int sh_prelink_iself (SL_TICKET fd, off_t size, int alert_timeout, char * path) { long status; char magic[4]; char * tmp; /* 42 bytes is about the minimum an ELF binary might have * (with plenty of hacks to reduce the size, such as interleaving * the code with the header...) */ if (size < 42) return S_FALSE; status = sl_read_timeout (fd, magic, 4, alert_timeout, S_FALSE); (void) sl_rewind(fd); if (status == 4) { /*@-usedef@*/ if (magic[0] == (char) 0x7f && magic[1] == 'E' && magic[2] == 'L' && magic[3] == 'F') return S_TRUE; /*@+usedef@*/ } else { tmp = sh_util_safe_name (path); sh_error_handle(SH_ERR_ERR, FIL__, __LINE__, status, MSG_E_SUBGPATH, _("Error reading file"), _("sh_prelink_iself"), tmp); SH_FREE(path); } return S_FALSE; }
int sh_readconf_setTime (const char * str, ShTimerItem what) { unsigned long i = atoi (str); SL_ENTER( _("sh_readconf_setTime")); if (i < LONG_MAX) { if (what == SET_MAILTIME) { TPT((0, FIL__, __LINE__, _("msg=<Set mail timer to %ld>\n"), i)); sh.mailTime.alarm_interval = i; } else if (what == SET_FILETIME) { TPT((0, FIL__, __LINE__, _("msg=<Set filecheck timer to %ld>\n"),i)); sh.fileCheck.alarm_interval = i; } SL_RETURN( 0, _("sh_readconf_setTime")); } else { sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_EINVALL, _("set timer"), (long) i); SL_RETURN( (-1), _("sh_readconf_setTime")); } }
static void sh_prelink_fd(sh_tas_t * task) { SL_TICKET ticket; char * tmp; char hashbuf[KEYBUF_SIZE]; if (task->com_ti != (-1)) { (void) sl_close(task->com_ti); task->com_fd = -1; task->com_ti = -1; } ticket = sl_open_read(FIL__, __LINE__, task->command, task->privileged == 0 ? SL_NOPRIV : SL_YESPRIV); if (SL_ISERROR(ticket)) { char errbuf[SH_ERRBUF_SIZE]; char errbuf2[SH_ERRBUF_SIZE]; sh_error_message(errno, errbuf2, sizeof(errbuf2)); sl_strlcpy(errbuf, sl_error_string(ticket), sizeof(errbuf)); tmp = sh_util_safe_name (task->command); sh_error_handle(SH_ERR_ERR, FIL__, __LINE__, ticket, MSG_E_READ, errbuf, errbuf2, tmp); SH_FREE(tmp); return; } if (*(task->checksum) == '\0' || 0 == sl_strcmp(task->checksum, sh_tiger_hash (task->command, ticket, TIGER_NOLIM, hashbuf, sizeof(hashbuf)))) { task->com_fd = get_the_fd(ticket); task->com_ti = ticket; } else { tmp = sh_util_safe_name (task->command); sh_error_handle(SH_ERR_ERR, FIL__, __LINE__, ticket, MSG_E_HASH, tmp); SH_FREE(tmp); (void) sl_close(ticket); } return; }
/************* * * module check * *************/ int sh_utmp_check () { SL_ENTER(_("sh_utmp_check")); if (ShUtmpActive == BAD) { #if defined(HAVE_PTHREAD) sh_inotify_remove(&inotify_watch); #endif SL_RETURN( (-1), _("sh_utmp_check")); } SH_MUTEX_LOCK(mutex_thread_nolog); sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_UT_CHECK); SH_MUTEX_UNLOCK(mutex_thread_nolog); sh_utmp_check_internal (1); SL_RETURN(0, _("sh_utmp_check")); }
static void sh_utmp_setutent(void) { int error; int fd; SL_ENTER(_("sh_utmp_setutent")); ASSERT((sh_utmppath != NULL), _("sh_utmppath != NULL")); if (sh_utmppath == NULL) SL_RET0(_("sh_utmp_setutent")); if (sh_utmpfile == NULL) { SH_MUTEX_LOCK(mutex_thread_nolog); fd = (int) aud_open (FIL__, __LINE__, SL_NOPRIV, sh_utmppath, O_RDONLY, 0); SH_MUTEX_UNLOCK(mutex_thread_nolog); if (fd >= 0) { sh_utmpfile = fdopen(fd, "r"); } /* -- If (sh_utmpfile == NULL) then either the open() or the fdopen() * has failed. */ if (sh_utmpfile == NULL) { error = errno; SH_MUTEX_LOCK(mutex_thread_nolog); sh_error_handle ((-1), FIL__, __LINE__, error, MSG_E_ACCESS, (long) sh.real.uid, sh_utmppath); SH_MUTEX_UNLOCK(mutex_thread_nolog); SL_RET0(_("sh_utmp_setutent")); } } (void) fseek (sh_utmpfile, 0L, SEEK_SET); if (-1 == fseek (sh_utmpfile, sh_utmp_feed_forward, SEEK_CUR)) { sh_utmp_feed_forward = 0; /* modified Apr 4, 2004 */ (void) fseek (sh_utmpfile, 0L, SEEK_SET); } clearerr (sh_utmpfile); SL_RET0(_("sh_utmp_setutent")); }
int sh_utmp_set_login_timer (const char * c) { long val; SL_ENTER(_("sh_utmp_set_login_timer")); val = strtol (c, (char **)NULL, 10); if (val <= 0) { SH_MUTEX_LOCK(mutex_thread_nolog); sh_error_handle ((-1), FIL__, __LINE__, EINVAL, MSG_EINVALS, _("utmp timer"), c); SH_MUTEX_UNLOCK(mutex_thread_nolog); SL_RETURN((-1), _("sh_utmp_set_login_timer")); } ShUtmpInterval = (time_t) val; SL_RETURN(0, _("sh_utmp_set_login_timer")); }
