PERFORCE change 180027 for review

Mon Jun 21 03:20:32 UTC 2010

http://p4web.freebsd.org/@@180027?ac=10

Change 180027 by ligregni at ligPhenom on 2010/06/21 03:19:59

	Implemented MD5, the socket work file created, also included
	a Makefile to simplify development and using

Affected files ...

.. //depot/projects/soc2010/disaudit/Makefile#1 add
.. //depot/projects/soc2010/disaudit/ideas.txt#4 edit
.. //depot/projects/soc2010/disaudit/shipd.c#4 edit
.. //depot/projects/soc2010/disaudit/shipd.h#4 edit
.. //depot/projects/soc2010/disaudit/ssocket_work.c#1 add
.. //depot/projects/soc2010/disaudit/ssocket_work.h#1 add

Differences ...

==== //depot/projects/soc2010/disaudit/ideas.txt#4 (text+ko) ====

@@ -8,6 +8,7 @@
 PARAMETERS (the main idea is to get them from /etc/security/audit_control)
 
 disaudit_type:master					# none, master, slave, obviouslly depending on this to use the following parameters
+disaudit_port:53686
 
 
 /* SLAVE */

==== //depot/projects/soc2010/disaudit/shipd.c#4 (text+ko) ====

@@ -28,6 +28,7 @@
 /*** INCLUDES ***/
 
 #include "shipd.h"
+#include "ssocket_work.h"
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
@@ -35,6 +36,7 @@
 #include <syslog.h>
 #include <stdarg.h>
 #include <sys/types.h>
+#include <sys/md5.h>
 #include <sys/stat.h>
 
 /*** DECLARATIONS ***/
@@ -52,6 +54,9 @@
 /* Two main things to be set by this variable, if daemonize or not, and the destination of the messages */
 int debug;
 
+/* Port number */
+int port_number;
+
 main (int argc, char *argv[])
 {
 	char cl_opt;
@@ -118,6 +123,7 @@
 	fscanf(fpars, "%s", master_host);
 	fscanf(fpars, "%d", &panic_level);
 	fscanf(fpars, "%d", &msec_freq);
+	fscanf(fpars, "%d", &port_number);
 
 	return 0;
 }
@@ -131,6 +137,10 @@
 		syslog(LOG_ERR, "%s", message);
 }
 
+/*
+ * Look for the last closed trail and
+ * send it
+ */
 void
 do_last()
 {
@@ -153,6 +163,11 @@
 	}
 }
 
+/*
+ * Used by do_last() function, this get the last
+ * closed trail in meaning of lexicographic
+ * order (that is also a chronological one)
+ */
 int
 get_last_trail(char *path)
 {
@@ -206,6 +221,12 @@
 	return 0;
 }
 
+/*
+ * When exploring /var/audit/ (or the directory
+ * where the trails are), not all files are trails
+ * so we must ensure we will only deal with the ones
+ * that are trails
+ */
 int
 is_audit_trail(char *path)
 {
@@ -324,8 +345,11 @@
 	qsort(trail_paths, n_elements, sizeof(*trail_paths), cmp_trails);
 
 	for (i=0; i<n_elements; ++i)
-		if (is_in_master(trail_paths[i]))
+	{
+		strcpy(ptr, trail_paths[i]);
+		if (is_in_master(trail_paths[i], fullpath))
 			break;
+	}
 
 	/*
 	 * At this point, the variable i holds the index of the first ok trail in master system
@@ -355,6 +379,11 @@
 	return;
 }
 
+/*
+ * Using the audit trail's names advantage, we define
+ * that an audit trail is older than the other one
+ * according their lexicographic value
+ */
 int cmp_trails (const void *A, const void *B)
 {
 	if (strcmp(*((char **)A), *((char **)B)) < 0)
@@ -362,9 +391,33 @@
 	return -1;
 }
 
-int is_in_master(char *path)
+/*
+ * This function calculates the MD5 checksum for a trail
+ * and checks if it is on master system using two
+ * file unique atributes, the name and the checksum,
+ * the last one for checking file integrity, if the MD5
+ * checksums on both systems are not equal, then the function
+ * will return "false" since an incomplete trail is not valid here.
+ */
+int is_in_master(char *path, char *fullpath)
 {
-	return 0;
+	char *md5 = (char *) malloc (sizeof(char) * 33);
+	char message[MAX_PATH_SIZE + 33];
+	int ret_val=1;
+	MD5_CTX context;
+
+	/* Get the MD5 checksum for the file (notice that here we use the fullpath) */
+	md5 = MD5File(fullpath, md5);
+	sprintf(message, "The MD5 checksum for %s is %s", path, md5);
+	to_log(message);
+
+	/* Included in socket_work.c, this intended to implement SSL later */
+	if (do_socket_check_file(master_host, port_number, path, fullpath, md5) == -1)
+		ret_val = 0;
+
+	free(md5);
+
+	return ret_val;
 }
 
 
@@ -408,7 +461,7 @@
 
 			if (S_ISDIR(statbuf.st_mode) == 0) /* It's not a directory */
 				if ( is_audit_trail(dirp->d_name) ) /* It's not other file */
-					if ( !is_in_master(dirp->d_name) )
+					if ( !is_in_master(dirp->d_name, fullpath) )
 						if (send_trail(fullpath) == -1)
 						{
 							sprintf(message, "ERROR Sending \"%s\" to %s", fullpath, master_host);

==== //depot/projects/soc2010/disaudit/shipd.h#4 (text+ko) ====

@@ -44,7 +44,7 @@
 int send_trail(char *);
 void do_daemon_date();
 int cmp_trails(const void *, const void *);
-int is_in_master(char *);
+int is_in_master(char *, char *);
 void do_daemon_all();
 
 
