/* Search the DB for any entry related to the file being received */
static int DB_Search(const char *f_name, char *c_sum, Eventinfo *lf)
{
int p = 0;
size_t sn_size;
int agent_id;
char *saved_sum;
char *saved_name;
FILE *fp;
SyscheckSum oldsum;
SyscheckSum newsum;
/* Get db pointer */
fp = DB_File(lf->location, &agent_id);
if (!fp) {
merror("%s: Error handling integrity database.", ARGV0);
sdb.db_err++;
lf->data = NULL;
return (0);
}
/* Read the integrity file and search for a possible entry */
if (fgetpos(fp, &sdb.init_pos) == -1) {
merror("%s: Error handling integrity database (fgetpos).", ARGV0);
return (0);
}
/* Loop over the file */
while (fgets(sdb.buf, OS_MAXSTR, fp) != NULL) {
/* Ignore blank lines and lines with a comment */
if (sdb.buf[0] == '\n' || sdb.buf[0] == '#') {
fgetpos(fp, &sdb.init_pos); /* Get next location */
continue;
}
/* Get name */
saved_name = strchr(sdb.buf, ' ');
if (saved_name == NULL) {
merror("%s: Invalid integrity message in the database.", ARGV0);
fgetpos(fp, &sdb.init_pos); /* Get next location */
continue;
}
*saved_name = '\0';
saved_name++;
/* New format - with a timestamp */
if (*saved_name == '!') {
saved_name = strchr(saved_name, ' ');
if (saved_name == NULL) {
merror("%s: Invalid integrity message in the database", ARGV0);
fgetpos(fp, &sdb.init_pos); /* Get next location */
continue;
}
saved_name++;
}
/* Remove newline from saved_name */
sn_size = strlen(saved_name);
sn_size -= 1;
if (saved_name[sn_size] == '\n') {
saved_name[sn_size] = '\0';
}
/* If name is different, go to next one */
if (strcmp(f_name, saved_name) != 0) {
/* Save current location */
fgetpos(fp, &sdb.init_pos);
continue;
}
saved_sum = sdb.buf;
/* First three bytes are for frequency check */
saved_sum += 3;
/* Checksum match, we can just return and keep going */
if (strcmp(saved_sum, c_sum) == 0) {
lf->data = NULL;
return (0);
}
debug2("Agent: %d, location: <%s>, file: <%s>, sum: <%s>, saved: <%s>", agent_id, lf->location, f_name, c_sum, saved_sum);
/* If we reached here, the checksum of the file has changed */
if (saved_sum[-3] == '!') {
p++;
if (saved_sum[-2] == '!') {
p++;
if (saved_sum[-1] == '!') {
p++;
} else if (saved_sum[-1] == '?') {
p += 2;
}
}
}
/* Check the number of changes */
if (!Config.syscheck_auto_ignore) {
sdb.syscheck_dec->id = sdb.id1;
} else {
switch (p) {
case 0:
sdb.syscheck_dec->id = sdb.id1;
break;
case 1:
sdb.syscheck_dec->id = sdb.id2;
break;
case 2:
sdb.syscheck_dec->id = sdb.id3;
break;
default:
lf->data = NULL;
return (0);
break;
}
}
/* Add new checksum to the database */
/* Commenting the file entry and adding a new one later */
if (fsetpos(fp, &sdb.init_pos)) {
merror("%s: Error handling integrity database (fsetpos).", ARGV0);
return (0);
}
fputc('#', fp);
/* Add the new entry at the end of the file */
fseek(fp, 0, SEEK_END);
fprintf(fp, "%c%c%c%s !%ld %s\n",
'!',
p >= 1 ? '!' : '+',
p == 2 ? '!' : (p > 2) ? '?' : '+',
c_sum,
(long int)lf->time,
f_name);
fflush(fp);
switch (DecodeSum(&newsum, c_sum)) {
case -1:
merror("%s: ERROR: Couldn't decode syscheck sum from log.", ARGV0);
lf->data = NULL;
return 0;
case 0:
switch (DecodeSum(&oldsum, saved_sum)) {
case -1:
merror("%s: ERROR: Couldn't decode syscheck sum from database.", ARGV0);
lf->data = NULL;
return 0;
case 0:
FillEvent(lf, f_name, &newsum);
/* Generate size message */
if (!oldsum.size || !newsum.size || strcmp(oldsum.size, newsum.size) == 0) {
sdb.size[0] = '\0';
} else {
snprintf(sdb.size, OS_FLSIZE,
"Size changed from '%s' to '%s'\n",
oldsum.size, newsum.size);
os_strdup(oldsum.size, lf->size_before);
}
/* Permission message */
if (oldsum.perm == newsum.perm) {
sdb.perm[0] = '\0';
} else if (oldsum.perm > 0 && newsum.perm > 0) {
snprintf(sdb.perm, OS_FLSIZE, "Permissions changed from "
"'%c%c%c%c%c%c%c%c%c' "
"to '%c%c%c%c%c%c%c%c%c'\n",
(oldsum.perm & S_IRUSR) ? 'r' : '-',
(oldsum.perm & S_IWUSR) ? 'w' : '-',
(oldsum.perm & S_ISUID) ? 's' :
(oldsum.perm & S_IXUSR) ? 'x' : '-',
(oldsum.perm & S_IRGRP) ? 'r' : '-',
(oldsum.perm & S_IWGRP) ? 'w' : '-',
(oldsum.perm & S_ISGID) ? 's' :
(oldsum.perm & S_IXGRP) ? 'x' : '-',
(oldsum.perm & S_IROTH) ? 'r' : '-',
(oldsum.perm & S_IWOTH) ? 'w' : '-',
(oldsum.perm & S_ISVTX) ? 't' :
(oldsum.perm & S_IXOTH) ? 'x' : '-',
(newsum.perm & S_IRUSR) ? 'r' : '-',
(newsum.perm & S_IWUSR) ? 'w' : '-',
(newsum.perm & S_ISUID) ? 's' :
(newsum.perm & S_IXUSR) ? 'x' : '-',
(newsum.perm & S_IRGRP) ? 'r' : '-',
(newsum.perm & S_IWGRP) ? 'w' : '-',
(newsum.perm & S_ISGID) ? 's' :
(newsum.perm & S_IXGRP) ? 'x' : '-',
(newsum.perm & S_IROTH) ? 'r' : '-',
(newsum.perm & S_IWOTH) ? 'w' : '-',
(newsum.perm & S_ISVTX) ? 't' :
(newsum.perm & S_IXOTH) ? 'x' : '-');
lf->perm_before = oldsum.perm;
}
/* Ownership message */
if (!newsum.uid || !oldsum.uid || strcmp(newsum.uid, oldsum.uid) == 0) {
sdb.owner[0] = '\0';
} else {
if (oldsum.uname && newsum.uname) {
snprintf(sdb.owner, OS_FLSIZE, "Ownership was '%s (%s)', now it is '%s (%s)'\n", oldsum.uname, oldsum.uid, newsum.uname, newsum.uid);
os_strdup(oldsum.uname, lf->uname_before);
} else
snprintf(sdb.owner, OS_FLSIZE, "Ownership was '%s', "
"now it is '%s'\n",
oldsum.uid, newsum.uid);
os_strdup(oldsum.uid, lf->owner_before);
}
/* Group ownership message */
if (!newsum.gid || !oldsum.gid || strcmp(newsum.gid, oldsum.gid) == 0) {
sdb.gowner[0] = '\0';
} else {
if (oldsum.gname && newsum.gname) {
snprintf(sdb.owner, OS_FLSIZE, "Group ownership was '%s (%s)', now it is '%s (%s)'\n", oldsum.gname, oldsum.gid, newsum.gname, newsum.gid);
os_strdup(oldsum.gname, lf->gname_before);
} else
snprintf(sdb.gowner, OS_FLSIZE, "Group ownership was '%s', "
"now it is '%s'\n",
oldsum.gid, newsum.gid);
os_strdup(oldsum.gid, lf->gowner_before);
}
/* MD5 message */
if (!newsum.md5 || !oldsum.md5 || strcmp(newsum.md5, oldsum.md5) == 0) {
sdb.md5[0] = '\0';
} else {
snprintf(sdb.md5, OS_FLSIZE, "Old md5sum was: '%s'\n"
"New md5sum is : '%s'\n",
oldsum.md5, newsum.md5);
os_strdup(oldsum.md5, lf->md5_before);
}
/* SHA-1 message */
if (!newsum.sha1 || !oldsum.sha1 || strcmp(newsum.sha1, oldsum.sha1) == 0) {
sdb.sha1[0] = '\0';
} else {
snprintf(sdb.sha1, OS_FLSIZE, "Old sha1sum was: '%s'\n"
"New sha1sum is : '%s'\n",
oldsum.sha1, newsum.sha1);
os_strdup(oldsum.sha1, lf->sha1_before);
}
/* Modification time message */
if (oldsum.mtime && newsum.mtime && oldsum.mtime != newsum.mtime) {
char *old_ctime = strdup(ctime(&oldsum.mtime));
char *new_ctime = strdup(ctime(&newsum.mtime));
old_ctime[strlen(old_ctime) - 1] = '\0';
new_ctime[strlen(new_ctime) - 1] = '\0';
snprintf(sdb.mtime, OS_FLSIZE, "Old modification time was: '%s', now it is '%s'\n", old_ctime, new_ctime);
lf->mtime_before = oldsum.mtime;
free(old_ctime);
free(new_ctime);
} else {
sdb.mtime[0] = '\0';
}
/* Inode message */
if (oldsum.inode && newsum.inode && oldsum.inode != newsum.inode) {
snprintf(sdb.mtime, OS_FLSIZE, "Old inode was: '%ld', now it is '%ld'\n", oldsum.inode, newsum.inode);
lf->inode_before = oldsum.inode;
} else {
sdb.inode[0] = '\0';
}
/* Provide information about the file */
snprintf(sdb.comment, OS_MAXSTR, "Integrity checksum changed for: "
"'%.756s'\n"
"%s"
"%s"
"%s"
"%s"
"%s"
"%s"
"%s%s",
f_name,
sdb.size,
sdb.perm,
sdb.owner,
sdb.gowner,
sdb.md5,
sdb.sha1,
lf->data == NULL ? "" : "What changed:\n",
lf->data == NULL ? "" : lf->data
);
if (lf->data)
os_strdup(lf->data, lf->diff);
lf->event_type = FIM_MODIFIED;
if (wdb_insert_fim(lf->agent_id ? atoi(lf->agent_id) : 0, lf->location, f_name, "modified", &newsum, (long int)lf->time) < 0) {
merror("%s: ERROR: Couldn't insert FIM event into database.", ARGV0);
debug1("%s: DEBUG: Agent: '%s', file: '%s'", ARGV0, lf->agent_id ? lf->agent_id : "0", f_name);
}
break;
case 1:
/* If file was re-added, do not compare changes */
sdb.syscheck_dec->id = sdb.idn;
lf->event_type = FIM_READDED;
FillEvent(lf, f_name, &newsum);
snprintf(sdb.comment, OS_MAXSTR,
"File '%.756s' was re-added.", f_name);
if (wdb_insert_fim(lf->agent_id ? atoi(lf->agent_id) : 0, lf->location, f_name, "readded", &newsum, (long int)lf->time) < 0) {
merror("%s: ERROR: Couldn't insert FIM event into database.", ARGV0);
debug1("%s: DEBUG: Agent: '%s', file: '%s'", ARGV0, lf->agent_id ? lf->agent_id : "0", f_name);
}
break;
}
break;
case 1:
/* File deleted */
sdb.syscheck_dec->id = sdb.idd;
os_strdup(f_name, lf->filename);
lf->event_type = FIM_DELETED;
snprintf(sdb.comment, OS_MAXSTR,
"File '%.756s' was deleted. Unable to retrieve "
"checksum.", f_name);
if (wdb_insert_fim(lf->agent_id ? atoi(lf->agent_id) : 0, lf->location, f_name, "deleted", NULL, (long int)lf->time) < 0) {
merror("%s: ERROR: Couldn't insert FIM event into database.", ARGV0);
debug1("%s: DEBUG: Agent: '%s', file: '%s'", ARGV0, lf->agent_id ? lf->agent_id : "0", f_name);
}
}
/* Create a new log message */
free(lf->full_log);
os_strdup(sdb.comment, lf->full_log);
lf->log = lf->full_log;
lf->data = NULL;
/* Set decoder */
lf->decoder_info = sdb.syscheck_dec;
return (1);
} /* Continue */
/* If we reach here, this file is not present in our database */
fseek(fp, 0, SEEK_END);
fprintf(fp, "+++%s !%ld %s\n", c_sum, (long int)lf->time, f_name);
fflush(fp);
/* Insert row in SQLite DB*/
switch (DecodeSum(&newsum, c_sum)) {
case -1:
merror("%s: ERROR: Couldn't decode syscheck sum from log.", ARGV0);
break;
case 0:
lf->event_type = FIM_ADDED;
if (wdb_insert_fim(lf->agent_id ? atoi(lf->agent_id) : 0, lf->location, f_name, "added", &newsum, (long int)lf->time) < 0) {
merror("%s: ERROR: Couldn't insert FIM event into database.", ARGV0);
debug1("%s: DEBUG: Agent: '%s', file: '%s'", ARGV0, lf->agent_id ? lf->agent_id : "0", f_name);
}
/* Alert if configured to notify on new files */
if ((Config.syscheck_alert_new == 1) && DB_IsCompleted(agent_id)) {
sdb.syscheck_dec->id = sdb.idn;
FillEvent(lf, f_name, &newsum);
/* New file message */
snprintf(sdb.comment, OS_MAXSTR,
"New file '%.756s' "
"added to the file system.", f_name);
/* Create a new log message */
free(lf->full_log);
os_strdup(sdb.comment, lf->full_log);
lf->log = lf->full_log;
/* Set decoder */
lf->decoder_info = sdb.syscheck_dec;
lf->data = NULL;
return (1);
}
break;
case 1:
merror("%s: WARN: Missing file entry.", ARGV0);
break;
}
lf->data = NULL;
return (0);
}
static void wpa_init_conf(struct eapol_test_data *e,
struct wpa_supplicant *wpa_s, const char *authsrv,
int port, const char *secret,
const char *cli_addr)
{
struct hostapd_radius_server *as;
int res;
wpa_s->bssid[5] = 1;
os_memcpy(wpa_s->own_addr, e->own_addr, ETH_ALEN);
e->own_ip_addr.s_addr = htonl((127 << 24) | 1);
os_strlcpy(wpa_s->ifname, "test", sizeof(wpa_s->ifname));
e->radius_conf = os_zalloc(sizeof(struct hostapd_radius_servers));
assert(e->radius_conf != NULL);
e->radius_conf->num_auth_servers = 1;
as = os_zalloc(sizeof(struct hostapd_radius_server));
assert(as != NULL);
#if defined(CONFIG_NATIVE_WINDOWS) || defined(CONFIG_ANSI_C_EXTRA)
{
int a[4];
u8 *pos;
sscanf(authsrv, "%d.%d.%d.%d", &a[0], &a[1], &a[2], &a[3]);
pos = (u8 *) &as->addr.u.v4;
*pos++ = a[0];
*pos++ = a[1];
*pos++ = a[2];
*pos++ = a[3];
}
#else /* CONFIG_NATIVE_WINDOWS or CONFIG_ANSI_C_EXTRA */
if (inet_aton(authsrv, &as->addr.u.v4) < 0) {
wpa_printf(MSG_ERROR, "Invalid IP address '%s'",
authsrv);
assert(0);
}
#endif /* CONFIG_NATIVE_WINDOWS or CONFIG_ANSI_C_EXTRA */
as->addr.af = AF_INET;
as->port = port;
as->shared_secret = (u8 *) os_strdup(secret);
as->shared_secret_len = os_strlen(secret);
e->radius_conf->auth_server = as;
e->radius_conf->auth_servers = as;
e->radius_conf->msg_dumps = 1;
if (cli_addr) {
if (hostapd_parse_ip_addr(cli_addr,
&e->radius_conf->client_addr) == 0)
e->radius_conf->force_client_addr = 1;
else {
wpa_printf(MSG_ERROR, "Invalid IP address '%s'",
cli_addr);
assert(0);
}
}
e->radius = radius_client_init(wpa_s, e->radius_conf);
assert(e->radius != NULL);
res = radius_client_register(e->radius, RADIUS_AUTH,
ieee802_1x_receive_auth, e);
assert(res == 0);
}
static int wpa_supplicant_conf_ap(struct wpa_supplicant *wpa_s,
struct wpa_ssid *ssid,
struct hostapd_config *conf)
{
struct hostapd_bss_config *bss = conf->bss[0];
conf->driver = wpa_s->driver;
