/* aide, Advanced Intrusion Detection Environment

 *

 * Copyright (C) 1999-2006,2010,2011,2013 Rami Lehti, Pablo Virolainen,

 * Richard van den Berg, Hannes von Haugwitz

 * $Header$

 *

 * This program is free software; you can redistribute it and/or

 * modify it under the terms of the GNU General Public License as

 * published by the Free Software Foundation; either version 2 of the

 * License, or (at your option) any later version.

 *

 * This program is distributed in the hope that it will be useful, but

 * WITHOUT ANY WARRANTY; without even the implied warranty of

 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU

 * General Public License for more details.

 *

 * You should have received a copy of the GNU General Public License

 * along with this program; if not, write to the Free Software

 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA

 */

#include "aide.h"

#include <stdio.h>

#include <stdlib.h>

#include <errno.h>

#include "db.h"

#include "db_file.h"

#include "db_disk.h"

#include "md.h"

#include "fopen.h"

#ifdef WITH_PSQL

#include "db_sql.h"

#endif

#include "db_config.h"

#include "report.h"

#include "be.h"

#ifdef WITH_MHASH

#include <mhash.h>

#endif

#include "base64.h"

#include "util.h"

/*for locale support*/

#include "locale-aide.h"

/*for locale support*/

db_line* db_char2line(char** ss,int db);

long readint(char* s,char* err);

AIDE_OFF_TYPE readlong(char* s,char* err);

long readoct(char* s,char* err);

time_t base64totime_t(char*);

const char* db_names[db_unknown+1] = {

   "name",

   "lname",

   "perm",

   "uid",

   "gid",

   "size",

   "atime",

   "ctime",

   "mtime",

   "inode",

   "bcount",

   "lcount",

   "md5",

   "sha1",

   "rmd160",

   "tiger",

   "crc32",

   "haval",

   "gost",

   "crc32b",

   "attr",

   "acl",

   "bsize",

   "rdev",

   "dev",

   "checkmask",

   "allownewfiles",

   "allowrmfiles",

   "sha256",

   "sha512",

   "whirlpool",

   "selinux",

   "xattrs",

   "e2fsattrs",

   "unknown"} ;

const int db_value[db_unknown+1] = {

   db_filename,         /* "name",   */

   db_linkname,         /* "lname",   */

   db_perm,             /* "perm",    */

   db_uid,              /* "uid",     */

   db_gid,              /* "gid",     */

   db_size,             /* "size",    */

   db_atime,            /* "atime",   */

   db_ctime,            /* "ctime",   */

   db_mtime,            /* "mtime",   */

   db_inode,            /* "inode",   */

   db_bcount,           /* "bcount",  */

   db_lnkcount,         /* "lcount",  */

   db_md5,              /* "md5",     */

   db_sha1,             /* "sha1",    */

   db_rmd160,           /* "rmd160",  */

   db_tiger,            /* "tiger",   */

   db_crc32,            /* "crc32",   */

   db_haval,            /* "haval",   */

   db_gost,             /* "gost",    */

   db_crc32b,           /* "crc32b",  */

   db_attr,             /* attributes */

   db_acl,              /* "acl"      */

   db_bsize,            /* "bsize"    */

   db_rdev,             /* "rdev"     */

   db_dev,              /* "dev"      */

   db_checkmask,        /* "checkmask" */

   db_allownewfile,     /* "allownewfile" */

   db_allowrmfile,      /* "allowrmfile" */

   db_sha256,           /* "sha256",  */

   db_sha512,           /* "sha512",  */

   db_whirlpool,        /* "whirlpool", */

   db_selinux,          /* "selinux", */

   db_xattrs,           /* "xattrs",  */

   db_e2fsattrs,        /* "e2fsattrs",  */

   db_unknown };        /* "unknown"  */

const char* db_namealias[db_alias_size] = {

  "count" } ;

const int db_aliasvalue[db_alias_size] = {

  db_lnkcount } ;       /* "count",  */

static struct md_container *init_db_attrs(URL_TYPE type) {

    struct md_container *mdc = NULL;

    if (conf->db_attrs) {

        switch (type) {

            case url_stdout:

            case url_stderr:

            case url_fd:

            case url_file:

