/* aide, Advanced Intrusion Detection Environment

 *

 * Copyright (C) 1999-2002,2004-2006,2010-2013,2015,2016 Rami Lehti, Pablo

 * Virolainen, Richard van den Berg, Hannes von Haugwitz

 * $Header$

 *

 * This program is free software; you can redistribute it and/or

 * modify it under the terms of the GNU General Public License as

 * published by the Free Software Foundation; either version 2 of the

 * License, or (at your option) any later version.

 *

 * This program is distributed in the hope that it will be useful, but

 * WITHOUT ANY WARRANTY; without even the implied warranty of

 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU

 * General Public License for more details.

 *

 * You should have received a copy of the GNU General Public License

 * along with this program; if not, write to the Free Software

 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA

 */

#ifndef _DB_CONFIG_H_INCLUDED

#define _DB_CONFIG_H_INCLUDED

#include "aide.h"

#include "types.h"

#include <unistd.h>

#include <stdio.h>

#include <pcre.h>

#define E2O(n) (1<

#include "list.h"

#ifdef WITH_SUN_ACL /* First try to implement support for sun acl. */

/*#define WITH_ACL    If we use sun acl then we have acl :) */

/* Warning! if acl in database is corrupted then

   this will break down. See and fix db.c */

#ifndef WITH_ACL

# error "No ACL support ... but Sun ACL support."

#endif

#include <sys/acl.h>

typedef struct acl_type{

  int entries;

  aclent_t* acl;

} acl_type;

#endif

#ifdef WITH_POSIX_ACL /* POSIX acl works for Sun ACL, AIUI but anyway... */

#include <sys/acl.h>

#ifndef WITH_ACL

# error "No ACL support ... but POSIX ACL support."

#endif

#endif

typedef struct acl_type {

 char *acl_a; /* ACCESS */

 char *acl_d; /* DEFAULT, directories only */

} acl_type;

#ifdef WITH_XATTR /* Do generic user Xattrs. */

#include <sys/xattr.h>

#include <attr/xattr.h>

#endif

typedef struct xattr_node 

{

 char *key;

 byte *val;

 size_t vsz;

} xattr_node;

typedef struct xattrs_type

{

  size_t num;

  size_t sz;

  struct xattr_node *ents;

} xattrs_type;

#ifdef WITH_SELINUX

#include <selinux/selinux.h>

#ifndef ENOATTR

# define ENOATTR ENODATA 

#endif

#endif

#ifdef WITH_E2FSATTRS

#include <e2p/e2p.h>

#endif

#ifdef WITH_MHASH

#include <mhash.h>

#endif

#ifdef WITH_ZLIB

#include <zlib.h>

#endif

#define RETOK 0

#define RETFAIL -1

#define DO_INIT     (1<<0)

#define DO_COMPARE  (1<<1)

#define DO_DIFF     (1<<2)

#include "url.h"

/*

typedef enum {

  url_file, url_stdout, url_stdin, url_stderr, url_fd, url_http,

  url_sql, url_syslog, url_database, url_multiplexer , url_unknown

} URL_TYPE;

*/

/*

  typedef struct url_t {*/

  /* Everything before the first ':' */

/*

  URL_TYPE type;

  char* value;

} url_t;