os_strlcpy(bss->iface, wpa_s->ifname, sizeof(bss->iface));
conf->hw_mode = ieee80211_freq_to_chan(ssid->frequency,
&conf->channel);
if (conf->hw_mode == NUM_HOSTAPD_MODES) {
wpa_printf(MSG_ERROR, "Unsupported AP mode frequency: %d MHz",
ssid->frequency);
return -1;
}
wpa_supplicant_conf_ap_ht(wpa_s, ssid, conf);
if (ieee80211_is_dfs(ssid->frequency) && wpa_s->conf->country[0]) {
conf->ieee80211h = 1;
conf->ieee80211d = 1;
conf->country[0] = wpa_s->conf->country[0];
conf->country[1] = wpa_s->conf->country[1];
}
#ifdef CONFIG_P2P
if (conf->hw_mode == HOSTAPD_MODE_IEEE80211G &&
(ssid->mode == WPAS_MODE_P2P_GO ||
ssid->mode == WPAS_MODE_P2P_GROUP_FORMATION)) {
/* Remove 802.11b rates from supported and basic rate sets */
int *list = os_malloc(4 * sizeof(int));
if (list) {
list[0] = 60;
list[1] = 120;
list[2] = 240;
list[3] = -1;
}
conf->basic_rates = list;
list = os_malloc(9 * sizeof(int));
if (list) {
list[0] = 60;
list[1] = 90;
list[2] = 120;
list[3] = 180;
list[4] = 240;
list[5] = 360;
list[6] = 480;
list[7] = 540;
list[8] = -1;
}
conf->supported_rates = list;
}
bss->isolate = !wpa_s->conf->p2p_intra_bss;
bss->force_per_enrollee_psk = wpa_s->global->p2p_per_sta_psk;
if (ssid->p2p_group) {
os_memcpy(bss->ip_addr_go, wpa_s->parent->conf->ip_addr_go, 4);
os_memcpy(bss->ip_addr_mask, wpa_s->parent->conf->ip_addr_mask,
4);
os_memcpy(bss->ip_addr_start,
wpa_s->parent->conf->ip_addr_start, 4);
os_memcpy(bss->ip_addr_end, wpa_s->parent->conf->ip_addr_end,
4);
}
#endif /* CONFIG_P2P */
if (ssid->ssid_len == 0) {
wpa_printf(MSG_ERROR, "No SSID configured for AP mode");
return -1;
}
os_memcpy(bss->ssid.ssid, ssid->ssid, ssid->ssid_len);
bss->ssid.ssid_len = ssid->ssid_len;
bss->ssid.ssid_set = 1;
bss->ignore_broadcast_ssid = ssid->ignore_broadcast_ssid;
if (ssid->auth_alg)
bss->auth_algs = ssid->auth_alg;
if (wpa_key_mgmt_wpa_psk(ssid->key_mgmt))
bss->wpa = ssid->proto;
bss->wpa_key_mgmt = ssid->key_mgmt;
bss->wpa_pairwise = ssid->pairwise_cipher;
if (ssid->psk_set) {
bin_clear_free(bss->ssid.wpa_psk, sizeof(*bss->ssid.wpa_psk));
bss->ssid.wpa_psk = os_zalloc(sizeof(struct hostapd_wpa_psk));
if (bss->ssid.wpa_psk == NULL)
return -1;
os_memcpy(bss->ssid.wpa_psk->psk, ssid->psk, PMK_LEN);
bss->ssid.wpa_psk->group = 1;
} else if (ssid->passphrase) {
bss->ssid.wpa_passphrase = os_strdup(ssid->passphrase);
} else if (ssid->wep_key_len[0] || ssid->wep_key_len[1] ||
ssid->wep_key_len[2] || ssid->wep_key_len[3]) {
struct hostapd_wep_keys *wep = &bss->ssid.wep;
int i;
for (i = 0; i < NUM_WEP_KEYS; i++) {
if (ssid->wep_key_len[i] == 0)
continue;
wep->key[i] = os_malloc(ssid->wep_key_len[i]);
if (wep->key[i] == NULL)
return -1;
os_memcpy(wep->key[i], ssid->wep_key[i],
ssid->wep_key_len[i]);
wep->len[i] = ssid->wep_key_len[i];
}
wep->idx = ssid->wep_tx_keyidx;
wep->keys_set = 1;
}
if (ssid->ap_max_inactivity)
bss->ap_max_inactivity = ssid->ap_max_inactivity;
if (ssid->dtim_period)
bss->dtim_period = ssid->dtim_period;
else if (wpa_s->conf->dtim_period)
bss->dtim_period = wpa_s->conf->dtim_period;
if (ssid->beacon_int)
conf->beacon_int = ssid->beacon_int;
else if (wpa_s->conf->beacon_int)
conf->beacon_int = wpa_s->conf->beacon_int;
#ifdef CONFIG_P2P
if (wpa_s->conf->p2p_go_ctwindow > conf->beacon_int) {
wpa_printf(MSG_INFO,
"CTWindow (%d) is bigger than beacon interval (%d) - avoid configuring it",
wpa_s->conf->p2p_go_ctwindow, conf->beacon_int);
conf->p2p_go_ctwindow = 0;
} else {
conf->p2p_go_ctwindow = wpa_s->conf->p2p_go_ctwindow;
}
#endif /* CONFIG_P2P */
if ((bss->wpa & 2) && bss->rsn_pairwise == 0)
bss->rsn_pairwise = bss->wpa_pairwise;
bss->wpa_group = wpa_select_ap_group_cipher(bss->wpa, bss->wpa_pairwise,
bss->rsn_pairwise);
if (bss->wpa && bss->ieee802_1x)
bss->ssid.security_policy = SECURITY_WPA;
else if (bss->wpa)
bss->ssid.security_policy = SECURITY_WPA_PSK;
else if (bss->ieee802_1x) {
int cipher = WPA_CIPHER_NONE;
bss->ssid.security_policy = SECURITY_IEEE_802_1X;
bss->ssid.wep.default_len = bss->default_wep_key_len;
if (bss->default_wep_key_len)
cipher = bss->default_wep_key_len >= 13 ?
WPA_CIPHER_WEP104 : WPA_CIPHER_WEP40;
bss->wpa_group = cipher;
bss->wpa_pairwise = cipher;
bss->rsn_pairwise = cipher;
} else if (bss->ssid.wep.keys_set) {
int cipher = WPA_CIPHER_WEP40;
if (bss->ssid.wep.len[0] >= 13)
cipher = WPA_CIPHER_WEP104;
bss->ssid.security_policy = SECURITY_STATIC_WEP;
bss->wpa_group = cipher;
bss->wpa_pairwise = cipher;
bss->rsn_pairwise = cipher;
} else {
bss->ssid.security_policy = SECURITY_PLAINTEXT;
bss->wpa_group = WPA_CIPHER_NONE;
bss->wpa_pairwise = WPA_CIPHER_NONE;
bss->rsn_pairwise = WPA_CIPHER_NONE;
}
if (bss->wpa_group_rekey < 86400 && (bss->wpa & 2) &&
(bss->wpa_group == WPA_CIPHER_CCMP ||
bss->wpa_group == WPA_CIPHER_GCMP ||
bss->wpa_group == WPA_CIPHER_CCMP_256 ||
bss->wpa_group == WPA_CIPHER_GCMP_256)) {
/*
* Strong ciphers do not need frequent rekeying, so increase
* the default GTK rekeying period to 24 hours.
*/
bss->wpa_group_rekey = 86400;
}
#ifdef CONFIG_IEEE80211W
if (ssid->ieee80211w != MGMT_FRAME_PROTECTION_DEFAULT)
bss->ieee80211w = ssid->ieee80211w;
#endif /* CONFIG_IEEE80211W */
#ifdef CONFIG_WPS
/*
* Enable WPS by default for open and WPA/WPA2-Personal network, but
* require user interaction to actually use it. Only the internal
* Registrar is supported.
*/
if (bss->ssid.security_policy != SECURITY_WPA_PSK &&
bss->ssid.security_policy != SECURITY_PLAINTEXT)
goto no_wps;
if (bss->ssid.security_policy == SECURITY_WPA_PSK &&
(!(bss->rsn_pairwise & (WPA_CIPHER_CCMP | WPA_CIPHER_GCMP)) ||
!(bss->wpa & 2)))
goto no_wps; /* WPS2 does not allow WPA/TKIP-only
* configuration */
bss->eap_server = 1;
if (!ssid->ignore_broadcast_ssid)
bss->wps_state = 2;
bss->ap_setup_locked = 2;
if (wpa_s->conf->config_methods)
bss->config_methods = os_strdup(wpa_s->conf->config_methods);
os_memcpy(bss->device_type, wpa_s->conf->device_type,
WPS_DEV_TYPE_LEN);
if (wpa_s->conf->device_name) {
bss->device_name = os_strdup(wpa_s->conf->device_name);
bss->friendly_name = os_strdup(wpa_s->conf->device_name);
}
if (wpa_s->conf->manufacturer)
bss->manufacturer = os_strdup(wpa_s->conf->manufacturer);
if (wpa_s->conf->model_name)
bss->model_name = os_strdup(wpa_s->conf->model_name);
if (wpa_s->conf->model_number)
bss->model_number = os_strdup(wpa_s->conf->model_number);
if (wpa_s->conf->serial_number)
bss->serial_number = os_strdup(wpa_s->conf->serial_number);
if (is_nil_uuid(wpa_s->conf->uuid))
os_memcpy(bss->uuid, wpa_s->wps->uuid, WPS_UUID_LEN);
else
os_memcpy(bss->uuid, wpa_s->conf->uuid, WPS_UUID_LEN);
os_memcpy(bss->os_version, wpa_s->conf->os_version, 4);
bss->pbc_in_m1 = wpa_s->conf->pbc_in_m1;
no_wps:
#endif /* CONFIG_WPS */
if (wpa_s->max_stations &&
wpa_s->max_stations < wpa_s->conf->max_num_sta)
bss->max_num_sta = wpa_s->max_stations;
else
bss->max_num_sta = wpa_s->conf->max_num_sta;
bss->disassoc_low_ack = wpa_s->conf->disassoc_low_ack;
if (wpa_s->conf->ap_vendor_elements) {
bss->vendor_elements =
wpabuf_dup(wpa_s->conf->ap_vendor_elements);
}
return 0;
}
/*--------------------------------------------------------------------------*/
BOOL InitializeJVM(void)
{
BOOL bOK = FALSE;
char *sciPath = NULL;
sciPath = getSCI();
if (!startJVM(sciPath))
{
#ifdef _MSC_VER
MessageBox(NULL, gettext("\nScilab cannot open JVM library.\n"), gettext("Error"), MB_ICONEXCLAMATION | MB_OK);
#else
fprintf(stderr, _("\nScilab cannot open JVM library.\n"));
#endif
}
else
{
DoLoadLibrarypathInEtc(sciPath);
DoLoadClasspathInEtc(sciPath);
if (!createMainScilabObject())
{
char *errorMsg = os_strdup(gettext("\nScilab cannot create Scilab Java Main-Class (we have not been able to find the main Scilab class. Check if the Scilab and thirdparty packages are available).\n"));
if (IsFromJava())
{
char *errorMsg2 = gettext("If Scilab is used from Java, make sure that your IDE (ex: Netbeans, etc) is not adding extra dependencies which could not be found at runtime.\n");
char *tempMsg = (char*)MALLOC(sizeof(char) * (strlen(errorMsg) + strlen(errorMsg2) + 1));
if (tempMsg)
{
strcpy(tempMsg, errorMsg);
strcat(tempMsg, errorMsg2);
FREE(errorMsg);
errorMsg = tempMsg;
}
}
#ifdef _MSC_VER
MessageBox(NULL, errorMsg, gettext("Error"), MB_ICONEXCLAMATION | MB_OK);
#else
fprintf(stderr, "%s", errorMsg);
#endif
if (errorMsg)
{
FREE(errorMsg);
errorMsg = NULL;
}
}
else
{
bOK = TRUE;
}
}
if (sciPath)
{
FREE(sciPath);
sciPath = NULL;
}
if (!bOK)
{
exit(1);
}
return TRUE;
}
struct wowlan_triggers *
wpa_get_wowlan_triggers(const char *wowlan_triggers,
const struct wpa_driver_capa *capa)
{
struct wowlan_triggers *triggers;
char *start, *end, *buf;
int last;
if (!wowlan_triggers)
return NULL;
buf = os_strdup(wowlan_triggers);
if (buf == NULL)
return NULL;
triggers = os_zalloc(sizeof(*triggers));
if (triggers == NULL)
goto out;
#define CHECK_TRIGGER(trigger) \
wpa_check_wowlan_trigger(start, #trigger, \
capa->wowlan_triggers.trigger, \
&triggers->trigger)
start = buf;
while (*start != '\0') {
while (isblank(*start))
start++;
if (*start == '\0')
break;
end = start;
while (!isblank(*end) && *end != '\0')
end++;
last = *end == '\0';
*end = '\0';
if (!CHECK_TRIGGER(any) &&
!CHECK_TRIGGER(disconnect) &&
!CHECK_TRIGGER(magic_pkt) &&
!CHECK_TRIGGER(gtk_rekey_failure) &&
!CHECK_TRIGGER(eap_identity_req) &&
!CHECK_TRIGGER(four_way_handshake) &&
!CHECK_TRIGGER(rfkill_release)) {
wpa_printf(MSG_DEBUG,
"Unknown/unsupported wowlan trigger '%s'",
start);
os_free(triggers);
triggers = NULL;
goto out;
}
if (last)
break;
start = end + 1;
}
#undef CHECK_TRIGGER
out:
os_free(buf);
return triggers;
}
/** alert_data *GetAlertData(FILE *fp)
* Returns alert data for the file specified
*/
alert_data *GetAlertData(int flag, FILE *fp)
{
int _r = 0, log_size = 0, issyscheck = 0;
char *p;
char *alertid = NULL;
char *date = NULL;
char *comment = NULL;
char *location = NULL;
char *srcip = NULL;
char *dstip = NULL;
char *user = NULL;
char *group = NULL;
char *filename = NULL;
char *old_md5 = NULL;
char *new_md5 = NULL;
char *old_sha1 = NULL;
char *new_sha1 = NULL;
char **log = NULL;
#ifdef GEOIP
char *geoipdatasrc = NULL;
char *geoipdatadst = NULL;
#endif
int level, rule, srcport = 0, dstport = 0;
char str[OS_BUFFER_SIZE+1];
str[OS_BUFFER_SIZE]='\0';
while(fgets(str, OS_BUFFER_SIZE, fp) != NULL)
{
/* Enf of alert */
if(strcmp(str, "\n") == 0 && log_size > 0)
{
/* Found in here */
if(_r == 2)
{
alert_data *al_data;
os_calloc(1, sizeof(alert_data), al_data);
al_data->alertid = alertid;
al_data->level = level;
al_data->rule = rule;
al_data->location = location;
al_data->comment = comment;
al_data->group = group;
al_data->log = log;
al_data->srcip = srcip;
al_data->srcport = srcport;
al_data->dstip = dstip;
al_data->dstport = dstport;
al_data->user = user;
al_data->date = date;
al_data->filename = filename;
#ifdef GEOIP
al_data->geoipdatasrc = geoipdatasrc;
al_data->geoipdatadst = geoipdatadst;
#endif
al_data->old_md5 = old_md5;
al_data->new_md5 = new_md5;
al_data->old_sha1 = old_sha1;
al_data->new_sha1 = new_sha1;
return(al_data);
}
_r = 0;
}
/* Checking for the header */
if(strncmp(ALERT_BEGIN, str, ALERT_BEGIN_SZ) == 0)
{
char *m;
int z = 0;
p = str + ALERT_BEGIN_SZ + 1;
m = strstr(p, ":");
if (!m)
{
continue;
}
z = strlen(p) - strlen(m);
os_realloc(alertid, (z + 1)*sizeof(char *), alertid);
strncpy(alertid, p, z);
alertid[z] = '\0';
/* Searching for email flag */
p = strchr(p, ' ');
if(!p)
{
continue;
}
p++;
/* Checking for the flags */
if((flag & CRALERT_MAIL_SET) &&
(strncmp(ALERT_MAIL, p, ALERT_MAIL_SZ) != 0))
{
continue;
}
p = strchr(p, '-');
if(p)
{
p++;
os_strdup(p, group);
/* Cleaning new line from group */
os_clearnl(group, p);
if(group != NULL && strstr(group, "syscheck") != NULL)
{
issyscheck = 1;
}
}
/* Searching for active-response flag */
_r = 1;
continue;
}
if(_r < 1)
continue;
/*** Extract information from the event ***/
/* r1 means: 2006 Apr 13 16:15:17 /var/log/auth.log */
if(_r == 1)
{
/* Clear new line */
os_clearnl(str, p);
p = strchr(str, ':');
if(p)
{
p = strchr(p, ' ');
if(p)
{
*p = '\0';
p++;
}
else
{
/* If p is null it is because strchr failed */
merror("ZZZ: 1() Merror date or location not NULL");
