 GPGFORMAT,1522 (sh_word32)(res[1]),1523 (sh_word32)(res[0]),1524 (sh_word32)(res[3]),1525 (sh_word32)(res[2]),1526 (sh_word32)(res[5]),1527 (sh_word32)(res[4]) );1528 #endif 1529 /*@+bufferoverflowhigh@*/ 1530 outhash[ 48 + 6] = '\0';1648 sl_snprintf(outhash, 1649 sizeof(outhash), 1650 GPGFORMAT, 1651 (sh_word32)(res[1]), 1652 (sh_word32)(res[0]), 1653 (sh_word32)(res[3]), 1654 (sh_word32)(res[2]), 1655 (sh_word32)(res[5]), 1656 (sh_word32)(res[4]) ); 1657 #endif 1658 outhash[sizeof(outhash)-1] = '\0'; 1531 1659 } 1532 1660 else 1533 1661 { 1534 /*@-bufferoverflowhigh@*/ 1535 sprintf(outhash, /* known to fit */ 1536 _("00000000 00000000 00000000 00000000 00000000 00000000")); 1537 /*@+bufferoverflowhigh@*/ 1662 sl_strlcpy(outhash, 1663 _("00000000 00000000 00000000 00000000 00000000 00000000"), 1664 sizeof(outhash)); 1538 1665 } 1539 1666 -
/trunk/src/sh_tools.c
r20 r30 127 127 unsigned char c, d; 128 128 const char * p; 129 char *q;130 129 char tmp[4]; 131 130 char * outstr; … … 147 146 148 147 p = instr; 149 q = outstr;150 148 151 149 #if !defined(SH_USE_XML) … … 441 439 int DoReverseLookup = S_TRUE; 442 440 443 int set_reverse_lookup (c har * c)441 int set_reverse_lookup (const char * c) 444 442 { 445 443 return sh_util_flagval(c, &DoReverseLookup); … … 462 460 463 461 int retval; 462 size_t len; 464 463 465 464 sin_cache * check_cache = conn_cache; … … 535 534 else 536 535 { 537 host_name = SH_ALLOC(sl_strlen(host_entry->h_name) + 1);538 if (sl_strlen(host_entry->h_name) > 0)539 strcpy(host_name, /* known to fit */540 host_entry->h_name);536 len = sl_strlen(host_entry->h_name) + 1; 537 host_name = SH_ALLOC(len); 538 if (len > 1) 539 sl_strlcpy(host_name, host_entry->h_name, len); 541 540 else 542 541 host_name[0] = '\0'; … … 694 693 } 695 694 696 #if defined(HAVE_NTIME) || defined(SH_WITH_CLIENT) 695 #if defined(HAVE_NTIME) || defined(SH_WITH_CLIENT) || defined(SH_WITH_SERVER) 697 696 static 698 697 int sh_write_select(int type, int sockfd, … … 714 713 */ 715 714 new_act.sa_handler = SIG_IGN; 715 sigemptyset( &new_act.sa_mask ); /* set an empty mask */ 716 new_act.sa_flags = 0; /* init sa_flags */ 716 717 sigaction (SIGPIPE, &new_act, &old_act); 717 718 … … 839 840 #endif 840 841 841 #if defined (SH_WITH_CLIENT) 842 #if defined (SH_WITH_CLIENT) || defined(SH_WITH_SERVER) 842 843 unsigned long write_port (int sockfd, char *buf, unsigned long nbytes, 843 844 int * w_error, int timeout) … … 859 860 #endif 860 861 861 #if defined(HAVE_NTIME) || defined(SH_WITH_CLIENT) 862 #if defined(HAVE_NTIME) || defined(SH_WITH_CLIENT) || defined(SH_WITH_SERVER) 862 863 863 864 unsigned long read_port (int sockfd, char *buf, unsigned long nbytes, … … 895 896 #endif 896 897 897 #if defined (SH_WITH_CLIENT) 898 #if defined (SH_WITH_CLIENT) || defined(SH_WITH_SERVER) 898 899 899 900 int check_request (char * have, char * need) … … 949 950 #endif 950 951 951 #if defined (SH_WITH_CLIENT) 952 #if defined (SH_WITH_CLIENT) || defined (SH_WITH_SERVER) 952 953 953 954 void get_header (unsigned char * head, unsigned long * bytes, char * u) … … 1029 1030 * (msg_size = payload_size - key_len = payload_size - 48) 1030 1031 */ 1032 1033 /* 1034 * only SH_V2_FULLSIZE is used, and only once 1035 */ 1036 #if 0 1031 1037 #ifdef SH_WITH_SERVER 1032 1038 #define SH_V2_FULLSIZE 240 … … 1038 1044 #define SH_V2_MESSAGE 960 1039 1045 #endif 1046 #endif 1047 #define SH_V2_FULLSIZE 1024 1040 1048 1041 1049 #ifdef SH_ENCRYPT … … 1380 1388 #endif 1381 1389 1382 #if defined (SH_WITH_CLIENT)1390 #if defined(SH_WITH_CLIENT) || defined(SH_WITH_SERVER) 1383 1391 1384 1392 /* verify the checksum of a buffer; checksum comes first … … 1532 1540 #endif 1533 1541 1534 #if defined(SH_WITH_CLIENT) || defined(SH_ STEALTH) || defined(WITH_GPG) || defined(WITH_PGP)1542 #if defined(SH_WITH_CLIENT) || defined(SH_WITH_SERVER) || defined(SH_STEALTH) || defined(WITH_GPG) || defined(WITH_PGP) 1535 1543 1536 1544 /* --------- secure temporary file ------------ */ -
/trunk/src/sh_unix.c
r20 r30 127 127 unsigned long mask_USER0 = MASK_USER_; 128 128 unsigned long mask_USER1 = MASK_USER_; 129 unsigned long mask_USER2 = MASK_USER_; 130 unsigned long mask_USER3 = MASK_USER_; 131 unsigned long mask_USER4 = MASK_USER_; 129 132 unsigned long mask_ALLIGNORE = MASK_ALLIGNORE_; 130 133 unsigned long mask_ATTRIBUTES = MASK_ATTRIBUTES_; … … 142 145 mask_USER0 = MASK_USER_; 143 146 mask_USER1 = MASK_USER_; 147 mask_USER2 = MASK_USER_; 148 mask_USER3 = MASK_USER_; 149 mask_USER4 = MASK_USER_; 144 150 mask_ALLIGNORE = MASK_ALLIGNORE_; 145 151 mask_ATTRIBUTES = MASK_ATTRIBUTES_; … … 307 313 *p = '0' + (u % 10); 308 314 u /= 10; 309 } while (u );310 if ( iisneg == 1) {315 } while (u && (p != str)); 316 if ((iisneg == 1) && (p != str)) { 311 317 --p; 312 318 *p = '-'; … … 323 329 extern int OnlyStderr; 324 330 325 int safe_logger (int signal, int method, pid_t thepid)331 int safe_logger (int signal, int method, char * details) 326 332 { 327 333 int i = 0; … … 331 337 char str[128]; 332 338 char * p; 333 339 334 340 char l0[64], l1[64], l2[64], l3[64]; 335 341 char a0[32], a1[32], a2[32]; 336 342 char e0[128]; 337 343 char msg[128]; 338 344 339 345 char * locations[] = { NULL, NULL, NULL, NULL, NULL }; 340 346 char * envp[] = { NULL, NULL }; 341 347 char * argp[] = { NULL, NULL, NULL, NULL, NULL }; 342 348 349 pid_t thepid = getpid(); 350 343 351 if ((sh.flag.isdaemon == S_FALSE) || (OnlyStderr == S_TRUE)) 344 352 method = 1; 345 353 346 354 /* seems that solaris cc needs this way of initializing ... 347 355 */ … … 350 358 locations[2] = l2; 351 359 locations[3] = l3; 352 360 353 361 envp[0] = e0; 354 362 355 363 argp[0] = a0; 356 364 argp[1] = a1; 357 365 argp[2] = a2; 358 359 strcpy (l0, _("/usr/bin/logger")); /* known to fit */ 360 strcpy (l1, _("/usr/sbin/logger")); /* known to fit */ 361 strcpy (l2, _("/usr/ucb/logger")); /* known to fit */ 362 strcpy (l3, _("/bin/logger")); /* known to fit */ 363 364 strcpy (a0, _("logger")); /* known to fit */ 365 strcpy (a1, _("-p")); /* known to fit */ 366 strcpy (a2, _("daemon.alert")); /* known to fit */ 367 368 strcpy (e0, /* known to fit */ 369 _("PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/ucb:/usr/local/bin")); 370 366 371 367 sl_strlcpy(msg, _("samhain["), 128); 372 368 p = safe_itoa((int) thepid, str, 128); … … 375 371 if (signal == 0) 376 372 { 377 sl_strlcat(msg, _("]: out of memory"), 128); 373 if (details == NULL) { 374 sl_strlcat(msg, _("]: out of memory"), 128); 375 } else { 376 sl_strlcat(msg, _("]: "), 128); 377 sl_strlcat(msg, details, 128); 378 } 378 379 } 379 380 else … … 393 394 return 0; 394 395 } 396 397 sl_strlcpy (l0, _("/usr/bin/logger"), 64); 398 sl_strlcpy (l1, _("/usr/sbin/logger"), 64); 399 sl_strlcpy (l2, _("/usr/ucb/logger"), 64); 400 sl_strlcpy (l3, _("/bin/logger"), 64); 401 402 sl_strlcpy (a0, _("logger"), 32); 403 sl_strlcpy (a1, _("-p"), 32); 404 sl_strlcpy (a2, _("daemon.alert"), 32); 405 406 sl_strlcpy (e0, 407 _("PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/ucb:/usr/local/bin"), 408 128); 409 395 410 while (locations[i] != NULL) { 396 411 status = stat(locations[i], &buf); … … 414 429 } 415 430 431 void safe_fatal (int signal, int method, char * details, 432 char * file, int line) 433 { 434 char msg[128]; 435 char str[128]; 436 char * p; 437 p = safe_itoa((int) line, str, 128); 438 sl_strlcpy(msg, _("FATAL: "), 128); 439 sl_strlcat(msg, file, 128); 440 sl_strlcat(msg, ": ", 128); 441 if (p && (*p)) { 442 sl_strlcat(msg, p , 128); 443 sl_strlcat(msg, ": ", 128); 444 } 445 sl_strlcat(msg, details, 128); 446 safe_logger (signal, method, msg); 447 _exit(EXIT_FAILURE); 448 } 416 449 417 450 extern char sh_sig_msg[64]; … … 451 484 { 452 485 chdir ("/"); 453 safe_logger (mysignal, 0, getpid());486 safe_logger (mysignal, 0, NULL); 454 487 } 455 488 _exit(mysignal); … … 504 537 memset (skey, '\0', sizeof(sh_key_t)); 505 538 if (immediate_exit_fast < 2) 506 safe_logger (mysignal, 0, getpid());539 safe_logger (mysignal, 0, NULL); 507 540 _exit(mysignal); 508 541 #else … … 518 551 close_ipc (); 519 552 #endif 520 safe_logger (mysignal, 0, getpid());553 safe_logger (mysignal, 0, NULL); 521 554 chdir ("/"); 522 555 raise(SIGFPE); … … 819 852 /* checksum the own binary 820 853 */ 821 int sh_unix_self_hash (c har * c)854 int sh_unix_self_hash (const char * c) 822 855 { 823 856 char message[512]; … … 891 924 892 925 /* added Tue Feb 22 10:36:44 NFT 2000 Rainer Wichmann */ 893 static int tf_add_trusted_user_int(c har * c)926 static int tf_add_trusted_user_int(const char * c) 894 927 { 895 928 register struct passwd * w; … … 919 952 } 920 953 921 int tf_add_trusted_user(c har * c)954 int tf_add_trusted_user(const char * c) 922 955 { 923 956 int i; … … 1229 1262 char ** env1; 1230 1263 int envlen = 0; 1264 size_t len; 1231 1265 1232 1266 SL_ENTER(_("sh_unix_copyenv")); … … 1248 1282 envlen = 0; 1249 1283 1250 while (env0 != NULL && env0[envlen] != NULL) { 1251 env1[envlen] = malloc (strlen(env0[envlen]) + 1); /* only once */ 1284 while (env0 != NULL && env0[envlen] != NULL) { 1285 len = strlen(env0[envlen]) + 1; 1286 env1[envlen] = malloc (len); /* only once */ 1252 1287 if (env1[envlen] == NULL) 1253 1288 { … … 1255 1290 SL_RET0(_("sh_unix_copyenv")); 1256 1291 } 1257 s trcpy(env1[envlen], env0[envlen]); /* known to fit */1292 sl_strlcpy(env1[envlen], env0[envlen], len); 1258 1293 ++envlen; 1259 1294 } … … 1416 1451 #include <arpa/inet.h> 1417 1452 1453 char * sh_unix_h_name (struct hostent * host_entry) 1454 { 1455 char ** p; 1456 if (strchr(host_entry->h_name, '.')) { 1457 return host_entry->h_name; 1458 } else { 1459 for (p = host_entry->h_aliases; *p; ++p) { 1460 if (strchr(*p, '.')) 