*/

typedef enum { 

   db_filename=0, 		/* "name",   */ 

   db_linkname, 		/* "lname",   */

   db_perm, 			/* "perm",    */

   db_uid, 			/* "uid",     */

   db_gid,			/* "gid",     */

   db_size, 			/* "size",    */

   db_atime, 			/* "atime",   */

   db_ctime, 			/* "ctime",   */

   db_mtime, 			/* "mtime",   */

   db_inode,			/* "inode",   */

   db_bcount, 			/* "bcount",  */

   db_lnkcount, 		/* "lcount",  */

   db_md5, 			/* "md5",     */

   db_sha1, 			/* "sha1",    */

   db_rmd160,			/* "rmd160",  */

   db_tiger, 			/* "tiger",   */

   db_crc32, 			/* "crc32",   */

   db_haval,			/* "haval",   */

   db_gost, 			/* "gost",    */

   db_crc32b, 			/* "crc32b",  */

   db_attr,                     /* attributes */

   db_acl,                      /* access control list */

   db_bsize,                    /* "bsize"    */

   db_rdev,                     /* "rdev"     */

   db_dev,                      /* "dev"      */

   db_checkmask,                /* "checkmask"*/

   db_allownewfile,		/* "allownewfile */

   db_allowrmfile,		/* "allowrmfile" */

   db_sha256, 			/* "sha256",  */

   db_sha512, 			/* "sha512",  */

   db_whirlpool,		/* "whirlpool",  */

   db_selinux, 			/* "selinux",  */

   db_xattrs, 			/* "xattrs",  */

   db_e2fsattrs,        /* "e2fsattrs"     */

   db_unknown } DB_FIELD; 	/* "unknown"  */

/* db_unknown must be last because it is used to determine size of

   DB_FILED */

/* FIXME: THIS IS A HACK, sometimes we use AIDE_OFF_TYPE instead

 * because that's what internal functions take. This bitmap needs to die. */

#define DB_ATTR_TYPE unsigned long long

#define DB_ATTR_UNDEF ((DB_ATTR_TYPE) -1)

/* WE need this for rx_rules since enums are not orrable (horrible) */

#define DB_FILENAME (1LLU<<0)	/* "name",   */ 

#define DB_LINKNAME (1LLU<<1)	/* "lname",   */

#define DB_PERM     (1LLU<<2)	/* "perm",    */

#define DB_UID      (1LLU<<3)	/* "uid",     */

#define DB_GID      (1LLU<<4)	/* "gid",     */

#define DB_SIZE     (1LLU<<5)	/* "size",    */

#define DB_ATIME    (1LLU<<6)	/* "atime",   */

#define DB_CTIME    (1LLU<<7)	/* "ctime",   */

#define DB_MTIME    (1LLU<<8)	/* "mtime",   */

#define DB_INODE    (1LLU<<9)	/* "inode",   */

#define DB_BCOUNT   (1LLU<<10)	/* "bcount",  */

#define DB_LNKCOUNT (1LLU<<11)	/* "lcount",  */

#define DB_MD5      (1LLU<<12)	/* "md5",     */

#define DB_SHA1     (1LLU<<13)	/* "sha1",    */

#define DB_RMD160   (1LLU<<14)	/* "rmd160",  */

#define DB_TIGER    (1LLU<<15)	/* "tiger",   */

/*

  We want to matk these newertheless we have a 

  hash-functon or not.

 */

#define DB_CRC32    (1LLU<<16)	/* "crc32",   */

#define DB_HAVAL    (1LLU<<17)	/* "haval",   */

#define DB_GOST     (1LLU<<18)	/* "gost",    */

#define DB_CRC32B   (1LLU<<19)	/* "crc32b",  */

// #define DB_ATTR    (1LLU<<20)     /* "attr"    */

#define DB_ACL      (1LLU<<21)  /* "acl"      */

#define DB_BSIZE    (1LLU<<22)  /* "bsize"    */

#define DB_RDEV     (1LLU<<23)  /* "rdev"     */

#define DB_DEV      (1LLU<<24)  /* "dev"      */

#define DB_CHECKMASK  (1LLU<<25) /* "checkmask"*/

#define DB_SIZEG      (1LLU<<26) /* "unknown"  */

#define DB_CHECKINODE (1LLU<<27) /* "checkinode"*/

#define DB_NEWFILE    (1LLU<<28) /* "allow new file" */

#define DB_RMFILE     (1LLU<<29) /* "allot rm file" */

#define DB_SHA256     (1LLU<<30) /* "sha256",  */

#define DB_SHA512     (1LLU<<31) /* "sha512",  */

#define DB_SELINUX    (1LLU<<32) /* "selinux", */

#define DB_XATTRS     (1LLU<<33) /* "xattrs",  */

#define DB_WHIRLPOOL  (1LLU<<34) /* "whirlpool",  */

#define DB_FTYPE      (1LLU<<35) /* "file type",  */

#define DB_E2FSATTRS  (1LLU<<36) /* "ext2 file system attributes"  */

#define DB_HASHES    (DB_MD5|DB_SHA1|DB_RMD160|DB_TIGER|DB_CRC32|DB_HAVAL| \

		      DB_GOST|DB_CRC32B|DB_SHA256|DB_SHA512|DB_WHIRLPOOL)

extern const char* db_names[db_unknown+1];

extern const int db_value[db_unknown+1];

/* db_namealias && db_aliasvalue are here to support earlier database 

 * names that are no longer used. */

#define db_alias_size 1

extern const char* db_namealias[db_alias_size];

extern const int db_aliasvalue[db_alias_size];

/* TIMEBUFSIZE should be exactly ceil(sizeof(time_t)*8*ln(2)/ln(10))

 * Now it is ceil(sizeof(time_t)*2.5)

 * And of course we add one for end of string char

 */

#define TIMEBUFSIZE (((sizeof(time_t)*5+1)>>1)+1)

/*

  New db_config

  Not used yet, maybe someday.