_r = 0;
goto l_error;
}
}
/* If not, str is date and p is the location */
if(date || location)
merror("ZZZ Merror date or location not NULL");
os_strdup(str, date);
os_strdup(p, location);
_r = 2;
log_size = 0;
continue;
}
else if(_r == 2)
{
/* Rule begin */
if(strncmp(RULE_BEGIN, str, RULE_BEGIN_SZ) == 0)
{
os_clearnl(str,p);
p = str + RULE_BEGIN_SZ;
rule = atoi(p);
p = strchr(p, ' ');
if(p)
{
p++;
p = strchr(p, ' ');
if(p)
p++;
}
if(!p)
goto l_error;
level = atoi(p);
/* Getting the comment */
p = strchr(p, '\'');
if(!p)
goto l_error;
p++;
os_strdup(p, comment);
/* Must have the closing \' */
p = strrchr(comment, '\'');
if(p)
{
*p = '\0';
}
else
{
goto l_error;
}
}
/* srcip */
else if(strncmp(SRCIP_BEGIN, str, SRCIP_BEGIN_SZ) == 0)
{
os_clearnl(str,p);
p = str + SRCIP_BEGIN_SZ;
os_strdup(p, srcip);
}
#ifdef GEOIP
/* GeoIP Source Location */
else if (strncmp(GEOIP_BEGIN_SRC, str, GEOIP_BEGIN_SRC_SZ) == 0)
{
os_clearnl(str,p);
p = str + GEOIP_BEGIN_SRC_SZ;
os_strdup(p, geoipdatasrc);
}
#endif
/* srcport */
else if(strncmp(SRCPORT_BEGIN, str, SRCPORT_BEGIN_SZ) == 0)
{
os_clearnl(str,p);
p = str + SRCPORT_BEGIN_SZ;
srcport = atoi(p);
}
/* dstip */
else if(strncmp(DSTIP_BEGIN, str, DSTIP_BEGIN_SZ) == 0)
{
os_clearnl(str,p);
p = str + DSTIP_BEGIN_SZ;
os_strdup(p, dstip);
}
#ifdef GEOIP
/* GeoIP Destination Location */
else if (strncmp(GEOIP_BEGIN_DST, str, GEOIP_BEGIN_DST_SZ) == 0)
{
os_clearnl(str,p);
p = str + GEOIP_BEGIN_DST_SZ;
os_strdup(p, geoipdatadst);
}
#endif
/* dstport */
else if(strncmp(DSTPORT_BEGIN, str, DSTPORT_BEGIN_SZ) == 0)
{
os_clearnl(str,p);
p = str + DSTPORT_BEGIN_SZ;
dstport = atoi(p);
}
/* username */
else if(strncmp(USER_BEGIN, str, USER_BEGIN_SZ) == 0)
{
os_clearnl(str,p);
p = str + USER_BEGIN_SZ;
os_strdup(p, user);
}
/* Old MD5 */
else if(strncmp(OLDMD5_BEGIN, str, OLDMD5_BEGIN_SZ) == 0)
{
os_clearnl(str,p);
p = str + OLDMD5_BEGIN_SZ;
os_strdup(p, old_md5);
}
/* New MD5 */
else if(strncmp(NEWMD5_BEGIN, str, NEWMD5_BEGIN_SZ) == 0)
{
os_clearnl(str,p);
p = str + NEWMD5_BEGIN_SZ;
os_strdup(p, new_md5);
}
/* Old SHA1 */
else if(strncmp(OLDSHA1_BEGIN, str, OLDSHA1_BEGIN_SZ) == 0)
{
os_clearnl(str,p);
p = str + OLDSHA1_BEGIN_SZ;
os_strdup(p, old_sha1);
}
/* New SHA1 */
else if(strncmp(NEWSHA1_BEGIN, str, NEWSHA1_BEGIN_SZ) == 0)
{
os_clearnl(str,p);
p = str + NEWSHA1_BEGIN_SZ;
os_strdup(p, new_sha1);
}
/* It is a log message */
else if(log_size < 20)
{
os_clearnl(str,p);
if(str != NULL && issyscheck == 1)
{
if(strncmp(str, "Integrity checksum changed for: '",33) == 0)
{
filename = strdup(str+33);
if(filename)
{
filename[strlen(filename) -1] = '\0';
}
}
issyscheck = 0;
}
os_realloc(log, (log_size +2)*sizeof(char *), log);
os_strdup(str, log[log_size]);
log_size++;
log[log_size] = NULL;
}
}
continue;
l_error:
/* Freeing the memory */
_r = 0;
if(date)
{
free(date);
date = NULL;
}
if(location)
{
free(location);
location = NULL;
}
if(comment)
{
free(comment);
comment = NULL;
}
if(srcip)
{
free(srcip);
srcip = NULL;
}
#ifdef GEOIP
if(geoipdatasrc)
{
free(geoipdatasrc);
geoipdatasrc = NULL;
}
if(geoipdatadst)
{
free(geoipdatadst);
geoipdatadst = NULL;
}
#endif
if(user)
{
free(user);
user = NULL;
}
if(filename)
{
free(filename);
filename = NULL;
}
if(group)
{
free(group);
group = NULL;
}
if(old_md5)
{
free(old_md5);
old_md5 = NULL;
}
if(new_md5)
{
free(new_md5);
new_md5 = NULL;
}
if(old_sha1)
{
free(old_sha1);
old_sha1 = NULL;
}
if(new_sha1)
{
free(new_sha1);
new_sha1 = NULL;
}
while(log_size > 0)
{
log_size--;
if(log[log_size])
{
free(log[log_size]);
log[log_size] = NULL;
}
}
}
if(alertid)
{
free(alertid);
alertid = NULL;
}
/* We need to clean end of file before returning */
clearerr(fp);
return(NULL);
}
static int wpa_supplicant_conf_ap(struct wpa_supplicant *wpa_s,
struct wpa_ssid *ssid,
struct hostapd_config *conf)
{
struct hostapd_bss_config *bss = &conf->bss[0];
int pairwise;
conf->driver = wpa_s->driver;
os_strlcpy(bss->iface, wpa_s->ifname, sizeof(bss->iface));
if (ssid->frequency == 0) {
/* default channel 11 */
conf->hw_mode = HOSTAPD_MODE_IEEE80211G;
conf->channel = 11;
} else if (ssid->frequency >= 2412 && ssid->frequency <= 2472) {
conf->hw_mode = HOSTAPD_MODE_IEEE80211G;
conf->channel = (ssid->frequency - 2407) / 5;
} else if ((ssid->frequency >= 5180 && ssid->frequency <= 5240) ||
(ssid->frequency >= 5745 && ssid->frequency <= 5825)) {
conf->hw_mode = HOSTAPD_MODE_IEEE80211A;
conf->channel = (ssid->frequency - 5000) / 5;
} else {
wpa_printf(MSG_ERROR, "Unsupported AP mode frequency: %d MHz",
ssid->frequency);
return -1;
}
/* TODO: enable HT40 if driver supports it;
* drop to 11b if driver does not support 11g */
#ifdef CONFIG_IEEE80211N
/*
* Enable HT20 if the driver supports it, by setting conf->ieee80211n.
* Using default config settings for: conf->ht_op_mode_fixed,
* conf->ht_capab, conf->secondary_channel, conf->require_ht
*/
if (wpa_s->hw.modes) {
struct hostapd_hw_modes *mode = NULL;
int i;
for (i = 0; i < wpa_s->hw.num_modes; i++) {
if (wpa_s->hw.modes[i].mode == conf->hw_mode) {
mode = &wpa_s->hw.modes[i];
break;
}
}
if (mode && mode->ht_capab)
conf->ieee80211n = 1;
}
#endif /* CONFIG_IEEE80211N */
#ifdef CONFIG_P2P
if (conf->hw_mode == HOSTAPD_MODE_IEEE80211G) {
/* Remove 802.11b rates from supported and basic rate sets */
int *list = os_malloc(4 * sizeof(int));
if (list) {
list[0] = 60;
list[1] = 120;
list[2] = 240;
list[3] = -1;
}
conf->basic_rates = list;
list = os_malloc(9 * sizeof(int));
if (list) {
list[0] = 60;
list[1] = 90;
list[2] = 120;
list[3] = 180;
list[4] = 240;
list[5] = 360;
list[6] = 480;
list[7] = 540;
list[8] = -1;
}
conf->supported_rates = list;
}
bss->isolate = !wpa_s->conf->p2p_intra_bss;
#endif /* CONFIG_P2P */
if (ssid->ssid_len == 0) {
wpa_printf(MSG_ERROR, "No SSID configured for AP mode");
return -1;
}
os_memcpy(bss->ssid.ssid, ssid->ssid, ssid->ssid_len);
bss->ssid.ssid[ssid->ssid_len] = '\0';
bss->ssid.ssid_len = ssid->ssid_len;
bss->ssid.ssid_set = 1;
if (ssid->auth_alg)
bss->auth_algs = ssid->auth_alg;
if (wpa_key_mgmt_wpa_psk(ssid->key_mgmt))
bss->wpa = ssid->proto;
bss->wpa_key_mgmt = ssid->key_mgmt;
bss->wpa_pairwise = ssid->pairwise_cipher;
if (ssid->passphrase) {
bss->ssid.wpa_passphrase = os_strdup(ssid->passphrase);
} else if (ssid->psk_set) {
os_free(bss->ssid.wpa_psk);
bss->ssid.wpa_psk = os_zalloc(sizeof(struct hostapd_wpa_psk));
if (bss->ssid.wpa_psk == NULL)
return -1;
os_memcpy(bss->ssid.wpa_psk->psk, ssid->psk, PMK_LEN);
bss->ssid.wpa_psk->group = 1;
} else if (ssid->wep_key_len[0] || ssid->wep_key_len[1] ||
ssid->wep_key_len[2] || ssid->wep_key_len[3]) {
struct hostapd_wep_keys *wep = &bss->ssid.wep;
int i;
for (i = 0; i < NUM_WEP_KEYS; i++) {
if (ssid->wep_key_len[i] == 0)
continue;
wep->key[i] = os_malloc(ssid->wep_key_len[i]);
if (wep->key[i] == NULL)
return -1;
os_memcpy(wep->key[i], ssid->wep_key[i],
ssid->wep_key_len[i]);
wep->len[i] = ssid->wep_key_len[i];
}
wep->idx = ssid->wep_tx_keyidx;
wep->keys_set = 1;
}
/* Select group cipher based on the enabled pairwise cipher suites */
pairwise = 0;
if (bss->wpa & 1)
pairwise |= bss->wpa_pairwise;
if (bss->wpa & 2) {
if (bss->rsn_pairwise == 0)
bss->rsn_pairwise = bss->wpa_pairwise;
pairwise |= bss->rsn_pairwise;
}
if (pairwise & WPA_CIPHER_TKIP)
bss->wpa_group = WPA_CIPHER_TKIP;
else
bss->wpa_group = WPA_CIPHER_CCMP;
if (bss->wpa && bss->ieee802_1x)
bss->ssid.security_policy = SECURITY_WPA;
else if (bss->wpa)
bss->ssid.security_policy = SECURITY_WPA_PSK;
else if (bss->ieee802_1x) {
int cipher = WPA_CIPHER_NONE;
bss->ssid.security_policy = SECURITY_IEEE_802_1X;
bss->ssid.wep.default_len = bss->default_wep_key_len;
if (bss->default_wep_key_len)
cipher = bss->default_wep_key_len >= 13 ?
WPA_CIPHER_WEP104 : WPA_CIPHER_WEP40;
bss->wpa_group = cipher;
bss->wpa_pairwise = cipher;
bss->rsn_pairwise = cipher;
} else if (bss->ssid.wep.keys_set) {
int cipher = WPA_CIPHER_WEP40;
if (bss->ssid.wep.len[0] >= 13)
cipher = WPA_CIPHER_WEP104;
bss->ssid.security_policy = SECURITY_STATIC_WEP;
bss->wpa_group = cipher;
bss->wpa_pairwise = cipher;
bss->rsn_pairwise = cipher;
} else {
bss->ssid.security_policy = SECURITY_PLAINTEXT;
bss->wpa_group = WPA_CIPHER_NONE;
bss->wpa_pairwise = WPA_CIPHER_NONE;
bss->rsn_pairwise = WPA_CIPHER_NONE;
}
#ifdef CONFIG_WPS
/*
* Enable WPS by default for open and WPA/WPA2-Personal network, but
* require user interaction to actually use it. Only the internal
* Registrar is supported.
*/
if (bss->ssid.security_policy != SECURITY_WPA_PSK &&
bss->ssid.security_policy != SECURITY_PLAINTEXT)
goto no_wps;
#ifdef CONFIG_WPS2
if (bss->ssid.security_policy == SECURITY_WPA_PSK &&
(!(pairwise & WPA_CIPHER_CCMP) || !(bss->wpa & 2)))
goto no_wps; /* WPS2 does not allow WPA/TKIP-only
* configuration */
#endif /* CONFIG_WPS2 */
bss->eap_server = 1;
bss->wps_state = 2;
bss->ap_setup_locked = 2;
if (wpa_s->conf->config_methods)
bss->config_methods = os_strdup(wpa_s->conf->config_methods);
os_memcpy(bss->device_type, wpa_s->conf->device_type,
WPS_DEV_TYPE_LEN);
if (wpa_s->conf->device_name) {
bss->device_name = os_strdup(wpa_s->conf->device_name);
bss->friendly_name = os_strdup(wpa_s->conf->device_name);
}
if (wpa_s->conf->manufacturer)
bss->manufacturer = os_strdup(wpa_s->conf->manufacturer);
if (wpa_s->conf->model_name)
bss->model_name = os_strdup(wpa_s->conf->model_name);
if (wpa_s->conf->model_number)
bss->model_number = os_strdup(wpa_s->conf->model_number);
if (wpa_s->conf->serial_number)
bss->serial_number = os_strdup(wpa_s->conf->serial_number);
if (is_nil_uuid(wpa_s->conf->uuid))
os_memcpy(bss->uuid, wpa_s->wps->uuid, WPS_UUID_LEN);
else
os_memcpy(bss->uuid, wpa_s->conf->uuid, WPS_UUID_LEN);
os_memcpy(bss->os_version, wpa_s->conf->os_version, 4);
no_wps:
#endif /* CONFIG_WPS */
if (wpa_s->max_stations &&
wpa_s->max_stations < wpa_s->conf->max_num_sta)
bss->max_num_sta = wpa_s->max_stations;
else
bss->max_num_sta = wpa_s->conf->max_num_sta;
bss->disassoc_low_ack = wpa_s->conf->disassoc_low_ack;
return 0;
}
/*-------------------------------------------------------------------------------------*/
char *strsub(const char* input_string, const char* string_to_search, const char* replacement_string)
{
const char *occurrence_str = NULL;
char* result_str = NULL;
char *replacedString = NULL;
int count = 0, len = 0;
if (input_string == NULL)
{
return NULL;
}
if (string_to_search == NULL || replacement_string == NULL)
{
return os_strdup(input_string);
}
occurrence_str = strstr (input_string, string_to_search);
if (occurrence_str == NULL)
{
return os_strdup(input_string);
}
if (strlen (replacement_string) > strlen (string_to_search))
{
count = 0;
len = (int)strlen (string_to_search);
if (len)
{
occurrence_str = input_string;
while (occurrence_str != NULL && *occurrence_str != '\0')
{
occurrence_str = strstr (occurrence_str, string_to_search);
if (occurrence_str != NULL)
{
occurrence_str += len;
count++;
}
}
}
len = count * ((int)strlen(replacement_string) - (int)strlen(string_to_search)) + (int)strlen(input_string);
}
else
{
len = (int)strlen(input_string);
}
replacedString = (char*)MALLOC (sizeof(char) * (len + 1));
if (replacedString == NULL)
{
return NULL;
}
occurrence_str = input_string;
result_str = replacedString;
len = (int)strlen (string_to_search);
while (*occurrence_str != '\0')
{
if (*occurrence_str == string_to_search[0] && strncmp (occurrence_str, string_to_search, len) == 0)
{
const char *N = NULL;
N = replacement_string;
while (*N != '\0')
{
*result_str++ = *N++;
}
occurrence_str += len;
}
else
{
*result_str++ = *occurrence_str++;
}
}
*result_str = '\0';
return replacedString;
}/*-------------------------------------------------------------------------------------*/
/**
* eap_peer_select_phase2_methods - Select phase 2 EAP method
* @config: Pointer to the network configuration
* @prefix: 'phase2' configuration prefix, e.g., "auth="
* @types: Buffer for returning allocated list of allowed EAP methods
* @num_types: Buffer for returning number of allocated EAP methods
* Returns: 0 on success, -1 on failure
*
* This function is used to parse EAP method list and select allowed methods
* for Phase2 authentication.
