/* Set OSSEC Authentication Key */
int set_ossec_key(char *key, HWND hwnd)
{
FILE *fp;
char auth_file_tmp[] = AUTH_FILE;
char *keys_file = basename_ex(auth_file_tmp);
char tmp_path[strlen(TMP_DIR) + 1 + strlen(keys_file) + 6 + 1];
snprintf(tmp_path, sizeof(tmp_path), "%s/%sXXXXXX", TMP_DIR, keys_file);
/* Create temporary file */
if (mkstemp_ex(tmp_path) == -1) {
MessageBox(hwnd, "Could not create temporary file.",
"Error -- Failure Setting IP", MB_OK);
return (0);
}
fp = fopen(tmp_path, "w");
if (fp) {
fprintf(fp, "%s", key);
fclose(fp);
} else {
MessageBox(hwnd, "Could not open temporary file for write.",
"Error -- Failure Importing Key", MB_OK);
if (unlink(tmp_path)) {
MessageBox(hwnd, "Could not delete temporary file.",
"Error -- Failure Deleting Temporary File", MB_OK);
}
return (0);
}
if (rename_ex(tmp_path, AUTH_FILE)) {
MessageBox(hwnd, "Unable to rename temporary file.",
"Error -- Failure Renaming Temporary File", MB_OK);
if (unlink(tmp_path)) {
MessageBox(hwnd, "Could not delete temporary file.",
"Error -- Failure Deleting Temporary File", MB_OK);
}
return (0);
}
return (1);
}
/* Set OSSEC Server IP */
int set_ossec_server(char *ip, HWND hwnd)
{
const char **xml_pt = NULL;
const char *(xml_serverip[]) = {"ossec_config", "client", "server-ip", NULL};
const char *(xml_serverhost[]) = {"ossec_config", "client", "server-hostname", NULL};
char config_tmp[] = CONFIG;
char *conf_file = basename_ex(config_tmp);
char tmp_path[strlen(TMP_DIR) + 1 + strlen(conf_file) + 6 + 1];
snprintf(tmp_path, sizeof(tmp_path), "%s/%sXXXXXX", TMP_DIR, conf_file);
/* Verify IP Address */
if (OS_IsValidIP(ip, NULL) != 1) {
char *s_ip;
s_ip = OS_GetHost(ip, 0);
if (!s_ip) {
MessageBox(hwnd, "Invalid Server IP Address.\r\n"
"It must be the valid IPv4 address of the "
"OSSEC server or the resolvable hostname.",
"Error -- Failure Setting IP", MB_OK);
return (0);
}
config_inst.server_type = SERVER_HOST_USED;
xml_pt = xml_serverhost;
} else {
config_inst.server_type = SERVER_IP_USED;
xml_pt = xml_serverip;
}
/* Create temporary file */
if (mkstemp_ex(tmp_path) == -1) {
MessageBox(hwnd, "Could not create temporary file.",
"Error -- Failure Setting IP", MB_OK);
return (0);
}
/* Read the XML. Print error and line number. */
if (OS_WriteXML(CONFIG, tmp_path, xml_pt, NULL, ip) != 0) {
MessageBox(hwnd, "Unable to set OSSEC Server IP Address.\r\n"
"(Internal error on the XML Write).",
"Error -- Failure Setting IP", MB_OK);
if (unlink(tmp_path)) {
MessageBox(hwnd, "Could not delete temporary file.",
"Error -- Failure Deleting Temporary File", MB_OK);
}
return (0);
}
/* Rename config files */
if (rename_ex(CONFIG, LASTCONFIG)) {
MessageBox(hwnd, "Unable to backup configuration.",
"Error -- Failure Backing Up Configuration", MB_OK);
if (unlink(tmp_path)) {
MessageBox(hwnd, "Could not delete temporary file.",
"Error -- Failure Deleting Temporary File", MB_OK);