            #ifdef WITH_CURL

            case url_http:

            case url_https:

            case url_ftp:

            #endif /* WITH CURL */

                mdc = malloc(sizeof(struct md_container)); /* freed in close_db_attrs */

                mdc->todo_attr = conf->db_attrs;

                init_md(mdc);

                break;

            #ifdef WITH_PSQL

            case url_sql:

                break;

            #endif /* WITH_PSQL */

            default :

                error(200,_("init_db_attrs(): Unknown url type.\n"));

        }

    }

    return mdc;

}

static db_line *close_db_attrs (struct md_container *mdc, char *url_value) {

    db_line *line = NULL;

    if (mdc != NULL) {

        close_md(mdc);

        line = malloc(sizeof(struct db_line));

        line->filename = url_value;

        line->perm = 0;

        line->attr = conf->db_attrs;

        md2line(mdc, line);

        free(mdc);

    }

    return line;

}

int db_init(int db)

{

  void* rv=NULL;

  error(200,"db_init %i\n",db);

  switch(db) {

  case DB_DISK: {

    /*

      Should we actually do something here?

     */

    return db_disk_init();

  }

  case DB_OLD: {

    conf->mdc_in = init_db_attrs((conf->db_in_url)->type);

    rv=be_init(1,conf->db_in_url,0);

    if(rv==NULL) {

      error(200,_("db_in is null\n"));      

      return RETFAIL;

    }

    conf->db_in=rv;

    error(200,_("db_in is nonnull\n"));

    return RETOK;

  }

  case DB_WRITE: {    

#ifdef WITH_ZLIB

    conf->mdc_out = init_db_attrs((conf->db_out_url)->type);

    if(conf->gzip_dbout){

       rv=be_init(0,conf->db_out_url,conf->gzip_dbout);

       conf->db_gzout=rv;

    }

    else{

#endif

      rv=be_init(0,conf->db_out_url,0);

      conf->db_out=rv;

#ifdef WITH_ZLIB

    }

#endif

    if(rv==NULL){

      error(200,_("db_out is null\n"));

      return RETFAIL;

    }

    error(200,_("db_out is nonnull %s\n"),conf->db_out_url->value);

    return RETOK;

  }

  case DB_NEW: {

    conf->mdc_out = init_db_attrs((conf->db_new_url)->type);

    rv=be_init(1,conf->db_new_url,0);

    if(rv==NULL) {

      error(200,_("db_new is null\n"));      

      return RETFAIL;

    }

    conf->db_new=rv;

    error(200,_("db_new is nonnull\n"));

    return RETOK;

  }

  }

  return RETFAIL;

}

db_line* db_readline(int db){

  db_line* s=NULL;

  int i=0;

  url_t* db_url=NULL;

  FILE** db_filep=NULL;

  int* db_osize=0;

  DB_FIELD** db_order=NULL;

  switch (db) {

  case DB_DISK: {

    /*

      Nothing else to be done?

     */

    s=db_readline_disk();

    return s;

  }

  case DB_OLD: {

    db_url=conf->db_in_url;

    db_filep=&(conf->db_in);

    db_osize=&(conf->db_in_size);

    db_order=&(conf->db_in_order);

    break;

  }

  case DB_NEW: {

    db_url=conf->db_new_url;

    db_filep=&(conf->db_new);

    db_osize=&(conf->db_new_size);

    db_order=&(conf->db_new_order);

    break;

  }

  default: {

    return NULL;

  }

  }

  switch (db_url->type) {

#ifdef WITH_CURL

  case url_http:

  case url_https:

  case url_ftp:

