PERFORCE change 181467 for review
Sergio Ligregni
ligregni at FreeBSD.org
Wed Jul 28 08:21:38 UTC 2010
http://p4web.freebsd.org/@@181467?ac=10
Change 181467 by ligregni at ligPhenom on 2010/07/26 04:37:28
Modifications made because of MidTerm
Affected files ...
.. //depot/projects/soc2010/disaudit/damasterd.c#5 edit
.. //depot/projects/soc2010/disaudit/damasterd.h#5 delete
.. //depot/projects/soc2010/disaudit/msocket_work.c#5 edit
.. //depot/projects/soc2010/disaudit/shipd.c#8 edit
.. //depot/projects/soc2010/disaudit/shipd.h#8 delete
.. //depot/projects/soc2010/disaudit/ssocket_work.c#6 edit
.. //depot/projects/soc2010/disaudit/ssocket_work.h#6 edit
Differences ...
==== //depot/projects/soc2010/disaudit/damasterd.c#5 (text+ko) ====
@@ -27,22 +27,43 @@
/*** INCLUDES ***/
-#include "damasterd.h"
+#include "msocket_work.h"
+#include "utils.h"
+
+#include <ctype.h>
+#include <dirent.h>
#include <fcntl.h>
-#include "msocket_work.h"
+#include <stdarg.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
-#include <dirent.h>
#include <syslog.h>
-#include <stdarg.h>
+#include <time.h>
+#include <unistd.h>
+
#include <sys/types.h>
-#include <sys/md5.h>
+#include <sha256.h>
+#include <sys/socket.h>
#include <sys/stat.h>
-#include <time.h>
+
+#include <netinet/in.h>
+#include <netdb.h>
+
+#include <arpa/inet.h>
+
+#define AUDIT_DAMASTERD_FILE "/etc/security/damasterd_control"
/*** DECLARATIONS ***/
+/* local prototypes */
+static int check_files_equal(char *pathslave, char *md5slave, char *hostname,
+ char *path, char *fullpath);
+static int do_master_daemon();
+static int get_parameters();
+static int process_request(int sfd, struct sockaddr *clientinfo);
+static int receive_trail(int sfd, struct sockaddr *clientinfo);
+static int search_trail(int sfd, struct sockaddr *clientinfo);
+
/* Directory settings took from audit_control */
char slave_trails_dir[MAX_DIR_SIZE + 1];
char *ptr_std;
@@ -54,9 +75,6 @@
/* Port number */
int port_number;
-/* The destination of the messages are controlled by this variable */
-int debug;
-
/*
* The searching for a trail by it's name,
* or by it's name & origin host, this is for example,
@@ -71,20 +89,24 @@
*/
int lookup_host;
-/* Socket buffer management */
-char buffer[MAX_BUF_SIZE + 1];
-int brecv;
-
+/*
+ * DAMasterD
+ * Distributed Audit Master Daemon
+ *
+ * This program runs on a master system, in order
+ * to receive the trails (and perform the appropiate naming
+ * and pathing) from the slave systems, when not runs with
+ * debug option, it daemonize itself
+ */
+int
main(int argc, char *argv[])
{
char cl_opt;
- int last = 0;
debug = 0;
while ((cl_opt = getopt(argc, argv, "dl")) != -1)
- switch (cl_opt)
- {
+ switch (cl_opt) {
case 'd':
/* Debug option */
debug = 1;
@@ -92,24 +114,24 @@
}
/* If not debugging, daemonize the program */
- if (debug == 0 && daemon(0,0) != 0)
- {
+ if (debug == 0 && daemon(0,0) != 0) {
perror("Can't daemonize, exiting!");
exit(1);
}
/* Set the directory path, the host address, the panic level */
- if (get_parameters() == -1)
- {
+ if (get_parameters() == -1) {
to_log("Can't get the parameters to work!");
exit(1);
}
ptr_std = slave_trails_dir + strlen(slave_trails_dir);
- /* There is no shipd enabled and it wasn't called by AUDIT (normally the unique way to get 'last' on) */
- if (panic_level == 0)
- {
+ /*
+ * There is no shipd enabled and it wasn't called by AUDIT (normally
+ * the unique way to get 'last' on).