1461 return *p; 1462 } 1463 } 1464 return host_entry->h_name; 1465 } 1466 1418 1467 /* uname() on FreeBSD is broken, because the 'nodename' buf is too small 1419 1468 * to hold a valid (leftmost) domain label. … … 1435 1484 1436 1485 (void) uname (&buf); 1437 1486 /* flawfinder: ignore */ /* ff bug, ff sees system() */ 1438 1487 sl_strlcpy (sh.host.system, buf.sysname, SH_MINIBUF); 1439 1488 sl_strlcpy (sh.host.release, buf.release, SH_MINIBUF); … … 1486 1535 else 1487 1536 { 1488 sl_strlcpy (sh.host.name, he1->h_name, SH_PATHBUF);1537 sl_strlcpy (sh.host.name, sh_unix_h_name(he1), SH_PATHBUF); 1489 1538 } 1490 1539 … … 1534 1583 if (he1 != NULL) 1535 1584 { 1536 sl_strlcpy (sh.host.name, he1->h_name, SH_PATHBUF);1585 sl_strlcpy (sh.host.name, sh_unix_h_name(he1), SH_PATHBUF); 1537 1586 } 1538 1587 else … … 1639 1688 aud_exit(FIL__, __LINE__, EXIT_FAILURE); 1640 1689 } 1690 /* flawfinder: ignore */ 1641 1691 return (chroot(chroot_dir)); 1642 1692 } … … 1923 1973 } 1924 1974 1925 int sh_unix_settimeserver (c har * address)1975 int sh_unix_settimeserver (const char * address) 1926 1976 { 1927 1977 … … 2096 2146 /* whether to use localtime for file timesatams in logs 2097 2147 */ 2098 int sh_unix_uselocaltime (c har * c)2148 int sh_unix_uselocaltime (const char * c) 2099 2149 { 2100 2150 int i; … … 2732 2782 } 2733 2783 2734 int sh_unix_set_io_limit (c har * c)2784 int sh_unix_set_io_limit (const char * c) 2735 2785 { 2736 2786 long val; … … 2772 2822 if (tmpFile.size < fbuf->st_size) 2773 2823 { 2774 strcpy(fileHash, /* known to fit */ 2775 sh_tiger_generic_hash (filename, TIGER_FD, tmpFile.size, 2776 alert_timeout)); 2824 sl_strlcpy(fileHash, 2825 sh_tiger_generic_hash (filename, TIGER_FD, tmpFile.size, 2826 alert_timeout), 2827 KEY_LEN+1); 2777 2828 2778 2829 /* return */ … … 2781 2832 2782 2833 out: 2783 strcpy(fileHash, /* known to fit */ 2784 _("000000000000000000000000000000000000000000000000")); 2834 sl_strlcpy(fileHash, 2835 _("000000000000000000000000000000000000000000000000"), 2836 KEY_LEN+1); 2785 2837 SL_RETURN( -1, _("sh_unix_checksum_size")); 2786 2838 } … … 2903 2955 { 2904 2956 if (fileHash != NULL) 2905 strcpy(fileHash, /* known to fit */ 2906 _("000000000000000000000000000000000000000000000000")); 2957 sl_strlcpy(fileHash, 2958 _("000000000000000000000000000000000000000000000000"), 2959 KEY_LEN+1); 2907 2960 } 2908 2961 … … 2920 2973 if ((theFile->check_mask & MODI_CHK) == 0) 2921 2974 { 2922 strcpy(fileHash, /* known to fit */ 2923 _("000000000000000000000000000000000000000000000000")); 2975 sl_strlcpy(fileHash, 2976 _("000000000000000000000000000000000000000000000000"), 2977 KEY_LEN+1); 2924 2978 } 2925 2979 else if ((theFile->check_mask & MODI_PREL) != 0 && … … 2929 2983 if (0 != sh_prelink_run (theFile->fullpath, 2930 2984 fileHash, alert_timeout)) 2931 strcpy(fileHash, /* known to fit */ 2932 _("000000000000000000000000000000000000000000000000")); 2985 sl_strlcpy(fileHash, 2986 _("000000000000000000000000000000000000000000000000"), 2987 KEY_LEN+1); 2933 2988 } 2934 2989 else 2935 2990 { 2936 2991 tiger_fd = rval_open; 2937 strcpy(fileHash, /* known to fit */ 2938 sh_tiger_generic_hash (theFile->fullpath, TIGER_FD, 0, 2939 alert_timeout)); 2992 sl_strlcpy(fileHash, 2993 sh_tiger_generic_hash (theFile->fullpath, 2994 TIGER_FD, 0, 2995 alert_timeout), 2996 KEY_LEN+1); 2940 2997 if ((theFile->check_mask & MODI_SGROW) != 0) 2941 2998 { … … 2960 3017 if ((theFile->check_mask & MODI_CHK) == 0) 2961 3018 { 2962 strcpy(fileHash, /* known to fit */ 2963 _("000000000000000000000000000000000000000000000000")); 3019 sl_strlcpy(fileHash, 3020 _("000000000000000000000000000000000000000000000000"), 3021 KEY_LEN+1); 2964 3022 } 2965 3023 else if (policy == SH_LEVEL_PRELINK && … … 2969 3027 if (0 != sh_prelink_run (theFile->fullpath, 2970 3028 fileHash, alert_timeout)) 2971 strcpy(fileHash, /* known to fit */ 2972 _("000000000000000000000000000000000000000000000000")); 3029 sl_strlcpy(fileHash, 3030 _("000000000000000000000000000000000000000000000000"), 3031 KEY_LEN+1); 2973 3032 } 2974 3033 else … … 3145 3204 linknamebuf = SH_ALLOC(PATH_MAX); 3146 3205 3206 /* flawfinder: ignore */ 3147 3207 linksize = readlink (theFile->fullpath, linknamebuf, PATH_MAX-1); 3148 3208 … … 3160 3220 SH_FREE(tmp2); 3161 3221 SH_FREE(linknamebuf); 3222 theFile->linkpath[0] = '-'; 3223 theFile->linkpath[1] = '\0'; 3162 3224 SL_RETURN((-1),_("sh_unix_getinfo")); 3163 3225 } … … 3982 4044 { 3983 4045 #ifdef WITH_TPT 3984 sl_snprintf(str, 128, _("file: %s line: %d page: %d"),4046 sl_snprintf(str, sizeof(str), _("file: %s line: %d page: %d"), 3985 4047 page_list->file, page_list->line, i+1); 3986 4048 sh_error_handle(SH_ERR_INFO, FIL__, __LINE__, i, MSG_E_SUBGEN, … … 3990 4052 ++i; 3991 4053 } 3992 sl_snprintf(str, 128, _("%d pages locked"), i);4054 sl_snprintf(str, sizeof(str), _("%d pages locked"), i); 3993 4055 sh_error_handle(SH_ERR_INFO, FIL__, __LINE__, i, MSG_E_SUBGEN, 3994 4056 str, _("sh_unix_count_mlock")); -
/trunk/src/sh_userfiles.c
r20 r30 221 221 else if ( strstr(s, "user0") != NULL ) new->level = SH_LEVEL_USER0; 222 222 else if ( strstr(s, "user1") != NULL ) new->level = SH_LEVEL_USER1; 223 else if ( strstr(s, "user2") != NULL ) new->level = SH_LEVEL_USER2; 224 else if ( strstr(s, "user3") != NULL ) new->level = SH_LEVEL_USER3; 225 else if ( strstr(s, "user4") != NULL ) new->level = SH_LEVEL_USER4; 223 226 else if ( strstr(s, "prelink") != NULL ) new->level = SH_LEVEL_PRELINK; 224 227 else /* The default */ new->level = default_level; … … 332 335 (void) sh_files_pushfile_user1(filepath); 333 336 break; 337 case SH_LEVEL_USER2: 338 (void) sh_files_pushfile_user2(filepath); 339 break; 340 case SH_LEVEL_USER3: 341 (void) sh_files_pushfile_user3(filepath); 342 break; 343 case SH_LEVEL_USER4: 344 (void) sh_files_pushfile_user4(filepath); 345 break; 334 346 case SH_LEVEL_PRELINK: 335 347 (void) sh_files_pushfile_prelink(filepath); -
/trunk/src/sh_utils.c
r20 r30 189 189 } 190 190 191 int sh_util_hidesetup(c har * c)191 int sh_util_hidesetup(const char * c) 192 192 { 193 193 int i; … … 205 205 SL_ENTER(_("sh_util_strdup")); 206 206 207 if (str != NULL)208 { 209 210 211 212 } 207 SH_VALIDATE_NE(str, NULL); 208 209 len = sl_strlen(str); 210 p = SH_ALLOC (len + 1); 211 (void) sl_strlcpy (p, str, len+1); 212 213 213 SL_RETURN( p, _("sh_util_strdup")); 214 214 } … … 224 224 ret = *str; 225 225 226 if (ret == NULL) { 227 SL_RETURN(ret, _("sh_util_strsep")); 228 } 226 SH_VALIDATE_NE(ret, NULL); 229 227 230 228 for (c = *str; *c != '\0'; c++) { … … 646 644 static int sigtype = TYPE_HMAC; 647 645 648 int sh_util_sigtype (c har * c)646 int sh_util_sigtype (const char * c) 649 647 { 650 648 SL_ENTER(_("sh_util_sigtype")); … … 957 955 char * key; 958 956 char * path; 959 char * outpath ;957 char * outpath = NULL; 960 958 unsigned char * image = NULL; 961 959 long s = 0; … … 963 961 long ii, k = 0; 964 962 UINT32 * h1; 965 char * new ;963 char * new = NULL; 966 964 967 965 if (0 != sl_is_suid()) … … 999 997 fprintf(stderr, 1000 998 _("ERROR: no path to executable given\n Argument must be 'key@path'\n")); 999 free(new); 1001 1000 _exit (EXIT_FAILURE); 1002 1001 /*@notreached@*/ … … 1005 1004 else 1006 1005 path = &new[j]; 1006 1007 len = strlen(path) + 1 + 4; 1007 1008 /*@-usedef@*/ 1008 if (NULL == (outpath = malloc( strlen(path) + 1 + 4)))1009 if (NULL == (outpath = malloc(len))) 1009 1010 goto bail_mem; 1010 1011 /*@-usedef@*/ 1011 /*@-bufferoverflowhigh@*/ 1012 sprintf (outpath, _("%s.out"), path); /* known to fit */ 1013 /*@+bufferoverflowhigh@*/ 1012 sl_snprintf (outpath, len, _("%s.out"), path); 1014 1013 1015 1014 fp = sl_open_read(path, SL_NOPRIV); … … 1018 1017 fprintf(stderr, 1019 1018 _("ERROR: cannot open %s for read (errnum = %ld)\n"), path, fp); 1019 free(new); free (outpath); 1020 1020 _exit (EXIT_FAILURE); 1021 1021 /*@notreached@*/ … … 1028 1028 fprintf(stderr, 1029 1029 _("ERROR: cannot open %s (errnum = %ld)\n"), outpath, fout); 1030 free(new); free (outpath); 1030 1031 _exit (EXIT_FAILURE); 1031 1032 /*@notreached@*/ … … 1068 1069 (void) sl_close (fout); 1069 1070 printf(_("new file %s written\n"), outpath); 1071 free(new); free (outpath); free(image); 1070 1072 _exit (EXIT_SUCCESS); 1071 1073 /*@notreached@*/ … … 1076 1078 fprintf(stderr, 1077 1079 _("ERROR: old key not found\n")); 1080 free(new); free (outpath); free(image); 1078 1081 _exit (EXIT_FAILURE); 1079 1082 /*@notreached@*/ … … 1084 1087 fprintf(stderr, 1085 1088 _("ERROR: out of memory\n")); 1089 if (new) free(new); 1090 if (outpath) free (outpath); 1091 if (image) free (image); 1086 1092 _exit (EXIT_FAILURE); 1087 1093 /*@notreached@*/ … … 1329 1335 static unsigned char sh_obscure_index[256]; 1330 1336 1331 int sh_util_obscure_ok (c har * str)1337 int sh_util_obscure_ok (const char * str) 1332 1338 { 1333 1339 unsigned long i; 1334 char * endptr = str;1335 1336 SL_ENTER(_("sh_util_obscure_ ex"));1340 char * endptr = NULL; 1341 1342 SL_ENTER(_("sh_util_obscure_ok")); 1337 1343 1338 1344 if (0 == sl_strncmp("all", str, 3)) … … 1342 1348 sh_obscure_index[i] = (unsigned char)1; 1343 1349 } 1344 SL_RETURN(0, _("sh_util_obscure_ ex"));1350 SL_RETURN(0, _("sh_util_obscure_ok")); 1345 1351 } 1346 1352 … … 1349 1355 sh_obscure_index[i] = (unsigned char)0; 1350 1356 } 1357 1358 i = strtoul (str, &endptr, 0); 1359 if (i > 255) 1360 { 1361 SL_RETURN(-1, _("sh_util_obscure_ok")); 1362 } 1363 sh_obscure_index[i] = (unsigned char)1; 1364 if (*endptr == ',') 1365 ++endptr; 1351 1366 1352 1367 while (*endptr != '\0') … … 1355 1370 if (i > 255) 1356 1371 { 1357 SL_RETURN(-1, _("sh_util_obscure_ ex"));1372 SL_RETURN(-1, _("sh_util_obscure_ok")); 1358 1373 } 1359 1374 sh_obscure_index[i] = (unsigned char)1; … … 1361 1376 ++endptr; 1362 1377 } 1363 SL_RETURN(0, _("sh_util_obscure_ ex"));1378 SL_RETURN(0, _("sh_util_obscure_ok")); 1364 1379 } 1365 1380 1366 1381 int sh_util_obscurename (ShErrLevel level, char * name_orig, int flag) 1367 1382 { 1368 char * name =name_orig;1383 unsigned char * name = (unsigned char *) name_orig; 1369 1384 char * safe; 1370 1385 unsigned int i; … … 1378 1393 while (*name != '\0') 1379 1394 { 1380 if ( (*name) == '"' || (*name) == '\t' ||1395 if ( (*name) > 0x7F || (*name) == '"' || (*name) == '\t' || 1381 1396 (*name) == '\b' || (*name) == '\f' || 1382 1397 (*name) == '\n' || (*name) == '\r' || … … 1562 1577 } else if (!isgraph ((int) *p)) { /* not printable */ 1563 1578 /*@-bufferoverflowhigh -formatconst@*/ 1579 /* flawfinder: ignore */ 1564 1580 sprintf(oct, format, '\\', /* known to fit */ 1565 1581 (unsigned char) *p); -
/trunk/src/sh_utmp.c
r20 r30 331 331 { 332 332 SL_ENTER(_("sh_utmp_endutent")); 333 (void) fclose(sh_utmpfile); 333 if (NULL != sh_utmpfile) 334 (void) fclose(sh_utmpfile); 334 335 sh_utmpfile = NULL; 335 336 SL_RET0(_("sh_utmp_endutent")); -
/trunk/src/slib.c