}
return (0);
}
if (rename_ex(tmp_path, CONFIG)) {
MessageBox(hwnd, "Unable rename temporary file.",
"Error -- Failure Renaming Temporary File", MB_OK);
if (unlink(tmp_path)) {
MessageBox(hwnd, "Could not delete temporary file.",
"Error -- Failure Deleting Temporary File", MB_OK);
}
return (0);
}
return (1);
}
/* Import a key */
int k_import(const char *cmdimport)
{
FILE *fp;
const char *user_input;
char *b64_dec;
char *name;
char *ip;
char *tmp_key;
char line_read[FILE_SIZE + 1];
char auth_file_tmp[] = AUTH_FILE;
char *keys_file = basename_ex(auth_file_tmp);
char tmp_path[strlen(TMP_DIR) + 1 + strlen(keys_file) + 6 + 1];
snprintf(tmp_path, sizeof(tmp_path), "%s/%sXXXXXX", TMP_DIR, keys_file);
/* Parse user argument */
if (cmdimport) {
user_input = cmdimport;
} else {
printf(IMPORT_KEY);
user_input = getenv("OSSEC_AGENT_KEY");
if (user_input == NULL) {
user_input = read_from_user();
}
}
/* Quit */
if (strcmp(user_input, QUIT) == 0) {
return (0);
}
b64_dec = decode_base64(user_input);
if (b64_dec == NULL) {
printf(NO_KEY);
printf(PRESS_ENTER);
read_from_user();
return (0);
}
memset(line_read, '\0', FILE_SIZE + 1);
strncpy(line_read, b64_dec, FILE_SIZE);
name = strchr(b64_dec, ' ');
if (name && strlen(line_read) < FILE_SIZE) {
*name = '\0';
name++;
ip = strchr(name, ' ');
if (ip) {
*ip = '\0';
ip++;
tmp_key = strchr(ip, ' ');
if (!tmp_key) {
printf(NO_KEY);
free(b64_dec);
return (0);
}
*tmp_key = '\0';
printf("\n");
printf(AGENT_INFO, b64_dec, name, ip);
while (1) {
printf(ADD_CONFIRM);
fflush(stdout);
user_input = getenv("OSSEC_ACTION_CONFIRMED");
if (user_input == NULL) {
user_input = read_from_user();
}
if (user_input[0] == 'y' || user_input[0] == 'Y') {
if (mkstemp_ex(tmp_path)) {
ErrorExit(MKSTEMP_ERROR, ARGV0, tmp_path, errno, strerror(errno));
}
#ifndef WIN32
if (chmod(tmp_path, 0440) == -1) {
if (unlink(tmp_path)) {
verbose(DELETE_ERROR, ARGV0, tmp_path, errno, strerror(errno));
}
ErrorExit(CHMOD_ERROR, ARGV0, tmp_path, errno, strerror(errno));
}
#endif
fp = fopen(tmp_path, "w");
if (!fp) {
if (unlink(tmp_path)) {
verbose(DELETE_ERROR, ARGV0, tmp_path, errno, strerror(errno));
}
ErrorExit(FOPEN_ERROR, ARGV0, tmp_path, errno, strerror(errno));
}
fprintf(fp, "%s\n", line_read);
fclose(fp);
if (rename_ex(tmp_path, KEYS_FILE)) {
if (unlink(tmp_path)) {
verbose(DELETE_ERROR, ARGV0, tmp_path, errno, strerror(errno));
}
ErrorExit(RENAME_ERROR, ARGV0, tmp_path, KEYS_FILE, errno, strerror(errno));
}
/* Remove sender counter */
OS_RemoveCounter("sender");
printf(ADDED);
printf(PRESS_ENTER);
read_from_user();
restart_necessary = 1;
free(b64_dec);
return (1);
} else { /* if(user_input[0] == 'n' || user_input[0] == 'N') */
printf("%s", ADD_NOT);
free(b64_dec);
return (0);
}
}
}
}
printf(NO_KEY);
printf(PRESS_ENTER);
read_from_user();
free(b64_dec);
return (0);
}
/* Update the log position of a bookmark */