*/
int eap_peer_select_phase2_methods(struct eap_peer_config *config,
const char *prefix,
struct eap_method_type **types,
size_t *num_types)
{
char *start, *pos, *buf;
struct eap_method_type *methods = NULL, *_methods;
u8 method;
size_t num_methods = 0, prefix_len;
if (config == NULL || config->phase2 == NULL)
goto get_defaults;
start = buf = os_strdup(config->phase2);
if (buf == NULL)
return -1;
prefix_len = os_strlen(prefix);
while (start && *start != '\0') {
int vendor;
pos = os_strstr(start, prefix);
if (pos == NULL)
break;
if (start != pos && *(pos - 1) != ' ') {
start = pos + prefix_len;
continue;
}
start = pos + prefix_len;
pos = os_strchr(start, ' ');
if (pos)
*pos++ = '\0';
method = eap_get_phase2_type(start, &vendor);
if (vendor == EAP_VENDOR_IETF && method == EAP_TYPE_NONE) {
wpa_printf(MSG_ERROR, "TLS: Unsupported Phase2 EAP "
"method '%s'", start);
} else {
num_methods++;
_methods = os_realloc(methods,
num_methods * sizeof(*methods));
if (_methods == NULL) {
os_free(methods);
os_free(buf);
return -1;
}
methods = _methods;
methods[num_methods - 1].vendor = vendor;
methods[num_methods - 1].method = method;
}
start = pos;
}
os_free(buf);
get_defaults:
if (methods == NULL)
methods = eap_get_phase2_types(config, &num_methods);
if (methods == NULL) {
wpa_printf(MSG_ERROR, "TLS: No Phase2 EAP methods available");
return -1;
}
wpa_hexdump(MSG_DEBUG, "TLS: Phase2 EAP types",
(u8 *) methods,
num_methods * sizeof(struct eap_method_type));
*types = methods;
*num_types = num_methods;
return 0;
}
/* FW_Log: v0.1, 2005/12/30 */
int FW_Log(Eventinfo *lf)
{
/* If we don't have the srcip or the
* action, there is no point in going
* forward over here
*/
if(!lf->action || !lf->srcip || !lf->dstip || !lf->srcport ||
!lf->dstport || !lf->protocol)
{
return(0);
}
/* Setting the actions */
switch(*lf->action)
{
/* discard, drop, deny, */
case 'd':
case 'D':
/* reject, */
case 'r':
case 'R':
/* block */
case 'b':
case 'B':
os_free(lf->action);
os_strdup("DROP", lf->action);
break;
/* Closed */
case 'c':
case 'C':
/* Teardown */
case 't':
case 'T':
os_free(lf->action);
os_strdup("CLOSED", lf->action);
break;
/* allow, accept, */
case 'a':
case 'A':
/* pass/permitted */
case 'p':
case 'P':
/* open */
case 'o':
case 'O':
os_free(lf->action);
os_strdup("ALLOW", lf->action);
break;
default:
if(OSMatch_Execute(lf->action,strlen(lf->action),&FWDROPpm))
{
os_free(lf->action);
os_strdup("DROP", lf->action);
}
if(OSMatch_Execute(lf->action,strlen(lf->action),&FWALLOWpm))
{
os_free(lf->action);
os_strdup("ALLOW", lf->action);
}
else
{
os_free(lf->action);
os_strdup("UNKNOWN", lf->action);
}
break;
}
/* log to file */
fprintf(_fflog,
"%d %s %02d %s %s%s%s %s %s %s:%s->%s:%s\n",
lf->year,
lf->mon,
lf->day,
lf->hour,
lf->hostname != lf->location?lf->hostname:"",
lf->hostname != lf->location?"->":"",
lf->location,
lf->action,
lf->protocol,
lf->srcip,
lf->srcport,
lf->dstip,
lf->dstport);
fflush(_fflog);
return(1);
}
/*-------------------------------------------------------------------------------------*/
char *strsub(const char* input_string, const char* string_to_search, const char* replacement_string)
{
const char *occurrence_str = NULL;
char* result_str = NULL;
char *replacedString = NULL;
int count = 0, len = 0;
if (input_string == NULL)
{
return NULL;
}
if (string_to_search == NULL || replacement_string == NULL)
{
return os_strdup(input_string);
}
occurrence_str = strstr (input_string, string_to_search);
if (occurrence_str == NULL)
{
return os_strdup(input_string);
}
if (strlen (replacement_string) > strlen (string_to_search))
{
count = 0;
len = (int)strlen (string_to_search);
if (len)
{
occurrence_str = input_string;
while (occurrence_str != NULL && *occurrence_str != '\0')
{
occurrence_str = strstr (occurrence_str, string_to_search);
if (occurrence_str != NULL)
{
occurrence_str += len;
count++;
}
}
}
len = count * ((int)strlen(replacement_string) - (int)strlen(string_to_search)) + (int)strlen(input_string);
}
else
{
len = (int)strlen(input_string);
}
replacedString = (char*)MALLOC (sizeof(char) * (len + 1));
if (replacedString == NULL)
{
return NULL;
}
occurrence_str = input_string;
result_str = replacedString;
len = (int)strlen (string_to_search);
while (*occurrence_str != '\0')
{
if (*occurrence_str == string_to_search[0] && strncmp (occurrence_str, string_to_search, len) == 0)
{
const char *N = NULL;
N = replacement_string;
while (*N != '\0')
{
*result_str++ = *N++;
}
occurrence_str += len;
}
else
{
*result_str++ = *occurrence_str++;
}
}
*result_str = '\0';
return replacedString;
}/*-------------------------------------------------------------------------------------*/
char *strsub_reg(const char* input_string, const char* string_to_search, const char* replacement_string, int *ierr)
{
pcre_error_code w = PCRE_FINISHED_OK;
int Output_Start = 0;
int Output_End = 0;
char *replacedString = NULL;
wchar_t *wcreplacedString = NULL;
wchar_t *wcreplacement_string = NULL;
wchar_t *wcinput_string = NULL;
int len = 0;
*ierr = (int)PCRE_FINISHED_OK;
if (input_string == NULL)
{
return NULL;
}
if (string_to_search == NULL || replacement_string == NULL)
{
return os_strdup(input_string);
}
w = pcre_private((char*)input_string, (char*)string_to_search, &Output_Start, &Output_End, NULL, NULL);
if (w != PCRE_FINISHED_OK)
{
*ierr = (int)w;
return os_strdup(input_string);
}
wcreplacement_string = to_wide_string((char*)replacement_string);
wcinput_string = to_wide_string((char*)input_string);
if (wcreplacement_string == NULL)
{
FREE(wcinput_string);
*ierr = (int)NOT_ENOUGH_MEMORY_FOR_VECTOR;
return os_strdup(input_string);
}
len = (int)wcslen(wcreplacement_string) + (int)wcslen(wcinput_string);
wcreplacedString = (wchar_t*)MALLOC (sizeof(wchar_t) * (len + 1));
if (wcreplacedString == NULL)
{
FREE(replacement_string);
FREE(wcinput_string);
return NULL;
}
{
/* converts to wide characters */
wchar_t *wctail = NULL;
int wcOutput_Start = 0;
int wcOutput_End = 0;
char * strOutput_Start = os_strdup(input_string);
char * strOutput_End = os_strdup(input_string);
wchar_t *wcstrOutput_Start = NULL;
wchar_t *wcstrOutput_End = NULL;
/* calculates positions with wide characters */
strOutput_Start[Output_Start] = '\0';
strOutput_End[Output_End] = '\0';
wcstrOutput_Start = to_wide_string(strOutput_Start);
wcstrOutput_End = to_wide_string(strOutput_End);
FREE(strOutput_Start);
FREE(strOutput_End);
if (wcstrOutput_Start)
{
wcOutput_Start = (int)wcslen(wcstrOutput_Start);
FREE(wcstrOutput_Start);
}
else
{
wcOutput_Start = 0;
}
if (wcstrOutput_End)
{
wcOutput_End = (int)wcslen(wcstrOutput_End);
FREE(wcstrOutput_End);
}
else
{
wcOutput_End = 0;
}
wcsncpy(wcreplacedString, wcinput_string, wcOutput_Start);
wcreplacedString[wcOutput_Start] = L'\0';
wcscat(wcreplacedString, wcreplacement_string);
wctail = wcinput_string + wcOutput_End;
wcscat(wcreplacedString, wctail);
replacedString = wide_string_to_UTF8(wcreplacedString);
FREE(wcreplacedString);
}
FREE(wcinput_string);
FREE(wcreplacement_string);
return replacedString;
}
/*
* Class: org_opensplice_dds_dcps_FooTypeSupportImpl
* Method: jniRegisterType
* Signature: (Ljava/lang/Object;LDDS/DomainParticipant;Ljava/lang/String;)I
*/
JNIEXPORT jint JNICALL
SAJ_FUNCTION(jniRegisterType) (
JNIEnv *env,
jclass object,
jobject TypeSupport,
jobject participant,
jstring type_alias,
jstring org_pName,
jstring tgt_pName)
{
const char *typeAlias;
const char *typeName;
const os_char* tmp;
os_char* orgPName;
os_char* tgtPName;
jint result;
jclass typeSupportClass;
jfieldID copyCache_fid;
c_metaObject typeMeta;
saj_copyCache copyCache;
/* Convert type_alias */
if (type_alias != NULL) {
typeAlias = (*env)->GetStringUTFChars (env, type_alias, 0);
} else {
typeAlias = NULL;
}
if (org_pName != NULL) {
tmp = (*env)->GetStringUTFChars (env, org_pName, 0);
if(0 == strcmp(tmp, "null"))
{
orgPName = NULL;
} else
{
orgPName = os_strdup(tmp);
}
(*env)->ReleaseStringUTFChars (env, org_pName, tmp);
} else {
orgPName = NULL;
}
if (tgt_pName != NULL) {
tmp = (*env)->GetStringUTFChars (env, tgt_pName, 0);
if(0 == strcmp(tmp, "null"))
{
tgtPName = NULL;
} else
{
tgtPName = os_strdup(tmp);
}
(*env)->ReleaseStringUTFChars (env, tgt_pName, tmp);
} else {
tgtPName = NULL;
}
/* Call GAPI register type function */
result = gapi_fooTypeSupport_register_type (
(gapi_fooTypeSupport)saj_read_gapi_address (env, TypeSupport),
(gapi_domainParticipant)saj_read_gapi_address (env, participant),
(gapi_string)typeAlias);
if (result == GAPI_RETCODE_OK) {
typeName = gapi_typeSupport_get_type_name ((gapi_typeSupport)saj_read_gapi_address (env, TypeSupport));
typeMeta = (c_metaObject)gapi_domainParticipant_get_type_metadescription (
(gapi_domainParticipant)saj_read_gapi_address (env, participant), typeName);
if (typeMeta) {
copyCache = saj_copyCacheNew (env, typeMeta, orgPName, tgtPName);
if (copyCache) {
typeSupportClass = (*env)->GetObjectClass (env, TypeSupport);
copyCache_fid = (*env)->GetFieldID (env, typeSupportClass, "copyCache", "J");
(*env)->SetLongField (env, TypeSupport, copyCache_fid, (jlong)(PA_ADDRCAST)copyCache);
} else {
result = GAPI_RETCODE_ERROR;
}
} else {
result = GAPI_RETCODE_ERROR;
}
}
/* Release used strings */
if (typeAlias != NULL) {
(*env)->ReleaseStringUTFChars (env, type_alias, typeAlias);
}
if(tgtPName)
{
os_free(tgtPName);
}
if(orgPName)
{
os_free(orgPName);
}
return (jint)result;
}
char * os_rel2abs_path(const char *rel_path)
{
return os_strdup(rel_path);
//return NULL; /* strdup(rel_path) can be used here */
}
void FillEvent(Eventinfo *lf, const char *f_name, const SyscheckSum *sum) {
os_strdup(f_name, lf->filename);
os_strdup(sum->size, lf->size_after);
lf->perm_after = sum->perm;
os_strdup(sum->uid, lf->owner_after);
os_strdup(sum->gid, lf->gowner_after);
os_strdup(sum->md5, lf->md5_after);
os_strdup(sum->sha1, lf->sha1_after);
if (sum->uname)
os_strdup(sum->uname, lf->uname_after);
if (sum->gname)
os_strdup(sum->gname, lf->gname_after);
lf->mtime_after = sum->mtime;
lf->inode_after = sum->inode;
/* Fields */
os_strdup(f_name, lf->fields[SCK_FILE]);
os_strdup(sum->size, lf->fields[SCK_SIZE]);
os_calloc(7, sizeof(char), lf->fields[SCK_PERM]);
snprintf(lf->fields[SCK_PERM], 7, "%06o", sum->perm);
os_strdup(sum->uid, lf->fields[SCK_UID]);
os_strdup(sum->gid, lf->fields[SCK_GID]);
os_strdup(sum->md5, lf->fields[SCK_MD5]);
os_strdup(sum->sha1, lf->fields[SCK_SHA1]);
if (sum->uname)
os_strdup(sum->uname, lf->fields[SCK_UNAME]);
if (sum->gname)
os_strdup(sum->gname, lf->fields[SCK_GNAME]);
if (sum->inode) {
os_calloc(20, sizeof(char), lf->fields[SCK_INODE]);
snprintf(lf->fields[SCK_INODE], 20, "%ld", sum->inode);
}
}
os_int32
ut_dirOutNew(
const os_char *name)
{
os_int32 result;
os_result status;
char dirName[OS_PATH_MAX];
struct os_stat statBuf;
os_uint32 i;
memset(dirName, 0, OS_PATH_MAX);
if (name) {
result = 1;
for (i = 0; i < strlen(name) && result; i++) {
if ((name[i] == OS_FILESEPCHAR) && (i != 0)) {
status = os_stat(dirName, &statBuf);
if (status != os_resultSuccess) {
os_mkdir(dirName, S_IRWXU | S_IRWXG | S_IRWXO);
status = os_stat(dirName, &statBuf);
}
if (!OS_ISDIR (statBuf.stat_mode)) {
#ifdef WIN32
if ((strlen(dirName) == 2) && (dirName[1] == ':')) {
/*This is a device like for instance: 'C:'*/
} else {
printf("'%s' is not a directory\n", dirName);
result = 0;
ut_outputdir = NULL;
}
#else
printf("'%s' is not a directory\n", dirName);
result = 0;
ut_outputdir = NULL;
#endif
}
}
dirName[i] = name[i];
}
if (result) {
if (dirName[i-1] != OS_FILESEPCHAR) {
status = os_stat(dirName, &statBuf);
if (status != os_resultSuccess) {
os_mkdir(dirName, S_IRWXU | S_IRWXG | S_IRWXO);
status = os_stat(dirName, &statBuf);
}
ut_outputdir = os_strdup(name);
if (!OS_ISDIR(statBuf.stat_mode)) {
#ifdef WIN32
if ((strlen(dirName) == 2) && (dirName[1] == ':')) {
/*This is a device like for instance: 'C:'. Check if it exists...*/
dirName[2] = OS_FILESEPCHAR;
status = os_stat(dirName, &statBuf);
if (status == os_resultFail) {
printf("'%s' is not available", dirName);
result = 0;
ut_outputdir = NULL;
}
} else {
printf("'%s' is not a directory.\n", ut_outputdir);
result = 0;
ut_outputdir = NULL;
}
#else
printf("'%s' is not a directory\n", dirName);
result = 0;
ut_outputdir = NULL;
#endif
}
} else {
ut_outputdir = (os_char *)os_malloc(strlen(name)+1);
snprintf(ut_outputdir, strlen(name), "%s", name);
}
}
} else {
result = 0;
ut_outputdir = NULL;
}
if (result) {
status = os_access(ut_outputdir, 2); /* Check whether dir is writable */
if (status != os_resultSuccess) {
#ifdef WIN32
if ((strlen(dirName) == 2) && (dirName[1] == ':')) {
/*This is a device like for instance: 'C:'. Check if it exists...*/
dirName[2] = OS_FILESEPCHAR;
status = os_stat(dirName, &statBuf);
if (status == os_resultFail) {
printf("'%s' cannot be found", dirName);
result = 0;
ut_outputdir = NULL;
}
} else {
printf("Specified output directory '%s' is not writable.\n", ut_outputdir);
result = 0;
ut_outputdir = NULL;
}
#else
printf("Specified output directory '%s' is not writable.\n", ut_outputdir);
result = 0;
ut_outputdir = NULL;
#endif
}
}
return result;
}
static int eapol_auth_conf_clone(struct eapol_auth_config *dst,
struct eapol_auth_config *src)
{
dst->ctx = src->ctx;
dst->eap_reauth_period = src->eap_reauth_period;
dst->wpa = src->wpa;
dst->individual_wep_key_len = src->individual_wep_key_len;
dst->eap_server = src->eap_server;
dst->ssl_ctx = src->ssl_ctx;
dst->msg_ctx = src->msg_ctx;
dst->eap_sim_db_priv = src->eap_sim_db_priv;
os_free(dst->eap_req_id_text);
dst->pwd_group = src->pwd_group;
dst->pbc_in_m1 = src->pbc_in_m1;
dst->server_id = src->server_id;
dst->server_id_len = src->server_id_len;
if (src->eap_req_id_text) {
dst->eap_req_id_text = os_malloc(src->eap_req_id_text_len);
if (dst->eap_req_id_text == NULL)
return -1;
os_memcpy(dst->eap_req_id_text, src->eap_req_id_text,
src->eap_req_id_text_len);
dst->eap_req_id_text_len = src->eap_req_id_text_len;
} else {
dst->eap_req_id_text = NULL;
dst->eap_req_id_text_len = 0;
}
if (src->pac_opaque_encr_key) {
dst->pac_opaque_encr_key = os_malloc(16);
if (dst->pac_opaque_encr_key == NULL)
goto fail;
os_memcpy(dst->pac_opaque_encr_key, src->pac_opaque_encr_key,
16);
} else
dst->pac_opaque_encr_key = NULL;
if (src->eap_fast_a_id) {
dst->eap_fast_a_id = os_malloc(src->eap_fast_a_id_len);
if (dst->eap_fast_a_id == NULL)
goto fail;
os_memcpy(dst->eap_fast_a_id, src->eap_fast_a_id,
src->eap_fast_a_id_len);
dst->eap_fast_a_id_len = src->eap_fast_a_id_len;
} else
dst->eap_fast_a_id = NULL;
if (src->eap_fast_a_id_info) {
dst->eap_fast_a_id_info = os_strdup(src->eap_fast_a_id_info);
if (dst->eap_fast_a_id_info == NULL)
goto fail;
} else
dst->eap_fast_a_id_info = NULL;
dst->eap_fast_prov = src->eap_fast_prov;
dst->pac_key_lifetime = src->pac_key_lifetime;
dst->pac_key_refresh_time = src->pac_key_refresh_time;
dst->eap_sim_aka_result_ind = src->eap_sim_aka_result_ind;
dst->tnc = src->tnc;
dst->wps = src->wps;
dst->fragment_size = src->fragment_size;
os_free(dst->erp_domain);
if (src->erp_domain) {
dst->erp_domain = os_strdup(src->erp_domain);
if (dst->erp_domain == NULL)
goto fail;
} else {
dst->erp_domain = NULL;
}
dst->erp_send_reauth_start = src->erp_send_reauth_start;
dst->erp = src->erp;
return 0;
fail:
eapol_auth_conf_free(dst);
return -1;
}
/* OS_CleanMSG v0.3: 2006/03/04
* Format a received message in the
* Eventinfo structure.