r20 r30 231 231 if (flag == 1) 232 232 { 233 s printf (val, _("\n--------- %10s "), file);233 sl_snprintf (val, 81, _("\n--------- %10s "), file); 234 234 sl_strlcpy (msg, val, 80); 235 s printf (val, _(" --- %6d ---------\n"), line);235 sl_snprintf (val, 81, _(" --- %6d ---------\n"), line); 236 236 sl_strlcat (msg, val, 80); 237 237 sh_log_console (msg); … … 577 577 578 578 #if !defined(HOST_IS_I86SOLARIS) 579 #if !defined (_GNU_SOURCE) 579 #if !defined (_GNU_SOURCE) && !defined(__linux__) 580 /* flawfinder: ignore */ 580 581 extern int vsnprintf ( char *str, size_t n, 581 582 const char *format, va_list ap ); … … 777 778 778 779 #if defined(HAVE_VSNPRINTF) && !defined(HAVE_BROKEN_VSNPRINTF) 779 len = vsnprintf (str, n, format, vl); 780 len = vsnprintf (str, n, format, vl); /* flawfinder: ignore */ 780 781 str[n-1] = '\0'; 781 782 #else 782 VA_COPY (vl2, vl); /* save the argument list */783 VA_COPY (vl2, vl); /* save the argument list */ 783 784 total = sl_printf_count (format, vl); 784 len 785 len = (int) total; 785 786 if (total < n) 786 787 { 788 /* flawfinder: ignore */ 787 789 vsprintf (str, format, vl2); /* program has checked that it fits */ 788 790 str[n-1] = '\0'; … … 804 806 * ENULL: src || format == NULL 805 807 * ERANGE: n out of range 806 * ETRUNC: truncated 808 * ETRUNC: truncated (unimplemented) 807 809 */ 808 810 int sl_snprintf(char *str, size_t n, … … 821 823 va_start (vl, format); 822 824 #if defined(HAVE_VSNPRINTF) && !defined(HAVE_BROKEN_VSNPRINTF) 825 /* flawfinder: ignore */ 823 826 vsnprintf (str, n, format, vl); 824 827 str[n-1] = '\0'; … … 828 831 if (total < n) 829 832 { 833 /* flawfinder: ignore */ 830 834 vsprintf (str, format, vl2); /* program has checked that it fits */ 831 835 str[n-1] = '\0'; … … 1568 1572 SL_TICKET sl_make_ticket (int fd, char * filename) 1569 1573 { 1574 size_t len; 1570 1575 SL_TICKET ticket; 1571 1576 SL_ENTER(_("sl_make_ticket")); … … 1587 1592 } 1588 1593 1589 if ( (ofiles[fd]->path = (char *) malloc( strlen(filename)+1) ) == NULL) 1594 len = sl_strlen(filename)+1; 1595 1596 if ( (ofiles[fd]->path = (char *) malloc(len) ) == NULL) 1590 1597 { 1591 1598 free(ofiles[fd]); … … 1605 1612 } 1606 1613 1607 s trcpy (ofiles[fd]->path, filename); /* Known to fit */1614 sl_strlcpy (ofiles[fd]->path, filename, len); 1608 1615 ofiles[fd]->ticket = ticket; 1609 1616 ofiles[fd]->fd = fd; … … 1646 1653 int fd; 1647 1654 int sflags; 1655 size_t len; 1648 1656 SL_TICKET ticket; 1649 1657 … … 1820 1828 } 1821 1829 1822 if ( (ofiles[fd]->path = (char *) malloc( strlen(filename)+1) ) == NULL) 1830 len = sl_strlen(filename)+1; 1831 1832 if ( (ofiles[fd]->path = (char *) malloc(len) ) == NULL) 1823 1833 { 1824 1834 free(ofiles[fd]); … … 1840 1850 } 1841 1851 1842 s trcpy (ofiles[fd]->path, filename); /* Known to fit */1852 sl_strlcpy (ofiles[fd]->path, filename, len); 1843 1853 ofiles[fd]->ticket = ticket; 1844 1854 ofiles[fd]->fd = fd; … … 1974 1984 { 1975 1985 TPT((0, FIL__, __LINE__, 1976 _("msg=<Error closing file.>, path=<%s>, fd=<%d> \n"),1977 ofiles[fd]->path, fd ));1986 _("msg=<Error closing file.>, path=<%s>, fd=<%d>, err=<%s>\n"), 1987 ofiles[fd]->path, fd, strerror(errno))); 1978 1988 } 1979 1989 -
/trunk/src/yulectl.c
r20 r30 300 300 if (0 != good) 301 301 { 302 fprintf (stderr, _("ERROR: Bounced message != original message .\n"));302 fprintf (stderr, _("ERROR: Bounced message != original message (possible reason: superfluous password).\n")); 303 303 return -1; 304 304 } … … 321 321 printf(_(" transfer to the client <client_hostname> when\n")); 322 322 printf(_(" this client connects to deliver a message.\n\n")); 323 printf(_(" If password is required, it is read from\n")); 324 printf(_(" $HOME/.yulectl_cred or taken from the environment\n")); 325 printf(_(" variable YULECTL_PASSWORD (not recommended).\n\n")); 323 326 324 327 printf(_("Commands: RELOAD <reload configuration>\n")); … … 337 340 FILE * fp; 338 341 struct passwd * pwent; 339 342 char * pw; 343 344 pw = getenv(_("YULECTL_PASSWORD")); 345 if (pw && strlen(pw) < 15) 346 { 347 strcpy(password, pw); 348 strcpy(message2, password); 349 goto do_msg; 350 } 340 351 341 352 pwent = getpwuid(geteuid()); … … 388 399 exit(EXIT_FAILURE); 389 400 } 390 if (strlen(message2) > 1 5)401 if (strlen(message2) > 14) 391 402 { 392 403 fprintf (stderr, … … 400 411 } 401 412 strcpy(password, message2); 413 fclose(fp); 414 do_msg: 402 415 strcat(message2, "@"); 403 fclose(fp);404 416 405 417 strncat(message2, message, SH_MAXMSG - strlen(message2) -1); -
/trunk/test/test.sh
r20 r30 1 1 #! /bin/sh 2 3 # 4 # Copyright Rainer Wichmann (2006) 5 # 6 # License Information: 7 # This program is free software; you can redistribute it and/or modify 8 # it under the terms of the GNU General Public License as published by 9 # the Free Software Foundation; either version 2 of the License, or 10 # (at your option) any later version. 11 # 12 # This program is distributed in the hope that it will be useful, 13 # but WITHOUT ANY WARRANTY; without even the implied warranty of 14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 # GNU General Public License for more details. 16 # 17 # You should have received a copy of the GNU General Public License 18 # along with this program; if not, write to the Free Software 19 # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 20 # 21 22 # ----------------------------------------------------------------------- 23 # Be Bourne compatible 24 # ----------------------------------------------------------------------- 25 26 if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then 27 emulate sh 28 NULLCMD=: 29 elif test -n "${BASH_VERSION+set}" && (set -o posix) >/dev/null 2>&1; then 30 set -o posix 31 fi 32 33 # ----------------------------------------------------------------------- 34 # Make sure we support functions (from the autoconf manual) 35 # ----------------------------------------------------------------------- 36 37 TSHELL="${TSHELL-/bin/sh}" 38 if test x"$1" = "x--re-executed" 39 then 40 shift 41 elif "$TSHELL" -c 'foo () { (exit 0); exit 0; }; foo' >/dev/null 2>&1 42 then 43 : 44 else 45 for cmd in sh bash ash bsh ksh zsh sh5; do 46 X="$PATH:/bin:/usr/bin:/usr/afsws/bin:/usr/ucb:/usr/xpg4/bin"; 47 OLD_IFS=${IFS} 48 IFS=':'; export IFS 49 for dir in $X; do 50 shell="$dir/$cmd" 51 if (test -f "$shell" || test -f "$shell.exe") 52 then 53 if "$shell" -c 'foo () { (exit 0); exit 0; }; foo' >/dev/null 2>&1 54 then 55 TSHELL="$shell"; export TSHELL 56 IFS=${OLD_IFS}; export IFS 57 exec "$shell" "$0" --re-executed ${1+"$@"} 58 fi 59 fi 60 done 61 IFS=${OLD_IFS}; export IFS 62 done 63 echo "-----------------------------------------------------------------" 64 echo "ERROR: Unable to locate a shell interpreter with function support" >&2 65 echo "-----------------------------------------------------------------" 66 { (exit 1); exit 1; } 67 fi 68 69 # ----------------------------------------------------------------------- 70 # Make sure we support 'let' (from the autoconf manual) 71 # ----------------------------------------------------------------------- 72 73 TSHELL="${TSHELL-/bin/sh}" 74 if test x"$1" = "x--re-run" 75 then 76 shift 77 elif "$TSHELL" -c 'a=5; let "a = a + 5"' >/dev/null 2>&1 78 then 79 : 80 else 81 for cmd in sh bash ash bsh ksh zsh sh5; do 82 X="$PATH:/bin:/usr/bin:/usr/afsws/bin:/usr/ucb:/usr/xpg4/bin"; 83 OLD_IFS=${IFS} 84 IFS=':'; export IFS 85 for dir in $X; do 86 shell="$dir/$cmd" 87 if (test -f "$shell" || test -f "$shell.exe") 88 then 89 if "$shell" -c 'foo () { (exit 0); exit 0; }; foo' >/dev/null 2>&1 90 then 91 if "$shell" -c 'a=5; let "a = a + 5"' >/dev/null 2>&1 92 then 93 TSHELL="$shell"; export TSHELL 94 IFS=${OLD_IFS}; export IFS 95 exec "$shell" "$0" --re-run ${1+"$@"} 96 fi 97 fi 98 fi 99 done 100 IFS=${OLD_IFS}; export IFS 101 done 102 echo "-----------------------------------------------------------------" 103 echo "ERROR: Unable to locate a shell interpreter with support for 'let'" >&2 104 echo "-----------------------------------------------------------------" 105 { (exit 1); exit 1; } 106 fi 107 108 109 umask 0022 2 110 3 111 isok=`test -t 1 2>&1 | wc -c` … … 40 148 echo " ${S}test.sh 6${E} -- Controlling the daemon" 41 149 echo " ${S}test.sh 7${E} -- GnuPG signed files / prelude log" 150 echo " ${S}test.sh 8${E} -- Suidcheck" 42 151 43 152 echo " ${S}test.sh 10${E} -- Test c/s init/check (testrc_2.in)" … … 46 155 echo " ${S}test.sh 13${E} -- Test full c/s w/mysql (testrc_2.in)" 47 156 echo " ${S}test.sh 14${E} -- Test full c/s w/postgres (testrc_2.in)" 48 echo " ${S}test.sh all${E} -- All except 12+" 49 157 echo " ${S}test.sh all${E} -- All tests" 158 } 159 scripts () { 50 160 echo 51 echo "Scripts used by tests (located in ${SCRIPTDIR}):"161 echo "Scripts used by tests:" 52 162 echo " (1) testcompile.sh (2) testhash.sh (3) testrun_1.sh (4) testrun_1a.sh" 53 echo " (5) testext.sh (6) testtimesrv.sh (7) testrun_1b.sh (10) testrun_2.sh" 54 echo " (11) testrun_2a.sh (12) testrun_2b.sh (13) testrun_2c.sh (14) testrun_2d.sh" 163 echo " (5) testext.sh (6) testtimesrv.sh (7) testrun_1b.sh (8) testrun_1c.sh" 164 echo " (10) testrun_2.sh (11) testrun_2a.sh (12) testrun_2b.sh (13) testrun_2c.sh" 165 echo " (14) testrun_2d.sh" 55 166 } 56 167 … … 64 175 cleanup=on 65 176 doall= 177 usevalgrind= 66 178 67 179 while [ $# -gt 0 ] … … 69 181 case "$1" in 70 182 -h|--help) usage; exit 0;; 183 --scripts) usage; scripts; exit 0;; 71 184 -v|--verbose) verbose=on; quiet= ;; 72 185 -q|--quiet) quiet=on; verbose= ;; … … 74 187 --no-cleanup) cleanup= ;; 75 188 --really-all) doall=on;; 189 --valgrind) usevalgrind=on;; 76 190 --srcdir=*) TOP_SRCDIR=`echo $1 | sed s,--srcdir=,,`; export TOP_SRCDIR;; 77 191 --color=*) … … 160 274 161 275 PW_DIR=`pwd`; export PW_DIR 276 277 # 278 # group/world writeable will cause problems 279 # 280 chmod go-w . 162 281 # 163 282 # … … 282 401 rm -f testrc_1.dyn 283 402 rm -f testrc_2 403 rm -f testrc_22 284 404 rm -f ./.samhain_file 285 405 rm -f ./.samhain_log* 286 rm -f ./.samhain_lock 287 test -d testrun_data && chmod -R 0700 testrun_data 288 rm -rf testrun_data 406 rm -f ./.samhain_lock* 407 test -d testrun_testdata && chmod -R 0700 testrun_testdata 408 test -d .quarantine && rm -rf .quarantine 409 rm -rf testrun_testdata 289 410 rm -f test_log_db 290 411 rm -f test_log_prelude 412 rm -f test_log_valgrind* 413 rm -f test_log_yulectl 414 rm -f yule.html 415 rm -f yule.html2 291 416 } 292 417 … … 330 455 tmp="localhost" 331 456 fi 332 echo "$tmp" 457 # 458 # first one is hostname, others are aliases 459 # 460 tmp2=`cat /etc/hosts | egrep "^ *[0123456789].* $tmp" | awk '{ print $2 }'` 461 if [ -z "$tmp2" ]; then 462 echo "$tmp" 463 else 464 echo "$tmp2" 465 fi 333 466 } 334 467 … … 341 474 hostname="127.0.0.1" 342 475 fi 476 477 # Seems that 'valgrind' causes random hangs :-( 478 # 479 if [ -z "$usevalgrind" ]; then 480 VALGRIND= 481 else 482 VALGRIND=`find_path valgrind`; 483 fi 484 [ -z "$VALGRIND" ] || { 485 VALGRIND="$VALGRIND --quiet --tool=memcheck --suppressions=.test.supp"; 486 export VALGRIND; 487 [ -z "$verbose" ] || log_msg_ok "using valgrind" 488 cat > ".test.supp" <<End-of-data 489 # 490 # there are unitialized bytes in the struct... 491 # 492 { 493 pushdata_01 494 Memcheck:Param 495 write(buf) 496 obj:/lib/ld-*.so 497 fun:sh_hash_pushdata 498 fun:sh_files_filecheck 499 fun:sh_dirs_chk 500 } 501 { 502 pushdata_02 503 Memcheck:Param 504 write(buf) 505 obj:/lib/ld-*.so 506 fun:sh_hash_pushdata 507 fun:sh_files_filecheck 508 fun:sh_files_checkdir 509 } 510 { 511 pushdata_03 512 Memcheck:Param 513 write(buf) 514 obj:/lib/ld-*.so 515 fun:sh_hash_pushdata 516 fun:sh_hash_writeout 517 fun:main 518 } 519 520 End-of-data 521 } 343 522 344 523 if test x$1 = x1; then … … 385 564 exit $? 386 565 fi 566 if test x$1 = x8; then 567 . ${SCRIPTDIR}/testrun_1.sh 568 . ${SCRIPTDIR}/testrun_1c.sh 569 testrun1c 570 print_summary 571 exit $? 572 fi 387 573 if test x$1 = x10; then 388 574 . ${SCRIPTDIR}/testrun_2.sh … … 434 620 . ${SCRIPTDIR}/testrun_1b.sh 435 621 let "TEST_MAX = TEST_MAX + MAXTEST" >/dev/null 622 . ${SCRIPTDIR}/testrun_1c.sh 623 let "TEST_MAX = TEST_MAX + MAXTEST" >/dev/null 436 624 . ${SCRIPTDIR}/testrun_2.sh 437 625 let "TEST_MAX = TEST_MAX + MAXTEST" >/dev/null … … 471 659 MAXTEST=${TEST_MAX}; export MAXTEST 472 660 testrun1b 661 # 662 . ${SCRIPTDIR}/testrun_1.sh 663 . ${SCRIPTDIR}/testrun_1c.sh 664 MAXTEST=${TEST_MAX}; export MAXTEST 665 testrun1c 473 666 # 474 667 . ${SCRIPTDIR}/testrun_2.sh -