void sh_log_mark_check() { struct sh_mark_event * event; time_t now = time(NULL); time_t delay; /* variable 'event' might be clobbered by 'longjmp' or 'vfork' */ dummy_event = &event; DEBUG("debug: running mark check\n"); for (event = sh_log_mark_first(&delay, now); event; event = sh_log_mark_next (&delay, now)) { int severity; sh_string * alias; SH_MUTEX_LOCK(mutex_thread_nolog); severity = sh_log_lookup_severity(sh_string_str(event->queue_id)); if (severity < 0) severity = sh_mark_default_severity; DEBUG("debug: mark check: queue %s, severity %d\n", sh_string_str(event->queue_id), severity); sh_error_handle (severity, FIL__, __LINE__, 0, MSG_LOGMON_MARK, sh_string_str(event->label), (unsigned long) delay); alias = sh_log_lookup_alias(sh_string_str(event->queue_id)); if (alias) { sh_error_mail (sh_string_str(alias), severity, FIL__, __LINE__, 0, MSG_LOGMON_MARK, sh_string_str(event->label), (unsigned long) delay); } SH_MUTEX_UNLOCK(mutex_thread_nolog); } return; }
/************* * * module timer * *************/ int sh_utmp_timer (time_t tcurrent) { #if !defined(HAVE_PTHREAD) retry_msleep(1, 0); if ((time_t) (tcurrent - lastcheck) >= ShUtmpInterval) { lastcheck = tcurrent; return (-1); } return 0; #else int errnum = 0; if ( (sh.flag.isdaemon == S_TRUE || sh.flag.loop == S_TRUE) && sh.flag.checkSum != SH_CHECK_INIT ) { sh_inotify_wait_for_change(mode_path[1], &inotify_watch, &errnum, ShUtmpInterval); } lastcheck = tcurrent; if (SH_INOTIFY_ERROR(errnum)) { char ebuf[SH_ERRBUF_SIZE]; SH_MUTEX_LOCK(mutex_thread_nolog); sh_error_message(errnum, ebuf, sizeof(ebuf)); sh_error_handle (SH_ERR_WARN, FIL__, __LINE__, errnum, MSG_E_SUBGEN, ebuf, _("sh_utmp_timer") ); SH_MUTEX_UNLOCK(mutex_thread_nolog); } return -1; #endif }
/* returns static storage */ int sh_prelink_run (char * path, char * file_hash, int alert_timeout, unsigned long mask) { static int init = S_FALSE; static int args_filled = 0; static sh_tas_t task; int status = 0; char * p; SL_ENTER(_("sh_prelink_run")); /* reset if path == NULL */ if (path == NULL) { if (init == S_FALSE) { SL_RETURN (0, _("sh_prelink_run")); } sh_ext_tas_free(&task); init = S_FALSE; args_filled = 0; SL_RETURN (0, _("sh_prelink_run")); } /* initialize task structure */ if (init == S_FALSE) { char dir[SH_PATHBUF]; sh_ext_tas_init(&task); p = sh_unix_getUIDdir (SH_ERR_ERR, task.run_user_uid, dir, sizeof(dir)); if (p) { (void) sh_ext_tas_add_envv (&task, _("HOME"), p); } (void) sh_ext_tas_add_envv (&task, _("SHELL"), _("/bin/sh")); (void) sh_ext_tas_add_envv (&task, _("PATH"), _("/sbin:/usr/sbin:/bin:/usr/bin")); if (sh.timezone != NULL) { (void) sh_ext_tas_add_envv(&task, "TZ", sh.timezone); } if (prelink_path == NULL) { sh_ext_tas_command(&task, _("/usr/sbin/prelink")); (void) sh_ext_tas_add_argv(&task, _("/usr/sbin/prelink")); } else { sh_ext_tas_command(&task, prelink_path); (void) sh_ext_tas_add_argv(&task, prelink_path); } args_filled = sh_ext_tas_add_argv(&task, _("--verify")); if (prelink_hash != NULL) { (void) sl_strlcpy(task.checksum, prelink_hash, KEY_LEN+1); } task.rw = 'r'; task.fork_twice = S_FALSE; sh_prelink_fd(&task); init = S_TRUE; } /* rm filename arg if set; fill in filename */ if (args_filled == 3) args_filled = sh_ext_tas_rm_argv(&task); if (args_filled == 2) args_filled = sh_ext_tas_add_argv(&task, path); else { sh_error_handle(SH_ERR_ERR, FIL__, __LINE__, args_filled, MSG_E_SUBGEN, _("Bad argument count"), _("sh_prelink_run")); SL_RETURN ((-1), _("sh_prelink_run")); } /* open pipe */ status = sh_ext_popen(&task); if (status != 0) { sh_error_handle(SH_ERR_ALL, FIL__, __LINE__, status, MSG_E_SUBGEN, _("Could not open pipe"), _("sh_prelink_run")); SL_RETURN ((-1), _("sh_prelink_run")); } if (SL_ISERROR(task.pipeTI)) { sh_error_handle(SH_ERR_ALL, FIL__, __LINE__, task.pipeTI, MSG_E_SUBGEN, _("No valid ticket"), _("sh_prelink_run")); SL_RETURN ((-1), _("sh_prelink_run")); } /* read from pipe */ sl_read_timeout_prep (task.pipeTI); { char hashbuf[KEYBUF_SIZE]; UINT64 length_nolim = TIGER_NOLIM; if (sh.flag.opts == S_TRUE) sh_tiger_set_hashtype_mask(mask); sl_strlcpy(file_hash, sh_tiger_generic_hash (path, task.pipeTI, &length_nolim, alert_timeout, hashbuf, sizeof(hashbuf)), KEY_LEN+1); } /* close pipe and return exit status */ status = sh_ext_pclose(&task); SL_RETURN ((status), _("sh_prelink_run")); }