#endif /* WITH CURL */

  case url_stdin:

  case url_fd:

  case url_file: {

    /* Should set errno */

    /* Please FIXME */

    if ((*db_filep)!=NULL) {

      char** ss=db_readline_file(db);

      if (ss!=NULL){

	s=db_char2line(ss,db);

	for(i=0;i<*db_osize;i++){

	  if((*db_order)[i]!=db_unknown && 

	     ss[(*db_order)[i]]!=NULL){

	    free(ss[(*db_order)[i]]);

	    ss[(*db_order)[i]]=NULL;

	  }

	}

	free(ss);

      }

    }

    break;

  }

#ifdef WITH_PSQL

  case url_sql: {

    error(255,"db_sql readline...");

    s=db_readline_sql(db, conf);

    break;

  }

#endif

  default : {

    error(0,_("db_readline():Url-type backend not implemented\n"));

    return NULL;

  }

  }

  return s;

}

byte* base64tobyte(char* src,int len,size_t *ret_len)

{

  if(strcmp(src,"0")!=0){

    return decode_base64(src,len,ret_len);

  }

  return NULL;

}

static char *db_readchar(char *s)

{

  if (s == NULL)

    return (NULL);

  if (s[0] == '0')

  {

    if (s[1] == '\0')

      return (NULL);

    if (s[1] == '-')

      return (strdup(""));

    if (s[1] == '0')

    {

      memmove(s, s+1, strlen(s+1)+1);

      // Hope this removes core

      // dumping in some environments. Has something to do with

      // memory (de)allocation.

    }

  }

  decode_string(s);

  return strdup(s);

}

#define WARN_ONCE(x) case db_ ## x : {                                  \

      static int warn_once_ ## x = 0;                                   \

      if (! warn_once_ ## x )                                           \

        error(0,_("Hash %s uses MHASH, which is not enabled.\n"),       \

              #x );                                                     \

      warn_once_ ## x = 1;                                              \

    } break

db_line* db_char2line(char** ss,int db){

  int i;

  db_line* line=(db_line*)malloc(sizeof(db_line)*1);

  int* db_osize=NULL;

  DB_FIELD** db_order=NULL;

  switch (db) {

  case DB_OLD: {

    db_osize=&(conf->db_in_size);

    db_order=&(conf->db_in_order);

    break;

  }

  case DB_NEW: {

    db_osize=&(conf->db_new_size);

    db_order=&(conf->db_new_order);

    break;

  }

  default: {

    free(line);

    return NULL;

  }

  }

  line->md5=NULL;

  line->sha1=NULL;

  line->rmd160=NULL;

  line->tiger=NULL;

  line->crc32=NULL; /* MHASH stuff.. */

  line->crc32b=NULL;

  line->haval=NULL;

  line->gost=NULL;

  line->whirlpool=NULL;

  line->sha256=NULL;

  line->sha512=NULL;

  line->perm=0;

  line->uid=0;

  line->gid=0;

  line->atime=0;

  line->ctime=0;

  line->mtime=0;

  line->inode=0;

  line->nlink=0;

  line->bcount=0;

  line->size=0;

  line->filename=NULL;

  line->fullpath=NULL;

  line->linkname=NULL;

  line->acl=NULL;

  line->xattrs=NULL;

  line->e2fsattrs=0;

  line->cntx=NULL;

  line->attr=conf->attr; /* attributes from @@dbspec */

  for(i=0;i<*db_osize;i++){

    switch ((*db_order)[i]) {

    case db_filename : {

      if(ss[(*db_order)[i]]!=NULL){

	decode_string(ss[(*db_order)[i]]);

	line->fullpath=strdup(ss[(*db_order)[i]]);

	line->filename=line->fullpath;

      } else {

	error(0,"db_char2line():Error while reading database\n");

	exit(EXIT_FAILURE);

      }

      break;

    }

    case db_linkname : {

      line->linkname = db_readchar(ss[(*db_order)[i]]);

      break;