/trunk/test/testcompile.sh
r20 r30 1 1 #! /bin/sh 2 2 3 MAXTEST=28; export MAXTEST 3 # 4 # Copyright Rainer Wichmann (2006) 5 # 6 # License Information: 7 # This program is free software; you can redistribute it and/or modify 8 # it under the terms of the GNU General Public License as published by 9 # the Free Software Foundation; either version 2 of the License, or 10 # (at your option) any later version. 11 # 12 # This program is distributed in the hope that it will be useful, 13 # but WITHOUT ANY WARRANTY; without even the implied warranty of 14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 # GNU General Public License for more details. 16 # 17 # You should have received a copy of the GNU General Public License 18 # along with this program; if not, write to the Free Software 19 # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 20 # 21 22 MAXTEST=57; export MAXTEST 23 24 run_flawfinder () 25 { 26 flawfinder --minlevel=3 --quiet src/s*.c | \ 27 egrep '^No hits found.' >/dev/null 2>&1 28 if [ $? -eq 0 ]; then 29 [ -z "$quiet" ] && log_ok $2 ${MAXTEST} "$TEST"; 30 else 31 flawfinder --minlevel=3 --quiet src/s*.c >test_log 2>&1 32 [ -z "$quiet" ] && log_fail $2 ${MAXTEST} "$TEST"; 33 return 1 34 fi 35 } 36 37 run_smatch () 38 { 39 export CDIR=`pwd`; 40 41 if [ -z "$doall" ]; then 42 [ -z "$quiet" ] && log_skip $2 ${MAXTEST} "$TEST (smatch)"; 43 return 0 44 fi 45 46 if [ "x$3" = "xdebug" ]; then memcheck=debug; else memcheck=simple; fi 47 if [ -f ../sm_scripts/smatch.pm ]; then 48 ( 49 cd ../sm_scripts; 50 51 for i in ${CDIR}/*.c.sm ; do 52 # echo $i; 53 cat $i | ./unreached_code.pl; 54 cat $i | ./ampersand_missing.sh; 55 cat $i | ./uninitialized.pl; 56 cat $i | ./eqeq.pl; 57 cat $i | ./for_bounds.pl; 58 cat $i | ./unchecked_returns.pl; 59 cat $i | ./unreached_code.pl; 60 cat $i | ./uninitialized.pl; 61 # from http://people.redhat.com/mstefani/wine/smatch/ 62 if [ -f ./while_for_check.pl ]; then 63 cat $i | ./while_for_check.pl; 64 fi 65 # --> end wine <-- 66 # samhain specific 67 if [ $memcheck = xsimple ]; then 68 if [ -f ./samhain_unfree.pl ]; then 69 cat $i | ./samhain_unfree.pl | \ 70 egrep -v 'x_cutest_.*Test_' | \ 71 egrep -v 'x_sh_unix.c .... .... sh_unix_copyenv'; 72 fi 73 fi 74 if [ $memcheck = xdebug ]; then 75 if [ -f ./samhain_unfree_debug.pl ]; then 76 cat $i | ./samhain_unfree_debug.pl | \ 77 egrep -v 'x_cutest_.*Test_' | \ 78 egrep -v 'x_sh_unix.c .... .... sh_unix_copyenv'; 79 fi 80 fi 81 # --> end samhain specific <-- 82 #cat $i | ./unfree.pl | \ 83 # egrep -v 'x_cutest_.*Test_' | \ 84 # grep -v 'x_sh_unix.c .... .... sh_unix_copyenv'; 85 touch list_null_funcs_uniq; 86 cat $i | ./deference_check.pl; 87 rm -f list_null_funcs_uniq; 88 rm -f $i 89 done 90 ) >test_log_smatch 2>&1 91 if [ -f test_log_smatch ]; then 92 lines=`cat test_log_smatch | wc -l` 93 if [ $lines -ne 0 ]; then 94 cat test_log_smatch 95 rm -f test_log_smatch 96 [ -z "$quiet" ] && log_fail $2 ${MAXTEST} "$TEST (smatch)"; 97 return 1 98 fi 99 fi 100 [ -z "$quiet" ] && log_ok $2 ${MAXTEST} "$TEST (smatch)"; 101 return 0 102 fi 103 [ -z "$quiet" ] && log_skip $2 ${MAXTEST} "$TEST (smatch)"; 104 return 0 105 } 4 106 5 107 testmake () … … 8 110 if test x$1 = x0; then 9 111 [ -z "$verbose" ] || log_msg_ok "configure... $TEST"; 10 $MAKE cutest > /dev/null 2>> test_log112 $MAKE ${SMATCH} cutest > /dev/null 2>> test_log 11 113 if test x$? = x0; then 12 114 [ -z "$verbose" ] || log_msg_ok "make cutest... $TEST"; … … 34 136 log_start "COMPILE" 35 137 138 if [ -f /usr/local/gcc-smatch/bin/gcc ]; then 139 SAVE_CC="${CC}" 140 SMATCH="DBGDEF=--smatch"; export SMATCH 141 CC="/usr/local/gcc-smatch/bin/gcc"; export CC 142 fi 143 36 144 num=0 37 145 numfail=0 38 146 39 147 # 148 # test flawfinder 149 # 150 TEST="${S}check w/flawfinder${E}" 151 # 152 # 153 let "num = num + 1" >/dev/null 154 FLAWFINDER=`find_path flawfinder` 155 # 156 if [ -z "$FLAWFINDER" ]; then 157 log_skip $num $MAXTEST 'check w/flawfinder (not in PATH)' 158 else 159 run_flawfinder 0 $num || let "numfail = numfail + 1" >/dev/null 160 fi 161 # 162 163 # 40 164 # test standalone compilation 41 165 # 42 TEST="${S}standalone agentw/suidcheck${E}"166 TEST="${S}standalone w/suidcheck${E}" 43 167 # 44 168 if test -r "Makefile"; then … … 50 174 let "num = num + 1" >/dev/null 51 175 testmake $? $num || let "numfail = numfail + 1" >/dev/null 176 let "num = num + 1" >/dev/null 177 run_smatch $? $num || let "numfail = numfail + 1" >/dev/null 52 178 53 179 # 54 180 # test standalone compilation 55 181 # 56 TEST="${S}standalone agent w/mounts-check andw/userfiles${E}"182 TEST="${S}standalone w/mounts-check w/userfiles${E}" 57 183 # 58 184 if test -r "Makefile"; then … … 64 190 let "num = num + 1" >/dev/null 65 191 testmake $? $num || let "numfail = numfail + 1" >/dev/null 192 let "num = num + 1" >/dev/null 193 run_smatch $? $num || let "numfail = numfail + 1" >/dev/null 66 194 67 195 … … 69 197 # test standalone compilation 70 198 # 71 TEST="${S}standalone agent w/timeserver and w/message-queue${E}"199 TEST="${S}standalone w/timeserver and w/msgqueue${E}" 72 200 # 73 201 if test -r "Makefile"; then … … 79 207 let "num = num + 1" >/dev/null 80 208 testmake $? $num || let "numfail = numfail + 1" >/dev/null 209 let "num = num + 1" >/dev/null 210 run_smatch $? $num || let "numfail = numfail + 1" >/dev/null 81 211 82 212 # 83 213 # test standalone compilation with --with-nocl=PW 84 214 # 85 TEST="${S}standalone agentw/nocl${E}"215 TEST="${S}standalone w/nocl${E}" 86 216 # 87 217 if test -r "Makefile"; then … … 93 223 let "num = num + 1" >/dev/null 94 224 testmake $? $num || let "numfail = numfail + 1" >/dev/null 225 let "num = num + 1" >/dev/null 226 run_smatch $? $num || let "numfail = numfail + 1" >/dev/null 95 227 96 228 # 97 229 # test standalone compilation w/ debug 98 230 # 99 TEST="${S}standalone agentw/debug${E}"231 TEST="${S}standalone w/debug${E}" 100 232 # 101 233 if test -r "Makefile"; then … … 107 239 let "num = num + 1" >/dev/null 108 240 testmake $? $num || let "numfail = numfail + 1" >/dev/null 241 let "num = num + 1" >/dev/null 242 run_smatch $? $num debug || let "numfail = numfail + 1" >/dev/null 109 243 110 244 # 111 245 # test standalone compilation w/ gpg 112 246 # 113 TEST="${S}standalone agentw/gpg${E}"247 TEST="${S}standalone w/gpg${E}" 114 248 # 115 249 GPG=`find_path gpg` … … 118 252 if [ -z "$GPG" ]; then 119 253 log_skip $num $MAXTEST 'gpg not in PATH' 254 let "num = num + 1" >/dev/null 120 255 else 121 256 if test -r "Makefile"; then … … 126 261 # 127 262 testmake $? $num || let "numfail = numfail + 1" >/dev/null 263 let "num = num + 1" >/dev/null 264 run_smatch $? $num || let "numfail = numfail + 1" >/dev/null 128 265 fi 129 266 … … 131 268 # test standalone compilation w/stealth 132 269 # 133 TEST="${S}standalone agentw/stealth${E}"270 TEST="${S}standalone w/stealth${E}" 134 271 # 135 272 if test -r "Makefile"; then … … 141 278 let "num = num + 1" >/dev/null 142 279 testmake $? $num || let "numfail = numfail + 1" >/dev/null 280 let "num = num + 1" >/dev/null 281 run_smatch $? $num || let "numfail = numfail + 1" >/dev/null 143 282 144 283 # 145 284 # test standalone compilation w/logwatch 146 285 # 147 TEST="${S}standalone agentw/login-watch${E}"286 TEST="${S}standalone w/login-watch${E}" 148 287 # 149 288 if test -r "Makefile"; then … … 155 294 let "num = num + 1" >/dev/null 156 295 testmake $? $num || let "numfail = numfail + 1" >/dev/null 296 let "num = num + 1" >/dev/null 297 run_smatch $? $num || let "numfail = numfail + 1" >/dev/null 157 298 158 299 # 159 300 # test standalone compilation w/mysql 160 301 # 161 TEST="${S}standalone agentw/mysql${E}"302 TEST="${S}standalone w/mysql${E}" 162 303 # 163 304 if test -r "Makefile"; then … … 169 310 let "num = num + 1" >/dev/null 170 311 testmake $? $num "skip" || let "numfail = numfail + 1" >/dev/null 312 let "num = num + 1" >/dev/null 313 run_smatch $? $num || let "numfail = numfail + 1" >/dev/null 171 314 172 315 # 173 316 # test standalone compilation w/postgresql 174 317 # 175 TEST="${S}standalone agentw/postgresql${E}"318 TEST="${S}standalone w/postgresql${E}" 176 319 # 177 320 if test -r "Makefile"; then … … 183 326 let "num = num + 1" >/dev/null 184 327 testmake $? $num "skip" || let "numfail = numfail + 1" >/dev/null 328 let "num = num + 1" >/dev/null 329 run_smatch $? $num || let "numfail = numfail + 1" >/dev/null 185 330 186 331 # 187 332 # test standalone compilation 188 333 # 189 TEST="${S}standalone agentw/o mail${E}"334 TEST="${S}standalone w/o mail${E}" 190 335 # 191 336 if test -r "Makefile"; then … … 197 342 let "num = num + 1" >/dev/null 198 343 testmake $? $num || let "numfail = numfail + 1" >/dev/null 344 let "num = num + 1" >/dev/null 345 run_smatch $? $num || let "numfail = numfail + 1" >/dev/null 199 346 200 347 # 201 348 # test standalone compilation 202 349 # 203 TEST="${S}standalone agent w/o external scripts${E}"350 TEST="${S}standalone w/o external${E}" 204 351 # 205 352 if test -r "Makefile"; then … … 211 358 let "num = num + 1" >/dev/null 212 359 testmake $? $num || let "numfail = numfail + 1" >/dev/null 360 let "num = num + 1" >/dev/null 361 run_smatch $? $num || let "numfail = numfail + 1" >/dev/null 213 362 214 363 # echo; echo "${S}__ TEST CLIENT/SERVER __${E}"; echo; … … 227 376 let "num = num + 1" >/dev/null 228 377 testmake $? $num || let "numfail = numfail + 1" >/dev/null 378 let "num = num + 1" >/dev/null 379 run_smatch $? $num || let "numfail = numfail + 1" >/dev/null 229 380 230 381 if test -r "Makefile"; then … … 236 387 let "num = num + 1" >/dev/null 237 388 testmake $? $num || let "numfail = numfail + 1" >/dev/null 389 let "num = num + 1" >/dev/null 390 run_smatch $? $num || let "numfail = numfail + 1" >/dev/null 238 391 239 392 # … … 247 400 if [ -z "$GPG" ]; then 248 401 log_skip $num $MAXTEST 'gpg not in PATH' 249 let "num = num + 1" >/dev/null 250 log_skip $num $MAXTEST 'gpg not in PATH' 402 let "num = num + 3" >/dev/null 251 403 else 252 404 if test -r "Makefile"; then … … 257 409 # 258 410 testmake $? $num || let "numfail = numfail + 1" >/dev/null 411 let "num = num + 1" >/dev/null 412 run_smatch $? $num || let "numfail = numfail + 1" >/dev/null 259 413 # 260 414 if test -r "Makefile"; then … … 266 420 let "num = num + 1" >/dev/null 267 421 testmake $? $num || let "numfail = numfail + 1" >/dev/null 422 let "num = num + 1" >/dev/null 423 run_smatch $? $num || let "numfail = numfail + 1" >/dev/null 268 424 fi 269 425 … … 282 438 let "num = num + 1" >/dev/null 283 439 testmake $? $num || let "numfail = numfail + 1" >/dev/null 440 let "num = num + 1" >/dev/null 441 run_smatch $? $num || let "numfail = numfail + 1" >/dev/null 284 442 # 285 443 if test -r "Makefile"; then … … 291 449 let "num = num + 1" >/dev/null 292 450 testmake $? $num || let "numfail = numfail + 1" >/dev/null 451 let "num = num + 1" >/dev/null 452 run_smatch $? $num || let "numfail = numfail + 1" >/dev/null 293 453 294 454 # … … 305 465 let "num = num + 1" >/dev/null 306 466 testmake $? $num || let "numfail = numfail + 1" >/dev/null 467 let "num = num + 1" >/dev/null 468 run_smatch $? $num debug || let "numfail = numfail + 1" >/dev/null 307 469 # 308 470 if test -r "Makefile"; then … … 314 476 let "num = num + 1" >/dev/null 315 477 testmake $? $num || let "numfail = numfail + 1" >/dev/null 478 let "num = num + 1" >/dev/null 479 run_smatch $? $num debug || let "numfail = numfail + 1" >/dev/null 316 480 317 481 # … … 328 492 let "num = num + 1" >/dev/null 329 493 testmake $? $num || let "numfail = numfail + 1" >/dev/null 494 let "num = num + 1" >/dev/null 495 run_smatch $? $num || let "numfail = numfail + 1" >/dev/null 330 496 # 331 497 if test -r "Makefile"; then … … 337 503 let "num = num + 1" >/dev/null 338 504 testmake $? $num || let "numfail = numfail + 1" >/dev/null 505 let "num = num + 1" >/dev/null 506 run_smatch $? $num || let "numfail = numfail + 1" >/dev/null 339 507 340 508 # … … 351 519 let "num = num + 1" >/dev/null 352 520 testmake $? $num || let "numfail = numfail + 1" >/dev/null 521 let "num = num + 1" >/dev/null 522 run_smatch $? $num || let "numfail = numfail + 1" >/dev/null 353 523 # 354 524 if test -r "Makefile"; then … … 360 530 let "num = num + 1" >/dev/null 361 531 testmake $? $num || let "numfail = numfail + 1" >/dev/null 532 let "num = num + 1" >/dev/null 533 run_smatch $? $num || let "numfail = numfail + 1" >/dev/null 362 534 363 535 # … … 374 546 let "num = num + 1" >/dev/null 375 547 testmake $? $num || let "numfail = numfail + 1" >/dev/null 548 let "num = num + 1" >/dev/null 549 run_smatch $? $num debug || let "numfail = numfail + 1" >/dev/null 376 550 # 377 551 if test -r "Makefile"; then … … 383 557 let "num = num + 1" >/dev/null 384 558 testmake $? $num || let "numfail = numfail + 1" >/dev/null 559 let "num = num + 1" >/dev/null 560 run_smatch $? $num debug || let "numfail = numfail + 1" >/dev/null 385 561 386 562 # 387 563 # test client/server compilation 388 564 # 389 TEST="${S}client/server application w/o external scripts${E}"565 TEST="${S}client/server application w/o external${E}" 390 566 # 391 567 if test -r "Makefile"; then … … 397 573 let "num = num + 1" >/dev/null 398 574 testmake $? $num || let "numfail = numfail + 1" >/dev/null 575 let "num = num + 1" >/dev/null 576 run_smatch $? $num || let "numfail = numfail + 1" >/dev/null 399 577 # 400 578 if test -r "Makefile"; then … … 406 584 let "num = num + 1" >/dev/null 407 585 testmake $? $num || let "numfail = numfail + 1" >/dev/null 586 let "num = num + 1" >/dev/null 587 run_smatch $? $num || let "numfail = numfail + 1" >/dev/null 588 589 [ -z "${SMATCH}" ] || { CC="${SAVE_CC}"; export CC; } 408 590 409 591 log_end "COMPILE" -
/trunk/test/testext.sh
r20 r30 1 1 #! /bin/sh 2 3 # 4 # Copyright Rainer Wichmann (2006) 5 # 6 # License Information: 7 # This program is free software; you can redistribute it and/or modify 8 # it under the terms of the GNU General Public License as published by 9 # the Free Software Foundation; either version 2 of the License, or 10 # (at your option) any later version. 11 # 12 # This program is distributed in the hope that it will be useful, 13 # but WITHOUT ANY WARRANTY; without even the implied warranty of 14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 # GNU General Public License for more details. 16 # 17 # You should have received a copy of the GNU General Public License 18 # along with this program; if not, write to the Free Software 19 # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 20 # 2 21 3 22 MAXTEST=1; export MAXTEST … … 39 58 if test x$? = x0; then 40 59 [ -z "$verbose" ] || log_msg_ok "configure..."; 41 $MAKE > /dev/null60 $MAKE >/dev/null 2>>test_log 42 61 if test x$? = x0; then 43 62 [ -z "$verbose" ] || log_msg_ok "make..."; … … 79 98 rm -f $PW_DIR/pdbg.child 80 99 rm -f $PW_DIR/pdbg.main 81 ./samhain -p none 100 ./samhain -p none 82 101 83 102 # The shell is too fast ... -
/trunk/test/testhash.sh
r20 r30 1 1 #! /bin/sh 2 3 # 4 # Copyright Rainer Wichmann (2006) 5 # 6 # License Information: 7 # This program is free software; you can redistribute it and/or modify 8 # it under the terms of the GNU General Public License as published by 9 # the Free Software Foundation; either version 2 of the License, or 10 # (at your option) any later version. 11 # 12 # This program is distributed in the hope that it will be useful, 13 # but WITHOUT ANY WARRANTY; without even the implied warranty of 14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 # GNU General Public License for more details. 16 # 17 # You should have received a copy of the GNU General Public License 18 # along with this program; if not, write to the Free Software 19 # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 20 # 2 21 3 22 RCFILE="$PW_DIR/testrc_1.dyn"; export RCFILE -
/trunk/test/testrc_2.in
r20 r30 130 130 131 131 SetUseSocket = yes 132 SetSocketAllowUid=0 133 SetSocketPassword=samhain 132 134 133 135 SetClientFromAccept = yes -
/trunk/test/testrun_1.sh
r20 r30 1 1 #! /bin/sh 2 3 # 4 # Copyright Rainer Wichmann (2006) 5 # 6 # License Information: 7 # This program is free software; you can redistribute it and/or modify 8 # it under the terms of the GNU General Public License as published by 9 # the Free Software Foundation; either version 2 of the License, or 10 # (at your option) any later version. 11 # 12 # This program is distributed in the hope that it will be useful, 13 # but WITHOUT ANY WARRANTY; without even the implied warranty of 14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 # GNU General Public License for more details. 16 # 17 # You should have received a copy of the GNU General Public License 18 # along with this program; if not, write to the Free Software 19 # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 20 # 2 21 3 22 RCFILE="$PW_DIR/testrc_1.dyn"; export RCFILE … … 22 41 testrun1_setup=0 23 42 24 MAXTEST=1 0; export MAXTEST43 MAXTEST=11; export MAXTEST 25 44 26 45 test_dirs () { … … 46 65 fi 47 66 done 67 } 68 69 # 70 # combine file check schedule with one-shot mode 71 # 72 TESTPOLICY_11=" 73 [ReadOnly] 74 dir=99${BASE} 75 " 76 77 mod_testdata_11 () { 78 sleep 1 79 echo "foobar" >"${BASE}/c/x"; # bad 80 chmod 0555 "${BASE}/a/y"; # bad 81 ORIGINAL='SetFilecheckTime=60' 82 REPLACEMENT='FileCheckScheduleOne = 6 12 * * *' 83 ex $RCFILE <<EOF 84 %s/${ORIGINAL}/${REPLACEMENT}/g 85 wq 86 EOF 87 } 88 89 chk_testdata_11 () { 90 # CDIRS="a b c a/a a/b a/c a/a/a a/a/b a/a/c a/a/a/a a/a/a/b a/a/a/c"; 91 tmp=`grep CRIT $LOGFILE | wc -l` 92 if [ $tmp -ne 2 ]; then 93 [ -z "$verbose" ] || log_msg_fail "policy count"; 94 return 1 95 fi 96 egrep "CRIT.*POLICY \[ReadOnly\] C-------TS.*${BASE}/c/x" $LOGFILE >/dev/null 2>&1 97 if [ $? -ne 0 ]; then 98 [ -z "$verbose" ] || log_msg_fail "${BASE}/c/x"; 99 return 1 100 fi 101 egrep "CRIT.*POLICY \[ReadOnly\] -----M--T-.*${BASE}/a/y" $LOGFILE >/dev/null 2>&1 102 if [ $? -ne 0 ]; then 103 [ -z "$verbose" ] || log_msg_fail "${BASE}/a/y"; 104 return 1 105 fi 106 CDIRS="a a/a a/b a/c c b a/a/a a/a/b a/a/c a/a/a/a a/a/a/b a/a/a/c"; 107 NDIRS=""; 108 test_dirs; 109 return $? 48 110 } 49 111 … … 749 811 run_init () 750 812 { 751 ./samhain -t init -p none 813 rm -f test_log_valgrind 814 815 ${VALGRIND} ./samhain -t init -p none 2>>test_log_valgrind 752 816 753 817 if test x$? = x0; then … … 761 825 run_check () 762 826 { 763 ./samhain -t check -p none -l debug827 ${VALGRIND} ./samhain -t check -p none -l debug 2>>test_log_valgrind 764 828 765 829 if test x$? = x0; then … … 778 842 run_update () 779 843 { 780 ./samhain -t update -p none -l debug844 ${VALGRIND} ./samhain -t update -p none -l debug 2>>test_log_valgrind 781 845 782 846 if test x$? = x0; then … … 792 856 rm -rf $LOGFILE 793 857 794 ./samhain -t check -p none -l debug858 ${VALGRIND} ./samhain -t check -p none -l debug 2>>test_log_valgrind 795 859 796 860 if test x$? = x0; then … … 801 865 return 1 802 866 fi 803 tmp=`./samhain -j -L $LOGFILE | grep ERR | wc -l` 867 # 868 # wtmp may not be readable 869 # 870 tmp=`./samhain -j -L $LOGFILE | grep ERR | grep -v wtmp | wc -l` 804 871 if [ $tmp -ne 0 ]; then 805 [ -z "$verbose" ] || log_msg_fail "update not successful(?)"; 806 return 1 807 fi 872 [ -z "$verbose" ] || log_msg_fail "errors during check"; 873 return 1 874 fi 875 # 876 [ -z "$VALGRIND" ] || { 877 tmp=`cat test_log_valgrind 2>/dev/null | wc -l`; 878 if [ $tmp -ne 0 ]; then 879 [ -z "$verbose" ] || log_msg_fail "valgrind reports errors"; 880 cat test_log_valgrind 881 return 1; 882 fi; 883 } 808 884 # 809 885 [ -z "$verbose" ] || log_msg_ok "check(2)..."; … … 816 892 prep_testdata () 817 893 { 818 chmod -R 0700 "${BASE}" || { 819 [ -z "$quiet" ] && log_msg_fail "chmod -R 0700 ${BASE}"; 820 return 1; 821 } 894 if test -d "$BASE"; then 895 if [ -d "${BASE}" ]; then 896 chmod -R 0700 "${BASE}" || { 897 [ -z "$quiet" ] && log_msg_fail "chmod -R 0700 ${BASE}"; 898 return 1; 899 } 900 fi 901 fi 822 902 823 903 rm -rf "${BASE}" || { … … 872 952 if test x$? = x0; then 873 953 [ -z "$verbose" ] || log_msg_ok "configure..."; 874 $MAKE > /dev/null954 $MAKE >/dev/null 2>>test_log 875 955 if test x$? = x0; then 876 956 [ -z "$verbose" ] || log_msg_ok "make..."; -
/trunk/test/testrun_1a.sh
r20 r30 1 1 #! /bin/sh 2 3 # 4 # Copyright Rainer Wichmann (2006) 5 # 6 # License Information: 7 # This program is free software; you can redistribute it and/or modify 8 # it under the terms of the GNU General Public License as published by 9 # the Free Software Foundation; either version 2 of the License, or 10 # (at your option) any later version. 11 # 12 # This program is distributed in the hope that it will be useful, 13 # but WITHOUT ANY WARRANTY; without even the implied warranty of 14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 # GNU General Public License for more details. 16 # 17 # You should have received a copy of the GNU General Public License 18 # along with this program; if not, write to the Free Software 19 # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 20 # 2 21 3 22 BUILDOPTS="--quiet $TRUST --enable-debug --enable-xml-log --enable-micro-stealth=137 --enable-login-watch --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$RCFILE --with-log-file=$LOGFILE --with-pid-file=$PW_DIR/.samhain_lock --with-data-file=$PW_DIR/.samhain_file" -
/trunk/test/testrun_1b.sh