struct sh_logrecord * sh_parse_syslog (sh_string * logline, void * fileinfo) { static const char * format0_1 = N_("%b %d %T"); static const char * format0_2 = N_("%Y-%m-%dT%T"); static char format_1[16]; static char format_2[16]; static int format_init = 0; static struct tm old_tm; static time_t old_time; const unsigned int Tpos = 10; volatile unsigned int tlen = 16; (void) fileinfo; if (!format_init) { sl_strlcpy(format_1, _(format0_1), sizeof(format_1)); sl_strlcpy(format_2, _(format0_2), sizeof(format_2)); format_init = 1; } if (flag_err_debug == SL_TRUE && sh_string_len(logline) > 0) { SH_MUTEX_LOCK(mutex_thread_nolog); sh_error_handle(SH_ERR_ALL, FIL__, __LINE__, 0, MSG_E_SUBGEN, logline->str, _("sh_parse_syslog")); SH_MUTEX_UNLOCK(mutex_thread_nolog); } if (logline && sh_string_len(logline) > tlen) { struct tm btime; char * ptr; int flag; size_t lengths[3]; memset(&btime, '\0', sizeof(struct tm)); btime.tm_isdst = -1; /* This is RFC 3164. */ if (logline->str[Tpos] != 'T') { logline->str[tlen-1] = '\0'; ptr = /*@i@*/strptime(logline->str, format_1, &btime); } /* RFC 3339 describes an alternative timestamp format. * Unfortunately, POSIX strptime() does not support reading * the TZ offset. */ else { ptr = strptime(logline->str, format_2, &btime); if (ptr) { tlen = 20; if (*ptr && *ptr != ' ') { do { ++ptr; ++tlen; } while (*ptr && *ptr != ' '); if (*ptr == ' ') *ptr = '\0'; } } } if (ptr && *ptr == '\0') /* no error, whole string consumed */ { unsigned int fields = 3; /* host program(\[pid\])+: message */ char ** array = split_array_ws(&(logline->str[tlen]), &fields, lengths); if (fields == 3) { struct sh_logrecord * record = SH_ALLOC(sizeof(struct sh_logrecord)); record->timestamp = conv_timestamp(&btime, &old_tm, &old_time); record->timestr = sh_string_new_from_lchar(logline->str, (tlen-1)); /* host */ record->host = sh_string_new_from_lchar(array[0], lengths[0]); /* program and pid */ if (NULL != (ptr = strchr(array[1], '['))) { *ptr = '\0'; ++ptr; record->pid = (pid_t) atoi(ptr); if (hidepid == 0 || !*ptr) { --ptr; *ptr = '['; } else { *ptr = '\0'; /* overwrite first digit */ --ptr; *ptr = ':'; /* overwrite ex-':' */ lengths[1] = strlen(array[1]); } } else { flag = 0; ptr = array[1]; if (ptr[lengths[1]] == ':') { ptr[lengths[1]] = '\0'; flag = 1; } record->pid = PID_INVALID; if (flag == 1) { ptr[lengths[1]] = ':'; } } /* message */ record->message = sh_string_new_from_lchar3(array[1], lengths[1], " ", 1, array[2], lengths[2]); SH_FREE(array); return record; } SH_FREE(array); } } /* corrupted logline */ return NULL; }
static void sh_utmp_addlogin (struct SH_UTMP_S * ut) { struct log_user * user = userlist; struct log_user * userold = userlist; #ifdef HAVE_UTTYPE struct log_user * username = userlist; #endif char ttt[TIM_MAX]; #ifdef HAVE_UTTYPE volatile int status; #endif SL_ENTER(_("sh_utmp_addlogin")); if (ut->ut_line[0] == '\0') SL_RET0(_("sh_utmp_addlogin")); /* for some stupid reason, AIX repeats the wtmp entry for logouts * with ssh */ if (memcmp (&save_utmp, ut, sizeof(struct SH_UTMP_S)) == 0) { memset(&save_utmp, (int) '\0', sizeof(struct SH_UTMP_S)); SL_RET0(_("sh_utmp_addlogin")); } memcpy (&save_utmp, ut, sizeof(struct SH_UTMP_S)); /* Take the address to keep gcc from putting them into registers. * Avoids the 'clobbered by longjmp' warning. */ sh_dummy_userold = (void*) &userold; sh_dummy_user = (void*) &user; /* ------- find user -------- */ while (user != NULL) { if (0 == sl_strncmp((char*)(user->ut_tty), ut->ut_line, UT_LINESIZE) ) break; userold = user; user = user->next; } #ifdef HAVE_UTTYPE while (username != NULL) { if (0 == sl_strncmp(username->name, ut->ut_name, UT_NAMESIZE) ) break; username = username->next; } #endif #ifdef HAVE_UTTYPE /* ---------- LOGIN -------------- */ if (ut->ut_type == USER_PROCESS) { if (user == NULL) { user = SH_ALLOC(sizeof(struct log_user)); user->next = userlist; userlist = (struct log_user *) user; } (void) sl_strlcpy((char*)(user->ut_tty), ut->ut_line, UT_LINESIZE+1); (void) sl_strlcpy((char*)(user->name), ut->ut_name, UT_NAMESIZE+1); #ifdef HAVE_UTHOST (void) sl_strlcpy((char*)(user->ut_host), ut->ut_host, UT_HOSTSIZE+1); #else user->ut_host[0] = '\0'; #endif #ifdef HAVE_UTADDR #ifdef HAVE_UTADDR_V6 my_inet_ntoa(ut->ut_addr_v6, user->ut_ship, SH_IP_BUF); #else my_inet_ntoa(ut->ut_addr, user->ut_ship, SH_IP_BUF); #endif #endif user->time = ut->ut_time; if (username == NULL /* not yet logged in */ || 0 == sl_strncmp(ut->ut_line, _("ttyp"), 4) /* in virt. console */ || 0 == sl_strncmp(ut->ut_line, _("ttyq"), 4) /* in virt. console */ ) { status = sh_utmp_login_a((char*)user->name); SH_MUTEX_LOCK(mutex_thread_nolog); (void) sh_unix_time (user->time, ttt, TIM_MAX); sh_error_handle( ShUtmpLoginSolo, FIL__, __LINE__, 0, #if defined(HAVE_UTHOST) && defined(HAVE_UTADDR) MSG_UT_LG1X, #elif defined(HAVE_UTHOST) MSG_UT_LG1A, #else MSG_UT_LG1B, #endif user->name, user->ut_tty, #if defined(HAVE_UTHOST) && defined(HAVE_UTADDR) user->ut_host, user->ut_ship, #elif defined(HAVE_UTHOST) user->ut_host, #endif ttt, status ); SH_MUTEX_UNLOCK(mutex_thread_nolog); } else if (0 == sh_utmp_is_virtual(ut->ut_line, (char*)user->ut_host)) { status = sh_utmp_login_a((char*)user->name); SH_MUTEX_LOCK(mutex_thread_nolog); (void) sh_unix_time (user->time, ttt, TIM_MAX); sh_error_handle( ShUtmpLoginMulti, FIL__, __LINE__, 0, #if defined(HAVE_UTHOST) && defined(HAVE_UTADDR) MSG_UT_LG2X, #elif defined(HAVE_UTHOST) MSG_UT_LG2A, #else MSG_UT_LG2B, #endif user->name, user->ut_tty, #if defined(HAVE_UTHOST) && defined(HAVE_UTADDR) user->ut_host, user->ut_ship, #elif defined(HAVE_UTHOST) user->ut_host, #endif ttt, status ); SH_MUTEX_UNLOCK(mutex_thread_nolog); } sh_utmp_login_morechecks(ut); goto out; } /* --------- LOGOUT ---------------- */ else if (ut->ut_name[0] == '\0' || ut->ut_type == DEAD_PROCESS /* solaris does not clear ut_name */ ) { if (user != NULL) { #if defined(__linux__) if (0 == sh_utmp_is_virtual(ut->ut_line, (char*)user->ut_host)) { #endif status = sh_utmp_login_r((char*)user->name); SH_MUTEX_LOCK(mutex_thread_nolog); (void) sh_unix_time (ut->ut_time, ttt, TIM_MAX); sh_error_handle( ShUtmpLogout, FIL__, __LINE__, 0, #if defined(HAVE_UTHOST) && defined(HAVE_UTADDR) MSG_UT_LG3X, #elif defined(HAVE_UTHOST) MSG_UT_LG3A, #else MSG_UT_LG3B, #endif user->name, user->ut_tty, #if defined(HAVE_UTHOST) && defined(HAVE_UTADDR) user->ut_host, user->ut_ship, #elif defined(HAVE_UTHOST) user->ut_host, #endif ttt, status ); SH_MUTEX_UNLOCK(mutex_thread_nolog); userold->next = user->next; if (user == userlist) userlist = user->next; sh_utmp_logout_morechecks((struct log_user *)user); SH_FREE((struct log_user *)user); user = NULL; #if defined(__linux__) } #endif } else { (void) sl_strlcpy(terminated_line, ut->ut_line, UT_HOSTSIZE); SH_MUTEX_LOCK(mutex_thread_nolog); (void) sh_unix_time (ut->ut_time, ttt, TIM_MAX); sh_error_handle( ShUtmpLogout, FIL__, __LINE__, 0, MSG_UT_LG3C, terminated_line, ttt, 0 ); SH_MUTEX_UNLOCK(mutex_thread_nolog); } goto out; } /* default */ goto out; /* #ifdef HAVE_UTTYPE */ #else if (user == NULL) /* probably a login */ { user = SH_ALLOC(sizeof(struct log_user)); sl_strlcpy(user->ut_tty, ut->ut_line, UT_LINESIZE+1); sl_strlcpy(user->name, ut->ut_name, UT_NAMESIZE+1); #ifdef HAVE_UTHOST sl_strlcpy(user->ut_host, ut->ut_host, UT_HOSTSIZE+1); #endif #ifdef HAVE_UTADDR #ifdef HAVE_UTADDR_V6 my_inet_ntoa(ut->ut_addr_v6, user->ut_ship, SH_IP_BUF); #else my_inet_ntoa(ut->ut_addr, user->ut_ship, SH_IP_BUF); #endif #endif user->time = ut->ut_time; user->next = userlist; userlist = user; SH_MUTEX_LOCK(mutex_thread_nolog); (void) sh_unix_time (user->time, ttt, TIM_MAX); sh_error_handle( ShUtmpLoginSolo, FIL__, __LINE__, 0, #if defined(HAVE_UTHOST) && defined(HAVE_UTADDR) MSG_UT_LG1X, #elif defined(HAVE_UTHOST) MSG_UT_LG1A, #else MSG_UT_LG1B, #endif user->name, user->ut_tty, #if defined(HAVE_UTHOST) && defined(HAVE_UTADDR) user->ut_host, user->ut_ship, #elif