*/
int OS_CleanMSG(char *msg, Eventinfo *lf)
{
int loglen;
char *pieces;
struct tm *p;
/* The message is formated in the following way:
* id:location:message.
*/
/* Ignoring the id of the message in here */
msg+=2;
/* Setting pieces as the message */
pieces = strchr(msg, ':');
if(!pieces)
{
merror(FORMAT_ERROR, ARGV0);
return(-1);
}
*pieces = '\0';
pieces++;
os_strdup(msg, lf->location);
/* Getting the log length */
loglen = strlen(pieces) + 1;
/* Assigning the values in the strucuture (lf->full_log) */
os_malloc((2*loglen) +1, lf->full_log);
/* Setting the whole message at full_log */
strncpy(lf->full_log, pieces, loglen);
/* Log is the one used for parsing in the decoders and rules */
lf->log = lf->full_log+loglen;
strncpy(lf->log, pieces, loglen);
/* check if month contains an umlaut and repair
* umlaute are non-ASCII and use 2 slots in the char array
* repair to only one slot so we can detect the correct date format in the next step
* ex: Mär 02 17:30:52
*/
if (pieces[1] == (char) 195) {
if (pieces[2] == (char) 164) {
pieces[0] = '\0';
pieces[1] = 'M';
pieces[2] = 'a';
pieces++;
}
}
/* Checking for the syslog date format.
* ( ex: Dec 29 10:00:01
* or 2007-06-14T15:48:55-04:00 for syslog-ng isodate
* or 2009-05-22T09:36:46.214994-07:00 for rsyslog )
*/
if(
(
(loglen > 17) &&
(pieces[3] == ' ') &&
(pieces[6] == ' ') &&
(pieces[9] == ':') &&
(pieces[12] == ':') &&
(pieces[15] == ' ') && (lf->log+=16)
)
||
(
(loglen > 33) &&
(pieces[4] == '-') &&
(pieces[7] == '-') &&
(pieces[10] == 'T') &&
(pieces[13] == ':') &&
(pieces[16] == ':') &&
(
((pieces[22] == ':') &&
(pieces[25] == ' ') && (lf->log+=26)) ||
((pieces[19] == '.') &&
(pieces[29] == ':') && (lf->log+=32))
)
)
)
{
/* Checking for an extra space in here */
if(*lf->log == ' ')
lf->log++;
/* Hostname */
pieces = lf->hostname = lf->log;
/* Checking for a valid hostname */
while(isValidChar(*pieces) == 1)
{
pieces++;
}
/* Checking if it is a syslog without hostname (common on Solaris. */
if(*pieces == ':' && pieces[1] == ' ')
{
/* Getting solaris 8/9 messages without hostname.
* In these cases, the process_name should be there.
* http://www.ossec.net/wiki/index.php/Log_Samples_Solaris
*/
lf->program_name = lf->hostname;
lf->hostname = NULL;
/* Ending the program name string. */
*pieces = '\0';
pieces+=2;
lf->log = pieces;
}
/* Extracting the hostname */
else if(*pieces != ' ')
{
/* Invalid hostname */
lf->hostname = NULL;
pieces = NULL;
}
else
{
/* Ending the hostname string */
*pieces = '\0';
/* Moving pieces to the beginning of the log message */
pieces++;
lf->log = pieces;
/* Getting program_name */
lf->program_name = pieces;
/* Extracting program_name */
/* Valid names:
* p_name:
* p_name[pid]:
* p_name[pid]: [ID xx facility.severity]
* auth|security:info p_name:
*
*/
while(isValidChar(*pieces) == 1)
{
pieces++;
}
/* Checking for the first format: p_name: */
if((*pieces == ':') && (pieces[1] == ' '))
{
*pieces = '\0';
pieces+=2;
}
/* Checking for the second format: p_name[pid]: */
else if((*pieces == '[') && (isdigit((int)pieces[1])))
{
*pieces = '\0';
pieces+=2;
while(isdigit((int)*pieces))
pieces++;
if((*pieces == ']')&& (pieces[1] == ':')&& (pieces[2] == ' '))
{
pieces+=3;
}
/* Some systems are not terminating the program name with
* the ':'. Working around this in here..
*/
else if((*pieces == ']') && (pieces[1] == ' '))
{
pieces+=2;
}
else
{
/* Fixing for some weird log formats. */
pieces--;
while(isdigit((int)*pieces))
{
pieces--;
}
if(*pieces == '\0')
*pieces = '[';
pieces = NULL;
lf->program_name = NULL;
}
}
/* AIX syslog. */
else if((*pieces == '|') && islower((int)pieces[1]))
{
pieces+=2;
/* Removing facility */
while(isalnum((int)*pieces))
pieces++;
if(*pieces == ':')
{
/* Removing severity. */
pieces++;
while(isalnum((int)*pieces))
pieces++;
if(*pieces == ' ')
{
pieces++;
lf->program_name = pieces;
/* Getting program name again. */
while(isValidChar(*pieces) == 1)
pieces++;
/* Checking for the first format: p_name: */
if((*pieces == ':') && (pieces[1] == ' '))
{
*pieces = '\0';
pieces+=2;
}
/* Checking for the second format: p_name[pid]: */
else if((*pieces == '[') && (isdigit((int)pieces[1])))
{
*pieces = '\0';
pieces+=2;
while(isdigit((int)*pieces))
pieces++;
if((*pieces == ']') && (pieces[1] == ':') &&
(pieces[2] == ' '))
{
pieces+=3;
}
else
{
pieces = NULL;
}
}
}
else
{
pieces = NULL;
lf->program_name = NULL;
}
}
/* Invalid AIX. */
else
{
pieces = NULL;
lf->program_name = NULL;
}
}
else
{
pieces = NULL;
lf->program_name = NULL;
}
}
/* Removing [ID xx facility.severity] */
if(pieces)
{
/* Setting log after program name */
lf->log = pieces;
if((pieces[0] == '[') &&
(pieces[1] == 'I') &&
(pieces[2] == 'D') &&
(pieces[3] == ' '))
{
pieces+=4;
/* Going after the ] */
pieces = strchr(pieces, ']');
if(pieces)
{
pieces+=2;
lf->log = pieces;
}
}
}
/* Getting program name size */
if(lf->program_name)
{
lf->p_name_size = strlen(lf->program_name);
}
}
/* xferlog date format
* Mon Apr 17 18:27:14 2006 1 64.160.42.130
*/
else if((loglen > 28) &&
(pieces[3] == ' ')&&
(pieces[7] == ' ')&&
(pieces[10] == ' ')&&
(pieces[13] == ':')&&
(pieces[16] == ':')&&
(pieces[19] == ' ')&&
(pieces[24] == ' ')&&
(pieces[26] == ' '))
{
/* Moving log to the beginning of the message */
lf->log+=24;
}
/* Checking for snort date format
* ex: 01/28-09:13:16.240702 [**]
*/
else if( (loglen > 24) &&
(pieces[2] == '/') &&
(pieces[5] == '-') &&
(pieces[8] == ':') &&
(pieces[11]== ':') &&
(pieces[14]== '.') &&
(pieces[21] == ' ') )
{
lf->log+=23;
}
/* Checking for suricata (new) date format
* ex: 01/28/1979-09:13:16.240702 [**]
*/
else if( (loglen > 26) &&
(pieces[2] == '/') &&
(pieces[5] == '/') &&
(pieces[10] == '-') &&
(pieces[13] == ':') &&
(pieces[16]== ':') &&
(pieces[19]== '.') &&
(pieces[26] == ' ') )
{
lf->log+=28;
}
/* Checking for apache log format */
/* [Fri Feb 11 18:06:35 2004] [warn] */
else if( (loglen > 27) &&
(pieces[0] == '[') &&
(pieces[4] == ' ') &&
(pieces[8] == ' ') &&
(pieces[11]== ' ') &&
(pieces[14]== ':') &&
(pieces[17]== ':') &&
(pieces[20]== ' ') &&
(pieces[25]== ']') )
{
lf->log+=27;
}
/* Checking for the osx asl log format.
* Examples:
* [Time 2006.12.28 15:53:55 UTC] [Facility auth] [Sender sshd] [PID 483] [Message error: PAM: Authentication failure for username from 192.168.0.2] [Level 3] [UID -2] [GID -2] [Host Hostname]
* [Time 2006.11.02 14:02:11 UTC] [Facility auth] [Sender sshd] [PID 856]
[Message refused connect from 59.124.44.34] [Level 4] [UID -2] [GID -2]
[Host robert-wyatts-emac]
*/
else if((loglen > 26) &&
(pieces[0] == '[') &&
(pieces[1] == 'T') &&
(pieces[5] == ' ') &&
(pieces[10] == '.') &&
(pieces[13] == '.') &&
(pieces[16] == ' ') &&
(pieces[19] == ':'))
{
/* Do not read more than 1 message entry -> log tampering */
short unsigned int done_message = 0;
/* Removing the date */
lf->log+=25;
/* Getting the desired values */
pieces = strchr(lf->log, '[');
while(pieces)
{
pieces++;
/* Getting the sender (set to program name) */
if((strncmp(pieces, "Sender ", 7) == 0) &&
(lf->program_name == NULL))
{
pieces+=7;
lf->program_name = pieces;
/* Getting the closing brackets */
pieces = strchr(pieces, ']');
if(pieces)
{
*pieces = '\0';
/* Setting program_name size */
lf->p_name_size = strlen(lf->program_name);
pieces++;
}
/* Invalid program name */
else
{
lf->program_name = NULL;
break;
}
}
/* Getting message */
else if((strncmp(pieces, "Message ", 8) == 0) &&
(done_message == 0))
{
pieces+=8;
done_message = 1;
lf->log = pieces;
/* Getting the closing brackets */
pieces = strchr(pieces, ']');
if(pieces)
{
*pieces = '\0';
pieces++;
}
/* Invalid log closure */
else
{
break;
}
}
/* Getting hostname */
else if(strncmp(pieces, "Host ", 5) == 0)
{
pieces+=5;
lf->hostname = pieces;
/* Getting the closing brackets */
pieces = strchr(pieces, ']');
if(pieces)
{
*pieces = '\0';
pieces++;
}
/* Invalid hostname */
else
{
lf->hostname = NULL;
}
break;
}
/* Getting next entry */
pieces = strchr(pieces, '[');
}
}
/* Checking for squid date format
* 1140804070.368 11623
* seconds from 00:00:00 1970-01-01 UTC
*/
else if((loglen > 32) &&
(pieces[0] == '1') &&
(isdigit((int)pieces[1])) &&
(isdigit((int)pieces[2])) &&
(isdigit((int)pieces[3])) &&
(pieces[10] == '.') &&
(isdigit((int)pieces[13])) &&
(pieces[14] == ' ') &&
((pieces[21] == ' ')||(pieces[22] == ' ')))
{
lf->log+=14;
/* We need to start at the size of the event */
while(*lf->log == ' ')
{
lf->log++;
}
}
/* Every message must be in the format
* hostname->location or
* (agent) ip->location.
