scap_t* scap_open_offline_int(const char* fname,
char *error,
proc_entry_callback proc_callback,
void* proc_callback_context,
bool import_users)
{
scap_t* handle = NULL;
//
// Allocate the handle
//
handle = (scap_t*)malloc(sizeof(scap_t));
if(!handle)
{
snprintf(error, SCAP_LASTERR_SIZE, "error allocating the scap_t structure");
return NULL;
}
//
// Preliminary initializations
//
handle->m_proc_callback = proc_callback;
handle->m_proc_callback_context = proc_callback_context;
handle->m_devs = NULL;
handle->m_ndevs = 0;
handle->m_proclist = NULL;
handle->m_evtcnt = 0;
handle->m_file = NULL;
handle->m_addrlist = NULL;
handle->m_userlist = NULL;
handle->m_machine_info.num_cpus = (uint32_t)-1;
handle->m_last_evt_dump_flags = 0;
handle->m_file_evt_buf = (char*)malloc(FILE_READ_BUF_SIZE);
if(!handle->m_file_evt_buf)
{
snprintf(error, SCAP_LASTERR_SIZE, "error allocating the read buffer");
scap_close(handle);
return NULL;
}
//
// Open the file
//
handle->m_file = gzopen(fname, "rb");
if(handle->m_file == NULL)
{
snprintf(error, SCAP_LASTERR_SIZE, "can't open file %s", fname);
scap_close(handle);
return NULL;
}
//
// Validate the file and load the non-event blocks
//
if(scap_read_init(handle, handle->m_file) != SCAP_SUCCESS)
{
snprintf(error, SCAP_LASTERR_SIZE, "%s", scap_getlasterr(handle));
scap_close(handle);
return NULL;
}
if(!import_users)
{
if(handle->m_userlist != NULL)
{
scap_free_userlist(handle->m_userlist);
handle->m_userlist = NULL;
}
}
//
// Add the fake process for kernel threads
//
handle->m_fake_kernel_proc.tid = -1;
handle->m_fake_kernel_proc.pid = -1;
handle->m_fake_kernel_proc.flags = 0;
snprintf(handle->m_fake_kernel_proc.comm, SCAP_MAX_PATH_SIZE, "kernel");
snprintf(handle->m_fake_kernel_proc.exe, SCAP_MAX_PATH_SIZE, "kernel");
handle->m_fake_kernel_proc.args[0] = 0;
return handle;
}
void scap_close(scap_t* handle)
{
if(handle->m_file)
{
gzclose(handle->m_file);
}
else
{
#if defined(HAS_CAPTURE)
uint32_t j;
ASSERT(handle->m_file == NULL);
//
// Destroy all the device descriptors
//
for(j = 0; j < handle->m_ndevs; j++)
{
if(handle->m_devs[j].m_buffer != MAP_FAILED)
{
munmap(handle->m_devs[j].m_bufinfo, sizeof(struct ppm_ring_buffer_info));
munmap(handle->m_devs[j].m_buffer, RING_BUF_SIZE * 2);
close(handle->m_devs[j].m_fd);
}
}
//
// Free the memory
//
if(handle->m_devs != NULL)
{
free(handle->m_devs);
}
if(handle->m_pollfds != NULL)
{
free(handle->m_pollfds);
}
#endif // HAS_CAPTURE
}
if(handle->m_file_evt_buf)
{
free(handle->m_file_evt_buf);
}
// Free the process table
if(handle->m_proclist != NULL)
{
scap_proc_free_table(handle);
}
// Free the interface list
if(handle->m_addrlist)
{
scap_free_iflist(handle->m_addrlist);
}
// Free the user list
if(handle->m_userlist)
{
scap_free_userlist(handle->m_userlist);
}
//
// Release the handle
//
free(handle);
}
//
// Allocate and return the list of users on this system
//
int32_t scap_create_userlist(scap_t* handle)
{
uint32_t usercnt;
uint32_t grpcnt;
struct passwd *p;
