void KThread::run()
{
QString address;
struct sockaddr_in addr_;
struct hostent * hote = NULL;
qDebug("KThread: Starting kernel loop");
while(_keep_going && (auditsec_question(KC->usai()) == 0)){
qDebug() << "";
qDebug() << "KThread: " << KC->usai()->execname << " (" << KC->usai()->pid << ")";
if(KC->is_registered() == KERNEL_ERROR){
KC->register_application(KC->usai()->execname);
}
switch (KC->usai()->type){
case AUDITSEC_FILE:
qDebug() << "KThread: File: " << KC->usai()->auditsec_struct.file.fullpath;
KC->domain_changed(xmlContext(
"fullpath", KC->usai()->auditsec_struct.file.fullpath,
//"filename", KC->usai()->auditsec_struct.file.name,
NULL, NULL));
#ifdef DEBUG
read_execpath(KC->usai()->pid, exec_path);
qDebug() << "file access: " << KC->usai()->auditsec_struct.file.fullpath
<< "/" << KC->usai()->auditsec_struct.file.name << ", pid: " << KC->usai()->pid
<< ", execname: " << exec_path
/*<< ", mask: " << KC->usai()->auditsec_struct.file.mask*/;
#endif /* DEBUG */
break;
case AUDITSEC_DIR:
qDebug() << "KThread : Directory: " << KC->usai()->auditsec_struct.file.fullpath;
KC->domain_changed(xmlContext(
"fullpath", KC->usai()->auditsec_struct.file.fullpath,
NULL, NULL));
#ifdef DEBUG
read_execpath(KC->usai()->pid, exec_path);
qDebug(); << "mkdir: " << KC->usai()->auditsec_struct.dir.fullpath
<< ", pid: " << KC->usai()->pid << ", execname: " << exec_path << KC->usai()->execname
/*<< ", mode: " << KC->usai()->auditsec_struct.dir.mode*/;
#endif /* DEBUG */
break;
case AUDITSEC_SOCKET:
/* TODO
qDebug() << "KThread socket";
address = inet_ntoa(KC->usai()->auditsec_struct.socket.addr.addr4.sin_addr);
addr_.sin_addr.s_addr = inet_addr(address.toStdString().c_str());
hote = gethostbyaddr((char *) &addr_.sin_addr, 4, AF_INET);
if (hote == NULL)
qDebug() << "KThread: IP: " << address;
else
qDebug() << "KThread: IP: " << address << " " << hote->h_name;
*/
auditsec_answer(true);
break;
case AUDITSEC_MSG:
// TODO
auditsec_answer(true);
break;
default:
qCritical("KernelContext: can't determine struct type !");
auditsec_answer(0);
break;
}
}
int main(int argc, char* argv[])
{
struct auditsec_info * usai = (struct auditsec_info *) malloc(sizeof(struct auditsec_info));
#ifdef DEBUG
char exec_path[PATH_MAX];
#endif
struct sigaction action;
if(argc > 1) {
std::cerr << "Usage: " << argv[0] << std::endl;
return -1;
}
//TODO Finir de bloquer les signaux
memset(&action, 0, sizeof(struct sigaction));
action.sa_handler = signal_manager;
sigaction(SIGINT, &action, NULL);
std::cout << "Trying to register with the kernel" << std::endl;
if(auditsec_register(1) != 1){
std::cerr << "FAILED to register with the kernel." << std::endl;
return -1;
}
std::cout << "The daemon is registered with the kernel." << std::endl;
std::cout << "Trying to register with contextd" << std::endl;
if(context_register_application("daemon") != CONTEXT_TRUE){
std::cerr << "FAILED to register with contextd." << std::endl;
if(auditsec_register(0) == 1){
std::cerr << "The kernel state may NOT be ok. You should reboot." << std::endl;
}else{
std::cout << "The kernel is ok." << std::endl;
}
return -1;
}
std::cout << "The daemon is registered with contextd." << std::endl;
while(keep_going){
switch (usai->type){
case AUDITSEC_FILE:
switch (context_changed(//"pid", usai->pid,
"fullpath", usai->auditsec_struct.file.fullpath,
// "filename", usai->auditsec_struct.file.name,
NULL, NULL)){
case CONTEXT_ACCEPTED:
auditsec_answer(true);
std::cout << "Transition acceptée." << std::endl;
break;
case CONTEXT_REFUSED:
auditsec_answer(false);
std::cerr << "Transition refusée." << std::endl;
break;
case CONTEXT_ERROR:
auditsec_answer(false);
std::cerr << "Erreur dans la transition : " << context_getLastError() << std::endl;
break;
default:
auditsec_answer(false);
std::cerr << "Default ! On ne devrait pas être là !" << std::endl;
break;
}
#ifdef DEBUG
read_execpath(usai->pid, exec_path);
std::cout << "AuditSec, file access: " << usai->auditsec_struct.file.fullpath
<< "/" << usai->auditsec_struct.file.name << ", pid: " << usai->pid << ", execname: "
<< exec_path /*<< ", mask: " << usai->auditsec_struct.file.mask*/ << std::endl;
#endif /* DEBUG */
break;
case AUDITSEC_DIR:
switch (context_changed("pid", usai->pid,
"fullpath", usai->auditsec_struct.dir.fullpath,
NULL, NULL)){
case CONTEXT_ACCEPTED:
auditsec_answer(true);
std::cout << "Transition acceptée." << std::endl;
break;
case CONTEXT_REFUSED:
auditsec_answer(false);
std::cerr << "Transition refusée." << std::endl;
break;
case CONTEXT_ERROR:
auditsec_answer(false);
std::cerr << "Erreur dans la transition : " << context_getLastError() << std::endl;
break;
default:
auditsec_answer(false);
std::cerr << "Default ! On ne devrait pas être là !" << std::endl;
break;
}
#ifdef DEBUG
read_execpath(usai->pid, exec_path);
std::cout << "AuditSec, mkdir: " << usai->auditsec_struct.dir.fullpath
<< ", pid: " << usai->pid << ", execname: " << exec_path << usai->execname /*<< ", mode: "
<< usai->auditsec_struct.dir.mode*/ << std::endl;
#endif /* DEBUG */
break;
default:
std::cerr << "AuditSec, can't determine struct type !" << std::endl;
auditsec_answer(false);
break;
}
}
std::cout << "Stopping daemon and telling the kenel." << std::endl;
if(auditsec_register(0) != 0){
std::cerr << "The kernel state may NOT be ok. You should reboot." << std::endl;
return -1;
}
std::cout << "The kernel is ok." << std::endl;
return 0;
}