defined(HAVE_UTHOST) user->ut_host, #endif ttt, 1 ); SH_MUTEX_UNLOCK(mutex_thread_nolog); sh_utmp_login_morechecks(ut); } else /* probably a logout */ { SH_MUTEX_LOCK(mutex_thread_nolog); (void) sh_unix_time (ut->ut_time, ttt, TIM_MAX); sh_error_handle( ShUtmpLogout, FIL__, __LINE__, 0, #if defined(HAVE_UTHOST) && defined(HAVE_UTADDR) MSG_UT_LG2X, #elif defined(HAVE_UTHOST) MSG_UT_LG2A, #else MSG_UT_LG2B, #endif user->name, user->ut_tty, #if defined(HAVE_UTHOST) && defined(HAVE_UTADDR) user->ut_host, user->ut_ship, #elif defined(HAVE_UTHOST) user->ut_host, #endif ttt, 1 ); SH_MUTEX_UNLOCK(mutex_thread_nolog); sh_utmp_logout_morechecks(user); userold->next = user->next; if (user == userlist) /* inserted Apr 4, 2004 */ userlist = user->next; SH_FREE(user); user = NULL; } #endif out: sh_dummy_user = NULL; sh_dummy_userold = NULL; SL_RET0(_("sh_utmp_addlogin")); }
static void sh_utmp_check_internal (int mode) { struct stat buf; int error; struct SH_UTMP_S * ut; unsigned long this_read; int val_retry; SL_ENTER(_("sh_utmp_check_internal")); /* error if no access */ do { val_retry = /*@-unrecog@*/lstat ( mode_path[mode], &buf)/*@+unrecog@*/; } while (val_retry < 0 && errno == EINTR); if (0 != val_retry) { error = errno; SH_MUTEX_LOCK(mutex_thread_nolog); sh_error_handle((-1), FIL__, __LINE__, error, MSG_E_ACCESS, (long) sh.real.uid, mode_path[mode]); SH_MUTEX_UNLOCK(mutex_thread_nolog); SL_RET0(_("sh_utmp_check_internal")); } /* modification time */ if (mode < 2) { if (/*@-usedef@*/buf.st_mtime <= lastmod/*@+usedef@*/) { SL_RET0(_("sh_utmp_check_internal")); } else lastmod = buf.st_mtime; } /* file size */ if (/*@-usedef@*/buf.st_size < lastsize/*@+usedef@*/ && mode < 2) { SH_MUTEX_LOCK(mutex_thread_nolog); sh_error_handle((-1), FIL__, __LINE__, 0, MSG_UT_ROT, mode_path[mode]); SH_MUTEX_UNLOCK(mutex_thread_nolog); lastread = 0; #ifndef USE_SETUTENT sh_utmp_feed_forward = 0L; #endif } if (mode < 2) lastsize = buf.st_size; if (buf.st_size == 0) SL_RET0(_("sh_utmp_check_internal")); sh_utmp_utmpname(mode_path[mode]); sh_utmp_setutent(); /* * feed forward if initializing * we need to do this here */ this_read = 0; if (mode < 2) { while (this_read < lastread) { (void) sh_utmp_getutent(); ++this_read; } } /* start reading */ this_read = 0; while (1 == 1) { ut = sh_utmp_getutent(); if (ut == NULL) break; /* modified: ut_user --> ut_name */ if (mode == 1 || (mode == 2 && ut->ut_name[0] != '\0' #ifdef HAVE_UTTYPE && ut->ut_type != DEAD_PROCESS #endif )) sh_utmp_addlogin (ut); ++this_read; } sh_utmp_endutent(); if (mode < 2) { lastread += this_read; #ifndef USE_SETUTENT sh_utmp_feed_forward += (long) (this_read * sizeof(struct SH_UTMP_S)); lastread = 0; #endif } SL_RET0(_("sh_utmp_check_internal")); }
/* --- Read the configuration file. --- */ int sh_readconf_read (void) { #if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) /* This is for modules. */ int modnum; #endif int i; SL_TICKET fd = -1; #if defined(SH_STEALTH) && !defined(SH_STEALTH_MICRO) SL_TICKET fdTmp = -1; #endif #if defined(WITH_GPG) || defined(WITH_PGP) SL_TICKET fdGpg = -1; #endif char * tmp; #define SH_LINE_IN 16384 char * line_in; char * line; /* This is for nested conditionals. */ int cond_depth = 0; int cond_excl = 0; int local_file = 1; char local_flag = 'R'; #if defined(WITH_GPG) || defined(WITH_PGP) int signed_content = S_FALSE; int true_content = S_FALSE; #endif #if defined(SH_STEALTH) && !defined(SH_STEALTH_MICRO) int hidden_count = 0; #endif uid_t euid; char hashbuf[KEYBUF_SIZE]; SL_ENTER(_("sh_readconf_read")); /* --- Open config file, exit on failure. --- */ #if defined(SH_WITH_CLIENT) if (0 == sl_strcmp(file_path('C', 'R'), _("REQ_FROM_SERVER"))) { sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_D_START); fd = sh_forward_req_file(_("CONF")); if (!SL_ISERROR(fd)) { local_file = 0; } else if (sh.flag.checkSum != SH_CHECK_INIT) { aud_exit (FIL__, __LINE__, EXIT_FAILURE); } else { sh_error_handle ((-1), FIL__, __LINE__, fd, MSG_D_FAIL); local_file = 1; local_flag = 'I'; } } #endif /* Use a local configuration file. */ if (local_file == 1) { if (0 != tf_trust_check (file_path('C', local_flag), SL_YESPRIV)) { sl_get_euid(&euid); dlog(1, FIL__, __LINE__, _("The configuration file: %s is untrusted, i.e. an\nuntrusted user owns or can write to some directory in the path.