r20 r30 1 1 #! /bin/sh 2 2 3 # 4 # Copyright Rainer Wichmann (2006) 5 # 6 # License Information: 7 # This program is free software; you can redistribute it and/or modify 8 # it under the terms of the GNU General Public License as published by 9 # the Free Software Foundation; either version 2 of the License, or 10 # (at your option) any later version. 11 # 12 # This program is distributed in the hope that it will be useful, 13 # but WITHOUT ANY WARRANTY; without even the implied warranty of 14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 # GNU General Public License for more details. 16 # 17 # You should have received a copy of the GNU General Public License 18 # along with this program; if not, write to the Free Software 19 # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 20 # 3 21 4 22 MAXTEST=2; export MAXTEST … … 15 33 # 16 34 if test -r "Makefile"; then 17 $MAKE distclean >/dev/null 35 $MAKE distclean >/dev/null >&1 18 36 fi 19 37 # … … 24 42 if test x$? = x0; then 25 43 [ -z "$verbose" ] || log_msg_ok "configure..."; 26 $MAKE > /dev/null 44 $MAKE > /dev/null 2>&1 27 45 if test x$? = x0; then 28 46 [ -z "$verbose" ] || log_msg_ok "make..."; -
/trunk/test/testrun_2.sh
r20 r30 1 1 #! /bin/sh 2 3 # 4 # Copyright Rainer Wichmann (2006) 5 # 6 # License Information: 7 # This program is free software; you can redistribute it and/or modify 8 # it under the terms of the GNU General Public License as published by 9 # the Free Software Foundation; either version 2 of the License, or 10 # (at your option) any later version. 11 # 12 # This program is distributed in the hope that it will be useful, 13 # but WITHOUT ANY WARRANTY; without even the implied warranty of 14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 # GNU General Public License for more details. 16 # 17 # You should have received a copy of the GNU General Public License 18 # along with this program; if not, write to the Free Software 19 # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 20 # 2 21 3 22 LOGFILE="$PW_DIR/.samhain_log"; export LOGFILE 4 23 RCFILE="$PW_DIR/testrc_2"; export RCFILE 24 HTML="$PW_DIR/yule.html"; export HTML 5 25 6 26 … … 12 32 echo; 13 33 } 14 ./yule -l info -p none >/dev/null 2>&1 & 34 35 rm -f test_log_valgrind 36 37 ${VALGRIND} ./yule.2 -l info -p none >/dev/null 2>>test_log_valgrind & 38 PROC_Y2=$! 39 sleep 5 40 41 [ -z "$verbose" ] || { 42 echo; 43 echo "${S}Start Server #2${E}: ./yule.2 -l info -p none &"; 44 echo; 45 } 46 47 ${VALGRIND} ./yule -l info -p none -e info --bind-address=127.0.0.1 \ 48 --server-port=49778 >/dev/null 2>>test_log_valgrind & 15 49 PROC_Y=$! 16 50 sleep 5 … … 22 56 } 23 57 24 ./samhain.new -t check -p none -l none -e info --bind-address=127.0.0.1 >/dev/null 2>&158 ${VALGRIND} ./samhain.new -t check -p none -l none -e info --bind-address=127.0.0.1 >/dev/null 2>>test_log_valgrind 25 59 if test x$? = x0; then 26 60 [ -z "$verbose" ] || log_msg_ok "samhain.new -t check"; … … 28 62 [ -z "$quiet" ] && log_msg_fail "samhain.new -t check"; 29 63 kill $PROC_Y 64 kill $PROC_Y2 30 65 return 1 31 66 fi 32 67 33 68 kill $PROC_Y 34 sleep 5 69 kill $PROC_Y2 70 sleep 5 71 72 # cp ${LOGFILE} triple_test 73 # cp ${LOGFILE}2 triple_test_2 74 75 egrep "START(>|\").*Yule(>|\")" ${LOGFILE}2 >/dev/null 2>&1 76 if [ $? -ne 0 ]; then 77 [ -z "$verbose" ] || log_msg_fail "Server #2 start"; 78 return 1 79 fi 80 egrep "remote_host.*Checking.*/bin" ${LOGFILE}2 >/dev/null 2>&1 81 if [ $? -ne 0 ]; then 82 [ -z "$verbose" ] || log_msg_fail "Client file check (relayed)"; 83 return 1 84 fi 85 egrep "remote_host.*EXIT.*Samhain" ${LOGFILE}2 >/dev/null 2>&1 86 if [ $? -ne 0 ]; then 87 [ -z "$verbose" ] || log_msg_fail "Client exit (relayed)"; 88 return 1 89 fi 90 egrep "EXIT.*Yule.*SIGTERM" ${LOGFILE}2 >/dev/null 2>&1 91 if [ $? -ne 0 ]; then 92 [ -z "$verbose" ] || log_msg_fail "Server #2 exit"; 93 return 1 94 fi 95 35 96 36 97 egrep "START(>|\").*Yule(>|\")" $LOGFILE >/dev/null 2>&1 … … 59 120 return 1 60 121 fi 61 122 123 [ -z "$VALGRIND" ] || { 124 tmp=`cat test_log_valgrind 2>/dev/null | wc -l`; 125 if [ $tmp -ne 0 ]; then 126 [ -z "$verbose" ] || log_msg_fail "valgrind reports errors"; 127 cat test_log_valgrind 128 return 1; 129 fi; 130 } 62 131 63 132 return 0 … … 69 138 REPLACEMENT="UseSeparateLogs=yes" 70 139 ex $RCFILE <<EOF 71 :%s/$ORIGINAL/$REPLACEMENT/g72 :wq140 %s/$ORIGINAL/$REPLACEMENT/g 141 wq 73 142 EOF 74 143 # :%s is the "ex" substitution command. … … 81 150 82 151 rm -f $LOGFILE 83 84 ./yule -l info -p none >/dev/null 2>&1 & 152 rm -f test_log_valgrind 153 154 ${VALGRIND} ./yule -l info -p none >/dev/null 2>>test_log_valgrind & 85 155 PROC_Y=$! 86 156 sleep 5 … … 92 162 } 93 163 94 ./samhain.new -t check -p none -l none -e info --bind-address=127.0.0.1 >/dev/null 2>&1164 ${VALGRIND} ./samhain.new -t check -p none -l none -e info --bind-address=127.0.0.1 >/dev/null 2>>test_log_valgrind 95 165 if test x$? = x0; then 96 166 [ -z "$verbose" ] || log_msg_ok "samhain.new -t check"; … … 112 182 CLIENTLOG="${LOGFILE}.${remhost}" 113 183 else 114 CLIENTLOG=`ls -1 ${LOGFILE}.* | tail -n 1` 184 tail -n 1 ${SCRIPTDIR}/test.sh >/dev/null 2>&1 185 if [ $? -eq 0 ]; then 186 CLIENTLOG=`ls -1 ${LOGFILE}.* 2>/dev/null | tail -n 1` 187 else 188 CLIENTLOG=`ls -1 ${LOGFILE}.* 2>/dev/null | tail -1` 189 fi 115 190 fi 116 191 … … 140 215 return 1 141 216 fi 217 218 [ -z "$VALGRIND" ] || { 219 tmp=`cat test_log_valgrind 2>/dev/null | wc -l`; 220 if [ $tmp -ne 0 ]; then 221 [ -z "$verbose" ] || log_msg_fail "valgrind reports errors"; 222 cat test_log_valgrind 223 return 1; 224 fi; 225 } 142 226 143 227 rm -f ${LOGFILE}.${remhost} … … 156 240 REPLACEMENT_4="SetClientTimeLimit=20" 157 241 ex $RCFILE <<EOF 158 :%s/${ORIGINAL_1}/${REPLACEMENT_1}/g159 :%s/${ORIGINAL_2}/${REPLACEMENT_2}/g160 :%s/${ORIGINAL_3}/${REPLACEMENT_3}/g161 :%s/${ORIGINAL_4}/${REPLACEMENT_4}/g162 :wq242 %s/${ORIGINAL_1}/${REPLACEMENT_1}/g 243 %s/${ORIGINAL_2}/${REPLACEMENT_2}/g 244 %s/${ORIGINAL_3}/${REPLACEMENT_3}/g 245 %s/${ORIGINAL_4}/${REPLACEMENT_4}/g 246 wq 163 247 EOF 164 248 # :%s is the "ex" substitution command. … … 171 255 172 256 rm -f $LOGFILE 173 174 ./yule -p none >/dev/null 2>&1 & 257 rm -f test_log_valgrind 258 259 ${VALGRIND} ./yule -p none -e none >/dev/null 2>>test_log_valgrind & 175 260 PROC_Y=$! 176 261 sleep 5 … … 182 267 } 183 268 184 ./samhain.new -t check -p none -l none --forever --bind-address=127.0.0.1 >/dev/null 2>&1&269 ${VALGRIND} ./samhain.new -t check -p none -l none --forever --bind-address=127.0.0.1 >/dev/null 2>>test_log_valgrind & 185 270 if test x$? = x0; then 186 271 PROC_S=$! … … 231 316 return 1 232 317 fi 318 319 [ -z "$VALGRIND" ] || { 320 tmp=`cat test_log_valgrind 2>/dev/null | wc -l`; 321 if [ $tmp -ne 0 ]; then 322 [ -z "$verbose" ] || log_msg_fail "valgrind reports errors"; 323 cat test_log_valgrind 324 return 1; 325 fi; 326 } 233 327 234 rm -f ${LOGFILE} .${remhost}328 rm -f ${LOGFILE} 235 329 return 0 236 330 } 331 332 do_test_4 () { 333 334 # don't know what is supported on the test platform, so 335 # prepare for both (password and socket credential) 336 337 # 'id -u' is posix 338 me=`id -u` 339 340 ORIGINAL_1="SetSocketAllowUid=0" 341 REPLACEMENT_1="SetSocketAllowUid=$me" 342 ex $RCFILE <<EOF 343 %s/${ORIGINAL_1}/${REPLACEMENT_1}/g 344 wq 345 EOF 346 347 [ -z "$verbose" ] || { 348 echo; 349 echo "${S}Start Server${E}: ./yule -l info -p none &"; 350 echo; 351 } 352 353 rm -f $LOGFILE 354 rm -f test_log_valgrind 355 356 ${VALGRIND} ./yule -l info -p none -e none \ 357 >/dev/null 2>>test_log_valgrind & 358 PROC_Y=$! 359 sleep 5 360 361 [ -z "$verbose" ] || { 362 echo; 363 echo "${S}Start Client${E}: ./samhain.new -l none -p none -e info -t check"; 364 echo; 365 } 366 367 $MAKE yulectl >/dev/null 368 if [ $? -ne 0 ]; then 369 [ -z "$verbose" ] || log_msg_fail "make yulectl"; 370 kill $PROC_Y 371 return 1 372 fi 373 374 375 ./yulectl -v -c RELOAD foobar1 >test_log_yulectl 2>/dev/null 376 377 if [ $? -ne 0 ]; then 378 YULECTL_PASSWORD=samhain; export YULECTL_PASSWORD 379 ./yulectl -v -c RELOAD foobar1 >test_log_yulectl 380 if [ $? -ne 0 ]; then 381 kill ${PROC_Y} 382 [ -z "$verbose" ] || log_msg_fail "yulectl"; 383 return 1 384 fi 385 fi 386 387 ./yulectl -v -c RELOAD foobar2 >test_yulectl_log 388 389 if [ $? -ne 0 ]; then 390 kill ${PROC_Y} 391 [ -z "$verbose" ] || log_msg_fail "yulectl"; 392 return 1 393 fi 394 395 ./yulectl -v -c RELOAD foobar3 >test_log_yulectl 396 397 if [ $? -ne 0 ]; then 398 kill ${PROC_Y} 399 [ -z "$verbose" ] || log_msg_fail "yulectl"; 400 return 1 401 fi 402 403 ./yulectl -v -c LISTALL dummy >test_log_yulectl 404 405 if [ $? -ne 0 ]; then 406 kill ${PROC_Y} 407 [ -z "$verbose" ] || log_msg_fail "yulectl"; 408 return 1 409 fi 410 411 tmp=`cat test_log_yulectl | grep RELOAD | wc -l` 412 if [ $tmp -ne 3 ]; then 413 kill ${PROC_Y} 414 [ -z "$verbose" ] || log_msg_fail "command confirmation"; 415 return 1 416 fi 417 418 ./yulectl -v -c CANCEL foobar3 >test_log_yulectl 419 420 if [ $? -ne 0 ]; then 421 kill ${PROC_Y} 422 [ -z "$verbose" ] || log_msg_fail "yulectl"; 423 return 1 424 fi 425 426 ./yulectl -v -c LISTALL dummy >test_log_yulectl 427 428 if [ $? -ne 0 ]; then 429 kill ${PROC_Y} 430 [ -z "$verbose" ] || log_msg_fail "yulectl"; 431 return 1 432 fi 433 434 tmp=`cat test_log_yulectl | grep RELOAD | wc -l` 435 if [ $tmp -ne 2 ]; then 436 kill ${PROC_Y} 437 [ -z "$verbose" ] || log_msg_fail "command confirmation"; 438 return 1 439 fi 440 441 kill ${PROC_Y} 442 sleep 2 443 kill -9 ${PROC_Y} >/dev/null 2>&1 444 445 [ -z "$VALGRIND" ] || { 446 tmp=`cat test_log_valgrind 2>/dev/null | wc -l`; 447 if [ $tmp -ne 0 ]; then 448 [ -z "$verbose" ] || log_msg_fail "valgrind reports errors"; 449 cat test_log_valgrind 450 return 1; 451 fi; 452 } 453 454 return 0 455 } 456 457 do_test_5 () { 458 459 [ -z "$verbose" ] || { 460 echo; 461 echo "${S}Start Server${E}: ./yule -l info -p none &"; 462 echo; 463 } 464 465 ( cat <<EOF 466 <!-- head --> 467 <html><head><title>test</title></head> 468 <body> 469 Current time: %T <br> 470 <table> 471 <!-- ehead --> 472 EOF 473 ) >head.html 474 475 ( cat <<EOF 476 <!-- foot --> 477 </table> 478 </body> 479 <!-- efoot --> 480 EOF 481 ) >foot.html 482 483 ( cat <<EOF 484 <!-- entry --> 485 <tr> 486 <td>%H</td> 487 <td>%S</td> 488 <td>%T</td> 489 </tr> 490 <!-- eentry --> 491 EOF 492 ) >entry.html 493 494 ${VALGRIND} ./yule -l info -p none -e none \ 495 >/dev/null 2>>test_log_valgrind & 496 PROC_Y=$! 497 sleep 5 498 499 egrep '<!-- head -->' $HTML >/dev/null 2>&1 500 if [ $? -ne 0 ]; then 501 # rm -f head.html; rm -f foot.html; rm -f entry.html; 502 kill $PROC_Y 503 [ -z "$verbose" ] || log_msg_fail "head.html (1)"; 504 return 1 505 fi 506 507 egrep '<!-- foot -->' $HTML >/dev/null 2>&1 508 if [ $? -ne 0 ]; then 509 rm -f head.html; rm -f foot.html; rm -f entry.html; 510 kill $PROC_Y 511 [ -z "$verbose" ] || log_msg_fail "foot.html (1)"; 512 return 1 513 fi 514 515 [ -z "$verbose" ] || { 516 echo; 517 echo "${S}Start Client${E}: ./samhain.new -l none -p none -e info -t check"; 518 echo; 519 } 520 521 ${VALGRIND} ./samhain.new -t check -p none -l none -e info --bind-address=127.0.0.1 >/dev/null 2>>test_log_valgrind 522 if test x$? = x0; then 523 [ -z "$verbose" ] || log_msg_ok "samhain.new -t check"; 524 else 525 kill $PROC_Y 526 [ -z "$quiet" ] && log_msg_fail "samhain.new -t check"; 527 return 1 528 fi 529 530 kill $PROC_Y 531 sleep 5 532 533 # rm -f head.html; rm -f foot.html; rm -f entry.html; 534 535 egrep "START(>|\").