+ */
+ if (panic_level == 0) {
to_log("DAMasterd disabled");
exit(0);
}
@@ -117,57 +139,40 @@
if (do_master_daemon() == -1)
exit(1);
- return 0;
+ return (0);
}
-void
-to_log(char *message)
-{
-return;
- if (debug)
- perror(message);
- else
- syslog(LOG_ERR, "%s", message);
-}
-
-
+static int
do_master_daemon()
{
int socketfd, newsockfd, childpid;
char message[256];
- char client_host[256];
struct sockaddr clientinfo;
- if ((socketfd = init_socket(port_number)) < 0)
- {
- sprintf(message, "Error initializing socket on port %d", port_number);
+ if ((socketfd = init_socket(port_number)) < 0) {
+ sprintf(message, "Error initializing socket on port %d",
+ port_number);
to_log(message);
- return -1;
+ return (-1);
}
- while (1)
- {
+ while (1) {
newsockfd = accept_connection(socketfd, &clientinfo);
- if (newsockfd < 0)
- {
+ if (newsockfd < 0) {
sprintf(message, "Error accepting client connections");
to_log(message);
- return -1;
+ return (-1);
}
- if (!debug && (childpid = fork()) < 0)
- {
+ if (!debug && (childpid = fork()) < 0) {
to_log("Error forking the process");
- return -1;
- }
- else if (debug || childpid == 0)
- {
- if (process_request(newsockfd, &clientinfo) == -1)
- {
+ return (-1);
+ } else if (debug || childpid == 0) {
+ if (process_request(newsockfd, &clientinfo) == -1) {
to_log("Error processing client's request");
- return -1;
+ return (-1);
}
if (!debug)
close(socketfd);
@@ -178,22 +183,26 @@
usleep(1000);
}
- return 0;
+ return (0);
}
+static int
get_parameters()
{
- /* GSoC: using an special file, intended to include this values at audit_control */
- FILE *fpars = fopen("/etc/security/damasterd_control", "r");
+ /*
+ * GSoC: using an special file, intended to include this values at
+ * audit_control
+ */
+ FILE *fpars = fopen(AUDIT_DAMASTERD_FILE, "r");
char sslave_dirs[10];
char lkup_host[10];
if (!fpars)
- return -1;
+ return (-1);
if (feof(fpars))
- return -1;
+ return (-1);
fscanf(fpars, "%s", slave_trails_dir);
fscanf(fpars, "%s", sslave_dirs);
@@ -211,114 +220,128 @@
else
lookup_host = 0;
- return 0;
+ return (0);
}
+static int
process_request(int sfd, struct sockaddr *clientinfo)
{
int res = 0;
char opt[2];
- get_from_socket(sfd, opt);
+ get_from_socket(sfd, opt, sizeof (opt));
while (res != -1)
{
switch(opt[0])
{
- case '0': /* The process is finished */
+ case '0':
+ /* The process is finished */
return 0;
break;
- case '1': /* The request is about searching for a file */
+ case '1':
+ /* The request is about searching for a file */
res = search_trail(sfd, clientinfo);
break;
- case '2': /* The request is about receiving a trail */
+ case '2':
+ /* The request is about receiving a trail */
res = receive_trail(sfd, clientinfo);
break;
default:
to_log("Can't understand user's request!");
}
- get_from_socket(sfd, opt);
+ get_from_socket(sfd, opt, sizeof (opt));
}
close(sfd);
- return res;
+ return (res);
}
+static int
search_trail(int sfd, struct sockaddr *clientinfo)
{
DIR *dp;
struct dirent *dirp;
struct stat statbuf;
- char fullpath[MAX_PATH_SIZE + 1];
char *ptr;
char hbuf[NI_MAXHOST+1];
- char message[MAX_PATH_SIZE + 50];
+ char message[MAX_PATH_SIZE + MESSAGE_DESC_SIZE];
char hostname[NI_MAXHOST+1];