\n"), ( (NULL == file_path('C', local_flag)) ? _("(null)") : file_path('C', local_flag) )); sh_error_handle ((-1), FIL__, __LINE__, EACCES, MSG_TRUST, (long) euid, ( (NULL == file_path('C', local_flag)) ? _("(null)") : file_path('C', local_flag) ) ); aud_exit (FIL__, __LINE__, EXIT_FAILURE); } if (SL_ISERROR(fd = sl_open_read(FIL__, __LINE__, file_path('C',local_flag),SL_YESPRIV))) { sl_get_euid(&euid); dlog(1, FIL__, __LINE__, _("Could not open the local configuration file for reading because\nof the following error: %s (errnum = %ld)\nIf this is a permission problem, you need to change file permissions\nto make the file readable for the effective UID: %d\n"), sl_get_errmsg(), fd, (int) euid); sh_error_handle ((-1), FIL__, __LINE__, fd, MSG_NOACCESS, (long) euid, ( (NULL == file_path('C', local_flag)) ? _("(null)") : file_path('C', local_flag) ) ); aud_exit (FIL__, __LINE__, EXIT_FAILURE); } } /* Compute the checksum of the open file. */ sl_strlcpy(sh.conf.hash, sh_tiger_hash(file_path('C',local_flag), fd, TIGER_NOLIM, hashbuf, sizeof(hashbuf)), KEY_LEN+1); sl_rewind (fd); line_in = SH_ALLOC(SH_LINE_IN); #if defined(SH_STEALTH) && !defined(SH_STEALTH_MICRO) /* extract the data and copy to temporary file */ fdTmp = open_tmp(); sh_unix_getline_stealth (0, NULL, 0); /* initialize */ while ( sh_unix_getline_stealth (fd, line_in, SH_LINE_IN-2) > 0) { hidden_count++; if (line_in[0] == '\n') { sl_write(fdTmp, line_in, 1); } else { sl_write_line(fdTmp, line_in, sl_strlen(line_in)); } #if defined(WITH_GPG) || defined(WITH_PGP) if (0 == sl_strncmp(line_in, _("-----END PGP SIGNATURE-----"), 25)) break; #else if (0 == sl_strncmp(line_in, _("[EOF]"), 5)) break; #endif if (hidden_count > 1048576) /* arbitrary safeguard, 1024*1024 */ break; } sl_close(fd); fd = fdTmp; sl_rewind (fd); #endif #if defined(WITH_GPG) || defined(WITH_PGP) /* extract the data and copy to temporary file */ fdGpg = sh_gpg_extract_signed(fd); sl_close(fd); fd = fdGpg; /* Validate signature of open file. */ if (0 != sh_gpg_check_sign (fd, 0, 1)) { SH_FREE(line_in); aud_exit (FIL__, __LINE__, EXIT_FAILURE); } sl_rewind (fd); #endif /* --- Start reading lines. --- */ conf_line = 0; while ( sh_unix_getline (fd, line_in, SH_LINE_IN-2) > 0) { ++conf_line; line = &(line_in[0]); /* fprintf(stderr, "<%s>\n", line); */ /* Sun May 27 18:40:05 CEST 2001 */ #if defined(WITH_GPG) || defined(WITH_PGP) if (signed_content == S_FALSE) { if (0 == sl_strcmp(line, _("-----BEGIN PGP SIGNED MESSAGE-----"))) signed_content = S_TRUE; else continue; } else if (true_content == S_FALSE) { if (line[0] == '\n') true_content = S_TRUE; else continue; } else if (signed_content == S_TRUE) { if (0 == sl_strcmp(line, _("-----BEGIN PGP SIGNATURE-----"))) break; else if (0 == sl_strcmp(line, _("-----BEGIN PGP SIGNED MESSAGE-----"))) { sh_error_handle((-1), FIL__, __LINE__, 0, MSG_E_SUBGEN, _("second signed message in file"), _("sh_readconf_read")); dlog(1, FIL__, __LINE__, _("There seems to be more than one signed message in the configuration\nfile. Please make sure there is only one signed message.\n")); sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_EXIT_ABORT1, sh.prg_name); SH_FREE(line_in); aud_exit (FIL__, __LINE__,EXIT_FAILURE); } } #endif /* Skip leading white space. */ while (isspace((int)*line)) ++line; /* Skip header etc. */ if (line[0] == '#' || line[0] == '\0' || line[0] == ';' || (line[0] == '/' && line[1] == '/')) continue; /* Clip off trailing white space. */ tmp = line + sl_strlen( line ); --tmp; while( isspace((int) *tmp ) && tmp >= line ) *tmp-- = '\0'; /* --- an @host/@if/$system directive -------------- */ if (line[0] == '@' || (line[0] == '!' && line[1] == '@') || line[0] == '$' || (line[0] == '!' && line[1] == '$')) { if (sh_readconf_is_end(line)) { if (0 == cond_depth) { sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_EINVALD, _("config file"), (long) conf_line); } else { if (cond_excl == cond_depth) cond_excl = 0; --cond_depth; } } else if (sh_readconf_is_else(line)) { if (0 == cond_depth) { sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_EINVALD, _("config file"), (long) conf_line); } else if (cond_excl == cond_depth) { cond_excl = 0; } else if (cond_excl == 0) { cond_excl = cond_depth; } } else { if (sh_readconf_cond_match(line, conf_line)) { ++cond_depth; } else { ++cond_depth; if (cond_excl == 0) cond_excl = cond_depth; } } continue; } /**************************************************** * * Only carry on if this section is intended for us * ****************************************************/ if (cond_excl != 0) { continue; } /* ------- starts a section ------------ */ else if (line[0] == '[') { read_mode = SH_SECTION_NONE; if (0 == sl_strncasecmp (line, _("[EOF]"), 5)) { goto nopel; } i = 0; while (tab_ListSections[i].name != 0) { if (sl_strncasecmp (line, _(tab_ListSections[i].name), sl_strlen(tab_ListSections[i].name)) == 0) { read_mode = tab_ListSections[i].type; break; } ++i; } #if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) if (read_mode == SH_SECTION_NONE) { for (modnum = 0; modList[modnum].name != NULL; ++modnum) { if (0 == sl_strncasecmp (line, _(modList[modnum].conf_section), sl_strlen(modList[modnum].conf_section)) ) read_mode = SH_SECTION_OTHER; } } #endif if (read_mode == SH_SECTION_NONE) { sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_EINVALHEAD, (long) conf_line); } } /* --- an %schedule directive ------------ */ else if (line[0] == '%' || (line[0] == '!' && line[1] == '%')) { #if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) if (line[0] == '!' && 0 == sl_strcasecmp(&(line[2]), _("SCHEDULE_TWO"))) set_dirList(1); else if (0 == sl_strcasecmp(&(line[1]), _("SCHEDULE_TWO"))) set_dirList(2); #else ; #endif } /* ------ no new section -------------- */ else if (read_mode != SH_SECTION_NONE) { if (0 != sh_readconfig_line (line)) { sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_EINVALCONF, (long) conf_line); } } } /* while getline() */ nopel: if (0 != cond_depth) sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_EINVALDD, _("config file"), (long) conf_line); sl_close (fd); sh_error_fixup(); read_mode = SH_SECTION_NONE; /* reset b/o sighup reload */ SH_FREE(line_in); SL_RETURN( 0, _("sh_readconf_read")); }
static int sh_readconf_cond_match(char * str, int line) { int match = 0; int negate = 1; int cond_type = SH_RC_ANY; char myident[3*SH_MINIBUF+3]; struct stat buf; char * p = str; if (*p == '!') { negate = 0; ++p; } if (*p == '$') { cond_type = SH_RC_SYSTEM; ++p; /* [!]$system */ } else { /* *p == '@' */ ++p; while (isspace((int)*p)) ++p; if (0 != strncasecmp(p, _("if "), 3)) { cond_type = SH_RC_HOST; /* [!]$host */ } else { p += 3; while (isspace((int)*p)) ++p; /* skip the 'if\s+' */ if (0 == strncasecmp(p, _("not "), 4)) { p += 4; while (isspace((int)*p)) ++p; negate = 0; } else if (0 == strncmp(p, _("!"), 1)) { ++p; while (isspace((int)*p)) ++p; negate = 0; } if (0 == strncasecmp(p, _("file_exists "), 12)) { p += 12; cond_type = SH_RC_FILE; } else if (0 == strncasecmp(p, _("interface_exists "), 17)) { p += 17; cond_type = SH_RC_IFACE; } else if (0 == strncasecmp(p, _("hostname_matches "), 17)) { p += 17; cond_type = SH_RC_HOST; } else if (0 == strncasecmp(p, _("system_matches "), 15)) { p += 15; cond_type = SH_RC_SYSTEM; } #ifdef SH_EVAL_SHELL else if (0 == strncasecmp(p, _("command_succeeds "), 17)) { p += 17; cond_type = SH_RC_CMD; } #endif else { char errbuf[SH_ERRBUF_SIZE]; sl_snprintf(errbuf, sizeof(errbuf), _("Unsupported test at line %d of configuration file"), line); sh_error_handle(SH_ERR_ERR, FIL__, __LINE__, 0, MSG_E_SUBGEN, errbuf, _("sh_readconf_cond_match")); return 0; } } } while (isspace((int)*p)) ++p; switch (cond_type) { case SH_RC_HOST: if (sl_strncmp (p, sh.host.name, strlen(sh.host.name)) == 0 #ifdef HAVE_REGEX_H || sh_util_regcmp (p, sh.host.name) == 0 #endif ) match = negate; break; case SH_RC_SYSTEM: /* * The system type, release, and machine. */ sl_snprintf(myident, sizeof(myident), _("%s:%s:%s"), sh.host.system, /* flawfinder: ignore */ sh.host.release, sh.host.machine); if (sl_strncmp (p, myident, strlen(myident)) == 0 #ifdef HAVE_REGEX_H || sh_util_regcmp (p, myident) == 0 #endif ) match = negate; break; case SH_RC_FILE: if (0 == retry_lstat(FIL__, __LINE__, p, &buf)) match = negate; break; case SH_RC_IFACE: if (sh_tools_iface_is_present(p)) match = negate; break; #ifdef SH_EVAL_SHELL case SH_RC_CMD: if (0 == sh_unix_run_command(p)) match = negate; break; #endif default: match = 0; } return match; }