    }

    case db_mtime : {

      line->mtime=base64totime_t(ss[(*db_order)[i]]);

      break;

    }

    case db_bcount : {

      line->bcount=readint(ss[(*db_order)[i]],"bcount");

      break;

    }

    case db_atime : {

      line->atime=base64totime_t(ss[(*db_order)[i]]);

      break;

    }

    case db_ctime : {

      line->ctime=base64totime_t(ss[(*db_order)[i]]);

      break;

    }

    case db_inode : {

      line->inode=readint(ss[(*db_order)[i]],"inode");

      break;

    }

    case db_uid : {

      line->uid=readint(ss[(*db_order)[i]],"uid");

      break;

    }

    case db_gid : {

      line->gid=readint(ss[(*db_order)[i]],"gid");

      break;

    }

    case db_size : {

      line->size=readlong(ss[(*db_order)[i]],"size");

      break;

    }

    case db_md5 : {

      line->md5=base64tobyte(ss[(*db_order)[i]],

			     strlen(ss[(*db_order)[i]]), NULL);

      break;

    }

    case db_sha1 : {

      line->sha1=base64tobyte(ss[(*db_order)[i]],

			      strlen(ss[(*db_order)[i]]), NULL);

      break;

    }

    case db_rmd160 : {

      line->rmd160=base64tobyte(ss[(*db_order)[i]],

				strlen(ss[(*db_order)[i]]), NULL);

      break;

    }

    case db_tiger : {

      line->tiger=base64tobyte(ss[(*db_order)[i]],

			       strlen(ss[(*db_order)[i]]), NULL);

      break;

    }

    case db_crc32 : {

      line->crc32=base64tobyte(ss[(*db_order)[i]],

			       strlen(ss[(*db_order)[i]]), NULL);

      break;

    }

    case db_haval : {

      line->haval=base64tobyte(ss[(*db_order)[i]],

			       strlen(ss[(*db_order)[i]]), NULL);

      break;

    }

#ifdef WITH_MHASH

    case db_gost : {

      line->gost=base64tobyte(ss[(*db_order)[i]],

			       strlen(ss[(*db_order)[i]]), NULL);

      break;

    }

    case db_crc32b : {

      line->crc32b=base64tobyte(ss[(*db_order)[i]],

			       strlen(ss[(*db_order)[i]]), NULL);

      break;

    }

    case db_whirlpool : {

      line->whirlpool=base64tobyte(ss[(*db_order)[i]],

                                   strlen(ss[(*db_order)[i]]), NULL);

      break;

    }

#else

      WARN_ONCE(gost);

      WARN_ONCE(crc32b);

      WARN_ONCE(whirlpool);

#endif

    case db_sha256 : {

      line->sha256=base64tobyte(ss[(*db_order)[i]],

                                strlen(ss[(*db_order)[i]]), NULL);

      break;

    }

    case db_sha512 : {

      line->sha512=base64tobyte(ss[(*db_order)[i]],

                                strlen(ss[(*db_order)[i]]), NULL);

      break;

    }

#ifdef WITH_SUN_ACL

    case db_acl : {

      char* endp,*pos;

      int entries,lc;

      line->acl=NULL;

      entries=strtol(ss[(*db_order)[i]],&endp,10);

      if (endp==ss[(*db_order)[i]]) {

 	/* Something went wrong */

	break;

      }

      pos=endp+1; /* Warning! if acl in database is corrupted then

		     this will break down. */

      line->acl=malloc(sizeof(acl_type));

      line->acl->entries=entries;

      line->acl->acl=malloc(sizeof(aclent_t)*entries);

      for (lc=0;lc

	line->acl->acl[lc].a_type=strtol(pos,&endp,10);

	pos=endp+1;

	line->acl->acl[lc].a_id=strtol(pos,&endp,10);

	pos=endp+1;

	line->acl->acl[lc].a_perm=strtol(pos,&endp,10);

	pos=endp+1;