- char pathslave[MAX_TRAILPATH_SIZE+1], md5slave[33];
+ char pathslave[MAX_TRAILPATH_SIZE+1], sha256slave[SHA256_SIZE];
char dirpath[MAX_DIR_SIZE+1];
char found_trail[] = "n";
- get_from_socket(sfd, pathslave);
- get_from_socket(sfd, md5slave);
+ get_from_socket(sfd, pathslave, sizeof (pathslave));
+ get_from_socket(sfd, sha256slave, sizeof (sha256slave));
- strcpy(hostname, inet_ntoa(((struct sockaddr_in *) clientinfo)->sin_addr));
+ strlcpy(hostname,
+ inet_ntoa(((struct sockaddr_in *) clientinfo)->sin_addr),
+ sizeof (hostname));
- if (getnameinfo(clientinfo, clientinfo->sa_len, hbuf, sizeof(hbuf), NULL, 0, NI_NAMEREQD))
+ if (getnameinfo(clientinfo, clientinfo->sa_len, hbuf, sizeof(hbuf),
+ NULL, 0, NI_NAMEREQD))
to_log("Couldn't resolve hostname, using IP address");
else
- strcpy(hostname, hbuf);
+ strlcpy(hostname, hbuf, sizeof (hostname));
- sprintf(message, "Looking for \"%s\" from \"%s\" with MD5: \"%s\"", pathslave, hostname, md5slave);
+ snprintf(message, sizeof(message),
+ "Looking for \"%s\" from \"%s\" with SHA256: \"%s\"", pathslave,
+ hostname, sha256slave);
to_log(message);
- strcpy(dirpath, slave_trails_dir);
+ strlcpy(dirpath, slave_trails_dir, sizeof (dirpath));
- if (slave_dirs)
- {
- strcat(dirpath, "/");
- strcat(dirpath, hostname);
+ if (slave_dirs) {
+ strlcat(dirpath, "/", sizeof (dirpath));
+ strlcat(dirpath, hostname, sizeof (dirpath));
}
- /* Setting the fullpath to search */
- /* Fancy way to use the fullpath */
- strcpy(fullpath, dirpath);
- ptr = fullpath + strlen(fullpath);
- *ptr = '/';
- *(++ptr) = 0;
-
- if ( !(dp = opendir(dirpath)) )
- {
+ if ( !(dp = opendir(dirpath)) ) {
to_log("Can't open slave trails' directory");
send_to_socket(sfd, "n");
- return 1;
+ return (1);
}
- /* We must count the elements (just the valid ones, this is: the trails) of the directory */
- while (strcmp(found_trail, "y") && (dirp = readdir(dp)) != NULL )
- if (strcmp(dirp->d_name, ".") && strcmp(dirp->d_name, "..")) /* We have other than . or .. */
- {
- strcpy(ptr, dirp->d_name);
+ /*
+ * We must count the elements (just the valid ones, this is: the
+ * trails) of the directory.
+ */
+ while ('n' == found_trail[0] && (dirp = readdir(dp)) != NULL )
+ if (strcmp(dirp->d_name, ".") && strcmp(dirp->d_name, "..")) {
+ /* We have other than . or .. */
+
+ asprintf(&ptr, "%s/%s", dirpath, dirp->d_name);
- if ( stat(fullpath, &statbuf) < 0 )
+ if ( stat(ptr, &statbuf) < 0 )
{
to_log("Stat error!");
return -1;
}
- if (S_ISDIR(statbuf.st_mode) == 0) /* It's not a directory */
- if ( check_files_equal(pathslave, md5slave, hostname, dirp->d_name, fullpath) ) /* Check that the trails are the same name + MD5 */
- strcpy(found_trail, "y");
+ if (S_ISDIR(statbuf.st_mode) == 0) {
+ /* It's not a directory */
+ if ( check_files_equal(pathslave, sha256slave,
+ hostname, dirp->d_name, ptr) ) {
+ /*
+ * Check that the trails are the same
+ * name + SHA256
+ */
+ found_trail[0] = 'y';
+ }
+ }
+ free(ptr);
}
closedir(dp);
- sprintf(message, "The search for %s resulted: %s\n", pathslave, found_trail[0] == 'y' ? "YES" : "NO");
+ snprintf(message, sizeof (message), "The search for %s resulted: %s\n",