struct group *g;
//
// If the list of users was already allocated for this handle (for example because this is
// not the first user list block), free it
//
if(handle->m_userlist != NULL)
{
scap_free_userlist(handle->m_userlist);
handle->m_userlist = NULL;
}
//
// First pass: count the number of users and the number of groups
//
setpwent();
p = getpwent();
for(usercnt = 0; p; p = getpwent(), usercnt++);
endpwent();
setgrent();
g = getgrent();
for(grpcnt = 0; g; g = getgrent(), grpcnt++);
endgrent();
//
// Memory allocations
//
handle->m_userlist = (scap_userlist*)malloc(sizeof(scap_userlist));
if(handle->m_userlist == NULL)
{
snprintf(handle->m_lasterr, SCAP_LASTERR_SIZE, "userlist allocation failed(1)");
return SCAP_FAILURE;
}
handle->m_userlist->nusers = usercnt;
handle->m_userlist->ngroups = grpcnt;
handle->m_userlist->totsavelen = 0;
handle->m_userlist->users = (scap_userinfo*)malloc(usercnt * sizeof(scap_userinfo));
if(handle->m_userlist->users == NULL)
{
snprintf(handle->m_lasterr, SCAP_LASTERR_SIZE, "userlist allocation failed(2)");
free(handle->m_userlist);
return SCAP_FAILURE;
}
handle->m_userlist->groups = (scap_groupinfo*)malloc(grpcnt * sizeof(scap_groupinfo));
if(handle->m_userlist->groups == NULL)
{
snprintf(handle->m_lasterr, SCAP_LASTERR_SIZE, "grouplist allocation failed(2)");
free(handle->m_userlist->users);
free(handle->m_userlist);
return SCAP_FAILURE;
}
//
// Second pass: copy the data
//
//users
setpwent();
p = getpwent();
for(usercnt = 0; p; p = getpwent(), usercnt++)
{
handle->m_userlist->users[usercnt].uid = p->pw_uid;
handle->m_userlist->users[usercnt].gid = p->pw_gid;
if(p->pw_name)
{
strncpy(handle->m_userlist->users[usercnt].name, p->pw_name, sizeof(handle->m_userlist->users[usercnt].name));
}
else
{
*handle->m_userlist->users[usercnt].name = '\0';
}
if(p->pw_dir)
{
strncpy(handle->m_userlist->users[usercnt].homedir, p->pw_dir, sizeof(handle->m_userlist->users[usercnt].homedir));
}
else
{
*handle->m_userlist->users[usercnt].homedir = '\0';
}
if(p->pw_shell)
{
strncpy(handle->m_userlist->users[usercnt].shell, p->pw_shell, sizeof(handle->m_userlist->users[usercnt].shell));
}
else
{
*handle->m_userlist->users[usercnt].shell = '\0';
}
handle->m_userlist->totsavelen +=
sizeof(uint8_t) + // type
sizeof(uint32_t) + // uid
sizeof(uint32_t) + // gid
strlen(handle->m_userlist->users[usercnt].name) + 2 +
strlen(handle->m_userlist->users[usercnt].homedir) + 2 +
strlen(handle->m_userlist->users[usercnt].shell) + 2;
}
endpwent();
// groups
setgrent();
g = getgrent();
for(grpcnt = 0; g; g = getgrent(), grpcnt++)
{
handle->m_userlist->groups[grpcnt].gid = g->gr_gid;
if(g->gr_name)
{
strncpy(handle->m_userlist->groups[grpcnt].name, g->gr_name, sizeof(handle->m_userlist->groups[grpcnt].name));
}
else
{
*handle->m_userlist->groups[grpcnt].name = '\0';
}
handle->m_userlist->totsavelen +=
sizeof(uint8_t) + // type
sizeof(uint32_t) + // gid
strlen(handle->m_userlist->groups[grpcnt].name) + 2;
}
endgrent();
return SCAP_SUCCESS;
}