*Yule(>|\")" $LOGFILE >/dev/null 2>&1 536 if [ $? -ne 0 ]; then 537 [ -z "$verbose" ] || log_msg_fail "Server start"; 538 return 1 539 fi 540 egrep "NEW CLIENT" $LOGFILE >/dev/null 2>&1 541 if [ $? -ne 0 ]; then 542 [ -z "$verbose" ] || log_msg_fail "Client connect"; 543 return 1 544 fi 545 egrep "remote_host.*Checking.*/bin" $LOGFILE >/dev/null 2>&1 546 if [ $? -ne 0 ]; then 547 [ -z "$verbose" ] || log_msg_fail "Client file check"; 548 return 1 549 fi 550 egrep "remote_host.*EXIT.*Samhain" $LOGFILE >/dev/null 2>&1 551 if [ $? -ne 0 ]; then 552 [ -z "$verbose" ] || log_msg_fail "Client exit"; 553 return 1 554 fi 555 egrep "EXIT.*Yule.*SIGTERM" $LOGFILE >/dev/null 2>&1 556 if [ $? -ne 0 ]; then 557 [ -z "$verbose" ] || log_msg_fail "Server exit"; 558 return 1 559 fi 560 561 egrep '<!-- head -->' $HTML >/dev/null 2>&1 562 if [ $? -ne 0 ]; then 563 [ -z "$verbose" ] || log_msg_fail "head.html"; 564 return 1 565 fi 566 egrep '<!-- ehead -->' $HTML >/dev/null 2>&1 567 if [ $? -ne 0 ]; then 568 [ -z "$verbose" ] || log_msg_fail "end head.html"; 569 return 1 570 fi 571 572 egrep '<!-- entry -->' $HTML >/dev/null 2>&1 573 if [ $? -ne 0 ]; then 574 [ -z "$verbose" ] || log_msg_fail "entry.html"; 575 return 1 576 fi 577 egrep '<!-- eentry -->' $HTML >/dev/null 2>&1 578 if [ $? -ne 0 ]; then 579 [ -z "$verbose" ] || log_msg_fail "end entry.html"; 580 return 1 581 fi 582 583 egrep '<!-- foot -->' $HTML >/dev/null 2>&1 584 if [ $? -ne 0 ]; then 585 [ -z "$verbose" ] || log_msg_fail "foot.html"; 586 return 1 587 fi 588 egrep '<!-- efoot -->' $HTML >/dev/null 2>&1 589 if [ $? -ne 0 ]; then 590 [ -z "$verbose" ] || log_msg_fail "end foot.html"; 591 return 1 592 fi 593 594 [ -z "$VALGRIND" ] || { 595 tmp=`cat test_log_valgrind 2>/dev/null | wc -l`; 596 if [ $tmp -ne 0 ]; then 597 [ -z "$verbose" ] || log_msg_fail "valgrind reports errors"; 598 cat test_log_valgrind 599 return 1; 600 fi; 601 } 602 603 return 0 604 } 605 237 606 238 607 testrun2_internal () … … 268 637 fi 269 638 270 # save binary and build server 639 # save binary and build server2 271 640 # 272 641 cp samhain samhain.build || return 1 273 makeclean >/dev/null || return 1274 275 ${TOP_SRCDIR}/configure --quiet $TRUST --enable-debug --enable-network=server --enable-xml-log --enable-login-watch --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$ RCFILE --with-log-file=$LOGFILE --with-pid-file=$PW_DIR/.samhain_lock --with-data-file=$PW_DIR/.samhain_file --enable-identity=rainer --enable-encrypt=2642 $MAKE clean >/dev/null || return 1 643 644 ${TOP_SRCDIR}/configure --quiet $TRUST --enable-debug --enable-network=server --enable-xml-log --enable-login-watch --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=${RCFILE}2 --with-log-file=${LOGFILE}2 --with-pid-file=$PW_DIR/.samhain_lock2 --with-html-file=${HTML}2 --with-state-dir=$PW_DIR --enable-encrypt=2 --with-port=49778 276 645 # 277 646 if test x$? = x0; then … … 290 659 fi 291 660 661 # save binary and build server 662 # 663 cp yule yule.2 || return 1 664 $MAKE clean >/dev/null || return 1 665 666 ${TOP_SRCDIR}/configure --quiet $TRUST --enable-debug --enable-network=server --enable-xml-log --enable-login-watch --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$RCFILE --with-log-file=$LOGFILE --with-pid-file=$PW_DIR/.samhain_lock --with-html-file=$HTML --with-state-dir=$PW_DIR --enable-encrypt=2 667 # 668 if test x$? = x0; then 669 [ -z "$verbose" ] || log_msg_ok "configure..."; 670 $MAKE > /dev/null 2>>test_log 671 if test x$? = x0; then 672 [ -z "$verbose" ] || log_msg_ok "make..."; 673 else 674 [ -z "$quiet" ] && log_msg_fail "make..."; 675 return 1 676 fi 677 678 else 679 [ -z "$quiet" ] && log_msg_fail "configure..."; 680 return 1 681 fi 682 292 683 293 684 ##################################################################### … … 330 721 mv samhain.build.new samhain.new || return 1 331 722 332 rm -f ./.samhain_log.* 333 rm -f ./.samhain_lock 334 335 SHCLT=`./yule -P $SHPW | sed s%HOSTNAME%${SH_LOCALHOST}%` 723 # Set in server 724 725 ./samhain_setpwd yule new $SHPW >/dev/null 726 727 if test x$? = x0; then 728 [ -z "$verbose" ] || log_msg_ok "./samhain_setpwd yule new $SHPW"; 729 else 730 [ -z "$quiet" ] && log_msg_fail "./samhain_setpwd yule new $SHPW"; 731 return 1 732 fi 733 734 mv yule.new yule || return 1 735 736 # 737 738 rm -f ./.samhain_log* 739 rm -f ./.samhain_lock* 740 741 SHCLT=`./yule -P $SHPW` 336 742 337 743 if test x$? = x0; then … … 342 748 fi 343 749 344 echo $SHCLT >> testrc_2 750 SHCLT1=`echo "${SHCLT}" | sed s%HOSTNAME%${SH_LOCALHOST}%` 751 AHOST=`find_hostname` 752 SHCLT2=`echo "${SHCLT}" | sed s%HOSTNAME%${AHOST}%` 753 754 755 echo $SHCLT1 >> testrc_2 756 echo $SHCLT2 >> testrc_2 757 cp testrc_2 testrc_22 345 758 346 759 do_test_1 … … 353 766 do_test_2 354 767 if [ $? -eq 0 ]; then 355 [ -z "$quiet" ] && log_ok 2 ${MAXTEST} "Client logging, sep erate logfiles";356 else 357 [ -z "$quiet" ] && log_fail 2 ${MAXTEST} "Client logging, sep erate logfiles";768 [ -z "$quiet" ] && log_ok 2 ${MAXTEST} "Client logging, separate logfiles"; 769 else 770 [ -z "$quiet" ] && log_fail 2 ${MAXTEST} "Client logging, separate logfiles"; 358 771 fi 359 772 … … 365 778 fi 366 779 780 do_test_4 781 if [ $? -eq 0 ]; then 782 [ -z "$quiet" ] && log_ok 4 ${MAXTEST} "Server command socket"; 783 else 784 [ -z "$quiet" ] && log_fail 4 ${MAXTEST} "Server command socket"; 785 fi 786 787 do_test_5 788 if [ $? -eq 0 ]; then 789 [ -z "$quiet" ] && log_ok 5 ${MAXTEST} "Server status file"; 790 else 791 [ -z "$quiet" ] && log_fail 5 ${MAXTEST} "Server status file"; 792 fi 793 367 794 return $? 368 795 } 369 796 370 MAXTEST= 3; export MAXTEST797 MAXTEST=5; export MAXTEST 371 798 372 799 testrun2 () -
/trunk/test/testrun_2a.sh
r20 r30 1 1 #! /bin/sh 2 3 # 4 # Copyright Rainer Wichmann (2006) 5 # 6 # License Information: 7 # This program is free software; you can redistribute it and/or modify 8 # it under the terms of the GNU General Public License as published by 9 # the Free Software Foundation; either version 2 of the License, or 10 # (at your option) any later version. 11 # 12 # This program is distributed in the hope that it will be useful, 13 # but WITHOUT ANY WARRANTY; without even the implied warranty of 14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 # GNU General Public License for more details. 16 # 17 # You should have received a copy of the GNU General Public License 18 # along with this program; if not, write to the Free Software 19 # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 20 # 2 21 3 22 LOGFILE="$PW_DIR/.samhain_log"; export LOGFILE … … 6 25 SERVER_BUILDOPTS="--quiet $TRUST --enable-network=server --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=REQ_FROM_SERVER$PW_DIR/testrc_2 --with-data-file=REQ_FROM_SERVER$PW_DIR/.samhain_file --with-logserver=${SH_LOCALHOST} --with-log-file=$PW_DIR/.samhain_log --with-pid-file=$PW_DIR/.samhain_lock"; export SERVER_BUILDOPTS 7 26 8 CLIENT_BUILDOPTS="--quiet $TRUST --enable-debug --enable-network=client --enable-srp --prefix=$PW_DIR -- localstatedir=$PW_DIR --with-config-file=REQ_FROM_SERVER$RCFILE --with-data-file=REQ_FROM_SERVER$PW_DIR/.samhain_file --with-logserver=localhost --with-log-file=$LOGFILE --with-pid-file=$PW_DIR/.samhain_lock"; export CLIENT_BUILDOPTS27 CLIENT_BUILDOPTS="--quiet $TRUST --enable-debug --enable-network=client --enable-srp --prefix=$PW_DIR --with-tmp-dir=$PW_DIR --localstatedir=$PW_DIR --with-config-file=REQ_FROM_SERVER$RCFILE --with-data-file=REQ_FROM_SERVER$PW_DIR/.samhain_file --with-logserver=localhost --with-log-file=$LOGFILE --with-pid-file=$PW_DIR/.samhain_lock"; export CLIENT_BUILDOPTS 9 28 10 29 do_test_1_a () { … … 15 34 echo; 16 35 } 17 ./yule -l info -p none >/dev/null 2>&1 & 36 rm -f test_log_valgrind 37 38 ${VALGRIND} ./yule -l info -p none >/dev/null 2>>test_log_valgrind & 18 39 PROC_Y=$! 19 40 sleep 5 … … 25 46 } 26 47 27 ./samhain.new -t check -p none -l none -e info --bind-address=127.0.0.1 >/dev/null 2>&148 ${VALGRIND} ./samhain.new -t check -p none -l none -e info --bind-address=127.0.0.1 >/dev/null 2>>test_log_valgrind 28 49 if test x$? = x0; then 29 50 [ -z "$verbose" ] || log_msg_ok "samhain.new -t check"; … … 63 84 fi 64 85 86 [ -z "$VALGRIND" ] || { 87 tmp=`cat test_log_valgrind 2>/dev/null | wc -l`; 88 if [ $tmp -ne 0 ]; then 89 [ -z "$verbose" ] || log_msg_fail "valgrind reports errors"; 90 cat test_log_valgrind 91 return 1; 92 fi; 93 } 65 94 66 95 return 0 … … 102 131 # 103 132 cp samhain samhain.build || return 1 104 makeclean >/dev/null || return 1133 $MAKE clean >/dev/null || return 1 105 134 106 135 ${TOP_SRCDIR}/configure ${SERVER_BUILDOPTS} … … 130 159 rm -f ./rc.${SH_LOCALHOST} 131 160 rm -f ./file.${SH_LOCALHOST} 161 rm -f "./rc.${ALTHOST}" 162 rm -f "./file.${ALTHOST}" 132 163 133 164 cp ${SCRIPTDIR}/testrc_2.in testrc_2 … … 166 197 rm -f ./.samhain_lock 167 198 168 SHCLT=`./yule -P $SHPW | sed s%HOSTNAME%${SH_LOCALHOST}%`199 SHCLT=`./yule -P $SHPW` 169 200 170 201 if test x$? = x0; then … … 175 206 fi 176 207 177 echo $SHCLT >> testrc_2 208 SHCLT1=`echo "${SHCLT}" | sed s%HOSTNAME%${SH_LOCALHOST}%` 209 AHOST=`find_hostname` 210 SHCLT2=`echo "${SHCLT}" | sed s%HOSTNAME%${AHOST}%` 211 212 213 echo $SHCLT1 >> testrc_2 214 echo $SHCLT2 >> testrc_2 215 178 216 179 217 cp ./testrc_2 ./rc.${SH_LOCALHOST} … … 186 224 } 187 225 188 MAXTEST= 1; export MAXTEST226 MAXTEST=5; export MAXTEST 189 227 190 228 testrun2a () … … 199 237 # 200 238 testrun2a_internal 201 #202 239 do_test_1_a 203 240 if [ $? -eq 0 ]; then … … 205 242 else 206 243 [ -z "$quiet" ] && log_fail 1 ${MAXTEST} "Client download+logging"; 244 fi 245 # 246 SERVER_BUILDOPTS_ORIG="${SERVER_BUILDOPTS}" 247 CLIENT_BUILDOPTS_ORIG="${CLIENT_BUILDOPTS}" 248 # 249 SERVER_BUILDOPTS="${SERVER_BUILDOPTS_ORIG} --disable-srp" 250 CLIENT_BUILDOPTS="${CLIENT_BUILDOPTS_ORIG} --disable-srp" 251 # 252 testrun2a_internal 253 do_test_1_a 254 if [ $? -eq 0 ]; then 255 [ -z "$quiet" ] && log_ok 2 ${MAXTEST} "SRP disabled"; 256 else 257 [ -z "$quiet" ] && log_fail 2 ${MAXTEST} "SRP disabled"; 258 fi 259 # 260 SERVER_BUILDOPTS="${SERVER_BUILDOPTS_ORIG} --disable-encrypt" 261 CLIENT_BUILDOPTS="${CLIENT_BUILDOPTS_ORIG} --disable-encrypt" 262 # 263 testrun2a_internal 264 do_test_1_a 265 if [ $? -eq 0 ]; then 266 [ -z "$quiet" ] && log_ok 3 ${MAXTEST} "Encryption disabled"; 267 else 268 [ -z "$quiet" ] && log_fail 3 ${MAXTEST} "Encryption disabled"; 269 fi 270 # 271 SERVER_BUILDOPTS="${SERVER_BUILDOPTS_ORIG} --enable-encrypt=1" 272 CLIENT_BUILDOPTS="${CLIENT_BUILDOPTS_ORIG} --enable-encrypt=1" 273 # 274 testrun2a_internal 275 do_test_1_a 276 if [ $? -eq 0 ]; then 277 [ -z "$quiet" ] && log_ok 4 ${MAXTEST} "Encryption (v1)"; 278 else 279 [ -z "$quiet" ] && log_fail 4 ${MAXTEST} "Encryption (v1)"; 280 fi 281 # 282 SERVER_BUILDOPTS="${SERVER_BUILDOPTS_ORIG}" 283 CLIENT_BUILDOPTS="${CLIENT_BUILDOPTS_ORIG} --enable-encrypt=1" 284 # 285 testrun2a_internal 286 do_test_1_a 287 if [ $? -eq 0 ]; then 288 [ -z "$quiet" ] && log_ok 5 ${MAXTEST} "Encryption backward compat"; 289 else 290 [ -z "$quiet" ] && log_fail 5 ${MAXTEST} "Encryption backward compat"; 207 291 fi 208 292 # -