int update_bookmark(EVT_HANDLE evt, os_channel *channel)
{
DWORD size = 0;
DWORD count = 0;
wchar_t *buffer = NULL;
int result = 0;
int status = 0;
int clean_tmp = 0;
EVT_HANDLE bookmark = NULL;
FILE *fp = NULL;
char tmp_file[OS_MAXSTR];
/* Create temporary bookmark file name */
snprintf(tmp_file,
sizeof(tmp_file),
"%s/%s-XXXXXX",
TMP_DIR,
channel->bookmark_name);
if ((bookmark = EvtCreateBookmark(NULL)) == NULL) {
log2file(
"%s: ERROR: Could not EvtCreateBookmark() bookmark (%s) for (%s) which returned (%lu)",
ARGV0,
channel->bookmark_filename,
channel->evt_log,
GetLastError());
goto cleanup;
}
if (!EvtUpdateBookmark(bookmark, evt)) {
log2file(
"%s: ERROR: Could not EvtUpdateBookmark() bookmark (%s) for (%s) which returned (%lu)",
ARGV0,
channel->bookmark_filename,
channel->evt_log,
GetLastError());
goto cleanup;
}
/* Make initial call to determine buffer size */
result = EvtRender(NULL,
bookmark,
EvtRenderBookmark,
0,
NULL,
&size,
&count);
if (result != FALSE || GetLastError() != ERROR_INSUFFICIENT_BUFFER) {
log2file(
"%s: ERROR: Could not EvtRender() to get buffer size to update bookmark (%s) for (%s) which returned (%lu)",
ARGV0,
channel->bookmark_filename,
channel->evt_log,
GetLastError());
goto cleanup;
}
if ((buffer = calloc(size, sizeof(char))) == NULL) {
log2file(
"%s: ERROR: Could not calloc() memory to save bookmark (%s) for (%s) which returned [(%d)-(%s)]",
ARGV0,
channel->bookmark_filename,
channel->evt_log,
errno,
strerror(errno));
goto cleanup;
}
if (!EvtRender(NULL,
bookmark,
EvtRenderBookmark,
size,
buffer,
&size,
&count)) {
log2file(
"%s: ERROR: Could not EvtRender() bookmark (%s) for (%s) which returned (%lu)",
ARGV0, channel->bookmark_filename, channel->evt_log,
GetLastError());
goto cleanup;
}
if (mkstemp_ex(tmp_file)) {
log2file(
"%s: ERROR: Could not mkstemp_ex() temporary bookmark (%s) for (%s)",
ARGV0,
tmp_file,
channel->evt_log);
goto cleanup;
}
if ((fp = fopen(tmp_file, "w")) == NULL) {
log2file(
"%s: ERROR: Could not fopen() temporary bookmark (%s) for (%s) which returned [(%d)-(%s)]",
ARGV0,
tmp_file,
channel->evt_log,
errno,
strerror(errno));
goto cleanup;
}
/* Help to determine whether or not temporary file needs to be removed when
* function cleans up after itself
*/
clean_tmp = 1;
if ((fwrite(buffer, 1, size, fp)) < size) {
log2file(
"%s: ERROR: Could not fwrite() to temporary bookmark (%s) for (%s) which returned [(%d)-(%s)]",
ARGV0,
tmp_file,
channel->evt_log,
errno,
strerror(errno));
goto cleanup;
}
fclose(fp);
if (rename_ex(tmp_file, channel->bookmark_filename)) {
log2file(
"%s: ERROR: Could not rename_ex() temporary bookmark (%s) to (%s) for (%s)",
ARGV0,
tmp_file,
channel->bookmark_filename,
channel->evt_log);
goto cleanup;
}
/* Success */
status = 1;
cleanup:
free(buffer);
if (bookmark != NULL) {
EvtClose(bookmark);
}
if (fp) {
fclose(fp);
}