static int sh_readconfig_line (char * line) { char * key; const char * value; char * tmp; int i; int good_opt = -1; #if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) int modnum, modkey; #endif static const char *dummy = N_("dummy"); static const char *closing[] = { N_("closecommand"), N_("closeaddress"), N_("logmonendgroup"), N_("logmonendhost"), NULL }; static const char *ident[] = { N_("severityreadonly"), N_("severitylogfiles"), N_("severitygrowinglogs"), N_("severityignorenone"), N_("severityignoreall"), N_("severityattributes"), N_("severitydirs"), N_("severityfiles"), N_("severitynames"), N_("severityuser0"), N_("severityuser1"), N_("severityuser2"), N_("severityuser3"), N_("severityuser4"), N_("severityprelink"), NULL }; static int identnum[] = { SH_ERR_T_RO, SH_ERR_T_LOGS, SH_ERR_T_GLOG, SH_ERR_T_NOIG, SH_ERR_T_ALLIG, SH_ERR_T_ATTR, SH_ERR_T_DIR, SH_ERR_T_FILE, SH_ERR_T_NAME, SH_ERR_T_USER0, SH_ERR_T_USER1, SH_ERR_T_USER2, SH_ERR_T_USER3, SH_ERR_T_USER4, SH_ERR_T_PRELINK, }; SL_ENTER(_("sh_readconf_line")); /* convert to lowercase */ tmp = line; while (*tmp != '=' && *tmp != '\0') { *tmp = tolower( (int) *tmp); ++tmp; } key = line; /* interpret line */ value = strchr(line, '='); if (value == NULL || (*value) == '\0') { if (key != NULL) { i = 0; while (closing[i] != NULL) { if (sl_strncmp(key,_(closing[i]),sl_strlen(closing[i])-1) == 0) { value = dummy; goto ok_novalue; } ++i; } TPT(( 0, FIL__, __LINE__, _("msg=<ConfigFile: not key=value: %s>\n"), line)); } SL_RETURN(good_opt, _("sh_readconf_line")); } else ++value; /* skip leading whitespace */ while ((*value) == ' ' || (*value) == '\t') ++value; if ((*value) == '\0') /* no value */ { if (key != NULL) { TPT(( 0, FIL__, __LINE__, _("msg=<ConfigFile: not key=value: %s>\n"), line)); } SL_RETURN(good_opt, _("sh_readconf_line")); } ok_novalue: if (!sl_is_suid()) { TPT(( 0, FIL__, __LINE__, _("msg=<ConfigFile: %s>\n"), line)); } /* Expand shell expressions. This return allocated memory which we must free. * If !defined(SH_EVAL_SHELL), this will reduce to a strdup. */ value = sh_readconf_expand_value(value); if (!value || (*value) == '\0') { TPT(( 0, FIL__, __LINE__, _("msg=<ConfigFile: empty after shell expansion: %s>\n"), line)); SL_RETURN(good_opt, _("sh_readconf_line")); } #if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) if (read_mode == SH_SECTION_OTHER) { for (modnum = 0; modList[modnum].name != NULL; ++modnum) { for (modkey = 0; modList[modnum].conf_table[modkey].the_opt != NULL; ++modkey) { if (sl_strncmp (key, _(modList[modnum].conf_table[modkey].the_opt), sl_strlen(modList[modnum].conf_table[modkey].the_opt) ) == 0) { good_opt = 0; if (0 != modList[modnum].conf_table[modkey].func(value)) sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_EINVALS, _(modList[modnum].conf_table[modkey].the_opt), value); if (!sl_is_suid()) { TPT(( 0, FIL__, __LINE__, _("msg=<line = %s, option = %s>\n"), line, _(modList[modnum].conf_table[modkey].the_opt))); } goto outburst; } } } } outburst: #endif if (read_mode == SH_SECTION_THRESHOLD) { i = 0; while (ident[i] != NULL) { if (sl_strncmp (key, _(ident[i]), sl_strlen(ident[i])) == 0) { good_opt = 0; sh_error_set_iv (identnum[i], value); break; } ++i; } } else { i = 0; while (ext_table[i].optname != NULL) { if ((ext_table[i].section == read_mode || ext_table[i].alt_section == read_mode) && sl_strncmp (key, _(ext_table[i].optname), sl_strlen(ext_table[i].optname)) == 0) { good_opt = 0; if (0 != ext_table[i].func (value)) sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_EINVALS, _(ext_table[i].optname), value); break; } ++i; } } SH_FREE((char*)value); SL_RETURN(good_opt, _("sh_readconf_line")); }