*/
/* Setting hostname for local messages */
if(lf->location[0] == '(')
{
/* Messages from an agent */
lf->hostname = lf->location;
}
else if(lf->hostname == NULL)
{
lf->hostname = __shost;
}
/* Setting up the event data */
lf->time = c_time;
p = localtime(&c_time);
/* Assign hour, day, year and month values */
lf->day = p->tm_mday;
lf->year = p->tm_year+1900;
strncpy(lf->mon,month[p->tm_mon],3);
snprintf(lf->hour, 9, "%02d:%02d:%02d",
p->tm_hour,
p->tm_min,
p->tm_sec);
/* Setting the global hour/weekday */
__crt_hour = p->tm_hour;
__crt_wday = p->tm_wday;
#ifdef TESTRULE
if(!alert_only)
{
print_out("**Phase 1: Completed pre-decoding.");
print_out(" full event: '%s'", lf->full_log);
print_out(" hostname: '%s'", lf->hostname);
print_out(" program_name: '%s'", lf->program_name);
print_out(" log: '%s'", lf->log);
}
#endif
return(0);
}
struct eapol_state_machine *
eapol_auth_alloc(struct eapol_authenticator *eapol, const u8 *addr,
int flags, const struct wpabuf *assoc_wps_ie,
const struct wpabuf *assoc_p2p_ie, void *sta_ctx,
const char *identity, const char *radius_cui)
{
struct eapol_state_machine *sm;
struct eap_config eap_conf;
if (eapol == NULL)
return NULL;
sm = os_zalloc(sizeof(*sm));
if (sm == NULL) {
wpa_printf(MSG_DEBUG, "IEEE 802.1X state machine allocation "
"failed");
return NULL;
}
sm->radius_identifier = -1;
os_memcpy(sm->addr, addr, ETH_ALEN);
sm->flags = flags;
sm->eapol = eapol;
sm->sta = sta_ctx;
/* Set default values for state machine constants */
sm->auth_pae_state = AUTH_PAE_INITIALIZE;
sm->quietPeriod = AUTH_PAE_DEFAULT_quietPeriod;
sm->reAuthMax = AUTH_PAE_DEFAULT_reAuthMax;
sm->be_auth_state = BE_AUTH_INITIALIZE;
sm->serverTimeout = BE_AUTH_DEFAULT_serverTimeout;
sm->reauth_timer_state = REAUTH_TIMER_INITIALIZE;
sm->reAuthPeriod = eapol->conf.eap_reauth_period;
sm->reAuthEnabled = eapol->conf.eap_reauth_period > 0 ? TRUE : FALSE;
sm->auth_key_tx_state = AUTH_KEY_TX_NO_KEY_TRANSMIT;
sm->key_rx_state = KEY_RX_NO_KEY_RECEIVE;
sm->ctrl_dir_state = CTRL_DIR_IN_OR_BOTH;
sm->portControl = Auto;
if (!eapol->conf.wpa &&
(eapol->default_wep_key || eapol->conf.individual_wep_key_len > 0))
sm->keyTxEnabled = TRUE;
else
sm->keyTxEnabled = FALSE;
if (eapol->conf.wpa)
sm->portValid = FALSE;
else
sm->portValid = TRUE;
os_memset(&eap_conf, 0, sizeof(eap_conf));
eap_conf.eap_server = eapol->conf.eap_server;
eap_conf.ssl_ctx = eapol->conf.ssl_ctx;
eap_conf.msg_ctx = eapol->conf.msg_ctx;
eap_conf.eap_sim_db_priv = eapol->conf.eap_sim_db_priv;
eap_conf.pac_opaque_encr_key = eapol->conf.pac_opaque_encr_key;
eap_conf.eap_fast_a_id = eapol->conf.eap_fast_a_id;
eap_conf.eap_fast_a_id_len = eapol->conf.eap_fast_a_id_len;
eap_conf.eap_fast_a_id_info = eapol->conf.eap_fast_a_id_info;
eap_conf.eap_fast_prov = eapol->conf.eap_fast_prov;
eap_conf.pac_key_lifetime = eapol->conf.pac_key_lifetime;
eap_conf.pac_key_refresh_time = eapol->conf.pac_key_refresh_time;
eap_conf.eap_sim_aka_result_ind = eapol->conf.eap_sim_aka_result_ind;
eap_conf.tnc = eapol->conf.tnc;
eap_conf.wps = eapol->conf.wps;
eap_conf.assoc_wps_ie = assoc_wps_ie;
eap_conf.assoc_p2p_ie = assoc_p2p_ie;
eap_conf.peer_addr = addr;
eap_conf.fragment_size = eapol->conf.fragment_size;
eap_conf.pwd_group = eapol->conf.pwd_group;
eap_conf.pbc_in_m1 = eapol->conf.pbc_in_m1;
eap_conf.server_id = eapol->conf.server_id;
eap_conf.server_id_len = eapol->conf.server_id_len;
eap_conf.erp = eapol->conf.erp;
sm->eap = eap_server_sm_init(sm, &eapol_cb, &eap_conf);
if (sm->eap == NULL) {
eapol_auth_free(sm);
return NULL;
}
sm->eap_if = eap_get_interface(sm->eap);
eapol_auth_initialize(sm);
if (identity) {
sm->identity = (u8 *) os_strdup(identity);
if (sm->identity)
sm->identity_len = os_strlen(identity);
}
if (radius_cui)
sm->radius_cui = wpabuf_alloc_copy(radius_cui,
os_strlen(radius_cui));
sm->acct_multi_session_id_lo = eapol->acct_multi_session_id_lo++;
if (eapol->acct_multi_session_id_lo == 0)
eapol->acct_multi_session_id_hi++;
sm->acct_multi_session_id_hi = eapol->acct_multi_session_id_hi;
return sm;
}
struct wpa_config * wpa_config_read(const char *name)
{
FILE *f;
char buf[256], *pos;
int errors = 0, line = 0;
struct wpa_ssid *ssid, *tail = NULL, *head = NULL;
struct wpa_config *config;
int id = 0;
config = wpa_config_alloc_empty(NULL, NULL);
if (config == NULL)
return NULL;
wpa_printf(MSG_DEBUG, "Reading configuration file '%s'", name);
f = fopen(name, "r");
if (f == NULL) {
os_free(config);
return NULL;
}
while (wpa_config_get_line(buf, sizeof(buf), f, &line, &pos)) {
if (os_strcmp(pos, "network={") == 0) {
ssid = wpa_config_read_network(f, &line, id++);
if (ssid == NULL) {
wpa_printf(MSG_ERROR, "Line %d: failed to "
"parse network block.", line);
#ifndef WPA_IGNORE_CONFIG_ERRORS
errors++;
#endif
continue;
}
if (head == NULL) {
head = tail = ssid;
} else {
tail->next = ssid;
tail = ssid;
}
if (wpa_config_add_prio_network(config, ssid)) {
wpa_printf(MSG_ERROR, "Line %d: failed to add "
"network block to priority list.",
line);
errors++;
continue;
}
} else if (os_strncmp(pos, "blob-base64-", 12) == 0) {
char *bname = pos + 12, *name_end;
struct wpa_config_blob *blob;
name_end = os_strchr(bname, '=');
if (name_end == NULL) {
wpa_printf(MSG_ERROR, "Line %d: no blob name "
"terminator", line);
errors++;
continue;
}
*name_end = '\0';
blob = wpa_config_read_blob(f, &line, bname);
if (blob == NULL) {
wpa_printf(MSG_ERROR, "Line %d: failed to read"
" blob %s", line, bname);
errors++;
continue;
}
wpa_config_set_blob(config, blob);
#ifdef CONFIG_CTRL_IFACE
} else if (os_strncmp(pos, "ctrl_interface=", 15) == 0) {
os_free(config->ctrl_interface);
config->ctrl_interface = os_strdup(pos + 15);
wpa_printf(MSG_DEBUG, "ctrl_interface='%s'",
config->ctrl_interface);
} else if (os_strncmp(pos, "ctrl_interface_group=", 21) == 0) {
os_free(config->ctrl_interface_group);
config->ctrl_interface_group = os_strdup(pos + 21);
wpa_printf(MSG_DEBUG, "ctrl_interface_group='%s' "
"(DEPRECATED)",
config->ctrl_interface_group);
#endif /* CONFIG_CTRL_IFACE */
} else if (os_strncmp(pos, "eapol_version=", 14) == 0) {
config->eapol_version = atoi(pos + 14);
if (config->eapol_version < 1 ||
config->eapol_version > 2) {
wpa_printf(MSG_ERROR, "Line %d: Invalid EAPOL "
"version (%d): '%s'.",
line, config->eapol_version, pos);
errors++;
continue;
}
wpa_printf(MSG_DEBUG, "eapol_version=%d",
config->eapol_version);
} else if (os_strncmp(pos, "ap_scan=", 8) == 0) {
config->ap_scan = atoi(pos + 8);
wpa_printf(MSG_DEBUG, "ap_scan=%d", config->ap_scan);
} else if (os_strncmp(pos, "fast_reauth=", 12) == 0) {
config->fast_reauth = atoi(pos + 12);
wpa_printf(MSG_DEBUG, "fast_reauth=%d",
config->fast_reauth);
} else if (os_strncmp(pos, "opensc_engine_path=", 19) == 0) {
os_free(config->opensc_engine_path);
config->opensc_engine_path = os_strdup(pos + 19);
wpa_printf(MSG_DEBUG, "opensc_engine_path='%s'",
config->opensc_engine_path);
} else if (os_strncmp(pos, "pkcs11_engine_path=", 19) == 0) {
os_free(config->pkcs11_engine_path);
config->pkcs11_engine_path = os_strdup(pos + 19);
wpa_printf(MSG_DEBUG, "pkcs11_engine_path='%s'",
config->pkcs11_engine_path);
} else if (os_strncmp(pos, "pkcs11_module_path=", 19) == 0) {
os_free(config->pkcs11_module_path);
config->pkcs11_module_path = os_strdup(pos + 19);
wpa_printf(MSG_DEBUG, "pkcs11_module_path='%s'",
config->pkcs11_module_path);
} else if (os_strncmp(pos, "driver_param=", 13) == 0) {
os_free(config->driver_param);
config->driver_param = os_strdup(pos + 13);
wpa_printf(MSG_DEBUG, "driver_param='%s'",
config->driver_param);
} else if (os_strncmp(pos, "dot11RSNAConfigPMKLifetime=", 27)
== 0) {
config->dot11RSNAConfigPMKLifetime = atoi(pos + 27);
wpa_printf(MSG_DEBUG, "dot11RSNAConfigPMKLifetime=%d",
config->dot11RSNAConfigPMKLifetime);
} else if (os_strncmp(pos,
"dot11RSNAConfigPMKReauthThreshold=", 34)
== 0) {
config->dot11RSNAConfigPMKReauthThreshold =
atoi(pos + 34);
wpa_printf(MSG_DEBUG,
"dot11RSNAConfigPMKReauthThreshold=%d",
config->dot11RSNAConfigPMKReauthThreshold);
} else if (os_strncmp(pos, "dot11RSNAConfigSATimeout=", 25) ==
0) {
config->dot11RSNAConfigSATimeout = atoi(pos + 25);
wpa_printf(MSG_DEBUG, "dot11RSNAConfigSATimeout=%d",
config->dot11RSNAConfigSATimeout);
} else if (os_strncmp(pos, "update_config=", 14) == 0) {
config->update_config = atoi(pos + 14);
wpa_printf(MSG_DEBUG, "update_config=%d",
config->update_config);
} else if (os_strncmp(pos, "load_dynamic_eap=", 17) == 0) {
char *so = pos + 17;
int ret;
wpa_printf(MSG_DEBUG, "load_dynamic_eap=%s", so);
ret = eap_peer_method_load(so);
if (ret == -2) {
wpa_printf(MSG_DEBUG, "This EAP type was "
"already loaded - not reloading.");
} else if (ret) {
wpa_printf(MSG_ERROR, "Line %d: Failed to "
"load dynamic EAP method '%s'.",
line, so);
errors++;
}
} else {
wpa_printf(MSG_ERROR, "Line %d: Invalid configuration "
"line '%s'.", line, pos);
errors++;
continue;
}
}
fclose(f);
config->ssid = head;
wpa_config_debug_dump_networks(config);
#ifndef WPA_IGNORE_CONFIG_ERRORS
if (errors) {
wpa_config_free(config);
config = NULL;
head = NULL;
}
#endif
return config;
}
// =============================================================================
static int sci_csvDefault_one_rhs(char *fname, void* pvApiCtx)
{
int iErr = 0;
char *fieldname = NULL;
char *fieldvalue = NULL;
fieldname = csv_getArgumentAsString(pvApiCtx, 1, fname, &iErr);
if (iErr)
{
freeVar(&fieldname, &fieldvalue);
return 0;
}
if (strcmp(fieldname, SEPARATOR_FIELDNAME) == 0)
{
fieldvalue = os_strdup(getCsvDefaultSeparator());
}
else if (strcmp(fieldname, DECIMAL_FIELDNAME) == 0)
{
fieldvalue = os_strdup(getCsvDefaultDecimal());
}
else if (strcmp(fieldname, CONVERSION_FIELDNAME) == 0)
{
fieldvalue = os_strdup(getCsvDefaultConversion());
}
else if (strcmp(fieldname, PRECISION_FIELDNAME) == 0)
{
fieldvalue = os_strdup(getCsvDefaultPrecision());
}
else if (strcmp(fieldname, COMMENTSREGEXP_FIELDNAME) == 0)
{
fieldvalue = os_strdup(getCsvDefaultCommentsRegExp());
}
else if (strcmp(fieldname, EOL_FIELDNAME) == 0)
{
const char *currentEol = getCsvDefaultEOL();
if (currentEol)
{
if (strcmp(currentEol, MACOS9_EOL) == 0)
{
fieldvalue = os_strdup(MACOS9_EOL_STRING);
}
else if (strcmp(currentEol, WINDOWS_EOL) == 0)
{
fieldvalue = os_strdup(WINDOWS_EOL_STRING);
}
else if (strcmp(currentEol, LINUX_EOL) == 0)
{
fieldvalue = os_strdup(LINUX_EOL_STRING);
}
else
{
fieldvalue = os_strdup("ERROR");
}
}
else
{
fieldvalue = os_strdup("ERROR");
}
}
else if (strcmp(fieldname, ENCODING_FIELDNAME) == 0)
{
fieldvalue = os_strdup(getCsvDefaultEncoding());
}
else if (strcmp(fieldname, BLANK_FIELDNAME) == 0)
{
fieldvalue = os_strdup(getCsvDefaultCsvIgnoreBlankLine());
}
else if (strcmp(fieldname, RESET_PARAMATERS) == 0)
{
freeVar(&fieldname, &fieldvalue);
setCsvDefaultReset();
createEmptyMatrix(pvApiCtx, Rhs + 1);
LhsVar(1) = Rhs + 1;
PutLhsVar();
return 0;
}
else
{
Scierror(999, _("%s: Wrong value for input argument #%d: '%s', '%s', '%s', '%s', '%s' or '%s' expected.\n"), fname, 1, SEPARATOR_FIELDNAME, DECIMAL_FIELDNAME, CONVERSION_FIELDNAME, COMMENTSREGEXP_FIELDNAME, EOL_FIELDNAME, BLANK_FIELDNAME);
freeVar(&fieldname, &fieldvalue);
return 0;
}
createSingleString(pvApiCtx, Rhs + 1, fieldvalue);
freeVar(&fieldname, &fieldvalue);
LhsVar(1) = Rhs + 1;
PutLhsVar();
return 0;
}
/** int rk_check_file(char *value, char *pattern)
*/
int rk_check_file(char *file, char *pattern)
{
char *split_file;
int full_negate = 0;
int pt_result = 0;
FILE *fp;
char buf[OS_SIZE_2048 +1];
/* If string is null, we don't match */
if(file == NULL)
{
return(0);
}
/* Checking if the file is divided */
split_file = strchr(file, ',');
if(split_file)
{
*split_file = '\0';
split_file++;
}
/* Getting each file */
do
{
/* If we don't have a pattern, just check if the file/dir is there */
if(pattern == NULL)
{
if(is_file(file))
{
int i = 0;
char _b_msg[OS_SIZE_1024 +1];
_b_msg[OS_SIZE_1024] = '\0';
snprintf(_b_msg, OS_SIZE_1024, " File: %s.",
file);
/* Already present. */
if(_is_str_in_array(rootcheck.alert_msg, _b_msg))
{
return(1);
}
while(rootcheck.alert_msg[i] && (i < 255))
i++;
if(!rootcheck.alert_msg[i])
os_strdup(_b_msg, rootcheck.alert_msg[i]);
return(1);
}
}
else
{
full_negate = pt_check_negate(pattern);
/* Checking for a content in the file */
debug1("checking file: %s", file);
fp = fopen(file, "r");
if(fp)
{
debug1(" starting new file: %s", file);
buf[OS_SIZE_2048] = '\0';
while(fgets(buf, OS_SIZE_2048, fp) != NULL)
{
char *nbuf;
/* Removing end of line */
nbuf = strchr(buf, '\n');
if(nbuf)
{
*nbuf = '\0';
}
#ifdef WIN32
/* Removing end of line */
nbuf = strchr(buf, '\r');
if(nbuf)
{
*nbuf = '\0';
}
#endif
/* Matched */
pt_result = pt_matches(buf, pattern);
debug1("Buf == \"%s\"", buf);
debug1("Pattern == \"%s\"", pattern);
debug1("pt_result == %d and full_negate == %d", pt_result, full_negate);
if((pt_result == 1 && full_negate == 0) )
{
debug1("alerting file %s on line %s", file, buf);
int i = 0;
char _b_msg[OS_SIZE_1024 +1];
/* Closing the file before dealing with the alert. */
fclose(fp);