*/

/*  typedef struct _db_config { */

/*    url_t* url; */

/*    config* conf; */

/*    int inout; */

/*    int (*init)(url*,int,config*); */

/*    char** (*readline)(_db_config*); */

/*    int (*writeline)(_db_config*,db_line* line); */

/*    int (*close)(_db_config*); */

/*    int db_size; */

/*    DB_FIELD* db_order; */

/*    void* local; */  

/*  }_db_config ; */

#include "seltree.h"

typedef struct db_line {

  byte* md5;

  byte* sha1;

  byte* rmd160;

  byte* tiger;

  byte* sha256;

  byte* sha512;

  byte* crc32; /* MHASH only */

  byte* haval;

  byte* gost;

  byte* crc32b;

  byte* whirlpool;

  acl_type* acl;

  /* Something here.. */

  mode_t perm;

  mode_t perm_o; /* Permission for tree traverse */

  uid_t uid;

  gid_t gid;

  time_t atime;

  time_t ctime;

  time_t mtime;

  AIDE_INO_TYPE inode;

  nlink_t nlink;

  AIDE_OFF_TYPE size;

  AIDE_OFF_TYPE size_o; /* ... */

  AIDE_BLKCNT_TYPE bcount;

  char* filename;

  char* fullpath;

  char* linkname;

  char *cntx;

  xattrs_type* xattrs;

  unsigned long e2fsattrs;

  /* Attributes .... */

  DB_ATTR_TYPE attr;

} db_line;

typedef struct db_config {

  url_t* db_in_url;

  FILE* db_in;

  url_t* db_new_url;

  FILE* db_new;

  url_t* db_out_url;

  FILE* db_out;

  int config_check;

  int syslog_format;

  struct md_container *mdc_in;

  struct md_container *mdc_out;

  struct db_line *line_db_in;

  struct db_line *line_db_out;

  DB_ATTR_TYPE db_attrs;

#ifdef WITH_ZLIB

  gzFile db_gzin;

  gzFile db_gznew;

  gzFile db_gzout;

  /* Is dbout gzipped or not */

  int gzip_dbout;

#endif

  int db_in_size;

  DB_FIELD* db_in_order;

  int db_new_size;

  DB_FIELD* db_new_order;

  int db_out_size;

  DB_FIELD* db_out_order;

  char* config_file;

  char* config_version;

  int do_dbnewmd;

  int do_dboldmd; 

#ifdef WITH_MHASH

  int do_configmd;

  MHASH confmd;

  hashid confhmactype;

  char* old_confmdstr;

  hashid dbhmactype;

  MHASH dbnewmd;

  MHASH dboldmd;

#endif

  char* old_dbnewmdstr;

  char* old_dboldmdstr;

  /* The following three a lists of rx_rule*s */

  list* selrxlst;

  list* equrxlst;

  list* negrxlst;

  int verbose_level;

  int database_add_metadata;

  int report_detailed_init;

  int report_base16;

  int report_quiet;

  int use_initial_errorsto;

#ifdef WITH_E2FSATTRS

  unsigned long report_ignore_e2fsattrs;

#endif

  url_t* initial_report_url;

  void* initial_report_fd;

  /* report_url is a list of url_t*s */

  list* report_url;

  /* report_fd is a list of FILE*s */

  list* report_fd;

  /* Report syslog */

  int report_syslog;

  int report_db;

  /* defsyms is a list of symba*s */

  list* defsyms;

  /* so is groupsyms */

  list* groupsyms;

  /* What are we supposed to do */

  int action;

  /* Should we catch errors from mmapping */

  int catch_mmap;

  time_t start_time;

  time_t end_time;

  int symlinks_found;

  DB_ATTR_TYPE attr;

#ifdef WITH_ACL  

  int no_acl_on_symlinks;

#endif

  int warn_dead_symlinks;

  int grouped;

  int summarize_changes;

  char* root_prefix;

  int root_prefix_length;

  char* limit;

  pcre* limit_crx;

  struct seltree* tree;

} db_config;

#ifdef WITH_PSQL

#include "libpq-fe.h"

typedef struct psql_data{

  PGconn* conn;

  char* table;

  PGresult *res;

  int des[db_unknown];

  int curread;

  int maxread;

} psql_data;

#endif

#endif