+ pathslave, ('y' == found_trail[0]) ? "YES" : "NO");
send_to_socket(sfd, found_trail);
- return 1;
+ return (1);
}
/*
@@ -329,103 +352,82 @@
* of the trails name
*/
-check_files_equal(char *pathslave, char *md5slave, char *hostname, char *path, char *fullpath)
+static int
+check_files_equal(char *pathslave, char *sha256slave, char *hostname, char *path,
+ char *fullpath)
{
char path_to_find[strlen(pathslave) + strlen(hostname) + 2];
- strcpy(path_to_find, pathslave);
+ strlcpy(path_to_find, pathslave, sizeof (path_to_find));
if (lookup_host)
{
- strcat(path_to_find, ".");
- strcat(path_to_find, hostname);
+ strlcat(path_to_find, ".", sizeof (path_to_find));
+ strlcat(path_to_find, hostname, sizeof (path_to_find));
}
if (!strncmp(path, path_to_find, strlen(path_to_find)))
{
- char *md5 = (char *) malloc (sizeof(char) * 33);
- md5 = MD5File(fullpath, md5);
+ char *sha256 = (char *) malloc (sizeof(char) * SHA256_SIZE);
+ sha256 = SHA256_File(fullpath, sha256);
- if (!strcmp(md5, md5slave))
- return 1;
+ if (!strcmp(sha256, sha256slave))
+ return (1);
- free(md5);
+ free(sha256);
}
- return 0;
+ return (0);
}
-void
-send_to_socket(int sfd, char *data)
-{
- int len = strlen(data);
-
- send(sfd, &len, sizeof(int), 0);
- send(sfd, data, len, 0);
-}
-
-void
-get_from_socket(int sfd, char *dest)
-{
- int len, left;
- char *ptr;
- brecv = recv(sfd, buffer, sizeof(int), 0);
- strncpy((char *) &len, buffer, sizeof(int));
-
- left = len;
- ptr = dest;
-
- while (left > 0)
- {
- brecv = recv(sfd, buffer, min(MAX_BUF_SIZE, left), 0);
- buffer[brecv] = 0;
- strcpy(ptr, buffer);
- ptr += brecv;
- left -= brecv;
- }
-}
-
+static int
receive_trail(int sfd, struct sockaddr *clientinfo)
{
DIR *dp;
char fullpath[MAX_PATH_SIZE + 1];
char hbuf[NI_MAXHOST+1];
- char message[MAX_PATH_SIZE + 50];
+ char message[MAX_PATH_SIZE + MESSAGE_DESC_SIZE];
char hostname[NI_MAXHOST+1];
char pathslave[MAX_TRAILPATH_SIZE+1];
char dirpath[MAX_DIR_SIZE+1];
+ char buffer[MAX_BUF_SIZE + 1];
+ int brecv;
time_t mtime;
struct tm *ltime;
unsigned file_size;
int fd, bwrtn, bread;
- get_from_socket(sfd, pathslave);
+ get_from_socket(sfd, pathslave, sizeof (pathslave));
- strcpy(hostname, inet_ntoa(((struct sockaddr_in *) clientinfo)->sin_addr));
+ strlcpy(hostname,
+ inet_ntoa(((struct sockaddr_in *) clientinfo)->sin_addr),
+ sizeof (hostname));
- if (getnameinfo(clientinfo, clientinfo->sa_len, hbuf, sizeof(hbuf), NULL, 0, NI_NAMEREQD))
+ if (getnameinfo(clientinfo, clientinfo->sa_len, hbuf, sizeof(hbuf),
+ NULL, 0, NI_NAMEREQD))
to_log("Couldn't resolve hostname, using IP address");
else
- strcpy(hostname, hbuf);
+ strlcpy(hostname, hbuf, sizeof (hostname));
- sprintf(message, "Receiving \"%s\" from \"%s\"", pathslave, hostname);
+ snprintf(message, sizeof (message), "Receiving \"%s\" from \"%s\"",
+ pathslave, hostname);
to_log(message);
- strcpy(dirpath, slave_trails_dir);
+ strlcpy(dirpath, slave_trails_dir, sizeof (dirpath));
- if ( !(dp = opendir(dirpath)) )
- {
- to_log("Can't open Slave trails dir, please create it or change the value at config files!");
- return -1;
+ if ( !(dp = opendir(dirpath)) ) {
+ to_log("Can't open Slave trails dir, please create it or"
