/* Set OSSEC Authentication Key */ int set_ossec_key(char *key, HWND hwnd) { FILE *fp; char auth_file_tmp[] = AUTH_FILE; char *keys_file = basename_ex(auth_file_tmp); char tmp_path[strlen(TMP_DIR) + 1 + strlen(keys_file) + 6 + 1]; snprintf(tmp_path, sizeof(tmp_path), "%s/%sXXXXXX", TMP_DIR, keys_file); /* Create temporary file */ if (mkstemp_ex(tmp_path) == -1) { MessageBox(hwnd, "Could not create temporary file.", "Error -- Failure Setting IP", MB_OK); return (0); } fp = fopen(tmp_path, "w"); if (fp) { fprintf(fp, "%s", key); fclose(fp); } else { MessageBox(hwnd, "Could not open temporary file for write.", "Error -- Failure Importing Key", MB_OK); if (unlink(tmp_path)) { MessageBox(hwnd, "Could not delete temporary file.", "Error -- Failure Deleting Temporary File", MB_OK); } return (0); } if (rename_ex(tmp_path, AUTH_FILE)) { MessageBox(hwnd, "Unable to rename temporary file.", "Error -- Failure Renaming Temporary File", MB_OK); if (unlink(tmp_path)) { MessageBox(hwnd, "Could not delete temporary file.", "Error -- Failure Deleting Temporary File", MB_OK); } return (0); } return (1); }
/* Set OSSEC Server IP */ int set_ossec_server(char *ip, HWND hwnd) { const char **xml_pt = NULL; const char *(xml_serverip[]) = {"ossec_config", "client", "server-ip", NULL}; const char *(xml_serverhost[]) = {"ossec_config", "client", "server-hostname", NULL}; char config_tmp[] = CONFIG; char *conf_file = basename_ex(config_tmp); char tmp_path[strlen(TMP_DIR) + 1 + strlen(conf_file) + 6 + 1]; snprintf(tmp_path, sizeof(tmp_path), "%s/%sXXXXXX", TMP_DIR, conf_file); /* Verify IP Address */ if (OS_IsValidIP(ip, NULL) != 1) { char *s_ip; s_ip = OS_GetHost(ip, 0); if (!s_ip) { MessageBox(hwnd, "Invalid Server IP Address.\r\n" "It must be the valid IPv4 address of the " "OSSEC server or the resolvable hostname.", "Error -- Failure Setting IP", MB_OK); return (0); } config_inst.server_type = SERVER_HOST_USED; xml_pt = xml_serverhost; } else { config_inst.server_type = SERVER_IP_USED; xml_pt = xml_serverip; } /* Create temporary file */ if (mkstemp_ex(tmp_path) == -1) { MessageBox(hwnd, "Could not create temporary file.", "Error -- Failure Setting IP", MB_OK); return (0); } /* Read the XML. Print error and line number. */ if (OS_WriteXML(CONFIG, tmp_path, xml_pt, NULL, ip) != 0) { MessageBox(hwnd, "Unable to set OSSEC Server IP Address.\r\n" "(Internal error on the XML Write).", "Error -- Failure Setting IP", MB_OK); if (unlink(tmp_path)) { MessageBox(hwnd, "Could not delete temporary file.", "Error -- Failure Deleting Temporary File", MB_OK); } return (0); } /* Rename config files */ if (rename_ex(CONFIG, LASTCONFIG)) { MessageBox(hwnd, "Unable to backup configuration.", "Error -- Failure Backing Up Configuration", MB_OK); if (unlink(tmp_path)) { MessageBox(hwnd, "Could not delete temporary file.", "Error -- Failure Deleting Temporary File", MB_OK); } return (0); } if (rename_ex(tmp_path, CONFIG)) { MessageBox(hwnd, "Unable rename temporary file.", "Error -- Failure Renaming Temporary File", MB_OK); if (unlink(tmp_path)) { MessageBox(hwnd, "Could not delete temporary file.", "Error -- Failure Deleting Temporary File", MB_OK); } return (0); } return (1); }
/* Import a key */ int k_import(const char *cmdimport) { FILE *fp; const char *user_input; char *b64_dec; char *name; char *ip; char *tmp_key; char line_read[FILE_SIZE + 1]; char auth_file_tmp[] = AUTH_FILE; char *keys_file = basename_ex(auth_file_tmp); char tmp_path[strlen(TMP_DIR) + 1 + strlen(keys_file) + 6 + 1]; snprintf(tmp_path, sizeof(tmp_path), "%s/%sXXXXXX", TMP_DIR, keys_file); /* Parse user argument */ if (cmdimport) { user_input = cmdimport; } else { printf(IMPORT_KEY); user_input = getenv("OSSEC_AGENT_KEY"); if (user_input == NULL) { user_input = read_from_user(); } } /* Quit */ if (strcmp(user_input, QUIT) == 