if (status == 0 && clean_tmp == 1 && unlink(tmp_file)) {
log2file(DELETE_ERROR,
ARGV0,
tmp_file,
errno,
strerror(errno));
}
return (status);
}
/* Update the log position of a bookmark */
int update_bookmark(EVT_HANDLE evt, os_channel *channel)
{
DWORD size = 0;
DWORD count = 0;
wchar_t *buffer = NULL;
int result = 0;
EVT_HANDLE bookmark = NULL;
FILE *fp = NULL;
char tmp_file[OS_MAXSTR];
/* Create bookmark temporary file name */
snprintf(
tmp_file,
sizeof(tmp_file),
"%s/%s-XXXXXX",
TMP_DIR,
channel->evt_log
);
replace_slash(tmp_file);
if ((bookmark = EvtCreateBookmark(NULL)) == NULL)
{
log2file(
"%s: ERROR: Could not EvtCreateBookmark() bookmark (%s) for (%s) which returned (%lu)",
ARGV0,
channel->bookmark_filename,
channel->evt_log,
GetLastError()
);
return(0);
}
if (!EvtUpdateBookmark(bookmark, evt))
{
log2file(
"%s: ERROR: Could not EvtUpdateBookmark() bookmark (%s) for (%s) which returned (%lu)",
ARGV0,
channel->bookmark_filename,
channel->evt_log,
GetLastError()
);
return(0);
}
/* Make initial call to determine buffer size */
result = EvtRender(NULL, bookmark, EvtRenderBookmark, 0, NULL, &size, &count);
if (result != FALSE || GetLastError() != ERROR_INSUFFICIENT_BUFFER)
{
log2file(
"%s: ERROR: Could not EvtRender() to get buffer size to update bookmark (%s) for (%s) which returned (%lu)",
ARGV0,
channel->bookmark_filename,
channel->evt_log,
GetLastError()
);
return(0);
}
if ((buffer = calloc(size, 1)) == NULL)
{
log2file(
"%s: ERROR: Could not calloc() memory to save bookmark (%s) for (%s) which returned [(%d)-(%s)]",
ARGV0,
channel->bookmark_filename,
channel->evt_log,
errno,
strerror(errno)
);
return(0);
}
if (!EvtRender(NULL, bookmark, EvtRenderBookmark, size, buffer, &size, &count))
{
log2file(
"%s: ERROR: Could not EvtRender() bookmark (%s) for (%s) which returned (%lu)",
ARGV0,
channel->bookmark_filename,
channel->evt_log,
GetLastError()
);
return(0);
}
if (mkstemp_ex(tmp_file))
{
log2file(
"%s: ERROR: Could not mkstemp_ex() temporary bookmark (%s) for (%s)",
ARGV0,
tmp_file,
channel->evt_log
);
return(0);
}
if ((fp = fopen(tmp_file, "w")) == NULL)
{
log2file(
"%s: ERROR: Could not fopen() temporary bookmark (%s) for (%s) which returned [(%d)-(%s)]",
ARGV0,
tmp_file,
channel->evt_log,
errno,
strerror(errno)
);
goto error;
}
if ((fwrite(buffer, 1, size, fp)) < size)
{
log2file(
"%s: ERROR: Could not fwrite() to temporary bookmark (%s) for (%s) which returned [(%d)-(%s)]",
ARGV0,
tmp_file,
channel->evt_log,
errno,
strerror(errno)
);
goto error;
}
fclose(fp);
if (rename_ex(tmp_file, channel->bookmark_filename))
{
log2file(
"%s: ERROR: Could not rename_ex() temporary bookmark (%s) to (%s) for (%s)",
ARGV0,
tmp_file,
channel->bookmark_filename,
channel->evt_log
);
goto error;
}
/* success */
return(1);
error:
if (fp)
fclose(fp);
if (unlink(tmp_file))
{
log2file(DELETE_ERROR, ARGV0, tmp_file, errno, strerror(errno));
}
return(0);
}