+ " change the value at config files!");
+ return (-1);
}
closedir(dp);
if (slave_dirs)
{
- strcat(dirpath, "/");
- strcat(dirpath, hostname);
+ strlcat(dirpath, "/", sizeof (dirpath));
+ strlcat(dirpath, hostname, sizeof (dirpath));
}
if ( !(dp = opendir(dirpath)) )
@@ -440,75 +442,64 @@
else
closedir(dp);
- strcat(dirpath, "/");
+ strlcat(dirpath, "/", sizeof (dirpath));
mtime = time(NULL);
ltime = gmtime(&mtime);
- sprintf(fullpath, "%s%s.%s.%04d%02d%02d%02d%02d%02d",
- dirpath,
- pathslave,
- hostname,
- ltime->tm_year + 1900,
- ltime->tm_mon + 1,
- ltime->tm_mday,
- ltime->tm_hour,
- ltime->tm_min,
- ltime->tm_sec);
- sprintf(message, "Create: %s", fullpath);
+ snprintf(fullpath, sizeof(fullpath), "%s%s.%s.%04d%02d%02d%02d%02d%02d",
+ dirpath, pathslave, hostname, ltime->tm_year + 1900,
+ ltime->tm_mon + 1, ltime->tm_mday, ltime->tm_hour, ltime->tm_min,
+ ltime->tm_sec);
+ snprintf(message, sizeof (message), "Create: %s", fullpath);
to_log(message);
/* We get the trail size */
recv(sfd, &file_size, sizeof(file_size), 0);
fd = open(fullpath, O_CREAT | O_WRONLY);
- if (fd < 0)
- {
+ if (fd < 0) {
to_log("Can't create the trail at master system");
- return -1;
+ return (-1);
}
- while (file_size)
- {
+ while (file_size) {
brecv = recv(sfd, &bread, sizeof(bread), 0);
- if (brecv < 0)
- {
+ if (brecv < 0) {
to_log("Error receiving the file");
- return -1;
+ return (-1);
}
brecv = recv(sfd, buffer, bread, 0);
- if (brecv < 0)
- {
+ if (brecv < 0) {
to_log("Error receiving the file");
- return -1;
+ return (-1);
}
else if (brecv == 0)
break;
bwrtn = write(fd, buffer, brecv);
- if (bwrtn < 0 || bwrtn != brecv)
- {
+ if (bwrtn < 0 || bwrtn != brecv) {
to_log("Error writting the file");
- return -1;
+ return (-1);
}
file_size -= brecv;
}
- sprintf(message, "Master got: %s", fullpath);
+ snprintf(message, sizeof (message), "Master got: %s", fullpath);
+ to_log(message);
close(fd);
/* Change the permissions to be the same than the local trails */
- if (chmod(fullpath, S_IRUSR | S_IRGRP) < 0)
- {
+ if (chmod(fullpath, S_IRUSR | S_IRGRP) < 0) {
to_log("Error changing permissions");
- return -1;
+ return (-1);
}
- return 0;
+ return (0);
}
==== //depot/projects/soc2010/disaudit/msocket_work.c#5 (text+ko) ====
@@ -25,16 +25,22 @@
*
*/
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <netinet/in.h>
-#include <arpa/inet.h>
+#include "utils.h"
+
#include <netdb.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+
+#include <netinet/in.h>
+
+#include <arpa/inet.h>
+
+int
init_socket(int port)
{
struct sockaddr_in sockaddr;
@@ -45,7 +51,7 @@
if (sockfd < 0)
{
to_log("Cannot create socket!");
- return -1;
+ return (-1);
}
bzero(&sockaddr, sizeof(sockaddr));
@@ -57,18 +63,19 @@
if (bind(sockfd, (struct sockaddr *) &sockaddr, sizeof(sockaddr)) < 0)
{
to_log("Cannot bind to port");
- return -1;
+ return (-1);
}
listen(sockfd, 500);
- return sockfd;
+ return (sockfd);
}
+int
accept_connection(int sfd, struct sockaddr *clientinfo)
{
struct sockaddr_in clientaddr;
- int clientlen = sizeof(clientaddr);
+ socklen_t clientlen = sizeof(clientaddr);
int retval = 0;
retval = accept(sfd, (struct sockaddr *) &clientaddr, &clientlen);
@@ -76,6 +83,6 @@