      }

      break;

    }

#endif

#ifdef WITH_POSIX_ACL

    case db_acl : {

      char *tval = NULL;

      tval = strtok(ss[(*db_order)[i]], ",");

      line->acl = NULL;

      if (tval[0] == '0')

        line->acl = NULL;

      else if (!strcmp(tval, "POSIX"))

      {

        line->acl = malloc(sizeof(acl_type));        

        line->acl->acl_a = NULL;

        line->acl->acl_d = NULL;

        tval = strtok(NULL, ",");

        line->acl->acl_a = (char *)base64tobyte(tval, strlen(tval), NULL);

        tval = strtok(NULL, ",");

        line->acl->acl_d = (char *)base64tobyte(tval, strlen(tval), NULL);

      }

      /* else, it's broken... */

      break;

    }

#endif

      case db_xattrs : {

        size_t num = 0;

        char *tval = NULL;

        tval = strtok(ss[(*db_order)[i]], ",");

        num = readlong(tval, "xattrs");

        if (num)

        {

          line->xattrs = malloc(sizeof(xattrs_type));

          line->xattrs->ents = calloc(sizeof(xattr_node), num);

          line->xattrs->sz  = num;

          line->xattrs->num = num;

          num = 0;

          while (num < line->xattrs->num)

          {

            byte  *val = NULL;

            size_t vsz = 0;

            tval = strtok(NULL, ",");

            char * tmp = strdup(tval);

            line->xattrs->ents[num].key = db_readchar(tmp);

            free(tmp);

            tval = strtok(NULL, ",");

            val = base64tobyte(tval, strlen(tval), &vsz;;

            line->xattrs->ents[num].val = val;

            line->xattrs->ents[num].vsz = vsz;

            ++num;

          }

        }

        break;

      }

      case db_selinux : {

        byte  *val = NULL;

        val = base64tobyte(ss[(*db_order)[i]], strlen(ss[(*db_order)[i]]),NULL);

        line->cntx = (char *)val;

        break;

      }

    case db_perm : {

      line->perm=readoct(ss[(*db_order)[i]],"permissions");

      break;

    }

    case db_lnkcount : {

      line->nlink=readint(ss[(*db_order)[i]],"nlink");

      break;

    }

    case db_attr : {

      line->attr=readlong(ss[(*db_order)[i]],"attr");

      break;

    }

    case db_e2fsattrs : {

      line->e2fsattrs=readlong(ss[(*db_order)[i]],"e2fsattrs");

      break;

    }

    case db_unknown : {

      /* Unknown fields are ignored. */

      break;

    }

    default : {

      error(0,_("Not implemented in db_char2line %i \n"),(*db_order)[i]);

      free_db_line(line);

      free(line);

      return NULL;

    }

    }

  }

  return line;

}

time_t base64totime_t(char* s){

  byte* b=decode_base64(s,strlen(s),NULL);

  char* endp;

  if (b==NULL||strcmp(s,"0")==0) {

    /* Should we print error here? */

    free(b);

    return 0;

  } else {

    time_t t = strtol((char *)b,&endp,10);

    if (endp[0]!='\0') {

      error(0,"Error converting base64\n");

      free(b);

      return 0;

    }

    free(b);

    return t;

  }

}

long readint(char* s,char* err){

  long i;

  char* e;

  i=strtol(s,&e,10);

  if (e[0]!='\0') {

    error(0,_("Could not read %s from database"),err);

  }

  return i;

}

AIDE_OFF_TYPE readlong(char* s,char* err){

  AIDE_OFF_TYPE i;

  char* e;

  i=AIDE_STRTOLL_FUNC(s,&e,10);

  if (e[0]!='\0') {

    error(0,_("Could not read %s from database"),err);

  }

  return i;