/trunk/test/testrun_2b.sh
r20 r30 1 1 #! /bin/sh 2 3 # 4 # Copyright Rainer Wichmann (2006) 5 # 6 # License Information: 7 # This program is free software; you can redistribute it and/or modify 8 # it under the terms of the GNU General Public License as published by 9 # the Free Software Foundation; either version 2 of the License, or 10 # (at your option) any later version. 11 # 12 # This program is distributed in the hope that it will be useful, 13 # but WITHOUT ANY WARRANTY; without even the implied warranty of 14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 # GNU General Public License for more details. 16 # 17 # You should have received a copy of the GNU General Public License 18 # along with this program; if not, write to the Free Software 19 # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 20 # 2 21 3 22 LOGFILE="$PW_DIR/.samhain_log"; export LOGFILE … … 7 26 SERVER_BUILDOPTS="--quiet $TRUST --enable-network=server --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=REQ_FROM_SERVER$PW_DIR/testrc_2 --with-data-file=REQ_FROM_SERVER$PW_DIR/.samhain_file --with-logserver=${SH_LOCALHOST} --with-log-file=$PW_DIR/.samhain_log --with-pid-file=$PW_DIR/.samhain_lock"; export SERVER_BUILDOPTS 8 27 9 CLIENT_BUILDOPTS="--quiet $TRUST --enable-micro-stealth=137 --enable-debug --enable-network=client --enable-srp --prefix=$PW_DIR -- localstatedir=$PW_DIR --with-config-file=REQ_FROM_SERVER${RCFILE_C} --with-data-file=REQ_FROM_SERVER$PW_DIR/.samhain_file --with-logserver=localhost --with-log-file=$LOGFILE --with-pid-file=$PW_DIR/.samhain_lock"; export CLIENT_BUILDOPTS28 CLIENT_BUILDOPTS="--quiet $TRUST --enable-micro-stealth=137 --enable-debug --enable-network=client --enable-srp --prefix=$PW_DIR --with-tmp-dir=$PW_DIR --localstatedir=$PW_DIR --with-config-file=REQ_FROM_SERVER${RCFILE_C} --with-data-file=REQ_FROM_SERVER$PW_DIR/.samhain_file --with-logserver=localhost --with-log-file=$LOGFILE --with-pid-file=$PW_DIR/.samhain_lock"; export CLIENT_BUILDOPTS 10 29 11 30 testrun2b_internal () … … 61 80 62 81 cp samhain samhain.build || return 1 63 makeclean >/dev/null || return 182 $MAKE clean >/dev/null || return 1 64 83 65 84 ${TOP_SRCDIR}/configure ${SERVER_BUILDOPTS} … … 125 144 rm -f ./.samhain_lock 126 145 127 SHCLT=`./yule -P $SHPW | sed s%HOSTNAME%${SH_LOCALHOST}%`146 SHCLT=`./yule -P $SHPW` 128 147 129 148 if test x$? = x0; then … … 134 153 fi 135 154 136 echo $SHCLT >> testrc_2 155 SHCLT1=`echo "${SHCLT}" | sed s%HOSTNAME%${SH_LOCALHOST}%` 156 AHOST=`find_hostname` 157 SHCLT2=`echo "${SHCLT}" | sed s%HOSTNAME%${AHOST}%` 158 159 160 echo $SHCLT1 >> testrc_2 161 echo $SHCLT2 >> testrc_2 162 137 163 138 164 cp "${RCFILE_C}" ./rc.${SH_LOCALHOST} … … 140 166 141 167 ALTHOST=`find_hostname` 142 cp ./testrc_2"./rc.${ALTHOST}"168 cp "${RCFILE_C}" "./rc.${ALTHOST}" 143 169 cp ./file.${SH_LOCALHOST} "./file.${ALTHOST}" 2>/dev/null 144 170 } … … 166 192 167 193 testrun2b_internal "$GPG" 168 194 195 SAVE_VALGRIND="${VALGRIND}"; VALGRIND=''; export VALGRIND 169 196 do_test_1_a 197 VALGRIND="${SAVE_VALGRIND}"; export VALGRIND 170 198 if [ $? -eq 0 ]; then 171 199 [ -z "$quiet" ] && log_ok 1 ${MAXTEST} "Client download+logging w/gpg"; -
/trunk/test/testrun_2c.sh
r20 r30 1 1 #! /bin/sh 2 3 # 4 # Copyright Rainer Wichmann (2006) 5 # 6 # License Information: 7 # This program is free software; you can redistribute it and/or modify 8 # it under the terms of the GNU General Public License as published by 9 # the Free Software Foundation; either version 2 of the License, or 10 # (at your option) any later version. 11 # 12 # This program is distributed in the hope that it will be useful, 13 # but WITHOUT ANY WARRANTY; without even the implied warranty of 14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 # GNU General Public License for more details. 16 # 17 # You should have received a copy of the GNU General Public License 18 # along with this program; if not, write to the Free Software 19 # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 20 # 2 21 3 22 SERVER_BUILDOPTS="--quiet $TRUST --enable-xml-log --enable-debug --enable-network=server --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=REQ_FROM_SERVER$PW_DIR/testrc_2 --with-data-file=REQ_FROM_SERVER$PW_DIR/.samhain_file --with-logserver=${SH_LOCALHOST} --with-log-file=$PW_DIR/.samhain_log --with-pid-file=$PW_DIR/.samhain_lock --with-database=mysql"; export SERVER_BUILDOPTS 4 23 5 CLIENT_BUILDOPTS="--quiet $TRUST --prefix=$PW_DIR -- localstatedir=$PW_DIR --enable-network=client --disable-mail --disable-external-scripts --enable-login-watch --enable-xml-log --enable-db-reload --with-logserver=localhost --with-config-file=REQ_FROM_SERVER$PW_DIR/testrc_2 --with-data-file=REQ_FROM_SERVER$PW_DIR/.samhain_file --with-log-file=$PW_DIR/.samhain_log --with-pid-file=$PW_DIR/.samhain_lock"; export CLIENT_BUILDOPTS24 CLIENT_BUILDOPTS="--quiet $TRUST --prefix=$PW_DIR --with-tmp-dir=$PW_DIR --localstatedir=$PW_DIR --enable-network=client --disable-mail --disable-external-scripts --enable-login-watch --enable-xml-log --enable-db-reload --with-logserver=localhost --with-config-file=REQ_FROM_SERVER$PW_DIR/testrc_2 --with-data-file=REQ_FROM_SERVER$PW_DIR/.samhain_file --with-log-file=$PW_DIR/.samhain_log --with-pid-file=$PW_DIR/.samhain_lock"; export CLIENT_BUILDOPTS 6 25 7 26 check_mysql_log () { … … 73 92 REPLACEMENT="DatabaseSeverity=info" 74 93 ex $RCFILE <<EOF 75 :%s/$ORIGINAL/$REPLACEMENT/g76 :wq94 %s/$ORIGINAL/$REPLACEMENT/g 95 wq 77 96 EOF 78 97 # -
/trunk/test/testrun_2d.sh
r20 r30 1 1 #! /bin/sh 2 3 # 4 # Copyright Rainer Wichmann (2006) 5 # 6 # License Information: 7 # This program is free software; you can redistribute it and/or modify 8 # it under the terms of the GNU General Public License as published by 9 # the Free Software Foundation; either version 2 of the License, or 10 # (at your option) any later version. 11 # 12 # This program is distributed in the hope that it will be useful, 13 # but WITHOUT ANY WARRANTY; without even the implied warranty of 14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 # GNU General Public License for more details. 16 # 17 # You should have received a copy of the GNU General Public License 18 # along with this program; if not, write to the Free Software 19 # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 20 # 2 21 3 22 SERVER_BUILDOPTS="--quiet $TRUST --enable-xml-log --enable-debug --enable-network=server --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=REQ_FROM_SERVER$PW_DIR/testrc_2 --with-data-file=REQ_FROM_SERVER$PW_DIR/.samhain_file --with-logserver=${SH_LOCALHOST} --with-log-file=$PW_DIR/.samhain_log --with-pid-file=$PW_DIR/.samhain_lock --with-database=postgresql"; export SERVER_BUILDOPTS 4 23 5 CLIENT_BUILDOPTS="--quiet $TRUST --prefix=$PW_DIR -- localstatedir=$PW_DIR --enable-network=client --disable-mail --disable-external-scripts --enable-login-watch --enable-xml-log --enable-db-reload --with-logserver=localhost --with-config-file=REQ_FROM_SERVER$PW_DIR/testrc_2 --with-data-file=REQ_FROM_SERVER$PW_DIR/.samhain_file --with-log-file=$PW_DIR/.samhain_log --with-pid-file=$PW_DIR/.samhain_lock"; export CLIENT_BUILDOPTS24 CLIENT_BUILDOPTS="--quiet $TRUST --prefix=$PW_DIR --with-tmp-dir=$PW_DIR --localstatedir=$PW_DIR --enable-network=client --disable-mail --disable-external-scripts --enable-login-watch --enable-xml-log --enable-db-reload --with-logserver=localhost --with-config-file=REQ_FROM_SERVER$PW_DIR/testrc_2 --with-data-file=REQ_FROM_SERVER$PW_DIR/.samhain_file --with-log-file=$PW_DIR/.samhain_log --with-pid-file=$PW_DIR/.samhain_lock"; export CLIENT_BUILDOPTS 6 25 7 26 check_psql_log () { … … 75 94 REPLACEMENT="DatabaseSeverity=info" 76 95 ex $RCFILE <<EOF 77 :%s/$ORIGINAL/$REPLACEMENT/g78 :wq96 %s/$ORIGINAL/$REPLACEMENT/g 97 wq 79 98 EOF 80 99 # 81 100 do_test_1_a 101 # 82 102 if [ $? -ne 0 ]; then 83 103 [ -z "$quiet" ] && log_fail 1 ${MAXTEST} "Client/server w/postgresql"; -
/trunk/test/testtimesrv.sh
r20 r30 1 1 #! /bin/sh 2 3 # 4 # Copyright Rainer Wichmann (2006) 5 # 6 # License Information: 7 # This program is free software; you can redistribute it and/or modify 8 # it under the terms of the GNU General Public License as published by 9 # the Free Software Foundation; either version 2 of the License, or 10 # (at your option) any later version. 11 # 12 # This program is distributed in the hope that it will be useful, 13 # but WITHOUT ANY WARRANTY; without even the implied warranty of 14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 # GNU General Public License for more details. 16 # 17 # You should have received a copy of the GNU General Public License 18 # along with this program; if not, write to the Free Software 19 # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 20 # 2 21 3 22 RCFILE="$PW_DIR/testrc_1.dyn"; export RCFILE … … 11 30 prep_testdata () 12 31 { 13 chmod -R 0700 "${BASE}" || { 14 [ -z "$quiet" ] && log_msg_fail "chmod -R 0700 ${BASE}"; 15 return 1; 16 } 32 if test -d "$BASE"; then 33 chmod -R 0700 "${BASE}" || { 34 [ -z "$quiet" ] && log_msg_fail "chmod -R 0700 ${BASE}"; 35 return 1; 36 } 37 fi 17 38 18 39 rm -rf "${BASE}" || { … … 121 142 # standalone compilation 122 143 # 123 [ -z "$verbose" ] || { echo; echo "${S}Building standalone agent w/timeserver${E}"; echo; }144 [ -z "$verbose" ] || { echo; echo "${S}Building standalone agent${E}"; echo; } 124 145 # 125 146 if test -r "Makefile"; then … … 131 152 if test x$? = x0; then 132 153 [ -z "$verbose" ] || log_msg_ok "configure..."; 133 $MAKE > /dev/null 154 $MAKE > /dev/null 2>>test_log 134 155 if test x$? = x0; then 135 156 [ -z "$verbose" ] || log_msg_ok "make..."; -
/trunk/yulerc.template
r20 r30 165 165 ##################################################### 166 166 167 [Misc]168 169 ## whether to become a daemon process170 ## (this is not honoured on database initialisation)171 #172 # Daemon = no173 Daemon = yes174 175 176 167 177 168 [Misc] … … 183 174 # SetLoopTime = 60 184 175 SetLoopTime = 600 176 177 ## Normally, client messages are regarded as data within a 178 ## server message of fixed severity. The following two 179 ## options cause the server to use the original severity/class 180 ## of client messages for logging. 181 # 182 # UseClientSeverity = False 183 # UseClientClass = False 185 184 186 185 ## The maximum time between client messages (seconds)
Note:
See TracChangeset
for help on using the changeset viewer.