if (retval >= 0)
memcpy(clientinfo, &clientaddr, sizeof(struct sockaddr));
- return retval;
+ return (retval);
}
==== //depot/projects/soc2010/disaudit/shipd.c#8 (text+ko) ====
@@ -27,36 +27,79 @@
/*** INCLUDES ***/
-#include "shipd.h"
#include "ssocket_work.h"
+#include "utils.h"
+
+#include <ctype.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <dirent.h>
#include <syslog.h>
#include <stdarg.h>
+#include <unistd.h>
+
#include <sys/types.h>
-#include <sys/md5.h>
+#include <sha256.h>
#include <sys/stat.h>
+#define PANIC_DATE 2
+#define PANIC_ALL 3
+
+#define DEL_FIRST 1
+#define DEL_LAST 2
+#define DEL_ALL 3
+
+#define AUDIT_SHIPD_FILE "/etc/security/shipd_control"
+
+
/*** DECLARATIONS ***/
+/* Trail Entries */
+typedef struct s_trail_entry
+{
+ char name[MAX_TRAILPATH_SIZE + 1];
+ int found;
+ struct s_trail_entry *next;
+} trail_entry;
+
/* Directory settings took from audit_control */
char audit_trails_dir[MAX_DIR_SIZE + 1];
char master_host[MAX_HOST_SIZE + 1];
+/*** local prototypes ***/
+static int add_trail_entry(trail_entry **root, char *name);
+static int cmp_trails (const void *A, const void *B);
+static void delete_trail_entry(trail_entry **root, int criteria, int number);
+static void do_daemon();
+static void do_daemon_date();
+static void do_daemon_all();
+static void do_last();
+static int get_last_trail(char *path, size_t path_size);
+static int get_parameters();
+static int is_audit_trail(char *path);
+static int is_in_master(trail_entry *cur, int *first_found);
+static void pll(trail_entry *root);
+static int send_trail(trail_entry *cur);
+
/* The level of trust the shipping process will have (0 means disabled) */
int panic_level;
/* The frequency the daemon will be checking the master's trail list */
int msec_freq;
-/* Two main things to be set by this variable, if daemonize or not, and the destination of the messages */
-int debug;
-
/* Port number */
int port_number;
+/*
+ * ShipD
+ * Shipping Daemon
+ *
+ * This program is checking, according to the panic_level variable
+ * the audit trail directories and send the trails to a master
+ * system, when no runs with debug option, it daemonize itself
+ */
+int
main (int argc, char *argv[])
{
char cl_opt;
@@ -65,53 +108,67 @@
debug = 0;
while ((cl_opt = getopt(argc, argv, "dl")) != -1)
- switch (cl_opt)
- {
+ switch (cl_opt) {
case 'd':
/* Debug option */
debug = 1;
break;
case 'l':
- /* Last trail (when called by AUDIT when it closes the trail) */
+ /*
+ * Last trail (when called by AUDIT when it
+ * closes the trail).
+ */
last = 1;
break;
}
/* If not debugging, daemonize the program */
- if (debug == 0 && daemon(0,0) != 0)
- {
+ if (debug == 0 && daemon(0,0) != 0) {
perror("Can't daemonize, exiting!");
exit(1);
}
/* Set the directory path, the host address, the panic level */
- if (get_parameters() == -1)
- {
+ if (get_parameters() == -1) {
to_log("Can't get the parameters to work!");
exit(1);
}
- /* There is no shipd enabled and it wasn't called by AUDIT (normally the unique way to get 'last' on) */
- if (panic_level < 2 && last == 0)
- {
+ /*
+ * There is no shipd enabled and it wasn't called by AUDIT (normally
+ * the unique way to get 'last' on).