/* Generating the alert itself. */
_b_msg[OS_SIZE_1024] = '\0';
snprintf(_b_msg, OS_SIZE_1024, " File: %s.",
file);
/* Already present. */
if(_is_str_in_array(rootcheck.alert_msg, _b_msg))
{
return(1);
}
while(rootcheck.alert_msg[i] && (i < 255))
i++;
if(!rootcheck.alert_msg[i])
os_strdup(_b_msg, rootcheck.alert_msg[i]);
return(1);
}
else if((pt_result == 0 && full_negate == 1) )
{
/* found a full+negate match so no longer need to search
* break out of loop and amke sure the full negate does
* not alertin
*/
debug1("found a complete match for full_negate");
full_negate = 0;
break;
}
}
fclose(fp);
if(full_negate == 1)
{
debug1("full_negate alerting - file %s",file);
int i = 0;
char _b_msg[OS_SIZE_1024 +1];
/* Generating the alert itself. */
_b_msg[OS_SIZE_1024] = '\0';
snprintf(_b_msg, OS_SIZE_1024, " File: %s.",
file);
/* Already present. */
if(_is_str_in_array(rootcheck.alert_msg, _b_msg))
{
return(1);
}
while(rootcheck.alert_msg[i] && (i < 255))
i++;
if(!rootcheck.alert_msg[i])
os_strdup(_b_msg, rootcheck.alert_msg[i]);
return(1);
}
}
}
if(split_file)
{
file = split_file;
split_file = strchr(split_file, ',');
if(split_file)
{
split_file++;
}
}
}while(split_file);
return(0);
}
// =============================================================================
static int sci_csvDefault_no_rhs(char *fname, void* pvApiCtx)
{
int sizeArray = NUMBER_FIELD * 2;
char **arrayOut = (char**)MALLOC(sizeof(char*) * sizeArray);
if (arrayOut)
{
SciErr sciErr;
int nbRows = NUMBER_FIELD;
int nbCols = 2;
const char *currentEol = getCsvDefaultEOL();
arrayOut[0] = os_strdup(SEPARATOR_FIELDNAME);
arrayOut[1] = os_strdup(DECIMAL_FIELDNAME);
arrayOut[2] = os_strdup(CONVERSION_FIELDNAME);
arrayOut[3] = os_strdup(PRECISION_FIELDNAME);
arrayOut[4] = os_strdup(COMMENTSREGEXP_FIELDNAME);
arrayOut[5] = os_strdup(EOL_FIELDNAME);
arrayOut[6] = os_strdup(ENCODING_FIELDNAME);
arrayOut[7] = os_strdup(BLANK_FIELDNAME);
arrayOut[8] = os_strdup(getCsvDefaultSeparator());
arrayOut[9] = os_strdup(getCsvDefaultDecimal());
arrayOut[10] = os_strdup(getCsvDefaultConversion());
arrayOut[11] = os_strdup(getCsvDefaultPrecision());
arrayOut[12] = os_strdup(getCsvDefaultCommentsRegExp());
if (currentEol)
{
if (strcmp(currentEol, MACOS9_EOL) == 0)
{
arrayOut[13] = os_strdup(MACOS9_EOL_STRING);
}
else if (strcmp(currentEol, WINDOWS_EOL) == 0)
{
arrayOut[13] = os_strdup(WINDOWS_EOL_STRING);
}
else if (strcmp(currentEol, LINUX_EOL) == 0)
{
arrayOut[13] = os_strdup(LINUX_EOL_STRING);
}
else
{
arrayOut[13] = os_strdup("ERROR");
}
}
else
{
arrayOut[13] = os_strdup("ERROR");
}
arrayOut[14] = os_strdup(getCsvDefaultEncoding());
arrayOut[15] = os_strdup(getCsvDefaultCsvIgnoreBlankLine());
sciErr = createMatrixOfString(pvApiCtx, Rhs + 1, nbRows, nbCols, arrayOut);
freeArrayOfString(arrayOut, sizeArray);
if (sciErr.iErr)
{
printError(&sciErr, 0);
return 0;
}
LhsVar(1) = Rhs + 1;
PutLhsVar();
}
else
{
Scierror(999, _("%s: Memory allocation error.\n"), fname);
}
return 0;
}
int main(int argc, char *argv[])
{
int warning_displayed = 0;
int c;
int daemonize = 0;
if (os_program_init())
return -1;
for (;;) {
c = getopt(argc, argv, "a:BhG:i:p:v");
if (c < 0)
break;
switch (c) {
case 'a':
action_file = optarg;
break;
case 'B':
daemonize = 1;
break;
case 'G':
ping_interval = atoi(optarg);
break;
case 'h':
usage();
return 0;
case 'v':
printf("%s\n", hostapd_cli_version);
return 0;
case 'i':
os_free(ctrl_ifname);
ctrl_ifname = os_strdup(optarg);
break;
case 'p':
ctrl_iface_dir = optarg;
break;
default:
usage();
return -1;
}
}
interactive = (argc == optind) && (action_file == NULL);
if (interactive) {
printf("%s\n\n%s\n\n", hostapd_cli_version,
hostapd_cli_license);
}
if (eloop_init())
return -1;
for (;;) {
if (ctrl_ifname == NULL) {
struct dirent *dent;
DIR *dir = opendir(ctrl_iface_dir);
if (dir) {
while ((dent = readdir(dir))) {
if (os_strcmp(dent->d_name, ".") == 0
||
os_strcmp(dent->d_name, "..") == 0)
continue;
printf("Selected interface '%s'\n",
dent->d_name);
ctrl_ifname = os_strdup(dent->d_name);
break;
}
closedir(dir);
}
}
ctrl_conn = hostapd_cli_open_connection(ctrl_ifname);
if (ctrl_conn) {
if (warning_displayed)
printf("Connection established.\n");
break;
}
if (!interactive) {
perror("Failed to connect to hostapd - "
"wpa_ctrl_open");
return -1;
}
if (!warning_displayed) {
printf("Could not connect to hostapd - re-trying\n");
warning_displayed = 1;
}
os_sleep(1, 0);
continue;
}
if (interactive || action_file) {
if (wpa_ctrl_attach(ctrl_conn) == 0) {
hostapd_cli_attached = 1;
} else {
printf("Warning: Failed to attach to hostapd.\n");
if (action_file)
return -1;
}
}
if (daemonize && os_daemonize(pid_file))
return -1;
if (interactive)
hostapd_cli_interactive();
else if (action_file)
hostapd_cli_action(ctrl_conn);
else
wpa_request(ctrl_conn, argc - optind, &argv[optind]);
os_free(ctrl_ifname);
eloop_destroy();
hostapd_cli_cleanup();
return 0;
}
void generate_reports(int cday, int cmon, int cyear, const struct tm *p)
{
int s = 0;
if(!mond.smtpserver)
{
return;
}
if(mond.reports)
{
int twait = 0;
int childcount = 0;
while(mond.reports[s])
{
pid_t pid;
if(mond.reports[s]->emailto == NULL)
{
s++;
continue;
}
/* We create a new process to run the report and send the email.
* To avoid crashing monitord if something goes wrong.
*/
pid = fork();
if(pid < 0)
{
merror("%s: ERROR: Fork failed. cause: %d - %s", ARGV0, errno, strerror(errno));
s++;
continue;
}
else if(pid == 0)
{
char fname[256];
char aname[256];
fname[255] = '\0';
aname[255] = '\0';
snprintf(fname, 255, "/logs/.report-%d.log", getpid());
merror("%s: INFO: Starting daily reporting for '%s'", ARGV0, mond.reports[s]->title);
mond.reports[s]->r_filter.fp = fopen(fname, "w+");
if(!mond.reports[s]->r_filter.fp)
{
merror("%s: ERROR: Unable to open temporary reports file.", ARGV0);
s++;
continue;
}
/* Opening the log file. */
snprintf(aname, 255, "%s/%d/%s/ossec-%s-%02d.log",
ALERTS, cyear, monthss[cmon], "alerts", cday);
os_strdup(aname, mond.reports[s]->r_filter.filename);
/* Starting report */
os_ReportdStart(&mond.reports[s]->r_filter);
fflush(mond.reports[s]->r_filter.fp);
if(ftell(mond.reports[s]->r_filter.fp) < 10)
{
merror("%s: INFO: Report '%s' empty.", ARGV0, mond.reports[s]->title);
}
else if(OS_SendCustomEmail(mond.reports[s]->emailto, mond.reports[s]->title,
mond.smtpserver, mond.emailfrom, mond.emailidsname, mond.reports[s]->r_filter.fp, p) != 0)
{
merror("%s: WARN: Unable to send report email.", ARGV0);
}
fclose(mond.reports[s]->r_filter.fp);
unlink(fname);
free(mond.reports[s]->r_filter.filename);
mond.reports[s]->r_filter.filename = NULL;
exit(0);
}
else
{
/* Sleep between each report. Time is not important in here. */
sleep(20);
childcount++;
}
s++;
}
while (childcount)
{
int wp;
wp = waitpid((pid_t) -1, NULL, WNOHANG);
if (wp < 0)
{
merror(WAITPID_ERROR, ARGV0, errno, strerror(errno));
}
else if(wp == 0)
{
/* If there is still any report left, sleep 5 and try again.*/
sleep(5);
twait++;
if(twait > 2)
{
merror("%s: WARN: Report taking too long to complete. Waiting for it to finish...", ARGV0);
sleep(10);
if(twait > 10)
{
merror("%s: WARN: Report took too long. Moving on...", ARGV0);
break;
}
}
}
else
{
childcount--;
}
}
}
return;
}
int main(int argc, char *argv[])
{
struct wpa_global global;
struct wpa_supplicant wpa_s;
int c, ret = 1, wait_for_monitor = 0, save_config = 0;
char *as_addr = "127.0.0.1";
int as_port = 1812;
char *as_secret = "radius";
char *cli_addr = NULL;
char *conf = NULL;
int timeout = 30;
char *pos;
struct extra_radius_attr *p = NULL, *p1;
if (os_program_init())
return -1;
hostapd_logger_register_cb(hostapd_logger_cb);
os_memset(&eapol_test, 0, sizeof(eapol_test));
eapol_test.connect_info = "CONNECT 11Mbps 802.11b";
os_memcpy(eapol_test.own_addr, "\x02\x00\x00\x00\x00\x01", ETH_ALEN);
eapol_test.pcsc_pin = "1234";
wpa_debug_level = 0;
wpa_debug_show_keys = 1;
for (;;) {
c = getopt(argc, argv, "a:A:c:C:eM:nN:o:p:P:r:R:s:St:W");
if (c < 0)
break;
switch (c) {
case 'a':
as_addr = optarg;
break;
case 'A':
cli_addr = optarg;
break;
case 'c':
conf = optarg;
break;
case 'C':
eapol_test.connect_info = optarg;
break;
case 'e':
eapol_test.req_eap_key_name = 1;
break;
case 'M':
if (hwaddr_aton(optarg, eapol_test.own_addr)) {
usage();
return -1;
}
break;
case 'n':
eapol_test.no_mppe_keys++;
break;
case 'o':
if (eapol_test.server_cert_file)
fclose(eapol_test.server_cert_file);
eapol_test.server_cert_file = fopen(optarg, "w");
if (eapol_test.server_cert_file == NULL) {
printf("Could not open '%s' for writing\n",
optarg);
return -1;
}
break;
case 'p':
as_port = atoi(optarg);
break;
case 'P':
eapol_test.pcsc_pin = optarg;
break;
case 'r':
eapol_test.eapol_test_num_reauths = atoi(optarg);
break;
case 'R':
eapol_test.pcsc_reader = optarg;
break;
case 's':
as_secret = optarg;
break;
case 'S':
save_config++;
break;
case 't':
timeout = atoi(optarg);
break;
case 'W':
wait_for_monitor++;
break;
case 'N':
p1 = os_zalloc(sizeof(*p1));
if (p1 == NULL)
break;
if (!p)
eapol_test.extra_attrs = p1;
else
p->next = p1;
p = p1;
p->type = atoi(optarg);
pos = os_strchr(optarg, ':');
if (pos == NULL) {
p->syntax = 'n';
p->data = NULL;
break;
}
pos++;
if (pos[0] == '\0' || pos[1] != ':') {
printf("Incorrect format of attribute "
"specification\n");
break;
}
p->syntax = pos[0];
p->data = pos + 2;
break;
default:
usage();
return -1;
}
}
if (argc > optind && os_strcmp(argv[optind], "scard") == 0) {
return scard_test(&eapol_test);
}
if (argc > optind && os_strcmp(argv[optind], "sim") == 0) {
return scard_get_triplets(&eapol_test, argc - optind - 1,
&argv[optind + 1]);
}
if (conf == NULL) {
usage();
printf("Configuration file is required.\n");
return -1;
}
if (eap_register_methods()) {
wpa_printf(MSG_ERROR, "Failed to register EAP methods");
return -1;
}
if (eloop_init()) {
wpa_printf(MSG_ERROR, "Failed to initialize event loop");
return -1;
}
os_memset(&global, 0, sizeof(global));
os_memset(&wpa_s, 0, sizeof(wpa_s));
wpa_s.global = &global;
eapol_test.wpa_s = &wpa_s;
dl_list_init(&wpa_s.bss);
dl_list_init(&wpa_s.bss_id);
wpa_s.conf = wpa_config_read(conf, NULL);
if (wpa_s.conf == NULL) {
printf("Failed to parse configuration file '%s'.\n", conf);
return -1;
}
if (wpa_s.conf->ssid == NULL) {
printf("No networks defined.\n");
return -1;
}
if (eapol_test.pcsc_reader) {
os_free(wpa_s.conf->pcsc_reader);
wpa_s.conf->pcsc_reader = os_strdup(eapol_test.pcsc_reader);
}
wpa_init_conf(&eapol_test, &wpa_s, as_addr, as_port, as_secret,
cli_addr);
wpa_s.ctrl_iface = wpa_supplicant_ctrl_iface_init(&wpa_s);
if (wpa_s.ctrl_iface == NULL) {
printf("Failed to initialize control interface '%s'.\n"
"You may have another eapol_test process already "
"running or the file was\n"
"left by an unclean termination of eapol_test in "
"which case you will need\n"
"to manually remove this file before starting "
"eapol_test again.\n",
wpa_s.conf->ctrl_interface);
return -1;
}
if (wpa_supplicant_scard_init(&wpa_s, wpa_s.conf->ssid))
return -1;
if (test_eapol(&eapol_test, &wpa_s, wpa_s.conf->ssid))
return -1;
if (wpas_init_ext_pw(&wpa_s) < 0)
return -1;
if (wait_for_monitor)
wpa_supplicant_ctrl_iface_wait(wpa_s.ctrl_iface);
eloop_register_timeout(timeout, 0, eapol_test_timeout, &eapol_test,
NULL);
eloop_register_timeout(0, 0, send_eap_request_identity, &wpa_s, NULL);
eloop_register_signal_terminate(eapol_test_terminate, &wpa_s);
eloop_register_signal_reconfig(eapol_test_terminate, &wpa_s);
eloop_run();
eloop_cancel_timeout(eapol_test_timeout, &eapol_test, NULL);
eloop_cancel_timeout(eapol_sm_reauth, &eapol_test, NULL);
if (eapol_test_compare_pmk(&eapol_test) == 0 ||
eapol_test.no_mppe_keys)
ret = 0;
if (eapol_test.auth_timed_out)
ret = -2;
if (eapol_test.radius_access_reject_received)
ret = -3;
if (save_config)
wpa_config_write(conf, wpa_s.conf);
test_eapol_clean(&eapol_test, &wpa_s);
eap_peer_unregister_methods();
#ifdef CONFIG_AP
eap_server_unregister_methods();
#endif /* CONFIG_AP */
eloop_destroy();
if (eapol_test.server_cert_file)
fclose(eapol_test.server_cert_file);
printf("MPPE keys OK: %d mismatch: %d\n",
eapol_test.num_mppe_ok, eapol_test.num_mppe_mismatch);
if (eapol_test.num_mppe_mismatch)
ret = -4;
if (ret)
printf("FAILURE\n");
else
printf("SUCCESS\n");
os_program_deinit();
return ret;
}
/*--------------------------------------------------------------------------*/
int sci_fftw_flags(char *fname, void* pvApiCtx)
{
/* declaration of variables to store scilab parameters address */
static int m1 = 0, n1 = 0;
char **Str1 = NULL;
char **Str3 = NULL;
unsigned int uiVar1 = 0;
int* piDataOut = NULL;
int* piAddr1 = NULL;
int* piLen = NULL;
int iType = 0;
/* please update me ! */
static int nb_flag = 22;
static char *Str[] =
{
/* documented flags */
"FFTW_MEASURE",
"FFTW_DESTROY_INPUT",
"FFTW_UNALIGNED",
"FFTW_CONSERVE_MEMORY",
"FFTW_EXHAUSTIVE",
"FFTW_PRESERVE_INPUT",
"FFTW_PATIENT",
"FFTW_ESTIMATE",
/* undocumented beyond-guru flags */
"FFTW_ESTIMATE_PATIENT",
"FFTW_BELIEVE_PCOST",
"FFTW_NO_DFT_R2HC",
"FFTW_NO_NONTHREADED",
"FFTW_NO_BUFFERING",