}

long readoct(char* s,char* err){

  long i;

  char* e;

  i=strtol(s,&e,8);

  if (e[0]!='\0') {

    error(0,_("Could not read %s from database. String %s \n"),err,s);

  }

  return i;

}

int db_writespec(db_config* dbconf)

{

  switch (dbconf->db_out_url->type) {

  case url_stdout:

  case url_stderr:

  case url_fd:

  case url_file: {

    if(

#ifdef WITH_ZLIB

       (dbconf->gzip_dbout && dbconf->db_gzout) ||

#endif

       (dbconf->db_out!=NULL)){

      if(db_writespec_file(dbconf)==RETOK){

	return RETOK;

      }

    }

    break;

  }

#ifdef WITH_CURL

  case url_http:

  case url_https:

  case url_ftp:

    {

      break;

    }

#endif /* WITH CURL */

#ifdef WITH_PSQL

  case url_sql: {

    if(dbconf->db_out!=NULL){

      if(db_writespec_sql(dbconf)==RETOK){

	return RETOK;

      }

    }

    break;

  }

#endif

  default:{

    error(0,_("Unknown output in db out.\n"));    

    return RETFAIL;

  }

  }

  return RETFAIL;

}

int db_writeline(db_line* line,db_config* dbconf){

  if (line==NULL||dbconf==NULL) return RETOK;

  switch (dbconf->db_out_url->type) {

#ifdef WITH_CURL

  case url_http:

  case url_https:

  case url_ftp:

#endif /* WITH CURL */

  case url_stdout:

  case url_stderr:

  case url_fd:

  case url_file: {

    if (

#ifdef WITH_ZLIB

       (dbconf->gzip_dbout && dbconf->db_gzout) ||

#endif

       (dbconf->db_out!=NULL)) {

      if (db_writeline_file(line,dbconf,dbconf->db_out_url)==RETOK) {

	return RETOK;

      }

    }

    return RETFAIL;

    break;

  }

#ifdef WITH_PSQL

  case url_sql: {

    if (dbconf->db_out!=NULL) {

      if (db_writeline_sql(line,dbconf)==RETOK) {

	return RETOK;

      }

    }

    return RETFAIL;

    break;

  }

#endif

  default : {

    error(0,_("Unknown output in db out.\n"));    

    return RETFAIL;

  } 

  }

  return RETFAIL;

}

void db_close() {

  switch (conf->db_out_url->type) {

  case url_stdout:

  case url_stderr:

  case url_fd:

  case url_file: {

    if (

#ifdef WITH_ZLIB

       (conf->gzip_dbout && conf->db_gzout) ||

#endif

       (conf->db_out!=NULL)) {

        db_close_file(conf);

    }

    break;

  }

#ifdef WITH_CURL

  case url_http:

  case url_https:

  case url_ftp:

    {

        if (conf->db_out!=NULL) {

            url_fclose((URL_FILE*)conf->db_out);

        }

      break;

    }

#endif /* WITH CURL */

#ifdef WITH_PSQL

  case url_sql: {

    if (conf->db_out!=NULL) {

      db_close_sql(conf->db_out);

    }

    break;

  }

#endif

  default : {

    error(0,_("db_close():Unknown output in db out.\n"));    

  } 

  }

  conf->line_db_in = close_db_attrs(conf->mdc_in, (conf->db_in_url)->value);

  conf->line_db_out = close_db_attrs(conf->mdc_out, (conf->action&DO_DIFF

          ? conf->db_new_url : conf->db_out_url)->value);

}

void free_db_line(db_line* dl)

{

  if (dl==NULL) {

    return;

  }

#define checked_free(x) do { free(x); x=NULL; } while (0)

  checked_free(dl->md5);

  checked_free(dl->sha1);

  checked_free(dl->rmd160);

  checked_free(dl->tiger);

  dl->filename=NULL;

  checked_free(dl->fullpath);

  checked_free(dl->linkname);

#ifdef WITH_MHASH

  checked_free(dl->crc32);