0) { return (0); } b64_dec = decode_base64(user_input); if (b64_dec == NULL) { printf(NO_KEY); printf(PRESS_ENTER); read_from_user(); return (0); } memset(line_read, '\0', FILE_SIZE + 1); strncpy(line_read, b64_dec, FILE_SIZE); name = strchr(b64_dec, ' '); if (name && strlen(line_read) < FILE_SIZE) { *name = '\0'; name++; ip = strchr(name, ' '); if (ip) { *ip = '\0'; ip++; tmp_key = strchr(ip, ' '); if (!tmp_key) { printf(NO_KEY); free(b64_dec); return (0); } *tmp_key = '\0'; printf("\n"); printf(AGENT_INFO, b64_dec, name, ip); while (1) { printf(ADD_CONFIRM); fflush(stdout); user_input = getenv("OSSEC_ACTION_CONFIRMED"); if (user_input == NULL) { user_input = read_from_user(); } if (user_input[0] == 'y' || user_input[0] == 'Y') { if (mkstemp_ex(tmp_path)) { ErrorExit(MKSTEMP_ERROR, ARGV0, tmp_path, errno, strerror(errno)); } #ifndef WIN32 if (chmod(tmp_path, 0440) == -1) { if (unlink(tmp_path)) { verbose(DELETE_ERROR, ARGV0, tmp_path, errno, strerror(errno)); } ErrorExit(CHMOD_ERROR, ARGV0, tmp_path, errno, strerror(errno)); } #endif fp = fopen(tmp_path, "w"); if (!fp) { if (unlink(tmp_path)) { verbose(DELETE_ERROR, ARGV0, tmp_path, errno, strerror(errno)); } ErrorExit(FOPEN_ERROR, ARGV0, tmp_path, errno, strerror(errno)); } fprintf(fp, "%s\n", line_read); fclose(fp); if (rename_ex(tmp_path, KEYS_FILE)) { if (unlink(tmp_path)) { verbose(DELETE_ERROR, ARGV0, tmp_path, errno, strerror(errno)); } ErrorExit(RENAME_ERROR, ARGV0, tmp_path, KEYS_FILE, errno, strerror(errno)); } /* Remove sender counter */ OS_RemoveCounter("sender"); printf(ADDED); printf(PRESS_ENTER); read_from_user(); restart_necessary = 1; free(b64_dec); return (1); } else { /* if(user_input[0] == 'n' || user_input[0] == 'N') */ printf("%s", ADD_NOT); free(b64_dec); return (0); } } } } printf(NO_KEY); printf(PRESS_ENTER); read_from_user(); free(b64_dec); return (0); }
/* Update the log position of a bookmark */ int update_bookmark(EVT_HANDLE evt, os_channel *channel) { DWORD size = 0; DWORD count = 0; wchar_t *buffer = NULL; int result = 0; int status = 0; int clean_tmp = 0; EVT_HANDLE bookmark = NULL; FILE *fp = NULL; char tmp_file[OS_MAXSTR]; /* Create temporary bookmark file name */ snprintf(tmp_file, sizeof(tmp_file), "%s/%s-XXXXXX", TMP_DIR, channel->bookmark_name); if ((bookmark = EvtCreateBookmark(NULL)) == NULL) { log2file( "%s: ERROR: Could not EvtCreateBookmark() bookmark (%s) for (%s) which returned (%lu)", ARGV0, channel->bookmark_filename, channel->evt_log, GetLastError()); goto cleanup; } if (!EvtUpdateBookmark(bookmark, evt)) { log2file( "%s: ERROR: Could not EvtUpdateBookmark() bookmark (%s) for (%s) which returned (%lu)", ARGV0, channel->bookmark_filename, channel->evt_log, GetLastError()); goto cleanup; } /* Make initial call to determine buffer size */ result = EvtRender(NULL, bookmark, EvtRenderBookmark, 0, NULL, &size, &count); if (result != FALSE || GetLastError() != ERROR_INSUFFICIENT_BUFFER) { log2file( "%s: ERROR: Could not EvtRender() to get buffer size to update bookmark (%s) for (%s) which returned (%lu)", ARGV0, channel->bookmark_filename, channel->evt_log, GetLastError()); goto cleanup; } if ((buffer = calloc(size, sizeof(char))) == NULL) { log2file( "%s: ERROR: Could not calloc() memory to save bookmark (%s) for (%s) which returned [(%d)-(%s)]", ARGV0, channel->bookmark_filename, channel->evt_log, errno, strerror(errno)); goto cleanup; } if (!EvtRender(NULL, bookmark, EvtRenderBookmark, size, buffer, &size, &count)) { log2file( "%s: ERROR: Could not EvtRender() bookmark (%s) for (%s) which returned (%lu)", ARGV0, channel->bookmark_filename, channel->evt_log, GetLastError()); goto cleanup; } if (mkstemp_ex(tmp_file)) { log2file( "%s: ERROR: Could not mkstemp_ex() temporary bookmark (%s) for (%s)", ARGV0, tmp_file, channel->evt_log); goto cleanup; } if ((fp = fopen(tmp_file, "w")) == NULL) { log2file( "%s: ERROR: Could not fopen() temporary bookmark (%s) for (%s) which returned [(%d)-(%s)]", ARGV0, tmp_file, channel->evt_log, errno, strerror(errno)); goto cleanup; } /* Help to determine whether or not temporary file needs to be removed when * function cleans up after itself */ clean_tmp = 1; if ((fwrite(buffer, 1, size, fp)) < size) { log2file( "%s: ERROR: Could not fwrite() to temporary bookmark (%s) for (%s) which returned [(%d)-(%s)]", ARGV0, tmp_file, channel->evt_log, errno, strerror(errno)); goto cleanup; } fclose(fp); if (rename_ex(tmp_file, channel->bookmark_filename)) { log2file( "%s: ERROR: Could not rename_ex() temporary bookmark (%s) to (%s) for (%s)", ARGV0, tmp_file, channel->bookmark_filename, channel->evt_log); goto cleanup; } /* Success */ status = 1; cleanup: free(buffer); if (bookmark != NULL) { EvtClose(bookmark); } if (fp) { fclose(fp); } if (status == 0 && clean_tmp == 1 && unlink(tmp_file)) { log2file(DELETE_ERROR, ARGV0, tmp_file, errno, strerror(errno)); } return (status); }
/* Update the log position of a bookmark */ int update_bookmark(EVT_HANDLE evt, os_channel *channel) { DWORD size = 0; DWORD count = 0; wchar_t *buffer = NULL; int result = 0; EVT_HANDLE bookmark = NULL; FILE *fp = NULL; char tmp_file[OS_MAXSTR]; /* Create bookmark temporary file name */ snprintf( tmp_file, sizeof(tmp_file), "%s/%s-XXXXXX", TMP_DIR, channel->evt_log ); replace_slash(tmp_file); if ((bookmark = EvtCreateBookmark(NULL)) == NULL) { log2file( "%s: ERROR: Could not EvtCreateBookmark() bookmark (%s) for (%s) which returned (%lu)", ARGV0, channel->bookmark_filename, channel->evt_log, GetLastError() ); return(0); } if (!EvtUpdateBookmark(bookmark, evt)) { log2file( "%s: ERROR: Could not EvtUpdateBookmark() bookmark (%s) for (%s) which returned (%lu)", ARGV0, channel->bookmark_filename, channel->evt_log, GetLastError() ); return(0); } /* Make initial call to determine buffer size */ result = EvtRender(NULL, bookmark, EvtRenderBookmark, 0, NULL, &size, &count); if (result != FALSE || GetLastError() != ERROR_INSUFFICIENT_BUFFER) { log2file( "%s: ERROR: Could not EvtRender() to get buffer size to update bookmark (%s) for (%s) which returned (%lu)", ARGV0, channel->bookmark_filename, channel->evt_log, GetLastError() ); return(0); } if ((buffer = calloc(size, 1)) == NULL) { log2file( "%s: ERROR: Could not calloc() memory to save bookmark (%s) for (%s) which returned [(%d)-(%s)]", ARGV0, channel->bookmark_filename, channel->evt_log, errno, strerror(errno) ); return(0); } if (!EvtRender(NULL, bookmark, EvtRenderBookmark, size, buffer, &size, &count)) { log2file( "%s: ERROR: Could not EvtRender() bookmark (%s) for (%s) which returned (%lu)", ARGV0, channel->bookmark_filename, channel->evt_log, GetLastError() ); return(0); } if (mkstemp_ex(tmp_file)) { log2file( "%s: ERROR: Could not mkstemp_ex() temporary bookmark (%s) for (%s)", ARGV0, tmp_file, channel->evt_log ); return(0); } if ((fp = fopen(tmp_file, "w")) == NULL) { log2file( "%s: ERROR: Could not fopen() temporary bookmark (%s) for (%s) which returned [(%d)-(%s)]", ARGV0, tmp_file, channel->evt_log, errno, strerror(errno) ); goto error; } if ((fwrite(buffer, 1, size, fp)) < size) { log2file( "%s: ERROR: Could not fwrite() to temporary bookmark (%s) for (%s) which returned [(%d)-(%s)]", ARGV0, tmp_file, channel->evt_log, errno, strerror(errno) ); goto error; } fclose(fp); if (rename_ex(tmp_file, channel->bookmark_filename)) { log2file( "%s: ERROR: Could not rename_ex() temporary bookmark (%s) to (%s) for (%s)", ARGV0, tmp_file, channel->bookmark_filename, channel->evt_log ); goto error; } /* success */ return(1); error: if (fp) fclose(fp); if (unlink(tmp_file)) { log2file(DELETE_ERROR, ARGV0, tmp_file, errno, strerror(errno)); } return(0); }