+ */
+ if (panic_level < 2 && last == 0) {
to_log("Shipd disabled");
exit(0);
}
- /* This means that the daemon will only search for the last closed trail and send to the master system */
- if (last == 1)
+ /*
+ * This means that the daemon will only search for the last closed
+ * trail and send to the master system.
+ */
+ if (last == 1) {
do_last();
- else /* Otherwise, we will perform a permanent listing checking and sync them */
+ } else {
+ /*
+ * Otherwise, we will perform a permanent listing checking and
+ * sync them.
+ */
do_daemon();
+ }
- return 0;
+ return (0);
}
+static int
get_parameters()
{
- /* GSoC: using an special file, intended to include this values at audit_control */
- FILE *fpars = fopen("/etc/security/shipd_control", "r");
+ /*
+ * GSoC: using an special file, intended to include this values at
+ * audit_control.
+ */
+ FILE *fpars = fopen(AUDIT_SHIPD_FILE, "r");
if (!fpars)
return -1;
@@ -119,6 +176,10 @@
if (feof(fpars))
return -1;
+ /*
+ * XXX This parsing of the shipd_control file might need to be
+ * reworked a bit. -sson.
+ */
fscanf(fpars, "%s", audit_trails_dir);
fscanf(fpars, "%s", master_host);
fscanf(fpars, "%d", &panic_level);
@@ -127,43 +188,34 @@
fclose(fpars);
- return 0;
-}
-
-void
-to_log(char *message)
-{
-return;
- if (debug)
- perror(message);
- else
- syslog(LOG_ERR, "%s", message);
+ return (0);
}
/*
* Look for the last closed trail and
- * send it
+ * send it.
*/
-void
+static void
do_last()
{
char last_trail[MAX_TRAILPATH_SIZE + 1];
- char message[MAX_PATH_SIZE + 30];
+ char message[MAX_PATH_SIZE + MESSAGE_DESC_SIZE];
trail_entry *root = NULL;
- if (get_last_trail(last_trail) == -1)
+ if (get_last_trail(last_trail, sizeof (last_trail)) == -1)
to_log("Nothing to send!");
- sprintf(message, "Will send \"%s\" to %s", last_trail, master_host);
+ snprintf(message, sizeof (message), "Will send \"%s\" to %s",
+ last_trail, master_host);
to_log(message);
add_trail_entry(&root, last_trail);
- if (send_trail(root) == -1)
+ if (send_trail(root) == -1) {
to_log("Error sending the last trail");
- else
- {
- sprintf(message, "Successfully sent \"%s\" to %s", last_trail, master_host);
+ } else {
+ snprintf(message, sizeof (message),
+ "Successfully sent \"%s\" to %s", last_trail, master_host);
to_log(message);
}
@@ -175,64 +227,76 @@
* closed trail in meaning of lexicographic
* order (that is also a chronological one)
*/
-get_last_trail(char *path)
+static int
+get_last_trail(char *path, size_t path_size)
{
DIR *dp;
struct dirent *dirp;
struct stat statbuf;
- char fullpath[MAX_PATH_SIZE + 1];
char *ptr;
*path = 0;
- if ( !(dp = opendir(audit_trails_dir)) )
- {
+ if ( !(dp = opendir(audit_trails_dir)) ) {
to_log("Can't open directory");
return -1;
}
- strcpy(fullpath, audit_trails_dir);
- ptr = fullpath + strlen(fullpath);
- *ptr = '/';
- *(++ptr) = 0;
+ /*
+ * Here we will pass through the entire directory and get the path of
+ * the latest closed trail.
+ */
+ while ( (dirp = readdir(dp)) != NULL )
+ if (strcmp(dirp->d_name, ".") && strcmp(dirp->d_name, "..")) {
+ /* We have other than . or .. */
- /* Here we will pass through the entire directory and get the path of the latest closed trail */
+ asprintf(&ptr, "%s/%s", audit_trails_dir, dirp->d_name);
- while ( (dirp = readdir(dp)) != NULL )
- if (strcmp(dirp->d_name, ".") && strcmp(dirp->d_name, "..")) /* We have other than . or .. */
- {
- strcpy(ptr, dirp->d_name);
>>> TRUNCATED FOR MAIL (1000 lines) <<<
More information about the p4-projects
mailing list