"FFTW_NO_INDIRECT_OP",
"FFTW_ALLOW_LARGE_GENERIC",
"FFTW_NO_RANK_SPLITS",
"FFTW_NO_VRANK_SPLITS",
"FFTW_NO_VRECURSE",
"FFTW_NO_SIMD",
"FFTW_NO_SLOW",
"FFTW_NO_FIXED_RADIX_LARGE_N",
"FFTW_ALLOW_PRUNING"
};
static unsigned flagt[] =
{
/* documented flags */
FFTW_MEASURE,
FFTW_DESTROY_INPUT,
FFTW_UNALIGNED,
FFTW_CONSERVE_MEMORY,
FFTW_EXHAUSTIVE,
FFTW_PRESERVE_INPUT,
FFTW_PATIENT,
FFTW_ESTIMATE,
/* undocumented beyond-guru flags */
FFTW_ESTIMATE_PATIENT,
FFTW_BELIEVE_PCOST,
FFTW_NO_DFT_R2HC,
FFTW_NO_NONTHREADED,
FFTW_NO_BUFFERING,
FFTW_NO_INDIRECT_OP,
FFTW_ALLOW_LARGE_GENERIC,
FFTW_NO_RANK_SPLITS,
FFTW_NO_VRANK_SPLITS,
FFTW_NO_VRECURSE,
FFTW_NO_SIMD,
FFTW_NO_SLOW,
FFTW_NO_FIXED_RADIX_LARGE_N,
FFTW_ALLOW_PRUNING
};
unsigned flagv = 0;
int i = 0, j = 0;
SciErr sciErr;
CheckInputArgument(pvApiCtx, 0, 1);
if (nbInputArgument(pvApiCtx) == 0)
{
// nothing
}
else
{
//get variable address of the input argument
sciErr = getVarAddressFromPosition(pvApiCtx, 1, &piAddr1);
if (sciErr.iErr)
{
printError(&sciErr, 0);
return 1;
}
getVarType(pvApiCtx, piAddr1, &iType);
switch (iType)
{
case sci_ints:
{
/* int */
int iPrecision = 0;
int* pi32Data = NULL;
unsigned int* pui32Data = NULL;
getMatrixOfIntegerPrecision(pvApiCtx, piAddr1, &iPrecision);
if (iPrecision != SCI_INT32 && iPrecision != SCI_UINT32)
{
Scierror(999, _("%s: Wrong type for input argument #%d: A int32 expected.\n"), fname, 1);
return 1;
}
if (iPrecision == SCI_INT32)
{
sciErr = getMatrixOfInteger32(pvApiCtx, piAddr1, &m1, &n1, &pi32Data);
uiVar1 = (unsigned int)pi32Data[0];
}
else
{
sciErr = getMatrixOfUnsignedInteger32(pvApiCtx, piAddr1, &m1, &n1, &pui32Data);
uiVar1 = pui32Data[0];
}
if (sciErr.iErr)
{
Scierror(999, _("%s: Can not read input argument #%d.\n"), fname, 1);
printError(&sciErr, 0);
return 1;
}
break;
}
case sci_matrix:
{
/* double */
double* pdblData = NULL;
sciErr = getMatrixOfDouble(pvApiCtx, piAddr1, &m1, &n1, &pdblData);
if (sciErr.iErr)
{
Scierror(999, _("%s: Can not read input argument #%d.\n"), fname, 1);
printError(&sciErr, 0);
return 1;
}
uiVar1 = (unsigned int)pdblData[0];
break;
}
case sci_strings:
{
/* string */
//fisrt call to retrieve dimensions
sciErr = getMatrixOfString(pvApiCtx, piAddr1, &m1, &n1, NULL, NULL);
if (sciErr.iErr)
{
printError(&sciErr, 0);
return 1;
}
piLen = (int*)MALLOC(sizeof(int) * m1 * n1);
//second call to retrieve length of each string
sciErr = getMatrixOfString(pvApiCtx, piAddr1, &m1, &n1, piLen, NULL);
if (sciErr.iErr)
{
free(piLen);
printError(&sciErr, 0);
return 1;
}
Str1 = (char**)MALLOC(sizeof(char*) * m1 * n1);
for (i = 0 ; i < m1 * n1 ; i++)
{
Str1[i] = (char*)MALLOC(sizeof(char) * (piLen[i] + 1));//+ 1 for null termination
}
//third call to retrieve data
sciErr = getMatrixOfString(pvApiCtx, piAddr1, &m1, &n1, piLen, Str1);
if (sciErr.iErr)
{
free(piLen);
freeArrayOfString(Str1, m1 * n1);
printError(&sciErr, 0);
return 1;
}
for (j = 0; j < m1 * n1; j++)
{
for (i = 0; i < nb_flag; i++)
{
if (strcmp(Str1[j], Str[i]) == 0)
{
break;
}
}
if (i == nb_flag)
{
free(piLen);
freeArrayOfString(Str1, m1 * n1);
Scierror(999, _("%s: Wrong values for input argument #%d: FFTW flag expected.\n"), fname, 1);
return 0;
}
else
{
if (i > 0)
{
flagv = ( flagv | (1U << (i - 1)) );
}
}
}
uiVar1 = (unsigned int)flagv;
free(piLen);
freeArrayOfString(Str1, m1 * n1);
m1 = 1;
n1 = 1;
break;
}
default:
Scierror(53, _("%s: Wrong type for input argument #%d.\n"), fname, 1);
return 1;
}
if (m1 != 1 || n1 != 1)
{
Scierror(999, _("%s: Wrong size for input argument #%d: %d-by-%d matrix expected.\n"), fname, 1, 1, 1);
return 1;
}
setCurrentFftwFlags(uiVar1);
}
/* return value of Sci_Plan.flags in position 2 */
sciErr = allocMatrixOfInteger32(pvApiCtx, nbInputArgument(pvApiCtx) + 2, 1, 1, &piDataOut);
if (sciErr.iErr)
{
printError(&sciErr, 0);
Scierror(999, _("%s: No more memory.\n"), fname);
return 1;
}
piDataOut[0] = (int) getCurrentFftwFlags();
/*Test for only FFTW_MEASURE*/
if (getCurrentFftwFlags() == 0)
{
j = 1;
if ((Str3 = (char **)MALLOC(sizeof(char *))) == NULL)
{
Scierror(999, _("%s: No more memory.\n"), fname);
return 1;
}
Str3[0] = os_strdup(Str[0]);
if (Str3[0] == NULL)
{
Scierror(999, _("%s: No more memory.\n"), fname);
FREE(Str3);
return 1;
}
}
else
{
j = 0;
for (i = 1; i < nb_flag; i++)
{
if ((getCurrentFftwFlags() & flagt[i]) == flagt[i])
{
j++;
if (Str3)
{
Str3 = (char **)REALLOC(Str3, sizeof(char *) * j);
}
else
{
Str3 = (char **)MALLOC(sizeof(char *) * j);
}
if (Str3 == NULL)
{
Scierror(999, _("%s: No more memory.\n"), fname);
return 1;
}
Str3[j - 1] = os_strdup(Str[i]);
if (Str3[j - 1] == NULL)
{
Scierror(999, _("%s: No more memory.\n"), fname);
freeArrayOfString(Str3, j);
return 1;
}
}
}
}
if (Str3 == NULL)
{
Scierror(999, _("%s: Failed to generate the planner name.\n"), fname);
return 1;
}
/* Create the string matrix as return of the function */
sciErr = createMatrixOfString(pvApiCtx, nbInputArgument(pvApiCtx) + 3, j, 1, Str3);
freeArrayOfString(Str3, j); // Data have been copied into Scilab memory
if (sciErr.iErr)
{
printError(&sciErr, 0);
return 1;
}
AssignOutputVariable(pvApiCtx, 1) = nbInputArgument(pvApiCtx) + 2;
AssignOutputVariable(pvApiCtx, 2) = nbInputArgument(pvApiCtx) + 3;
ReturnArguments(pvApiCtx);
return 0;
}
int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn,
const struct tls_connection_params *params)
{
int ret;
if (conn == NULL || params == NULL)
return -1;
os_free(conn->subject_match);
conn->subject_match = NULL;
if (params->subject_match) {
conn->subject_match = os_strdup(params->subject_match);
if (conn->subject_match == NULL)
return -1;
}
os_free(conn->altsubject_match);
conn->altsubject_match = NULL;
if (params->altsubject_match) {
conn->altsubject_match = os_strdup(params->altsubject_match);
if (conn->altsubject_match == NULL)
return -1;
}
/* TODO: gnutls_certificate_set_verify_flags(xcred, flags);
* to force peer validation(?) */
if (params->ca_cert) {
conn->verify_peer = 1;
ret = gnutls_certificate_set_x509_trust_file(
conn->xcred, params->ca_cert, GNUTLS_X509_FMT_PEM);
if (ret < 0) {
wpa_printf(MSG_DEBUG, "Failed to read CA cert '%s' "
"in PEM format: %s", params->ca_cert,
gnutls_strerror(ret));
ret = gnutls_certificate_set_x509_trust_file(
conn->xcred, params->ca_cert,
GNUTLS_X509_FMT_DER);
if (ret < 0) {
wpa_printf(MSG_DEBUG, "Failed to read CA cert "
"'%s' in DER format: %s",
params->ca_cert,
gnutls_strerror(ret));
return -1;
}
}
if (params->flags & TLS_CONN_ALLOW_SIGN_RSA_MD5) {
gnutls_certificate_set_verify_flags(
conn->xcred, GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5);
}
#if LIBGNUTLS_VERSION_NUMBER >= 0x020800
if (params->flags & TLS_CONN_DISABLE_TIME_CHECKS) {
gnutls_certificate_set_verify_flags(
conn->xcred,
GNUTLS_VERIFY_DISABLE_TIME_CHECKS);
}
#endif /* LIBGNUTLS_VERSION_NUMBER >= 0x020800 */
}
if (params->client_cert && params->private_key) {
/* TODO: private_key_passwd? */
ret = gnutls_certificate_set_x509_key_file(
conn->xcred, params->client_cert, params->private_key,
GNUTLS_X509_FMT_PEM);
if (ret < 0) {
wpa_printf(MSG_DEBUG, "Failed to read client cert/key "
"in PEM format: %s", gnutls_strerror(ret));
ret = gnutls_certificate_set_x509_key_file(
conn->xcred, params->client_cert,
params->private_key, GNUTLS_X509_FMT_DER);
if (ret < 0) {
wpa_printf(MSG_DEBUG, "Failed to read client "
"cert/key in DER format: %s",
gnutls_strerror(ret));
return ret;
}
}
} else if (params->private_key) {
int pkcs12_ok = 0;
#ifdef PKCS12_FUNCS
/* Try to load in PKCS#12 format */
#if LIBGNUTLS_VERSION_NUMBER >= 0x010302
ret = gnutls_certificate_set_x509_simple_pkcs12_file(
conn->xcred, params->private_key, GNUTLS_X509_FMT_DER,
params->private_key_passwd);
if (ret != 0) {
wpa_printf(MSG_DEBUG, "Failed to load private_key in "
"PKCS#12 format: %s", gnutls_strerror(ret));
return -1;
} else
pkcs12_ok = 1;
#endif /* LIBGNUTLS_VERSION_NUMBER >= 0x010302 */
#endif /* PKCS12_FUNCS */
if (!pkcs12_ok) {
wpa_printf(MSG_DEBUG, "GnuTLS: PKCS#12 support not "
"included");
return -1;
}
}
conn->params_set = 1;
ret = gnutls_credentials_set(conn->session, GNUTLS_CRD_CERTIFICATE,
conn->xcred);
if (ret < 0) {
wpa_printf(MSG_INFO, "Failed to configure credentials: %s",
gnutls_strerror(ret));
}
return ret;
}
char *
idl_constLiteralImage (
idl_constLiteral constLiteral)
{
return os_strdup (constLiteral->valueImage);
}
/* __chash: Creates the final key.
*/
static void __chash(keystore *keys, const char *id, const char *name, char *ip, const char *key)
{
os_md5 filesum1;
os_md5 filesum2;
char *tmp_str;
char _finalstr[KEYSIZE];
/* Allocating for the whole structure */
keys->keyentries =(keyentry **)realloc(keys->keyentries,
(keys->keysize+2)*sizeof(keyentry *));
if(!keys->keyentries)
{
ErrorExit(MEM_ERROR, __local_name, errno, strerror(errno));
}
os_calloc(1, sizeof(keyentry), keys->keyentries[keys->keysize]);
/* Setting configured values for id */
os_strdup(id, keys->keyentries[keys->keysize]->id);
OSHash_Add(keys->keyhash_id,
keys->keyentries[keys->keysize]->id,
keys->keyentries[keys->keysize]);
/* agent ip */
os_calloc(1, sizeof(os_ip), keys->keyentries[keys->keysize]->ip);
if(OS_IsValidIP(ip, keys->keyentries[keys->keysize]->ip) == 0)
{
ErrorExit(INVALID_IP, __local_name, ip);
}
/* We need to remove the "/" from the cidr */
if((tmp_str = strchr(keys->keyentries[keys->keysize]->ip->ip, '/')) != NULL)
{
*tmp_str = '\0';
}
OSHash_Add(keys->keyhash_ip,
keys->keyentries[keys->keysize]->ip->ip,
keys->keyentries[keys->keysize]);
/* agent name */
os_strdup(name, keys->keyentries[keys->keysize]->name);
/* Initializing the variables */
keys->keyentries[keys->keysize]->rcvd = 0;
keys->keyentries[keys->keysize]->local = 0;
keys->keyentries[keys->keysize]->keyid = keys->keysize;
keys->keyentries[keys->keysize]->global = 0;
keys->keyentries[keys->keysize]->fp = NULL;
/** Generating final symmetric key **/
/* MD5 from name, id and key */
OS_MD5_Str(name, filesum1);
OS_MD5_Str(id, filesum2);
/* Generating new filesum1 */
snprintf(_finalstr, sizeof(_finalstr)-1, "%s%s", filesum1, filesum2);
/* Using just half of the first md5 (name/id) */
OS_MD5_Str(_finalstr, filesum1);
filesum1[15] = '\0';
filesum1[16] = '\0';
/* Second md is just the key */
OS_MD5_Str(key, filesum2);
/* Generating final key */
//memset(_finalstr,'\0', sizeof(_finalstr));
snprintf(_finalstr, 49, "%s%s", filesum2, filesum1);
/* Final key is 48 * 4 = 192bits */
os_strdup(_finalstr, keys->keyentries[keys->keysize]->key);
/* Cleaning final string from memory */
memset_secure(_finalstr,'\0', sizeof(_finalstr));
/* ready for next */
keys->keysize++;
return;
}
static void * eap_fast_init(struct eap_sm *sm)
{
struct eap_fast_data *data;
u8 ciphers[7] = {
TLS_CIPHER_ANON_DH_AES128_SHA,
TLS_CIPHER_AES128_SHA,
TLS_CIPHER_RSA_DHE_AES128_SHA,
TLS_CIPHER_RC4_SHA,
TLS_CIPHER_RSA_DHE_AES256_SHA,
TLS_CIPHER_AES256_SHA,
TLS_CIPHER_NONE
};
data = os_zalloc(sizeof(*data));
if (data == NULL)
return NULL;
data->fast_version = EAP_FAST_VERSION;
data->force_version = -1;
if (sm->user && sm->user->force_version >= 0) {
data->force_version = sm->user->force_version;
wpa_printf(MSG_DEBUG, "EAP-FAST: forcing version %d",
data->force_version);
data->fast_version = data->force_version;
}
data->state = START;
if (eap_server_tls_ssl_init(sm, &data->ssl, 0, EAP_TYPE_FAST)) {
wpa_printf(MSG_INFO, "EAP-FAST: Failed to initialize SSL.");
eap_fast_reset(sm, data);
return NULL;
}
if (tls_connection_set_cipher_list(sm->ssl_ctx, data->ssl.conn,
ciphers) < 0) {
wpa_printf(MSG_INFO, "EAP-FAST: Failed to set TLS cipher "
"suites");
eap_fast_reset(sm, data);
return NULL;
}
if (tls_connection_set_session_ticket_cb(sm->ssl_ctx, data->ssl.conn,
eap_fast_session_ticket_cb,
data) < 0) {
wpa_printf(MSG_INFO, "EAP-FAST: Failed to set SessionTicket "
"callback");
eap_fast_reset(sm, data);
return NULL;
}
if (sm->pac_opaque_encr_key == NULL) {
wpa_printf(MSG_INFO, "EAP-FAST: No PAC-Opaque encryption key "
"configured");
eap_fast_reset(sm, data);
return NULL;
}
os_memcpy(data->pac_opaque_encr, sm->pac_opaque_encr_key,
sizeof(data->pac_opaque_encr));
if (sm->eap_fast_a_id == NULL) {
wpa_printf(MSG_INFO, "EAP-FAST: No A-ID configured");
eap_fast_reset(sm, data);
return NULL;
}
data->srv_id = os_malloc(sm->eap_fast_a_id_len);
if (data->srv_id == NULL) {
eap_fast_reset(sm, data);
return NULL;
}
os_memcpy(data->srv_id, sm->eap_fast_a_id, sm->eap_fast_a_id_len);
data->srv_id_len = sm->eap_fast_a_id_len;
if (sm->eap_fast_a_id_info == NULL) {
wpa_printf(MSG_INFO, "EAP-FAST: No A-ID-Info configured");
eap_fast_reset(sm, data);
return NULL;
}
data->srv_id_info = os_strdup(sm->eap_fast_a_id_info);
if (data->srv_id_info == NULL) {
eap_fast_reset(sm, data);
return NULL;
}
/* PAC-Key lifetime in seconds (hard limit) */
data->pac_key_lifetime = sm->pac_key_lifetime;
/*
* PAC-Key refresh time in seconds (soft limit on remaining hard
* limit). The server will generate a new PAC-Key when this number of
* seconds (or fewer) of the lifetime remains.
*/
data->pac_key_refresh_time = sm->pac_key_refresh_time;
return data;
}
